pulumi-vault 6.7.0a1743576047__py3-none-any.whl → 6.7.0a1744267302__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1 -0
- pulumi_vault/_inputs.py +554 -553
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +253 -252
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +337 -336
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +113 -112
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +183 -182
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +239 -238
- pulumi_vault/azure/backend_role.py +141 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +2525 -2524
- pulumi_vault/database/outputs.py +1529 -1528
- pulumi_vault/database/secret_backend_connection.py +169 -168
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +179 -178
- pulumi_vault/database/secrets_mount.py +267 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +260 -259
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +232 -231
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +8 -7
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +588 -587
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +554 -553
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +56 -55
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +1 -0
- pulumi_vault/pkisecret/_inputs.py +31 -30
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +141 -140
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -27
- pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +715 -714
- pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
- pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +93 -92
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +1 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +54 -53
- pulumi_vault/transit/get_verify.py +60 -59
- pulumi_vault/transit/secret_backend_key.py +274 -273
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/METADATA +1 -1
- pulumi_vault-6.7.0a1744267302.dist-info/RECORD +265 -0
- pulumi_vault-6.7.0a1743576047.dist-info/RECORD +0 -265
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/WHEEL +0 -0
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/top_level.txt +0 -0
pulumi_vault/mount.py
CHANGED
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,56 +20,56 @@ __all__ = ['MountArgs', 'Mount']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class MountArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
path: pulumi.Input[str],
|
23
|
-
type: pulumi.Input[str],
|
24
|
-
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
25
|
-
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
26
|
-
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
27
|
-
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
28
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
29
|
-
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
30
|
-
description: Optional[pulumi.Input[str]] = None,
|
31
|
-
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
32
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
33
|
-
listing_visibility: Optional[pulumi.Input[str]] = None,
|
34
|
-
local: Optional[pulumi.Input[bool]] = None,
|
35
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
36
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
37
|
-
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
38
|
-
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
39
|
-
plugin_version: Optional[pulumi.Input[str]] = None,
|
40
|
-
seal_wrap: Optional[pulumi.Input[bool]] = None):
|
23
|
+
path: pulumi.Input[builtins.str],
|
24
|
+
type: pulumi.Input[builtins.str],
|
25
|
+
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
26
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
27
|
+
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
28
|
+
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
29
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
30
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
31
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
32
|
+
external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
|
33
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
34
|
+
listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
|
35
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
36
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
37
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
38
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
39
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
40
|
+
plugin_version: Optional[pulumi.Input[builtins.str]] = None,
|
41
|
+
seal_wrap: Optional[pulumi.Input[builtins.bool]] = None):
|
41
42
|
"""
|
42
43
|
The set of arguments for constructing a Mount resource.
|
43
|
-
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
44
|
-
:param pulumi.Input[str] type: Type of the backend, such as "aws"
|
45
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
|
46
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
|
44
|
+
:param pulumi.Input[builtins.str] path: Where the secret backend will be mounted
|
45
|
+
:param pulumi.Input[builtins.str] type: Type of the backend, such as "aws"
|
46
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
|
47
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
|
47
48
|
them in the response.
|
48
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
49
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
50
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
51
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
|
49
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
50
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
51
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
52
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
|
52
53
|
backend can request delegated authentication for.
|
53
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount
|
54
|
-
:param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
55
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
|
54
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount
|
55
|
+
:param pulumi.Input[builtins.bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
56
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens. If
|
56
57
|
not provided, this will default to Vault's OIDC default key.
|
57
|
-
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
|
58
|
+
:param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific
|
58
59
|
listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
|
59
|
-
:param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
60
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
61
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
60
|
+
:param pulumi.Input[builtins.bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
61
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
62
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
62
63
|
The value should not contain leading or trailing forward slashes.
|
63
64
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
64
65
|
*Available only for Vault Enterprise*.
|
65
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
66
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
|
66
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
|
67
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to
|
67
68
|
the plugin.
|
68
|
-
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
69
|
+
:param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
69
70
|
If unspecified, the server will select any matching unversioned plugin that may have been
|
70
71
|
registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
|
71
|
-
:param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
72
|
+
:param pulumi.Input[builtins.bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
72
73
|
"""
|
73
74
|
pulumi.set(__self__, "path", path)
|
74
75
|
pulumi.set(__self__, "type", type)
|
@@ -109,43 +110,43 @@ class MountArgs:
|
|
109
110
|
|
110
111
|
@property
|
111
112
|
@pulumi.getter
|
112
|
-
def path(self) -> pulumi.Input[str]:
|
113
|
+
def path(self) -> pulumi.Input[builtins.str]:
|
113
114
|
"""
|
114
115
|
Where the secret backend will be mounted
|
115
116
|
"""
|
116
117
|
return pulumi.get(self, "path")
|
117
118
|
|
118
119
|
@path.setter
|
119
|
-
def path(self, value: pulumi.Input[str]):
|
120
|
+
def path(self, value: pulumi.Input[builtins.str]):
|
120
121
|
pulumi.set(self, "path", value)
|
121
122
|
|
122
123
|
@property
|
123
124
|
@pulumi.getter
|
124
|
-
def type(self) -> pulumi.Input[str]:
|
125
|
+
def type(self) -> pulumi.Input[builtins.str]:
|
125
126
|
"""
|
126
127
|
Type of the backend, such as "aws"
|
127
128
|
"""
|
128
129
|
return pulumi.get(self, "type")
|
129
130
|
|
130
131
|
@type.setter
|
131
|
-
def type(self, value: pulumi.Input[str]):
|
132
|
+
def type(self, value: pulumi.Input[builtins.str]):
|
132
133
|
pulumi.set(self, "type", value)
|
133
134
|
|
134
135
|
@property
|
135
136
|
@pulumi.getter(name="allowedManagedKeys")
|
136
|
-
def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
137
|
+
def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
137
138
|
"""
|
138
139
|
Set of managed key registry entry names that the mount in question is allowed to access
|
139
140
|
"""
|
140
141
|
return pulumi.get(self, "allowed_managed_keys")
|
141
142
|
|
142
143
|
@allowed_managed_keys.setter
|
143
|
-
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
144
|
+
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
144
145
|
pulumi.set(self, "allowed_managed_keys", value)
|
145
146
|
|
146
147
|
@property
|
147
148
|
@pulumi.getter(name="allowedResponseHeaders")
|
148
|
-
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
149
|
+
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
149
150
|
"""
|
150
151
|
List of headers to allow, allowing a plugin to include
|
151
152
|
them in the response.
