pulumi-vault 6.7.0a1743576047__py3-none-any.whl → 6.7.0a1744267302__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1 -0
- pulumi_vault/_inputs.py +554 -553
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +253 -252
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +337 -336
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +113 -112
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +183 -182
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +239 -238
- pulumi_vault/azure/backend_role.py +141 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +2525 -2524
- pulumi_vault/database/outputs.py +1529 -1528
- pulumi_vault/database/secret_backend_connection.py +169 -168
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +179 -178
- pulumi_vault/database/secrets_mount.py +267 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +260 -259
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +232 -231
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +8 -7
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +588 -587
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +554 -553
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +56 -55
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +1 -0
- pulumi_vault/pkisecret/_inputs.py +31 -30
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +141 -140
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -27
- pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +715 -714
- pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
- pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +93 -92
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +1 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +54 -53
- pulumi_vault/transit/get_verify.py +60 -59
- pulumi_vault/transit/secret_backend_key.py +274 -273
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/METADATA +1 -1
- pulumi_vault-6.7.0a1744267302.dist-info/RECORD +265 -0
- pulumi_vault-6.7.0a1743576047.dist-info/RECORD +0 -265
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/WHEEL +0 -0
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -21,29 +22,29 @@ __all__ = ['BackendConfigEstArgs', 'BackendConfigEst']
|
|
21
22
|
@pulumi.input_type
|
22
23
|
class BackendConfigEstArgs:
|
23
24
|
def __init__(__self__, *,
|
24
|
-
backend: pulumi.Input[str],
|
25
|
-
audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
25
|
+
backend: pulumi.Input[builtins.str],
|
26
|
+
audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
26
27
|
authenticators: Optional[pulumi.Input['BackendConfigEstAuthenticatorsArgs']] = None,
|
27
|
-
default_mount: Optional[pulumi.Input[bool]] = None,
|
28
|
-
default_path_policy: Optional[pulumi.Input[str]] = None,
|
29
|
-
enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
|
30
|
-
enabled: Optional[pulumi.Input[bool]] = None,
|
31
|
-
label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
32
|
-
namespace: Optional[pulumi.Input[str]] = None):
|
28
|
+
default_mount: Optional[pulumi.Input[builtins.bool]] = None,
|
29
|
+
default_path_policy: Optional[pulumi.Input[builtins.str]] = None,
|
30
|
+
enable_sentinel_parsing: Optional[pulumi.Input[builtins.bool]] = None,
|
31
|
+
enabled: Optional[pulumi.Input[builtins.bool]] = None,
|
32
|
+
label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
33
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None):
|
33
34
|
"""
|
34
35
|
The set of arguments for constructing a BackendConfigEst resource.
|
35
|
-
:param pulumi.Input[str] backend: The path to the PKI secret backend to
|
36
|
+
:param pulumi.Input[builtins.str] backend: The path to the PKI secret backend to
|
36
37
|
read the EST configuration from, with no leading or trailing `/`s.
|
37
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
38
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
38
39
|
|
39
40
|
<a id="nestedatt--authenticators"></a>
|
40
41
|
:param pulumi.Input['BackendConfigEstAuthenticatorsArgs'] authenticators: Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
|
41
|
-
:param pulumi.Input[bool] default_mount: If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
|
42
|
-
:param pulumi.Input[str] default_path_policy: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
|
43
|
-
:param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
44
|
-
:param pulumi.Input[bool] enabled: Specifies whether EST is enabled.
|
45
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
|
46
|
-
:param pulumi.Input[str] namespace: The namespace of the target resource.
|
42
|
+
:param pulumi.Input[builtins.bool] default_mount: If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
|
43
|
+
:param pulumi.Input[builtins.str] default_path_policy: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
|
44
|
+
:param pulumi.Input[builtins.bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
45
|
+
:param pulumi.Input[builtins.bool] enabled: Specifies whether EST is enabled.
|
46
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
|
47
|
+
:param pulumi.Input[builtins.str] namespace: The namespace of the target resource.
|
47
48
|
The value should not contain leading or trailing forward slashes.
