pulumi-vault 6.7.0a1743576047__py3-none-any.whl → 6.7.0a1744267302__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1 -0
- pulumi_vault/_inputs.py +554 -553
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +253 -252
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +337 -336
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +113 -112
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +183 -182
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +239 -238
- pulumi_vault/azure/backend_role.py +141 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +2525 -2524
- pulumi_vault/database/outputs.py +1529 -1528
- pulumi_vault/database/secret_backend_connection.py +169 -168
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +179 -178
- pulumi_vault/database/secrets_mount.py +267 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +260 -259
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +232 -231
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +8 -7
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +588 -587
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +554 -553
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +56 -55
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +1 -0
- pulumi_vault/pkisecret/_inputs.py +31 -30
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +141 -140
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -27
- pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +715 -714
- pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
- pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +93 -92
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +1 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +54 -53
- pulumi_vault/transit/get_verify.py +60 -59
- pulumi_vault/transit/secret_backend_key.py +274 -273
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/METADATA +1 -1
- pulumi_vault-6.7.0a1744267302.dist-info/RECORD +265 -0
- pulumi_vault-6.7.0a1743576047.dist-info/RECORD +0 -265
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/WHEEL +0 -0
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,64 +20,64 @@ __all__ = ['AuthBackendClientArgs', 'AuthBackendClient']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class AuthBackendClientArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
access_key: Optional[pulumi.Input[str]] = None,
|
23
|
-
backend: Optional[pulumi.Input[str]] = None,
|
24
|
-
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
25
|
-
ec2_endpoint: Optional[pulumi.Input[str]] = None,
|
26
|
-
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
27
|
-
iam_server_id_header_value: Optional[pulumi.Input[str]] = None,
|
28
|
-
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
29
|
-
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
30
|
-
max_retries: Optional[pulumi.Input[int]] = None,
|
31
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
32
|
-
role_arn: Optional[pulumi.Input[str]] = None,
|
33
|
-
rotation_period: Optional[pulumi.Input[int]] = None,
|
34
|
-
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
35
|
-
rotation_window: Optional[pulumi.Input[int]] = None,
|
36
|
-
secret_key: Optional[pulumi.Input[str]] = None,
|
37
|
-
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
38
|
-
sts_region: Optional[pulumi.Input[str]] = None,
|
39
|
-
use_sts_region_from_client: Optional[pulumi.Input[bool]] = None):
|
23
|
+
access_key: Optional[pulumi.Input[builtins.str]] = None,
|
24
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
25
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
26
|
+
ec2_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
27
|
+
iam_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
28
|
+
iam_server_id_header_value: Optional[pulumi.Input[builtins.str]] = None,
|
29
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
30
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
31
|
+
max_retries: Optional[pulumi.Input[builtins.int]] = None,
|
32
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
33
|
+
role_arn: Optional[pulumi.Input[builtins.str]] = None,
|
34
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
35
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
36
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
37
|
+
secret_key: Optional[pulumi.Input[builtins.str]] = None,
|
38
|
+
sts_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
39
|
+
sts_region: Optional[pulumi.Input[builtins.str]] = None,
|
40
|
+
use_sts_region_from_client: Optional[pulumi.Input[builtins.bool]] = None):
|
40
41
|
"""
|
41
42
|
The set of arguments for constructing a AuthBackendClient resource.
|
42
|
-
:param pulumi.Input[str] access_key: The AWS access key that Vault should use for the
|
43
|
+
:param pulumi.Input[builtins.str] access_key: The AWS access key that Vault should use for the
|
43
44
|
auth backend. Mutually exclusive with `identity_token_audience`.
|
44
|
-
:param pulumi.Input[str] backend: The path the AWS auth backend being configured was
|
45
|
+
:param pulumi.Input[builtins.str] backend: The path the AWS auth backend being configured was
|
45
46
|
mounted at. Defaults to `aws`.