|
@@ -153,48 +154,48 @@ class MountArgs:
|
|
153
154
|
return pulumi.get(self, "allowed_response_headers")
|
154
155
|
|
155
156
|
@allowed_response_headers.setter
|
156
|
-
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
157
|
+
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
157
158
|
pulumi.set(self, "allowed_response_headers", value)
|
158
159
|
|
159
160
|
@property
|
160
161
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
161
|
-
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
162
|
+
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
162
163
|
"""
|
163
164
|
Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
164
165
|
"""
|
165
166
|
return pulumi.get(self, "audit_non_hmac_request_keys")
|
166
167
|
|
167
168
|
@audit_non_hmac_request_keys.setter
|
168
|
-
def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
169
|
+
def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
169
170
|
pulumi.set(self, "audit_non_hmac_request_keys", value)
|
170
171
|
|
171
172
|
@property
|
172
173
|
@pulumi.getter(name="auditNonHmacResponseKeys")
|
173
|
-
def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
174
|
+
def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
174
175
|
"""
|
175
176
|
Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
176
177
|
"""
|
177
178
|
return pulumi.get(self, "audit_non_hmac_response_keys")
|
178
179
|
|
179
180
|
@audit_non_hmac_response_keys.setter
|
180
|
-
def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
181
|
+
def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
181
182
|
pulumi.set(self, "audit_non_hmac_response_keys", value)
|
182
183
|
|
183
184
|
@property
|
184
185
|
@pulumi.getter(name="defaultLeaseTtlSeconds")
|
185
|
-
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
186
|
+
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
186
187
|
"""
|
187
188
|
Default lease duration for tokens and secrets in seconds
|
188
189
|
"""
|
189
190
|
return pulumi.get(self, "default_lease_ttl_seconds")
|
190
191
|
|
191
192
|
@default_lease_ttl_seconds.setter
|
192
|
-
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
193
|
+
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
193
194
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
194
195
|
|
195
196
|
@property
|
196
197
|
@pulumi.getter(name="delegatedAuthAccessors")
|
197
|
-
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
198
|
+
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
198
199
|
"""
|
199
200
|
List of allowed authentication mount accessors the
|
200
201
|
backend can request delegated authentication for.
|
@@ -202,36 +203,36 @@ class MountArgs:
|
|
202
203
|
return pulumi.get(self, "delegated_auth_accessors")
|
203
204
|
|
204
205
|
@delegated_auth_accessors.setter
|
205
|
-
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
206
|
+
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
206
207
|
pulumi.set(self, "delegated_auth_accessors", value)
|
207
208
|
|
208
209
|
@property
|
209
210
|
@pulumi.getter
|
210
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
211
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
211
212
|
"""
|
212
213
|
Human-friendly description of the mount
|
213
214
|
"""
|
214
215
|
return pulumi.get(self, "description")
|
215
216
|
|
216
217
|
@description.setter
|
217
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
218
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
218
219
|
pulumi.set(self, "description", value)
|
219
220
|
|
220
221
|
@property
|
221
222
|
@pulumi.getter(name="externalEntropyAccess")
|
222
|
-
def external_entropy_access(self) -> Optional[pulumi.Input[bool]]:
|
223
|
+
def external_entropy_access(self) -> Optional[pulumi.Input[builtins.bool]]:
|
223
224
|
"""
|
224
225
|
Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
225
226
|
"""
|
226
227
|
return pulumi.get(self, "external_entropy_access")
|
227
228
|
|
228
229
|
@external_entropy_access.setter
|
229
|
-
def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
|
230
|
+
def external_entropy_access(self, value: Optional[pulumi.Input[builtins.bool]]):
|
230
231
|
pulumi.set(self, "external_entropy_access", value)
|
231
232
|
|
232
233
|
@property
|
233
234
|
@pulumi.getter(name="identityTokenKey")
|
234
|
-
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
235
|
+
def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
235
236
|
"""
|
236
237
|
The key to use for signing plugin workload identity tokens. If
|
237
238
|
not provided, this will default to Vault's OIDC default key.
|
@@ -239,12 +240,12 @@ class MountArgs:
|
|
239
240
|
return pulumi.get(self, "identity_token_key")
|
240
241
|
|
241
242
|
@identity_token_key.setter
|
242
|
-
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
243
|
+
def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
243
244
|
pulumi.set(self, "identity_token_key", value)
|
244
245
|
|
245
246
|
@property
|
246
247
|
@pulumi.getter(name="listingVisibility")
|
247
|
-
def listing_visibility(self) -> Optional[pulumi.Input[str]]:
|
248
|
+
def listing_visibility(self) -> Optional[pulumi.Input[builtins.str]]:
|
248
249
|
"""
|
249
250
|
Specifies whether to show this mount in the UI-specific
|
250
251
|
listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
|
@@ -252,36 +253,36 @@ class MountArgs:
|
|
252
253
|
return pulumi.get(self, "listing_visibility")
|
253
254
|
|
254
255
|
@listing_visibility.setter
|
255
|
-
def listing_visibility(self, value: Optional[pulumi.Input[str]]):
|
256
|
+
def listing_visibility(self, value: Optional[pulumi.Input[builtins.str]]):
|
256
257
|
pulumi.set(self, "listing_visibility", value)
|
257
258
|
|
258
259
|
@property
|
259
260
|
@pulumi.getter
|
260
|
-
def local(self) -> Optional[pulumi.Input[bool]]:
|
261
|
+
def local(self) -> Optional[pulumi.Input[builtins.bool]]:
|
261
262
|
"""
|
262
263
|
Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
263
264
|
"""
|
264
265
|
return pulumi.get(self, "local")
|
265
266
|
|
266
267
|
@local.setter
|
267
|
-
def local(self, value: Optional[pulumi.Input[bool]]):
|
268
|
+
def local(self, value: Optional[pulumi.Input[builtins.bool]]):
|
268
269
|
pulumi.set(self, "local", value)
|
269
270
|
|
270
271
|
@property
|
271
272
|
@pulumi.getter(name="maxLeaseTtlSeconds")
|
272
|
-
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
273
|
+
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
273
274
|
"""
|
274
275
|
Maximum possible lease duration for tokens and secrets in seconds
|
275
276
|
"""
|
276
277
|
return pulumi.get(self, "max_lease_ttl_seconds")
|
277
278
|
|
278
279
|
@max_lease_ttl_seconds.setter
|
279
|
-
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
280
|
+
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
280
281
|
pulumi.set(self, "max_lease_ttl_seconds", value)
|
281
282
|
|
282
283
|
@property
|
283
284
|
@pulumi.getter
|
284
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
285
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
285
286
|
"""
|
286
287
|
The namespace to provision the resource in.