|
48
49
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
49
50
|
*Available only for Vault Enterprise*.
|
@@ -68,7 +69,7 @@ class BackendConfigEstArgs:
|
|
68
69
|
|
69
70
|
@property
|
70
71
|
@pulumi.getter
|
71
|
-
def backend(self) -> pulumi.Input[str]:
|
72
|
+
def backend(self) -> pulumi.Input[builtins.str]:
|
72
73
|
"""
|
73
74
|
The path to the PKI secret backend to
|
74
75
|
read the EST configuration from, with no leading or trailing `/`s.
|
@@ -76,12 +77,12 @@ class BackendConfigEstArgs:
|
|
76
77
|
return pulumi.get(self, "backend")
|
77
78
|
|
78
79
|
@backend.setter
|
79
|
-
def backend(self, value: pulumi.Input[str]):
|
80
|
+
def backend(self, value: pulumi.Input[builtins.str]):
|
80
81
|
pulumi.set(self, "backend", value)
|
81
82
|
|
82
83
|
@property
|
83
84
|
@pulumi.getter(name="auditFields")
|
84
|
-
def audit_fields(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
85
|
+
def audit_fields(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
85
86
|
"""
|
86
87
|
Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
87
88
|
|
@@ -90,7 +91,7 @@ class BackendConfigEstArgs:
|
|
90
91
|
return pulumi.get(self, "audit_fields")
|
91
92
|
|
92
93
|
@audit_fields.setter
|
93
|
-
def audit_fields(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
94
|
+
def audit_fields(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
94
95
|
pulumi.set(self, "audit_fields", value)
|
95
96
|
|
96
97
|
@property
|
@@ -107,67 +108,67 @@ class BackendConfigEstArgs:
|
|
107
108
|
|
108
109
|
@property
|
109
110
|
@pulumi.getter(name="defaultMount")
|
110
|
-
def default_mount(self) -> Optional[pulumi.Input[bool]]:
|
111
|
+
def default_mount(self) -> Optional[pulumi.Input[builtins.bool]]:
|
111
112
|
"""
|
112
113
|
If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
|
113
114
|
"""
|
114
115
|
return pulumi.get(self, "default_mount")
|
115
116
|
|
116
117
|
@default_mount.setter
|
117
|
-
def default_mount(self, value: Optional[pulumi.Input[bool]]):
|
118
|
+
def default_mount(self, value: Optional[pulumi.Input[builtins.bool]]):
|
118
119
|
pulumi.set(self, "default_mount", value)
|
119
120
|
|
120
121
|
@property
|
121
122
|
@pulumi.getter(name="defaultPathPolicy")
|
122
|
-
def default_path_policy(self) -> Optional[pulumi.Input[str]]:
|
123
|
+
def default_path_policy(self) -> Optional[pulumi.Input[builtins.str]]:
|
123
124
|
"""
|
124
125
|
Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
|
125
126
|
"""
|
126
127
|
return pulumi.get(self, "default_path_policy")
|
127
128
|
|
128
129
|
@default_path_policy.setter
|
129
|
-
def default_path_policy(self, value: Optional[pulumi.Input[str]]):
|
130
|
+
def default_path_policy(self, value: Optional[pulumi.Input[builtins.str]]):
|
130
131
|
pulumi.set(self, "default_path_policy", value)
|
131
132
|
|
132
133
|
@property
|
133
134
|
@pulumi.getter(name="enableSentinelParsing")
|
134
|
-
def enable_sentinel_parsing(self) -> Optional[pulumi.Input[bool]]:
|
135
|
+
def enable_sentinel_parsing(self) -> Optional[pulumi.Input[builtins.bool]]:
|
135
136
|
"""
|
136
137
|
If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
137
138
|
"""
|
138
139
|
return pulumi.get(self, "enable_sentinel_parsing")
|
139
140
|
|
140
141
|
@enable_sentinel_parsing.setter
|
141
|
-
def enable_sentinel_parsing(self, value: Optional[pulumi.Input[bool]]):
|
142
|
+
def enable_sentinel_parsing(self, value: Optional[pulumi.Input[builtins.bool]]):
|
142
143
|
pulumi.set(self, "enable_sentinel_parsing", value)
|
143
144
|
|
144
145
|
@property
|
145
146
|
@pulumi.getter
|
146
|
-
def enabled(self) -> Optional[pulumi.Input[bool]]:
|
147
|
+
def enabled(self) -> Optional[pulumi.Input[builtins.bool]]:
|
147
148
|
"""
|
148
149
|
Specifies whether EST is enabled.