|
46
|
-
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
47
|
-
:param pulumi.Input[str] ec2_endpoint: Override the URL Vault uses when making EC2 API
|
47
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
48
|
+
:param pulumi.Input[builtins.str] ec2_endpoint: Override the URL Vault uses when making EC2 API
|
48
49
|
calls.
|
49
|
-
:param pulumi.Input[str] iam_endpoint: Override the URL Vault uses when making IAM API
|
50
|
+
:param pulumi.Input[builtins.str] iam_endpoint: Override the URL Vault uses when making IAM API
|
50
51
|
calls.
|
51
|
-
:param pulumi.Input[str] iam_server_id_header_value: The value to require in the
|
52
|
+
:param pulumi.Input[builtins.str] iam_server_id_header_value: The value to require in the
|
52
53
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
53
54
|
that are used in the IAM auth method.
|
54
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
55
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
55
56
|
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
56
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
57
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
57
58
|
*Available only for Vault Enterprise*
|
58
|
-
:param pulumi.Input[int] max_retries: Number of max retries the client should use for recoverable errors.
|
59
|
+
:param pulumi.Input[builtins.int] max_retries: Number of max retries the client should use for recoverable errors.
|
59
60
|
The default `-1` falls back to the AWS SDK's default behavior.
|
60
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
61
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
61
62
|
The value should not contain leading or trailing forward slashes.
|
62
63
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
63
64
|
*Available only for Vault Enterprise*.
|
64
|
-
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
65
|
+
:param pulumi.Input[builtins.str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
65
66
|
*Available only for Vault Enterprise*
|
66
|
-
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
67
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
67
68
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
68
|
-
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
69
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
69
70
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
70
|
-
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
71
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
71
72
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
72
73
|
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
73
|
-
:param pulumi.Input[str] secret_key: The AWS secret key that Vault should use for the
|
74
|
+
:param pulumi.Input[builtins.str] secret_key: The AWS secret key that Vault should use for the
|
74
75
|
auth backend.
|
75
|
-
:param pulumi.Input[str] sts_endpoint: Override the URL Vault uses when making STS API
|
76
|
+
:param pulumi.Input[builtins.str] sts_endpoint: Override the URL Vault uses when making STS API
|
76
77
|
calls.
|
77
|
-
:param pulumi.Input[str] sts_region: Override the default region when making STS API
|
78
|
+
:param pulumi.Input[builtins.str] sts_region: Override the default region when making STS API
|
78
79
|
calls. The `sts_endpoint` argument must be set when using `sts_region`.
|
79
|
-
:param pulumi.Input[bool] use_sts_region_from_client: Available in Vault v1.15+. If set,
|
80
|
+
:param pulumi.Input[builtins.bool] use_sts_region_from_client: Available in Vault v1.15+. If set,
|
80
81
|
overrides both `sts_endpoint` and `sts_region` to instead use the region
|
81
82
|
specified in the client request headers for IAM-based authentication.
|
82
83
|
This can be useful when you have client requests coming from different
|
@@ -121,7 +122,7 @@ class AuthBackendClientArgs:
|
|
121
122
|
|
122
123
|
@property
|
123
124
|
@pulumi.getter(name="accessKey")
|
124
|
-
def access_key(self) -> Optional[pulumi.Input[str]]:
|
125
|
+
def access_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
125
126
|
"""
|
126
127
|
The AWS access key that Vault should use for the
|
127
128
|
auth backend. Mutually exclusive with `identity_token_audience`.
|
@@ -129,12 +130,12 @@ class AuthBackendClientArgs:
|
|
129
130
|
return pulumi.get(self, "access_key")
|
130
131
|
|
131
132
|
@access_key.setter
|
132
|
-
def access_key(self, value: Optional[pulumi.Input[str]]):
|
133
|
+
def access_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
133
134
|
pulumi.set(self, "access_key", value)
|
134
135
|
|
135
136
|
@property
|
136
137
|
@pulumi.getter
|
137
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
138
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
138
139
|
"""
|
139
140
|
The path the AWS auth backend being configured was
|
140
141
|
mounted at. Defaults to `aws`.