|
287
288
|
The value should not contain leading or trailing forward slashes.
|
@@ -291,24 +292,24 @@ class MountArgs:
|
|
291
292
|
return pulumi.get(self, "namespace")
|
292
293
|
|
293
294
|
@namespace.setter
|
294
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
295
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
295
296
|
pulumi.set(self, "namespace", value)
|
296
297
|
|
297
298
|
@property
|
298
299
|
@pulumi.getter
|
299
|
-
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
300
|
+
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
300
301
|
"""
|
301
302
|
Specifies mount type specific options that are passed to the backend
|
302
303
|
"""
|
303
304
|
return pulumi.get(self, "options")
|
304
305
|
|
305
306
|
@options.setter
|
306
|
-
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
307
|
+
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
307
308
|
pulumi.set(self, "options", value)
|
308
309
|
|
309
310
|
@property
|
310
311
|
@pulumi.getter(name="passthroughRequestHeaders")
|
311
|
-
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
312
|
+
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
312
313
|
"""
|
313
314
|
List of headers to allow and pass from the request to
|
314
315
|
the plugin.
|
@@ -316,12 +317,12 @@ class MountArgs:
|
|
316
317
|
return pulumi.get(self, "passthrough_request_headers")
|
317
318
|
|
318
319
|
@passthrough_request_headers.setter
|
319
|
-
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
320
|
+
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
320
321
|
pulumi.set(self, "passthrough_request_headers", value)
|
321
322
|
|
322
323
|
@property
|
323
324
|
@pulumi.getter(name="pluginVersion")
|
324
|
-
def plugin_version(self) -> Optional[pulumi.Input[str]]:
|
325
|
+
def plugin_version(self) -> Optional[pulumi.Input[builtins.str]]:
|
325
326
|
"""
|
326
327
|
Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
327
328
|
If unspecified, the server will select any matching unversioned plugin that may have been
|
@@ -330,77 +331,77 @@ class MountArgs:
|
|
330
331
|
return pulumi.get(self, "plugin_version")
|
331
332
|
|
332
333
|
@plugin_version.setter
|
333
|
-
def plugin_version(self, value: Optional[pulumi.Input[str]]):
|
334
|
+
def plugin_version(self, value: Optional[pulumi.Input[builtins.str]]):
|
334
335
|
pulumi.set(self, "plugin_version", value)
|
335
336
|
|
336
337
|
@property
|
337
338
|
@pulumi.getter(name="sealWrap")
|
338
|
-
def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
|
339
|
+
def seal_wrap(self) -> Optional[pulumi.Input[builtins.bool]]:
|
339
340
|
"""
|
340
341
|
Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
341
342
|
"""
|
342
343
|
return pulumi.get(self, "seal_wrap")
|
343
344
|
|
344
345
|
@seal_wrap.setter
|
345
|
-
def seal_wrap(self, value: Optional[pulumi.Input[bool]]):
|
346
|
+
def seal_wrap(self, value: Optional[pulumi.Input[builtins.bool]]):
|
346
347
|
pulumi.set(self, "seal_wrap", value)
|
347
348
|
|
348
349
|
|
349
350
|
@pulumi.input_type
|
350
351
|
class _MountState:
|
351
352
|
def __init__(__self__, *,
|
352
|
-
accessor: Optional[pulumi.Input[str]] = None,
|
353
|
-
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
354
|
-
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
355
|
-
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
356
|
-
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
357
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
358
|
-
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
359
|
-
description: Optional[pulumi.Input[str]] = None,
|
360
|
-
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
361
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
362
|
-
listing_visibility: Optional[pulumi.Input[str]] = None,
|
363
|
-
local: Optional[pulumi.Input[bool]] = None,
|
364
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
365
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
366
|
-
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
367
|
-
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
368
|
-
path: Optional[pulumi.Input[str]] = None,
|
369
|
-
plugin_version: Optional[pulumi.Input[str]] = None,
|
370
|
-
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
371
|
-
type: Optional[pulumi.Input[str]] = None):
|
353
|
+
accessor: Optional[pulumi.Input[builtins.str]] = None,
|
354
|
+
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
355
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
356
|
+
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
357
|
+
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
358
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
359
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
360
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
361
|
+
external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
|
362
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
363
|
+
listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
|
364
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
365
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
366
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
367
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
368
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
369
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
370
|
+
plugin_version: Optional[pulumi.Input[builtins.str]] = None,
|
371
|
+
seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
|
372
|
+
type: Optional[pulumi.Input[builtins.str]] = None):
|
372
373
|
"""
|
373
374
|
Input properties used for looking up and filtering Mount resources.
|
374
|
-
:param pulumi.Input[str] accessor: The accessor for this mount.
|
375
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
|
376
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
|
375
|
+
:param pulumi.Input[builtins.str] accessor: The accessor for this mount.
|
376
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
|
377
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
|
377
378
|
them in the response.
|
378
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
379
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
380
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
381
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
|
379
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
380
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
381
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
382
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
|
382
383
|
backend can request delegated authentication for.
|
383
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount
|
384
|
-
:param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
385
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
|
384
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount
|
385
|
+
:param pulumi.Input[builtins.bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
386
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens. If
|
386
387
|
not provided, this will default to Vault's OIDC default key.
|
387
|
-
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
|
388
|
+
:param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific
|
388
389
|
listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
|
389
|
-
:param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
390
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
391
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
390
|
+
:param pulumi.Input[builtins.bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
391
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
392
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
392
393
|
The value should not contain leading or trailing forward slashes.
|
393
394
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
394
395
|
*Available only for Vault Enterprise*.
|
395
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
396
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
|
396
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
|
397
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to
|
397
398
|
the plugin.