|
149
150
|
"""
|
150
151
|
return pulumi.get(self, "enabled")
|
151
152
|
|
152
153
|
@enabled.setter
|
153
|
-
def enabled(self, value: Optional[pulumi.Input[bool]]):
|
154
|
+
def enabled(self, value: Optional[pulumi.Input[builtins.bool]]):
|
154
155
|
pulumi.set(self, "enabled", value)
|
155
156
|
|
156
157
|
@property
|
157
158
|
@pulumi.getter(name="labelToPathPolicy")
|
158
|
-
def label_to_path_policy(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
159
|
+
def label_to_path_policy(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
159
160
|
"""
|
160
161
|
Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
|
161
162
|
"""
|
162
163
|
return pulumi.get(self, "label_to_path_policy")
|
163
164
|
|
164
165
|
@label_to_path_policy.setter
|
165
|
-
def label_to_path_policy(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
166
|
+
def label_to_path_policy(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
166
167
|
pulumi.set(self, "label_to_path_policy", value)
|
167
168
|
|
168
169
|
@property
|
169
170
|
@pulumi.getter
|
170
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
171
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
171
172
|
"""
|
172
173
|
The namespace of the target resource.
|
173
174
|
The value should not contain leading or trailing forward slashes.
|
@@ -177,38 +178,38 @@ class BackendConfigEstArgs:
|
|
177
178
|
return pulumi.get(self, "namespace")
|
178
179
|
|
179
180
|
@namespace.setter
|
180
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
181
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
181
182
|
pulumi.set(self, "namespace", value)
|
182
183
|
|
183
184
|
|
184
185
|
@pulumi.input_type
|
185
186
|
class _BackendConfigEstState:
|
186
187
|
def __init__(__self__, *,
|
187
|
-
audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
188
|
+
audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
188
189
|
authenticators: Optional[pulumi.Input['BackendConfigEstAuthenticatorsArgs']] = None,
|
189
|
-
backend: Optional[pulumi.Input[str]] = None,
|
190
|
-
default_mount: Optional[pulumi.Input[bool]] = None,
|
191
|
-
default_path_policy: Optional[pulumi.Input[str]] = None,
|
192
|
-
enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
|
193
|
-
enabled: Optional[pulumi.Input[bool]] = None,
|
194
|
-
label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
195
|
-
last_updated: Optional[pulumi.Input[str]] = None,
|
196
|
-
namespace: Optional[pulumi.Input[str]] = None):
|
190
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
191
|
+
default_mount: Optional[pulumi.Input[builtins.bool]] = None,
|
192
|
+
default_path_policy: Optional[pulumi.Input[builtins.str]] = None,
|
193
|
+
enable_sentinel_parsing: Optional[pulumi.Input[builtins.bool]] = None,
|
194
|
+
enabled: Optional[pulumi.Input[builtins.bool]] = None,
|
195
|
+
label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
196
|
+
last_updated: Optional[pulumi.Input[builtins.str]] = None,
|
197
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None):
|
197
198
|
"""
|
198
199
|
Input properties used for looking up and filtering BackendConfigEst resources.
|
199
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
200
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
200
201
|
|
201
202
|
<a id="nestedatt--authenticators"></a>
|
202
203
|
:param pulumi.Input['BackendConfigEstAuthenticatorsArgs'] authenticators: Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
|
203
|
-
:param pulumi.Input[str] backend: The path to the PKI secret backend to
|
204
|
+
:param pulumi.Input[builtins.str] backend: The path to the PKI secret backend to
|
204
205
|
read the EST configuration from, with no leading or trailing `/`s.