|
@@ -142,24 +143,24 @@ class AuthBackendClientArgs:
|
|
142
143
|
return pulumi.get(self, "backend")
|
143
144
|
|
144
145
|
@backend.setter
|
145
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
146
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
146
147
|
pulumi.set(self, "backend", value)
|
147
148
|
|
148
149
|
@property
|
149
150
|
@pulumi.getter(name="disableAutomatedRotation")
|
150
|
-
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
151
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
151
152
|
"""
|
152
153
|
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
153
154
|
"""
|
154
155
|
return pulumi.get(self, "disable_automated_rotation")
|
155
156
|
|
156
157
|
@disable_automated_rotation.setter
|
157
|
-
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
158
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
158
159
|
pulumi.set(self, "disable_automated_rotation", value)
|
159
160
|
|
160
161
|
@property
|
161
162
|
@pulumi.getter(name="ec2Endpoint")
|
162
|
-
def ec2_endpoint(self) -> Optional[pulumi.Input[str]]:
|
163
|
+
def ec2_endpoint(self) -> Optional[pulumi.Input[builtins.str]]:
|
163
164
|
"""
|
164
165
|
Override the URL Vault uses when making EC2 API
|
165
166
|
calls.
|
@@ -167,12 +168,12 @@ class AuthBackendClientArgs:
|
|
167
168
|
return pulumi.get(self, "ec2_endpoint")
|
168
169
|
|
169
170
|
@ec2_endpoint.setter
|
170
|
-
def ec2_endpoint(self, value: Optional[pulumi.Input[str]]):
|
171
|
+
def ec2_endpoint(self, value: Optional[pulumi.Input[builtins.str]]):
|
171
172
|
pulumi.set(self, "ec2_endpoint", value)
|
172
173
|
|
173
174
|
@property
|
174
175
|
@pulumi.getter(name="iamEndpoint")
|
175
|
-
def iam_endpoint(self) -> Optional[pulumi.Input[str]]:
|
176
|
+
def iam_endpoint(self) -> Optional[pulumi.Input[builtins.str]]:
|
176
177
|
"""
|
177
178
|
Override the URL Vault uses when making IAM API
|
178
179
|
calls.
|
@@ -180,12 +181,12 @@ class AuthBackendClientArgs:
|
|
180
181
|
return pulumi.get(self, "iam_endpoint")
|
181
182
|
|
182
183
|
@iam_endpoint.setter
|
183
|
-
def iam_endpoint(self, value: Optional[pulumi.Input[str]]):
|
184
|
+
def iam_endpoint(self, value: Optional[pulumi.Input[builtins.str]]):
|
184
185
|
pulumi.set(self, "iam_endpoint", value)
|
185
186
|
|
186
187
|
@property
|
187
188
|
@pulumi.getter(name="iamServerIdHeaderValue")
|
188
|
-
def iam_server_id_header_value(self) -> Optional[pulumi.Input[str]]:
|
189
|
+
def iam_server_id_header_value(self) -> Optional[pulumi.Input[builtins.str]]:
|
189
190
|
"""
|
190
191
|
The value to require in the
|
191
192
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
@@ -194,12 +195,12 @@ class AuthBackendClientArgs:
|
|
194
195
|
return pulumi.get(self, "iam_server_id_header_value")
|
195
196
|
|
196
197
|
@iam_server_id_header_value.setter
|
197
|
-
def iam_server_id_header_value(self, value: Optional[pulumi.Input[str]]):
|
198
|
+
def iam_server_id_header_value(self, value: Optional[pulumi.Input[builtins.str]]):
|
198
199
|
pulumi.set(self, "iam_server_id_header_value", value)
|
199
200
|
|
200
201
|
@property
|
201
202
|
@pulumi.getter(name="identityTokenAudience")
|
202
|
-
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
203
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
|
203
204
|
"""
|
204
205
|
The audience claim value. Mutually exclusive with `access_key`.