|
398
|
-
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
399
|
-
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
399
|
+
:param pulumi.Input[builtins.str] path: Where the secret backend will be mounted
|
400
|
+
:param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
400
401
|
If unspecified, the server will select any matching unversioned plugin that may have been
|
401
402
|
registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
|
402
|
-
:param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
403
|
-
:param pulumi.Input[str] type: Type of the backend, such as "aws"
|
403
|
+
:param pulumi.Input[builtins.bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
404
|
+
:param pulumi.Input[builtins.str] type: Type of the backend, such as "aws"
|
404
405
|
"""
|
405
406
|
if accessor is not None:
|
406
407
|
pulumi.set(__self__, "accessor", accessor)
|
@@ -445,31 +446,31 @@ class _MountState:
|
|
445
446
|
|
446
447
|
@property
|
447
448
|
@pulumi.getter
|
448
|
-
def accessor(self) -> Optional[pulumi.Input[str]]:
|
449
|
+
def accessor(self) -> Optional[pulumi.Input[builtins.str]]:
|
449
450
|
"""
|
450
451
|
The accessor for this mount.
|
451
452
|
"""
|
452
453
|
return pulumi.get(self, "accessor")
|
453
454
|
|
454
455
|
@accessor.setter
|
455
|
-
def accessor(self, value: Optional[pulumi.Input[str]]):
|
456
|
+
def accessor(self, value: Optional[pulumi.Input[builtins.str]]):
|
456
457
|
pulumi.set(self, "accessor", value)
|
457
458
|
|
458
459
|
@property
|
459
460
|
@pulumi.getter(name="allowedManagedKeys")
|
460
|
-
def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
461
|
+
def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
461
462
|
"""
|
462
463
|
Set of managed key registry entry names that the mount in question is allowed to access
|
463
464
|
"""
|
464
465
|
return pulumi.get(self, "allowed_managed_keys")
|
465
466
|
|
466
467
|
@allowed_managed_keys.setter
|
467
|
-
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
468
|
+
def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
468
469
|
pulumi.set(self, "allowed_managed_keys", value)
|
469
470
|
|
470
471
|
@property
|
471
472
|
@pulumi.getter(name="allowedResponseHeaders")
|
472
|
-
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
473
|
+
def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
473
474
|
"""
|
474
475
|
List of headers to allow, allowing a plugin to include
|
475
476
|
them in the response.
|
@@ -477,48 +478,48 @@ class _MountState:
|
|
477
478
|
return pulumi.get(self, "allowed_response_headers")
|
478
479
|
|
479
480
|
@allowed_response_headers.setter
|
480
|
-
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
481
|
+
def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
481
482
|
pulumi.set(self, "allowed_response_headers", value)
|
482
483
|
|
483
484
|
@property
|
484
485
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
485
|
-
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
486
|
+
def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
486
487
|
"""
|
487
488
|
Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
488
489
|
"""
|
489
490
|
return pulumi.get(self, "audit_non_hmac_request_keys")
|
490
491
|
|
491
492
|
@audit_non_hmac_request_keys.setter
|
492
|
-
def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
493
|
+
def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
493
494
|
pulumi.set(self, "audit_non_hmac_request_keys", value)
|
494
495
|
|
495
496
|
@property
|
496
497
|
@pulumi.getter(name="auditNonHmacResponseKeys")
|
497
|
-
def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
498
|
+
def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
498
499
|
"""
|
499
500
|
Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
500
501
|
"""
|
501
502
|
return pulumi.get(self, "audit_non_hmac_response_keys")
|
502
503
|
|
503
504
|
@audit_non_hmac_response_keys.setter
|
504
|
-
def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
505
|
+
def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
505
506
|
pulumi.set(self, "audit_non_hmac_response_keys", value)
|
506
507
|
|
507
508
|
@property
|
508
509
|
@pulumi.getter(name="defaultLeaseTtlSeconds")
|
509
|
-
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
510
|
+
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
510
511
|
"""
|
511
512
|
Default lease duration for tokens and secrets in seconds
|
512
513
|
"""
|
513
514
|
return pulumi.get(self, "default_lease_ttl_seconds")
|
514
515
|
|
515
516
|
@default_lease_ttl_seconds.setter
|
516
|
-
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
517
|
+
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
517
518
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
518
519
|
|
519
520
|
@property
|
520
521
|
@pulumi.getter(name="delegatedAuthAccessors")
|
521
|
-
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
522
|
+
def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
522
523
|
"""
|
523
524
|
List of allowed authentication mount accessors the
|
524
525
|
backend can request delegated authentication for.
|
@@ -526,36 +527,36 @@ class _MountState:
|
|
526
527
|
return pulumi.get(self, "delegated_auth_accessors")
|
527
528
|
|
528
529
|
@delegated_auth_accessors.setter
|
529
|
-
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
530
|
+
def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
530
531
|
pulumi.set(self, "delegated_auth_accessors", value)
|
531
532
|
|
532
533
|
@property
|
533
534
|
@pulumi.getter
|
534
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
535
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
535
536
|
"""
|
536
537
|
Human-friendly description of the mount
|
537
538
|
"""
|
538
539
|
return pulumi.get(self, "description")
|
539
540
|
|
540
541
|
@description.setter
|
541
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
542
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
542
543
|
pulumi.set(self, "description", value)
|
543
544
|
|
544
545
|
@property
|
545
546
|
@pulumi.getter(name="externalEntropyAccess")
|
546
|
-
def external_entropy_access(self) -> Optional[pulumi.Input[bool]]:
|
547
|
+
def external_entropy_access(self) -> Optional[pulumi.Input[builtins.bool]]:
|
547
548
|
"""
|
548
549
|
Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
549
550
|
"""
|
550
551
|
return pulumi.get(self, "external_entropy_access")
|
551
552
|
|
552
553
|
@external_entropy_access.setter
|
553
|
-
def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
|
554
|
+
def external_entropy_access(self, value: Optional[pulumi.Input[builtins.bool]]):
|
554
555
|
pulumi.set(self, "external_entropy_access", value)
|
555
556
|
|
556
557
|
@property
|
557
558
|
@pulumi.getter(name="identityTokenKey")
|
558
|
-
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
559
|
+
def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
559
560
|
"""
|
560
561
|
The key to use for signing plugin workload identity tokens. If
|
561
562
|
not provided, this will default to Vault's OIDC default key.