|
205
|
-
:param pulumi.Input[bool] default_mount: If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
|
206
|
-
:param pulumi.Input[str] default_path_policy: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
|
207
|
-
:param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
208
|
-
:param pulumi.Input[bool] enabled: Specifies whether EST is enabled.
|
209
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
|
210
|
-
:param pulumi.Input[str] last_updated: A read-only timestamp representing the last time the configuration was updated.
|
211
|
-
:param pulumi.Input[str] namespace: The namespace of the target resource.
|
206
|
+
:param pulumi.Input[builtins.bool] default_mount: If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
|
207
|
+
:param pulumi.Input[builtins.str] default_path_policy: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
|
208
|
+
:param pulumi.Input[builtins.bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
209
|
+
:param pulumi.Input[builtins.bool] enabled: Specifies whether EST is enabled.
|
210
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
|
211
|
+
:param pulumi.Input[builtins.str] last_updated: A read-only timestamp representing the last time the configuration was updated.
|
212
|
+
:param pulumi.Input[builtins.str] namespace: The namespace of the target resource.
|
212
213
|
The value should not contain leading or trailing forward slashes.
|
213
214
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
214
215
|
*Available only for Vault Enterprise*.
|
@@ -236,7 +237,7 @@ class _BackendConfigEstState:
|
|
236
237
|
|
237
238
|
@property
|
238
239
|
@pulumi.getter(name="auditFields")
|
239
|
-
def audit_fields(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
240
|
+
def audit_fields(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
240
241
|
"""
|
241
242
|
Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
242
243
|
|
@@ -245,7 +246,7 @@ class _BackendConfigEstState:
|
|
245
246
|
return pulumi.get(self, "audit_fields")
|
246
247
|
|
247
248
|
@audit_fields.setter
|
248
|
-
def audit_fields(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
249
|
+
def audit_fields(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
249
250
|
pulumi.set(self, "audit_fields", value)
|
250
251
|
|
251
252
|
@property
|
@@ -262,7 +263,7 @@ class _BackendConfigEstState:
|
|
262
263
|
|
263
264
|
@property
|
264
265
|
@pulumi.getter
|
265
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
266
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
266
267
|
"""
|
267
268
|
The path to the PKI secret backend to
|
268
269
|
read the EST configuration from, with no leading or trailing `/`s.
|
@@ -270,84 +271,84 @@ class _BackendConfigEstState:
|
|
270
271
|
return pulumi.get(self, "backend")
|
271
272
|
|
272
273
|
@backend.setter
|
273
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
274
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
274
275
|
pulumi.set(self, "backend", value)
|
275
276
|
|
276
277
|
@property
|
277
278
|
@pulumi.getter(name="defaultMount")
|
278
|
-
def default_mount(self) -> Optional[pulumi.Input[bool]]:
|
279
|
+
def default_mount(self) -> Optional[pulumi.Input[builtins.bool]]:
|
279
280
|
"""
|
280
281
|
If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
|
281
282
|
"""
|
282
283
|
return pulumi.get(self, "default_mount")
|
283
284
|
|
284
285
|
@default_mount.setter
|
285
|
-
def default_mount(self, value: Optional[pulumi.Input[bool]]):
|
286
|
+
def default_mount(self, value: Optional[pulumi.Input[builtins.bool]]):
|
286
287
|
pulumi.set(self, "default_mount", value)
|
287
288
|
|
288
289
|
@property
|
289
290
|
@pulumi.getter(name="defaultPathPolicy")
|
290
|
-
def default_path_policy(self) -> Optional[pulumi.Input[str]]:
|
291
|
+
def default_path_policy(self) -> Optional[pulumi.Input[builtins.str]]:
|
291
292
|
"""
|
292
293
|
Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
|
293
294
|
"""
|
294
295
|
return pulumi.get(self, "default_path_policy")
|
295
296
|
|
296
297
|
@default_path_policy.setter
|
297
|
-
def default_path_policy(self, value: Optional[pulumi.Input[str]]):
|
298
|
+
def default_path_policy(self, value: Optional[pulumi.Input[builtins.str]]):
|
298
299
|
pulumi.set(self, "default_path_policy", value)
|
299
300
|
|
300
301
|
@property
|
301
302
|
@pulumi.getter(name="enableSentinelParsing")
|
302
|
-
def enable_sentinel_parsing(self) -> Optional[pulumi.Input[bool]]:
|
303
|
+
def enable_sentinel_parsing(self) -> Optional[pulumi.Input[builtins.bool]]:
|
303
304
|
"""
|
304
305
|
If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
305
306
|
"""
|
306
307
|
return pulumi.get(self, "enable_sentinel_parsing")
|
307
308
|
|
308
309
|
@enable_sentinel_parsing.setter
|
309
|
-
def enable_sentinel_parsing(self, value: Optional[pulumi.Input[bool]]):
|
310
|
+
def enable_sentinel_parsing(self, value: Optional[pulumi.Input[builtins.bool]]):
|
310
311
|
pulumi.set(self, "enable_sentinel_parsing", value)
|
311
312
|
|
312
313
|
@property
|
313
314
|
@pulumi.getter
|
314
|
-
def enabled(self) -> Optional[pulumi.Input[bool]]:
|
315
|
+
def enabled(self) -> Optional[pulumi.Input[builtins.bool]]:
|
315
316
|
"""
|
316
317
|
Specifies whether EST is enabled.