|
205
206
|
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
@@ -207,12 +208,12 @@ class AuthBackendClientArgs:
|
|
207
208
|
return pulumi.get(self, "identity_token_audience")
|
208
209
|
|
209
210
|
@identity_token_audience.setter
|
210
|
-
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
211
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
|
211
212
|
pulumi.set(self, "identity_token_audience", value)
|
212
213
|
|
213
214
|
@property
|
214
215
|
@pulumi.getter(name="identityTokenTtl")
|
215
|
-
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
216
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
216
217
|
"""
|
217
218
|
The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
218
219
|
*Available only for Vault Enterprise*
|
@@ -220,12 +221,12 @@ class AuthBackendClientArgs:
|
|
220
221
|
return pulumi.get(self, "identity_token_ttl")
|
221
222
|
|
222
223
|
@identity_token_ttl.setter
|
223
|
-
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
224
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
224
225
|
pulumi.set(self, "identity_token_ttl", value)
|
225
226
|
|
226
227
|
@property
|
227
228
|
@pulumi.getter(name="maxRetries")
|
228
|
-
def max_retries(self) -> Optional[pulumi.Input[int]]:
|
229
|
+
def max_retries(self) -> Optional[pulumi.Input[builtins.int]]:
|
229
230
|
"""
|
230
231
|
Number of max retries the client should use for recoverable errors.
|
231
232
|
The default `-1` falls back to the AWS SDK's default behavior.
|
@@ -233,12 +234,12 @@ class AuthBackendClientArgs:
|
|
233
234
|
return pulumi.get(self, "max_retries")
|
234
235
|
|
235
236
|
@max_retries.setter
|
236
|
-
def max_retries(self, value: Optional[pulumi.Input[int]]):
|
237
|
+
def max_retries(self, value: Optional[pulumi.Input[builtins.int]]):
|
237
238
|
pulumi.set(self, "max_retries", value)
|
238
239
|
|
239
240
|
@property
|
240
241
|
@pulumi.getter
|
241
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
242
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
242
243
|
"""
|
243
244
|
The namespace to provision the resource in.
|
244
245
|
The value should not contain leading or trailing forward slashes.
|
@@ -248,12 +249,12 @@ class AuthBackendClientArgs:
|
|
248
249
|
return pulumi.get(self, "namespace")
|
249
250
|
|
250
251
|
@namespace.setter
|
251
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
252
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
252
253
|
pulumi.set(self, "namespace", value)
|
253
254
|
|
254
255
|
@property
|
255
256
|
@pulumi.getter(name="roleArn")
|
256
|
-
def role_arn(self) -> Optional[pulumi.Input[str]]:
|
257
|
+
def role_arn(self) -> Optional[pulumi.Input[builtins.str]]:
|
257
258
|
"""
|
258
259
|
Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
259
260
|
*Available only for Vault Enterprise*
|
@@ -261,12 +262,12 @@ class AuthBackendClientArgs:
|
|
261
262
|
return pulumi.get(self, "role_arn")
|
262
263
|
|
263
264
|
@role_arn.setter
|
264
|
-
def role_arn(self, value: Optional[pulumi.Input[str]]):
|
265
|
+
def role_arn(self, value: Optional[pulumi.Input[builtins.str]]):
|
265
266
|
pulumi.set(self, "role_arn", value)
|
266
267
|
|
267
268
|
@property
|
268
269
|
@pulumi.getter(name="rotationPeriod")
|
269
|
-
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
270
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
270
271
|
"""
|
271
272
|
The amount of time in seconds Vault should wait before rotating the root credential.