|
@@ -563,12 +564,12 @@ class _MountState:
|
|
563
564
|
return pulumi.get(self, "identity_token_key")
|
564
565
|
|
565
566
|
@identity_token_key.setter
|
566
|
-
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
567
|
+
def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
567
568
|
pulumi.set(self, "identity_token_key", value)
|
568
569
|
|
569
570
|
@property
|
570
571
|
@pulumi.getter(name="listingVisibility")
|
571
|
-
def listing_visibility(self) -> Optional[pulumi.Input[str]]:
|
572
|
+
def listing_visibility(self) -> Optional[pulumi.Input[builtins.str]]:
|
572
573
|
"""
|
573
574
|
Specifies whether to show this mount in the UI-specific
|
574
575
|
listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
|
@@ -576,36 +577,36 @@ class _MountState:
|
|
576
577
|
return pulumi.get(self, "listing_visibility")
|
577
578
|
|
578
579
|
@listing_visibility.setter
|
579
|
-
def listing_visibility(self, value: Optional[pulumi.Input[str]]):
|
580
|
+
def listing_visibility(self, value: Optional[pulumi.Input[builtins.str]]):
|
580
581
|
pulumi.set(self, "listing_visibility", value)
|
581
582
|
|
582
583
|
@property
|
583
584
|
@pulumi.getter
|
584
|
-
def local(self) -> Optional[pulumi.Input[bool]]:
|
585
|
+
def local(self) -> Optional[pulumi.Input[builtins.bool]]:
|
585
586
|
"""
|
586
587
|
Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
587
588
|
"""
|
588
589
|
return pulumi.get(self, "local")
|
589
590
|
|
590
591
|
@local.setter
|
591
|
-
def local(self, value: Optional[pulumi.Input[bool]]):
|
592
|
+
def local(self, value: Optional[pulumi.Input[builtins.bool]]):
|
592
593
|
pulumi.set(self, "local", value)
|
593
594
|
|
594
595
|
@property
|
595
596
|
@pulumi.getter(name="maxLeaseTtlSeconds")
|
596
|
-
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
597
|
+
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
597
598
|
"""
|
598
599
|
Maximum possible lease duration for tokens and secrets in seconds
|
599
600
|
"""
|
600
601
|
return pulumi.get(self, "max_lease_ttl_seconds")
|
601
602
|
|
602
603
|
@max_lease_ttl_seconds.setter
|
603
|
-
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
604
|
+
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
604
605
|
pulumi.set(self, "max_lease_ttl_seconds", value)
|
605
606
|
|
606
607
|
@property
|
607
608
|
@pulumi.getter
|
608
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
609
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
609
610
|
"""
|
610
611
|
The namespace to provision the resource in.
|
611
612
|
The value should not contain leading or trailing forward slashes.
|
@@ -615,24 +616,24 @@ class _MountState:
|
|
615
616
|
return pulumi.get(self, "namespace")
|
616
617
|
|
617
618
|
@namespace.setter
|
618
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
619
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
619
620
|
pulumi.set(self, "namespace", value)
|
620
621
|
|
621
622
|
@property
|
622
623
|
@pulumi.getter
|
623
|
-
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
624
|
+
def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
624
625
|
"""
|
625
626
|
Specifies mount type specific options that are passed to the backend
|
626
627
|
"""
|
627
628
|
return pulumi.get(self, "options")
|
628
629
|
|
629
630
|
@options.setter
|
630
|
-
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
631
|
+
def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
631
632
|
pulumi.set(self, "options", value)
|
632
633
|
|
633
634
|
@property
|
634
635
|
@pulumi.getter(name="passthroughRequestHeaders")
|
635
|
-
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
636
|
+
def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
636
637
|
"""
|
637
638
|
List of headers to allow and pass from the request to
|
638
639
|
the plugin.
|
@@ -640,24 +641,24 @@ class _MountState:
|
|
640
641
|
return pulumi.get(self, "passthrough_request_headers")
|
641
642
|
|
642
643
|
@passthrough_request_headers.setter
|
643
|
-
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
644
|
+
def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
644
645
|
pulumi.set(self, "passthrough_request_headers", value)
|
645
646
|
|
646
647
|
@property
|
647
648
|
@pulumi.getter
|
648
|
-
def path(self) -> Optional[pulumi.Input[str]]:
|
649
|
+
def path(self) -> Optional[pulumi.Input[builtins.str]]:
|
649
650
|
"""
|
650
651
|
Where the secret backend will be mounted
|
651
652
|
"""
|
652
653
|
return pulumi.get(self, "path")
|
653
654
|
|
654
655
|
@path.setter
|
655
|
-
def path(self, value: Optional[pulumi.Input[str]]):
|
656
|
+
def path(self, value: Optional[pulumi.Input[builtins.str]]):
|
656
657
|
pulumi.set(self, "path", value)
|
657
658
|
|
658
659
|
@property
|
659
660
|
@pulumi.getter(name="pluginVersion")
|
660
|
-
def plugin_version(self) -> Optional[pulumi.Input[str]]:
|
661
|
+
def plugin_version(self) -> Optional[pulumi.Input[builtins.str]]:
|
661
662
|
"""
|
662
663
|
Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
663
664
|
If unspecified, the server will select any matching unversioned plugin that may have been
|
@@ -666,31 +667,31 @@ class _MountState:
|
|
666
667
|
return pulumi.get(self, "plugin_version")
|
667
668
|
|
668
669
|
@plugin_version.setter
|
669
|
-
def plugin_version(self, value: Optional[pulumi.Input[str]]):
|
670
|
+
def plugin_version(self, value: Optional[pulumi.Input[builtins.str]]):
|
670
671
|
pulumi.set(self, "plugin_version", value)
|
671
672
|
|
672
673
|
@property
|
673
674
|
@pulumi.getter(name="sealWrap")
|
674
|
-
def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
|
675
|
+
def seal_wrap(self) -> Optional[pulumi.Input[builtins.bool]]:
|
675
676
|
"""
|
676
677
|
Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
677
678
|
"""
|
678
679
|
return pulumi.get(self, "seal_wrap")
|
679
680
|
|
680
681
|
@seal_wrap.setter
|
681
|
-
def seal_wrap(self, value: Optional[pulumi.Input[bool]]):
|
682
|
+
def seal_wrap(self, value: Optional[pulumi.Input[builtins.bool]]):
|
682
683
|
pulumi.set(self, "seal_wrap", value)
|
683
684
|
|
684
685
|
@property
|
685
686
|
@pulumi.getter
|
686
|
-
def type(self) -> Optional[pulumi.Input[str]]:
|
687
|
+
def type(self) -> Optional[pulumi.Input[builtins.str]]:
|
687
688
|
"""
|
688
689
|
Type of the backend, such as "aws"
|
689
690
|
"""
|
690
691
|
return pulumi.get(self, "type")
|
691
692
|
|
692
693
|
@type.setter
|
693
|
-
def type(self, value: Optional[pulumi.Input[str]]):
|
694
|
+
def type(self, value: Optional[pulumi.Input[builtins.str]]):
|
694
695
|
pulumi.set(self, "type", value)
|
695
696
|
|
696
697
|
|
@@ -699,25 +700,25 @@ class Mount(pulumi.CustomResource):
|
|
699
700
|
def __init__(__self__,
|
700
701
|
resource_name: str,
|
701
702
|
opts: Optional[pulumi.ResourceOptions] = None,
|
702
|
-
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
703
|
-
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
704
|
-
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
705
|
-
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
706
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
707
|
-
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
708
|
-
description: Optional[pulumi.Input[str]] = None,
|
709
|
-
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
710
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
711
|
-
listing_visibility: Optional[pulumi.Input[str]] = None,
|
712
|
-
local: Optional[pulumi.Input[bool]] = None,
|
713
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
714
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
715
|
-
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
716
|
-
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
717
|
-
path: Optional[pulumi.Input[str]] = None,
|
718
|
-
plugin_version: Optional[pulumi.Input[str]] = None,
|
719
|
-
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
720
|
-
type: Optional[pulumi.Input[str]] = None,
|
703
|
+
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
704
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
705
|
+
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
706
|
+
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
707
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
708
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
709
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
710
|
+
external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
|
711
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
712
|
+
listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
|
713
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
714
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
715
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
716
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
717
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
718
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
719
|
+
plugin_version: Optional[pulumi.Input[builtins.str]] = None,
|
720
|
+
seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
|
721
|
+