|
317
318
|
"""
|
318
319
|
return pulumi.get(self, "enabled")
|
319
320
|
|
320
321
|
@enabled.setter
|
321
|
-
def enabled(self, value: Optional[pulumi.Input[bool]]):
|
322
|
+
def enabled(self, value: Optional[pulumi.Input[builtins.bool]]):
|
322
323
|
pulumi.set(self, "enabled", value)
|
323
324
|
|
324
325
|
@property
|
325
326
|
@pulumi.getter(name="labelToPathPolicy")
|
326
|
-
def label_to_path_policy(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
327
|
+
def label_to_path_policy(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
327
328
|
"""
|
328
329
|
Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
|
329
330
|
"""
|
330
331
|
return pulumi.get(self, "label_to_path_policy")
|
331
332
|
|
332
333
|
@label_to_path_policy.setter
|
333
|
-
def label_to_path_policy(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
334
|
+
def label_to_path_policy(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
334
335
|
pulumi.set(self, "label_to_path_policy", value)
|
335
336
|
|
336
337
|
@property
|
337
338
|
@pulumi.getter(name="lastUpdated")
|
338
|
-
def last_updated(self) -> Optional[pulumi.Input[str]]:
|
339
|
+
def last_updated(self) -> Optional[pulumi.Input[builtins.str]]:
|
339
340
|
"""
|
340
341
|
A read-only timestamp representing the last time the configuration was updated.
|
341
342
|
"""
|
342
343
|
return pulumi.get(self, "last_updated")
|
343
344
|
|
344
345
|
@last_updated.setter
|
345
|
-
def last_updated(self, value: Optional[pulumi.Input[str]]):
|
346
|
+
def last_updated(self, value: Optional[pulumi.Input[builtins.str]]):
|
346
347
|
pulumi.set(self, "last_updated", value)
|
347
348
|
|
348
349
|
@property
|
349
350
|
@pulumi.getter
|
350
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
351
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
351
352
|
"""
|
352
353
|
The namespace of the target resource.
|
353
354
|
The value should not contain leading or trailing forward slashes.