|
272
273
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
@@ -274,12 +275,12 @@ class AuthBackendClientArgs:
|
|
274
275
|
return pulumi.get(self, "rotation_period")
|
275
276
|
|
276
277
|
@rotation_period.setter
|
277
|
-
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
278
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
278
279
|
pulumi.set(self, "rotation_period", value)
|
279
280
|
|
280
281
|
@property
|
281
282
|
@pulumi.getter(name="rotationSchedule")
|
282
|
-
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
283
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
283
284
|
"""
|
284
285
|
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
285
286
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
@@ -287,12 +288,12 @@ class AuthBackendClientArgs:
|
|
287
288
|
return pulumi.get(self, "rotation_schedule")
|
288
289
|
|
289
290
|
@rotation_schedule.setter
|
290
|
-
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
291
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
291
292
|
pulumi.set(self, "rotation_schedule", value)
|
292
293
|
|
293
294
|
@property
|
294
295
|
@pulumi.getter(name="rotationWindow")
|
295
|
-
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
296
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
296
297
|
"""
|
297
298
|
The maximum amount of time in seconds allowed to complete
|
298
299
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
@@ -301,12 +302,12 @@ class AuthBackendClientArgs:
|
|
301
302
|
return pulumi.get(self, "rotation_window")
|
302
303
|
|
303
304
|
@rotation_window.setter
|
304
|
-
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
305
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
305
306
|
pulumi.set(self, "rotation_window", value)
|
306
307
|
|
307
308
|
@property
|
308
309
|
@pulumi.getter(name="secretKey")
|
309
|
-
def secret_key(self) -> Optional[pulumi.Input[str]]:
|
310
|
+
def secret_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
310
311
|
"""
|
311
312
|
The AWS secret key that Vault should use for the
|
312
313
|
auth backend.
|
@@ -314,12 +315,12 @@ class AuthBackendClientArgs:
|
|
314
315
|
return pulumi.get(self, "secret_key")
|
315
316
|
|
316
317
|
@secret_key.setter
|
317
|
-
def secret_key(self, value: Optional[pulumi.Input[str]]):
|
318
|
+
def secret_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
318
319
|
pulumi.set(self, "secret_key", value)
|
319
320
|
|
320
321
|
@property
|
321
322
|
@pulumi.getter(name="stsEndpoint")
|
322
|
-
def sts_endpoint(self) -> Optional[pulumi.Input[str]]:
|
323
|
+
def sts_endpoint(self) -> Optional[pulumi.Input[builtins.str]]:
|
323
324
|
"""
|
324
325
|
Override the URL Vault uses when making STS API
|
325
326
|
calls.
|
@@ -327,12 +328,12 @@ class AuthBackendClientArgs:
|
|
327
328
|
return pulumi.get(self, "sts_endpoint")
|
328
329
|
|
329
330
|
@sts_endpoint.setter
|
330
|
-
def sts_endpoint(self, value: Optional[pulumi.Input[str]]):
|
331
|
+
def sts_endpoint(self, value: Optional[pulumi.Input[builtins.str]]):
|
331
332
|
pulumi.set(self, "sts_endpoint", value)
|
332
333
|
|
333
334
|
@property
|
334
335
|
@pulumi.getter(name="stsRegion")
|
335
|
-
def sts_region(self) -> Optional[pulumi.Input[str]]:
|
336
|
+
def sts_region(self) -> Optional[pulumi.Input[builtins.str]]:
|
336
337
|
"""
|
337
338
|
Override the default region when making STS API
|
338
339
|
calls. The `sts_endpoint` argument must be set when using `sts_region`.