type: Optional[pulumi.Input[builtins.str]] = None,
|
721
722
|
__props__=None):
|
722
723
|
"""
|
723
724
|
This resource enables a new secrets engine at the given path.
|
@@ -783,35 +784,35 @@ class Mount(pulumi.CustomResource):
|
|
783
784
|
|
784
785
|
:param str resource_name: The name of the resource.
|
785
786
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
786
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
|
787
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
|
787
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
|
788
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
|
788
789
|
them in the response.
|
789
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
790
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
791
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
792
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
|
790
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
791
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
792
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
793
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
|
793
794
|
backend can request delegated authentication for.
|
794
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount
|
795
|
-
:param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
796
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
|
795
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount
|
796
|
+
:param pulumi.Input[builtins.bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
797
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens. If
|
797
798
|
not provided, this will default to Vault's OIDC default key.
|
798
|
-
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
|
799
|
+
:param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific
|
799
800
|
listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
|
800
|
-
:param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
801
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
802
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
801
|
+
:param pulumi.Input[builtins.bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
802
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
803
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
803
804
|
The value should not contain leading or trailing forward slashes.
|
804
805
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
805
806
|
*Available only for Vault Enterprise*.
|
806
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
807
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
|
807
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
|
808
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to
|
808
809
|
the plugin.
|
809
|
-
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
810
|
-
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
810
|
+
:param pulumi.Input[builtins.str] path: Where the secret backend will be mounted
|
811
|
+
:param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
811
812
|
If unspecified, the server will select any matching unversioned plugin that may have been
|
812
813
|
registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
|
813
|
-
:param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
814
|
-
:param pulumi.Input[str] type: Type of the backend, such as "aws"
|
814
|
+
:param pulumi.Input[builtins.bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
815
|
+
:param pulumi.Input[builtins.str] type: Type of the backend, such as "aws"
|
815
816
|
"""
|
816
817
|
...
|
817
818
|
@overload
|
@@ -896,25 +897,25 @@ class Mount(pulumi.CustomResource):
|
|
896
897
|
def _internal_init(__self__,
|
897
898
|
resource_name: str,
|
898
899
|
opts: Optional[pulumi.ResourceOptions] = None,
|
899
|
-
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
900
|
-
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
901
|
-
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
902
|
-
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
903
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
904
|
-
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
905
|
-
description: Optional[pulumi.Input[str]] = None,
|
906
|
-
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
907
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
908
|
-
listing_visibility: Optional[pulumi.Input[str]] = None,
|
909
|
-
local: Optional[pulumi.Input[bool]] = None,
|
910
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
911
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
912
|
-
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
913
|
-
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
914
|
-
path: Optional[pulumi.Input[str]] = None,
|
915
|
-
plugin_version: Optional[pulumi.Input[str]] = None,
|
916
|
-
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
917
|
-
type: Optional[pulumi.Input[str]] = None,
|
900
|
+
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
901
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
902
|
+
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
903
|
+
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
904
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
905
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
906
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
907
|
+
external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
|
908
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
909
|
+
listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
|
910
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
911
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
912
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
913
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
914
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
915
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
916
|
+
plugin_version: Optional[pulumi.Input[builtins.str]] = None,
|
917
|
+
seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
|
918
|
+
type: Optional[pulumi.Input[builtins.str]] = None,
|
918
919
|
__props__=None):
|
919
920
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
920
921
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -958,26 +959,26 @@ class Mount(pulumi.CustomResource):
|
|
958
959
|
def get(resource_name: str,
|
959
960
|
id: pulumi.Input[str],
|
960
961
|
opts: Optional[pulumi.ResourceOptions] = None,
|
961
|
-
accessor: Optional[pulumi.Input[str]] = None,
|
962
|
-
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
963
|
-
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
964
|
-
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
965
|
-
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
966
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
967
|
-
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
968
|
-
description: Optional[pulumi.Input[str]] = None,
|
969
|
-
external_entropy_access: Optional[pulumi.Input[bool]] = None,
|
970
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
971
|
-
listing_visibility: Optional[pulumi.Input[str]] = None,
|
972
|
-
local: Optional[pulumi.Input[bool]] = None,
|
973
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
974
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
975
|
-
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
976
|
-
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
977
|
-
path: Optional[pulumi.Input[str]] = None,
|
978
|
-
plugin_version: Optional[pulumi.Input[str]] = None,
|
979
|
-
seal_wrap: Optional[pulumi.Input[bool]] = None,
|
980
|
-
type: Optional[pulumi.Input[str]] = None) -> 'Mount':
|
962
|
+
accessor: Optional[pulumi.Input[builtins.str]] = None,
|
963
|
+
allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
964
|
+
allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
965
|
+
audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
966
|
+
audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
967
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
968
|
+
delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
969
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
970
|
+
external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
|
971
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
972
|
+
listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
|
973
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
974
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
975
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
976
|
+
options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
977
|
+
passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
978
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
979
|
+
plugin_version: Optional[pulumi.Input[builtins.str]] = None,
|
980
|
+
seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
|
981
|
+
type: Optional[pulumi.Input[builtins.str]] = None) -> 'Mount':
|
981
982
|
"""
|
982
983
|
Get an existing Mount resource's state with the given name, id, and optional extra
|
983
984
|
properties used to qualify the lookup.