|
@@ -357,7 +358,7 @@ class _BackendConfigEstState:
|
|
357
358
|
return pulumi.get(self, "namespace")
|
358
359
|
|
359
360
|
@namespace.setter
|
360
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
361
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
361
362
|
pulumi.set(self, "namespace", value)
|
362
363
|
|
363
364
|
|
@@ -366,15 +367,15 @@ class BackendConfigEst(pulumi.CustomResource):
|
|
366
367
|
def __init__(__self__,
|
367
368
|
resource_name: str,
|
368
369
|
opts: Optional[pulumi.ResourceOptions] = None,
|
369
|
-
audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
370
|
+
audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
370
371
|
authenticators: Optional[pulumi.Input[Union['BackendConfigEstAuthenticatorsArgs', 'BackendConfigEstAuthenticatorsArgsDict']]] = None,
|
371
|
-
backend: Optional[pulumi.Input[str]] = None,
|
372
|
-
default_mount: Optional[pulumi.Input[bool]] = None,
|
373
|
-
default_path_policy: Optional[pulumi.Input[str]] = None,
|
374
|
-
enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
|
375
|
-
enabled: Optional[pulumi.Input[bool]] = None,
|
376
|
-
label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
377
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
372
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
373
|
+
default_mount: Optional[pulumi.Input[builtins.bool]] = None,
|
374
|
+
default_path_policy: Optional[pulumi.Input[builtins.str]] = None,
|
375
|
+
enable_sentinel_parsing: Optional[pulumi.Input[builtins.bool]] = None,
|
376
|
+
enabled: Optional[pulumi.Input[builtins.bool]] = None,
|
377
|
+
label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
378
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
378
379
|
__props__=None):
|
379
380
|
"""
|
380
381
|
Allows setting the EST configuration on a PKI Secret Backend
|
@@ -391,18 +392,18 @@ class BackendConfigEst(pulumi.CustomResource):
|
|
391
392
|
|
392
393
|
:param str resource_name: The name of the resource.
|
393
394
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
394
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
395
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
395
396
|
|
396
397
|
<a id="nestedatt--authenticators"></a>
|
397
398
|
:param pulumi.Input[Union['BackendConfigEstAuthenticatorsArgs', 'BackendConfigEstAuthenticatorsArgsDict']] authenticators: Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
|
398
|
-
:param pulumi.Input[str] backend: The path to the PKI secret backend to
|
399
|
+
:param pulumi.Input[builtins.str] backend: The path to the PKI secret backend to
|
399
400
|
read the EST configuration from, with no leading or trailing `/`s.
|
400
|
-
:param pulumi.Input[bool] default_mount: If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
|
401
|
-
:param pulumi.Input[str] default_path_policy: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
|
402
|
-
:param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
403
|
-
:param pulumi.Input[bool] enabled: Specifies whether EST is enabled.
|
404
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
|
405
|
-
:param pulumi.Input[str] namespace: The namespace of the target resource.
|
401
|
+
:param pulumi.Input[builtins.bool] default_mount: If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
|
402
|
+
:param pulumi.Input[builtins.str] default_path_policy: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
|
403
|
+
:param pulumi.Input[builtins.bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
404
|
+
:param pulumi.Input[builtins.bool] enabled: Specifies whether EST is enabled.
|
405
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
|
406
|
+
:param pulumi.Input[builtins.str] namespace: The namespace of the target resource.
|
406
407
|
The value should not contain leading or trailing forward slashes.
|
407
408
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
408
409
|
*Available only for Vault Enterprise*.
|
@@ -441,15 +442,15 @@ class BackendConfigEst(pulumi.CustomResource):
|
|
441
442
|
def _internal_init(__self__,
|
442
443
|
resource_name: str,
|
443
444
|
opts: Optional[pulumi.ResourceOptions] = None,
|
444
|
-
audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
445
|
+
audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
445
446
|
authenticators: Optional[pulumi.Input[Union['BackendConfigEstAuthenticatorsArgs', 'BackendConfigEstAuthenticatorsArgsDict']]] = None,
|
446
|
-
backend: Optional[pulumi.Input[str]] = None,
|
447
|
-
default_mount: Optional[pulumi.Input[bool]] = None,
|
448
|
-
default_path_policy: Optional[pulumi.Input[str]] = None,
|
449
|
-
enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
|
450
|
-
enabled: Optional[pulumi.Input[bool]] = None,
|
451
|
-
label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
452
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