|
@@ -340,12 +341,12 @@ class AuthBackendClientArgs:
|
|
340
341
|
return pulumi.get(self, "sts_region")
|
341
342
|
|
342
343
|
@sts_region.setter
|
343
|
-
def sts_region(self, value: Optional[pulumi.Input[str]]):
|
344
|
+
def sts_region(self, value: Optional[pulumi.Input[builtins.str]]):
|
344
345
|
pulumi.set(self, "sts_region", value)
|
345
346
|
|
346
347
|
@property
|
347
348
|
@pulumi.getter(name="useStsRegionFromClient")
|
348
|
-
def use_sts_region_from_client(self) -> Optional[pulumi.Input[bool]]:
|
349
|
+
def use_sts_region_from_client(self) -> Optional[pulumi.Input[builtins.bool]]:
|
349
350
|
"""
|
350
351
|
Available in Vault v1.15+. If set,
|
351
352
|
overrides both `sts_endpoint` and `sts_region` to instead use the region
|
@@ -356,71 +357,71 @@ class AuthBackendClientArgs:
|
|
356
357
|
return pulumi.get(self, "use_sts_region_from_client")
|
357
358
|
|
358
359
|
@use_sts_region_from_client.setter
|
359
|
-
def use_sts_region_from_client(self, value: Optional[pulumi.Input[bool]]):
|
360
|
+
def use_sts_region_from_client(self, value: Optional[pulumi.Input[builtins.bool]]):
|
360
361
|
pulumi.set(self, "use_sts_region_from_client", value)
|
361
362
|
|
362
363
|
|
363
364
|
@pulumi.input_type
|
364
365
|
class _AuthBackendClientState:
|
365
366
|
def __init__(__self__, *,
|
366
|
-
access_key: Optional[pulumi.Input[str]] = None,
|
367
|
-
backend: Optional[pulumi.Input[str]] = None,
|
368
|
-
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
369
|
-
ec2_endpoint: Optional[pulumi.Input[str]] = None,
|
370
|
-
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
371
|
-
iam_server_id_header_value: Optional[pulumi.Input[str]] = None,
|
372
|
-
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
373
|
-
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
374
|
-
max_retries: Optional[pulumi.Input[int]] = None,
|
375
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
376
|
-
role_arn: Optional[pulumi.Input[str]] = None,
|
377
|
-
rotation_period: Optional[pulumi.Input[int]] = None,
|
378
|
-
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
379
|
-
rotation_window: Optional[pulumi.Input[int]] = None,
|
380
|
-
secret_key: Optional[pulumi.Input[str]] = None,
|
381
|
-
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
382
|
-
sts_region: Optional[pulumi.Input[str]] = None,
|
383
|
-
use_sts_region_from_client: Optional[pulumi.Input[bool]] = None):
|
367
|
+
access_key: Optional[pulumi.Input[builtins.str]] = None,
|
368
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
369
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
370
|
+
ec2_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
371
|
+
iam_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
372
|
+
iam_server_id_header_value: Optional[pulumi.Input[builtins.str]] = None,
|
373
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
374
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
375
|
+
max_retries: Optional[pulumi.Input[builtins.int]] = None,
|
376
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
377
|
+
role_arn: Optional[pulumi.Input[builtins.str]] = None,
|
378
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
379
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
380
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
381
|
+
secret_key: Optional[pulumi.Input[builtins.str]] = None,
|
382
|
+
sts_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
383
|
+
sts_region: Optional[pulumi.Input[builtins.str]] = None,
|
384
|
+
use_sts_region_from_client: Optional[pulumi.Input[builtins.bool]] = None):
|
384
385
|
"""
|
385
386
|
Input properties used for looking up and filtering AuthBackendClient resources.
|
386
|
-
:param pulumi.Input[str] access_key: The AWS access key that Vault should use for the
|
387
|
+
:param pulumi.Input[builtins.str] access_key: The AWS access key that Vault should use for the
|
387
388
|
auth backend. Mutually exclusive with `identity_token_audience`.
|
388
|
-
:param pulumi.Input[str] backend: The path the AWS auth backend being configured was
|
389
|
+
:param pulumi.Input[builtins.str] backend: The path the AWS auth backend being configured was
|
389
390
|
mounted at. Defaults to `aws`.
|
390
|
-
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
391
|
-
:param pulumi.Input[str] ec2_endpoint: Override the URL Vault uses when making EC2 API
|
391
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
392
|
+
:param pulumi.Input[builtins.str] ec2_endpoint: Override the URL Vault uses when making EC2 API
|
392
393
|
calls.
|
393
|
-
:param pulumi.Input[str] iam_endpoint: Override the URL Vault uses when making IAM API
|
394
|
+
:param pulumi.Input[builtins.str] iam_endpoint: Override the URL Vault uses when making IAM API
|
394
395
|
calls.
|
395
|
-
:param pulumi.Input[str] iam_server_id_header_value: The value to require in the
|
396
|
+
:param pulumi.Input[builtins.str] iam_server_id_header_value: The value to require in the
|
396
397
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
397
398
|
that are used in the IAM auth method.