|
@@ -985,36 +986,36 @@ class Mount(pulumi.CustomResource):
|
|
985
986
|
:param str resource_name: The unique name of the resulting resource.
|
986
987
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
987
988
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
988
|
-
:param pulumi.Input[str] accessor: The accessor for this mount.
|
989
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
|
990
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
|
989
|
+
:param pulumi.Input[builtins.str] accessor: The accessor for this mount.
|
990
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
|
991
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
|
991
992
|
them in the response.
|
992
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
993
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
994
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
995
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
|
993
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
994
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
995
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
|
996
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
|
996
997
|
backend can request delegated authentication for.
|
997
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount
|
998
|
-
:param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
999
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
|
998
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount
|
999
|
+
:param pulumi.Input[builtins.bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
1000
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens. If
|
1000
1001
|
not provided, this will default to Vault's OIDC default key.
|
1001
|
-
:param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
|
1002
|
+
:param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific
|
1002
1003
|
listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
|
1003
|
-
:param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
1004
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
1005
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1004
|
+
:param pulumi.Input[builtins.bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
1005
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
|
1006
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1006
1007
|
The value should not contain leading or trailing forward slashes.
|
1007
1008
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1008
1009
|
*Available only for Vault Enterprise*.
|
1009
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
|
1010
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
|
1010
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
|
1011
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to
|
1011
1012
|
the plugin.
|
1012
|
-
:param pulumi.Input[str] path: Where the secret backend will be mounted
|
1013
|
-
:param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
1013
|
+
:param pulumi.Input[builtins.str] path: Where the secret backend will be mounted
|
1014
|
+
:param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
1014
1015
|
If unspecified, the server will select any matching unversioned plugin that may have been
|
1015
1016
|
registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
|
1016
|
-
:param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
1017
|
-
:param pulumi.Input[str] type: Type of the backend, such as "aws"
|
1017
|
+
:param pulumi.Input[builtins.bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
1018
|
+
:param pulumi.Input[builtins.str] type: Type of the backend, such as "aws"
|
1018
1019
|
"""
|
1019
1020
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
1020
1021
|
|
@@ -1044,7 +1045,7 @@ class Mount(pulumi.CustomResource):
|
|
1044
1045
|
|
1045
1046
|
@property
|
1046
1047
|
@pulumi.getter
|
1047
|
-
def accessor(self) -> pulumi.Output[str]:
|
1048
|
+
def accessor(self) -> pulumi.Output[builtins.str]:
|
1048
1049
|
"""
|
1049
1050
|
The accessor for this mount.
|
1050
1051
|
"""
|
@@ -1052,7 +1053,7 @@ class Mount(pulumi.CustomResource):
|
|
1052
1053
|
|
1053
1054
|
@property
|
1054
1055
|
@pulumi.getter(name="allowedManagedKeys")
|
1055
|
-
def allowed_managed_keys(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1056
|
+
def allowed_managed_keys(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1056
1057
|
"""
|
1057
1058
|
Set of managed key registry entry names that the mount in question is allowed to access
|
1058
1059
|
"""
|
@@ -1060,7 +1061,7 @@ class Mount(pulumi.CustomResource):
|
|
1060
1061
|
|
1061
1062
|
@property
|
1062
1063
|
@pulumi.getter(name="allowedResponseHeaders")
|
1063
|
-
def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1064
|
+
def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1064
1065
|
"""
|
1065
1066
|
List of headers to allow, allowing a plugin to include
|
1066
1067
|
them in the response.
|
@@ -1069,7 +1070,7 @@ class Mount(pulumi.CustomResource):
|
|
1069
1070
|
|
1070
1071
|
@property
|
1071
1072
|
@pulumi.getter(name="auditNonHmacRequestKeys")
|
1072
|
-
def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[str]]:
|
1073
|
+
def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[builtins.str]]:
|
1073
1074
|
"""
|
1074
1075
|
Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
|
1075
1076
|
"""
|
@@ -1077,7 +1078,7 @@ class Mount(pulumi.CustomResource):
|
|
1077
1078
|
|
1078
1079
|
@property
|
1079
1080
|
@pulumi.getter(name="auditNonHmacResponseKeys")
|
1080
|
-
def audit_non_hmac_response_keys(self) -> pulumi.Output[Sequence[str]]:
|
1081
|
+
def audit_non_hmac_response_keys(self) -> pulumi.Output[Sequence[builtins.str]]:
|
1081
1082
|
"""
|
1082
1083
|
Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
|
1083
1084
|
"""
|
@@ -1085,7 +1086,7 @@ class Mount(pulumi.CustomResource):
|
|
1085
1086
|
|
1086
1087
|
@property
|
1087
1088
|
@pulumi.getter(name="defaultLeaseTtlSeconds")
|
1088
|
-
def default_lease_ttl_seconds(self) -> pulumi.Output[int]:
|
1089
|
+
def default_lease_ttl_seconds(self) -> pulumi.Output[builtins.int]:
|
1089
1090
|
"""
|
1090
1091
|
Default lease duration for tokens and secrets in seconds
|
1091
1092
|
"""
|
@@ -1093,7 +1094,7 @@ class Mount(pulumi.CustomResource):
|
|
1093
1094
|
|
1094
1095
|
@property
|
1095
1096
|
@pulumi.getter(name="delegatedAuthAccessors")
|
1096
|
-
def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1097
|
+
def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1097
1098
|
"""
|
1098
1099
|
List of allowed authentication mount accessors the
|
1099
1100
|
backend can request delegated authentication for.