447
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
448
|
+
default_mount: Optional[pulumi.Input[builtins.bool]] = None,
|
449
|
+
default_path_policy: Optional[pulumi.Input[builtins.str]] = None,
|
450
|
+
enable_sentinel_parsing: Optional[pulumi.Input[builtins.bool]] = None,
|
451
|
+
enabled: Optional[pulumi.Input[builtins.bool]] = None,
|
452
|
+
label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
453
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
453
454
|
__props__=None):
|
454
455
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
455
456
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -481,16 +482,16 @@ class BackendConfigEst(pulumi.CustomResource):
|
|
481
482
|
def get(resource_name: str,
|
482
483
|
id: pulumi.Input[str],
|
483
484
|
opts: Optional[pulumi.ResourceOptions] = None,
|
484
|
-
audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
485
|
+
audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
485
486
|
authenticators: Optional[pulumi.Input[Union['BackendConfigEstAuthenticatorsArgs', 'BackendConfigEstAuthenticatorsArgsDict']]] = None,
|
486
|
-
backend: Optional[pulumi.Input[str]] = None,
|
487
|
-
default_mount: Optional[pulumi.Input[bool]] = None,
|
488
|
-
default_path_policy: Optional[pulumi.Input[str]] = None,
|
489
|
-
enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
|
490
|
-
enabled: Optional[pulumi.Input[bool]] = None,
|
491
|
-
label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
492
|
-
last_updated: Optional[pulumi.Input[str]] = None,
|
493
|
-
namespace: Optional[pulumi.Input[str]] = None) -> 'BackendConfigEst':
|
487
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
488
|
+
default_mount: Optional[pulumi.Input[builtins.bool]] = None,
|
489
|
+
default_path_policy: Optional[pulumi.Input[builtins.str]] = None,
|
490
|
+
enable_sentinel_parsing: Optional[pulumi.Input[builtins.bool]] = None,
|
491
|
+
enabled: Optional[pulumi.Input[builtins.bool]] = None,
|
492
|
+
label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
493
|
+
last_updated: Optional[pulumi.Input[builtins.str]] = None,
|
494
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None) -> 'BackendConfigEst':
|
494
495
|
"""
|
495
496
|
Get an existing BackendConfigEst resource's state with the given name, id, and optional extra
|
496
497
|
properties used to qualify the lookup.
|
@@ -498,19 +499,19 @@ class BackendConfigEst(pulumi.CustomResource):
|
|
498
499
|
:param str resource_name: The unique name of the resulting resource.
|
499
500
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
500
501
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
501
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
502
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
502
503
|
|
503
504
|
<a id="nestedatt--authenticators"></a>
|
504
505
|
:param pulumi.Input[Union['BackendConfigEstAuthenticatorsArgs', 'BackendConfigEstAuthenticatorsArgsDict']] authenticators: Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
|
505
|
-
:param pulumi.Input[str] backend: The path to the PKI secret backend to
|
506
|
+
:param pulumi.Input[builtins.str] backend: The path to the PKI secret backend to
|
506
507
|
read the EST configuration from, with no leading or trailing `/`s.
|
507
|
-
:param pulumi.Input[bool] default_mount: If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
|
508
|
-
:param pulumi.Input[str] default_path_policy: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
|
509
|
-
:param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
510
|
-
:param pulumi.Input[bool] enabled: Specifies whether EST is enabled.
|
511
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
|
512
|
-
:param pulumi.Input[str] last_updated: A read-only timestamp representing the last time the configuration was updated.
|
513
|
-
:param pulumi.Input[str] namespace: The namespace of the target resource.
|
508
|
+
:param pulumi.Input[builtins.bool] default_mount: If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
|
509
|
+
:param pulumi.Input[builtins.str] default_path_policy: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
|
510
|
+
:param pulumi.Input[builtins.bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
511
|
+
:param pulumi.Input[builtins.bool] enabled: Specifies whether EST is enabled.
|
512
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
|
513
|
+
:param pulumi.Input[builtins.str] last_updated: A read-only timestamp representing the last time the configuration was updated.
|
514
|
+
:param pulumi.Input[builtins.str] namespace: The namespace of the target resource.
|
514
515
|
The value should not contain leading or trailing forward slashes.
|
515
516
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
516
517
|
*Available only for Vault Enterprise*.