|
398
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
399
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
399
400
|
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
400
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
401
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
401
402
|
*Available only for Vault Enterprise*
|
402
|
-
:param pulumi.Input[int] max_retries: Number of max retries the client should use for recoverable errors.
|
403
|
+
:param pulumi.Input[builtins.int] max_retries: Number of max retries the client should use for recoverable errors.
|
403
404
|
The default `-1` falls back to the AWS SDK's default behavior.
|
404
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
405
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
405
406
|
The value should not contain leading or trailing forward slashes.
|
406
407
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
407
408
|
*Available only for Vault Enterprise*.
|
408
|
-
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
409
|
+
:param pulumi.Input[builtins.str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
409
410
|
*Available only for Vault Enterprise*
|
410
|
-
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
411
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
411
412
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
412
|
-
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
413
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
413
414
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
414
|
-
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
415
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
415
416
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
416
417
|
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
417
|
-
:param pulumi.Input[str] secret_key: The AWS secret key that Vault should use for the
|
418
|
+
:param pulumi.Input[builtins.str] secret_key: The AWS secret key that Vault should use for the
|
418
419
|
auth backend.
|
419
|
-
:param pulumi.Input[str] sts_endpoint: Override the URL Vault uses when making STS API
|
420
|
+
:param pulumi.Input[builtins.str] sts_endpoint: Override the URL Vault uses when making STS API
|
420
421
|
calls.
|
421
|
-
:param pulumi.Input[str] sts_region: Override the default region when making STS API
|
422
|
+
:param pulumi.Input[builtins.str] sts_region: Override the default region when making STS API
|
422
423
|
calls. The `sts_endpoint` argument must be set when using `sts_region`.
|
423
|
-
:param pulumi.Input[bool] use_sts_region_from_client: Available in Vault v1.15+. If set,
|
424
|
+
:param pulumi.Input[builtins.bool] use_sts_region_from_client: Available in Vault v1.15+. If set,
|
424
425
|
overrides both `sts_endpoint` and `sts_region` to instead use the region
|
425
426
|
specified in the client request headers for IAM-based authentication.
|
426
427
|
This can be useful when you have client requests coming from different
|
@@ -465,7 +466,7 @@ class _AuthBackendClientState:
|
|
465
466
|
|
466
467
|
@property
|
467
468
|
@pulumi.getter(name="accessKey")
|
468
|
-
def access_key(self) -> Optional[pulumi.Input[str]]:
|
469
|
+
def access_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
469
470
|
"""
|
470
471
|
The AWS access key that Vault should use for the
|
471
472
|
auth backend. Mutually exclusive with `identity_token_audience`.
|
@@ -473,12 +474,12 @@ class _AuthBackendClientState:
|
|
473
474
|
return pulumi.get(self, "access_key")
|
474
475
|
|
475
476
|
@access_key.setter
|
476
|
-
def access_key(self, value: Optional[pulumi.Input[str]]):
|
477
|
+
def access_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
477
478
|
pulumi.set(self, "access_key", value)
|
478
479
|
|
479
480
|
@property
|
480
481
|
@pulumi.getter
|
481
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
482
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
482
483
|
"""
|
483
484
|
The path the AWS auth backend being configured was
|
484
485
|
mounted at. Defaults to `aws`.
|
@@ -486,24 +487,24 @@ class _AuthBackendClientState:
|
|
486
487
|
return pulumi.get(self, "backend")
|
487
488
|
|
488
489
|
@backend.setter
|
489
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
490
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
490
491
|
pulumi.set(self, "backend", value)
|
491
492
|
|
492
493
|
@property
|
493
494
|
@pulumi.getter(name="disableAutomatedRotation")
|
494
|
-
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
495
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
495
496
|
"""
|
496
497
|
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
497
498
|
"""
|
498
499
|
return pulumi.get(self, "disable_automated_rotation")
|
499
500
|
|
500
501
|
@disable_automated_rotation.setter
|
501
|
-
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
502
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
502
503
|
pulumi.set(self, "disable_automated_rotation", value)
|
503
504
|
|
504
505
|
@property
|
505
506
|
@pulumi.getter(name="ec2Endpoint")
|
506
|
-
def ec2_endpoint(self) -> Optional[pulumi.Input[str]]:
|
507
|
+
def ec2_endpoint(self) -> Optional[pulumi.Input[builtins.str]]:
|
507
508
|
"""
|
508
509
|
Override the URL Vault uses when making EC2 API
|
509
510
|
calls.