|
@@ -1102,7 +1103,7 @@ class Mount(pulumi.CustomResource):
|
|
1102
1103
|
|
1103
1104
|
@property
|
1104
1105
|
@pulumi.getter
|
1105
|
-
def description(self) -> pulumi.Output[Optional[str]]:
|
1106
|
+
def description(self) -> pulumi.Output[Optional[builtins.str]]:
|
1106
1107
|
"""
|
1107
1108
|
Human-friendly description of the mount
|
1108
1109
|
"""
|
@@ -1110,7 +1111,7 @@ class Mount(pulumi.CustomResource):
|
|
1110
1111
|
|
1111
1112
|
@property
|
1112
1113
|
@pulumi.getter(name="externalEntropyAccess")
|
1113
|
-
def external_entropy_access(self) -> pulumi.Output[Optional[bool]]:
|
1114
|
+
def external_entropy_access(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1114
1115
|
"""
|
1115
1116
|
Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
|
1116
1117
|
"""
|
@@ -1118,7 +1119,7 @@ class Mount(pulumi.CustomResource):
|
|
1118
1119
|
|
1119
1120
|
@property
|
1120
1121
|
@pulumi.getter(name="identityTokenKey")
|
1121
|
-
def identity_token_key(self) -> pulumi.Output[Optional[str]]:
|
1122
|
+
def identity_token_key(self) -> pulumi.Output[Optional[builtins.str]]:
|
1122
1123
|
"""
|
1123
1124
|
The key to use for signing plugin workload identity tokens. If
|
1124
1125
|
not provided, this will default to Vault's OIDC default key.
|
@@ -1127,7 +1128,7 @@ class Mount(pulumi.CustomResource):
|
|
1127
1128
|
|
1128
1129
|
@property
|
1129
1130
|
@pulumi.getter(name="listingVisibility")
|
1130
|
-
def listing_visibility(self) -> pulumi.Output[Optional[str]]:
|
1131
|
+
def listing_visibility(self) -> pulumi.Output[Optional[builtins.str]]:
|
1131
1132
|
"""
|
1132
1133
|
Specifies whether to show this mount in the UI-specific
|
1133
1134
|
listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
|
@@ -1136,7 +1137,7 @@ class Mount(pulumi.CustomResource):
|
|
1136
1137
|
|
1137
1138
|
@property
|
1138
1139
|
@pulumi.getter
|
1139
|
-
def local(self) -> pulumi.Output[Optional[bool]]:
|
1140
|
+
def local(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1140
1141
|
"""
|
1141
1142
|
Boolean flag that can be explicitly set to true to enforce local mount in HA environment
|
1142
1143
|
"""
|
@@ -1144,7 +1145,7 @@ class Mount(pulumi.CustomResource):
|
|
1144
1145
|
|
1145
1146
|
@property
|
1146
1147
|
@pulumi.getter(name="maxLeaseTtlSeconds")
|
1147
|
-
def max_lease_ttl_seconds(self) -> pulumi.Output[int]:
|
1148
|
+
def max_lease_ttl_seconds(self) -> pulumi.Output[builtins.int]:
|
1148
1149
|
"""
|
1149
1150
|
Maximum possible lease duration for tokens and secrets in seconds
|
1150
1151
|
"""
|
@@ -1152,7 +1153,7 @@ class Mount(pulumi.CustomResource):
|
|
1152
1153
|
|
1153
1154
|
@property
|
1154
1155
|
@pulumi.getter
|
1155
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
1156
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
1156
1157
|
"""
|
1157
1158
|
The namespace to provision the resource in.
|
1158
1159
|
The value should not contain leading or trailing forward slashes.
|
@@ -1163,7 +1164,7 @@ class Mount(pulumi.CustomResource):
|
|
1163
1164
|
|
1164
1165
|
@property
|
1165
1166
|
@pulumi.getter
|
1166
|
-
def options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
1167
|
+
def options(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
|
1167
1168
|
"""
|
1168
1169
|
Specifies mount type specific options that are passed to the backend
|
1169
1170
|
"""
|
@@ -1171,7 +1172,7 @@ class Mount(pulumi.CustomResource):
|
|
1171
1172
|
|
1172
1173
|
@property
|
1173
1174
|
@pulumi.getter(name="passthroughRequestHeaders")
|
1174
|
-
def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1175
|
+
def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1175
1176
|
"""
|
1176
1177
|
List of headers to allow and pass from the request to
|
1177
1178
|
the plugin.
|
@@ -1180,7 +1181,7 @@ class Mount(pulumi.CustomResource):
|
|
1180
1181
|
|
1181
1182
|
@property
|
1182
1183
|
@pulumi.getter
|
1183
|
-
def path(self) -> pulumi.Output[str]:
|
1184
|
+
def path(self) -> pulumi.Output[builtins.str]:
|
1184
1185
|
"""
|
1185
1186
|
Where the secret backend will be mounted
|
1186
1187
|
"""
|
@@ -1188,7 +1189,7 @@ class Mount(pulumi.CustomResource):
|
|
1188
1189
|
|
1189
1190
|
@property
|
1190
1191
|
@pulumi.getter(name="pluginVersion")
|
1191
|
-
def plugin_version(self) -> pulumi.Output[Optional[str]]:
|
1192
|
+
def plugin_version(self) -> pulumi.Output[Optional[builtins.str]]:
|
1192
1193
|
"""
|
1193
1194
|
Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
|
1194
1195
|
If unspecified, the server will select any matching unversioned plugin that may have been
|
@@ -1198,7 +1199,7 @@ class Mount(pulumi.CustomResource):
|
|
1198
1199
|
|
1199
1200
|
@property
|
1200
1201
|
@pulumi.getter(name="sealWrap")
|
1201
|
-
def seal_wrap(self) -> pulumi.Output[bool]:
|
1202
|
+
def seal_wrap(self) -> pulumi.Output[builtins.bool]:
|
1202
1203
|
"""
|
1203
1204
|
Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
|
1204
1205
|
"""
|
@@ -1206,7 +1207,7 @@ class Mount(pulumi.CustomResource):
|
|
1206
1207
|
|
1207
1208
|
@property
|
1208
1209
|
@pulumi.getter
|
1209
|
-
def type(self) -> pulumi.Output[str]:
|
1210
|
+
def type(self) -> pulumi.Output[builtins.str]:
|
1210
1211
|
"""
|
1211
1212
|
Type of the backend, such as "aws"
|
1212
1213
|
"""
|