|
@@ -533,7 +534,7 @@ class BackendConfigEst(pulumi.CustomResource):
|
|
533
534
|
|
534
535
|
@property
|
535
536
|
@pulumi.getter(name="auditFields")
|
536
|
-
def audit_fields(self) -> pulumi.Output[Sequence[str]]:
|
537
|
+
def audit_fields(self) -> pulumi.Output[Sequence[builtins.str]]:
|
537
538
|
"""
|
538
539
|
Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
|
539
540
|
|
@@ -551,7 +552,7 @@ class BackendConfigEst(pulumi.CustomResource):
|
|
551
552
|
|
552
553
|
@property
|
553
554
|
@pulumi.getter
|
554
|
-
def backend(self) -> pulumi.Output[str]:
|
555
|
+
def backend(self) -> pulumi.Output[builtins.str]:
|
555
556
|
"""
|
556
557
|
The path to the PKI secret backend to
|
557
558
|
read the EST configuration from, with no leading or trailing `/`s.
|
@@ -560,7 +561,7 @@ class BackendConfigEst(pulumi.CustomResource):
|
|
560
561
|
|
561
562
|
@property
|
562
563
|
@pulumi.getter(name="defaultMount")
|
563
|
-
def default_mount(self) -> pulumi.Output[Optional[bool]]:
|
564
|
+
def default_mount(self) -> pulumi.Output[Optional[builtins.bool]]:
|
564
565
|
"""
|
565
566
|
If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.
|
566
567
|
"""
|
@@ -568,7 +569,7 @@ class BackendConfigEst(pulumi.CustomResource):
|
|
568
569
|
|
569
570
|
@property
|
570
571
|
@pulumi.getter(name="defaultPathPolicy")
|
571
|
-
def default_path_policy(self) -> pulumi.Output[Optional[str]]:
|
572
|
+
def default_path_policy(self) -> pulumi.Output[Optional[builtins.str]]:
|
572
573
|
"""
|
573
574
|
Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
|
574
575
|
"""
|
@@ -576,7 +577,7 @@ class BackendConfigEst(pulumi.CustomResource):
|
|
576
577
|
|
577
578
|
@property
|
578
579
|
@pulumi.getter(name="enableSentinelParsing")
|
579
|
-
def enable_sentinel_parsing(self) -> pulumi.Output[Optional[bool]]:
|
580
|
+
def enable_sentinel_parsing(self) -> pulumi.Output[Optional[builtins.bool]]:
|
580
581
|
"""
|
581
582
|
If set, parse out fields from the provided CSR making them available for Sentinel policies.
|
582
583
|
"""
|
@@ -584,7 +585,7 @@ class BackendConfigEst(pulumi.CustomResource):
|
|
584
585
|
|
585
586
|
@property
|
586
587
|
@pulumi.getter
|
587
|
-
def enabled(self) -> pulumi.Output[Optional[bool]]:
|
588
|
+
def enabled(self) -> pulumi.Output[Optional[builtins.bool]]:
|
588
589
|
"""
|
589
590
|
Specifies whether EST is enabled.
|
590
591
|
"""
|
@@ -592,7 +593,7 @@ class BackendConfigEst(pulumi.CustomResource):
|
|
592
593
|
|
593
594
|
@property
|
594
595
|
@pulumi.getter(name="labelToPathPolicy")
|
595
|
-
def label_to_path_policy(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
596
|
+
def label_to_path_policy(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
|
596
597
|
"""
|
597
598
|
Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
|
598
599
|
"""
|
@@ -600,7 +601,7 @@ class BackendConfigEst(pulumi.CustomResource):
|
|
600
601
|
|
601
602
|
@property
|
602
603
|
@pulumi.getter(name="lastUpdated")
|
603
|
-
def last_updated(self) -> pulumi.Output[str]:
|
604
|
+
def last_updated(self) -> pulumi.Output[builtins.str]:
|
604
605
|
"""
|
605
606
|
A read-only timestamp representing the last time the configuration was updated.
|
606
607
|
"""
|
@@ -608,7 +609,7 @@ class BackendConfigEst(pulumi.CustomResource):
|
|
608
609
|
|
609
610
|
@property
|
610
611
|
@pulumi.getter
|
611
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
612
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
612
613
|
"""
|
613
614
|
The namespace of the target resource.
|
614
615
|
The value should not contain leading or trailing forward slashes.
|