|
@@ -511,12 +512,12 @@ class _AuthBackendClientState:
|
|
511
512
|
return pulumi.get(self, "ec2_endpoint")
|
512
513
|
|
513
514
|
@ec2_endpoint.setter
|
514
|
-
def ec2_endpoint(self, value: Optional[pulumi.Input[str]]):
|
515
|
+
def ec2_endpoint(self, value: Optional[pulumi.Input[builtins.str]]):
|
515
516
|
pulumi.set(self, "ec2_endpoint", value)
|
516
517
|
|
517
518
|
@property
|
518
519
|
@pulumi.getter(name="iamEndpoint")
|
519
|
-
def iam_endpoint(self) -> Optional[pulumi.Input[str]]:
|
520
|
+
def iam_endpoint(self) -> Optional[pulumi.Input[builtins.str]]:
|
520
521
|
"""
|
521
522
|
Override the URL Vault uses when making IAM API
|
522
523
|
calls.
|
@@ -524,12 +525,12 @@ class _AuthBackendClientState:
|
|
524
525
|
return pulumi.get(self, "iam_endpoint")
|
525
526
|
|
526
527
|
@iam_endpoint.setter
|
527
|
-
def iam_endpoint(self, value: Optional[pulumi.Input[str]]):
|
528
|
+
def iam_endpoint(self, value: Optional[pulumi.Input[builtins.str]]):
|
528
529
|
pulumi.set(self, "iam_endpoint", value)
|
529
530
|
|
530
531
|
@property
|
531
532
|
@pulumi.getter(name="iamServerIdHeaderValue")
|
532
|
-
def iam_server_id_header_value(self) -> Optional[pulumi.Input[str]]:
|
533
|
+
def iam_server_id_header_value(self) -> Optional[pulumi.Input[builtins.str]]:
|
533
534
|
"""
|
534
535
|
The value to require in the
|
535
536
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
@@ -538,12 +539,12 @@ class _AuthBackendClientState:
|
|
538
539
|
return pulumi.get(self, "iam_server_id_header_value")
|
539
540
|
|
540
541
|
@iam_server_id_header_value.setter
|
541
|
-
def iam_server_id_header_value(self, value: Optional[pulumi.Input[str]]):
|
542
|
+
def iam_server_id_header_value(self, value: Optional[pulumi.Input[builtins.str]]):
|
542
543
|
pulumi.set(self, "iam_server_id_header_value", value)
|
543
544
|
|
544
545
|
@property
|
545
546
|
@pulumi.getter(name="identityTokenAudience")
|
546
|
-
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
547
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
|
547
548
|
"""
|
548
549
|
The audience claim value. Mutually exclusive with `access_key`.
|
549
550
|
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
@@ -551,12 +552,12 @@ class _AuthBackendClientState:
|
|
551
552
|
return pulumi.get(self, "identity_token_audience")
|
552
553
|
|
553
554
|
@identity_token_audience.setter
|
554
|
-
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
555
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
|
555
556
|
pulumi.set(self, "identity_token_audience", value)
|
556
557
|
|
557
558
|
@property
|
558
559
|
@pulumi.getter(name="identityTokenTtl")
|
559
|
-
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
560
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
560
561
|
"""
|
561
562
|
The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
562
563
|
*Available only for Vault Enterprise*
|
@@ -564,12 +565,12 @@ class _AuthBackendClientState:
|
|
564
565
|
return pulumi.get(self, "identity_token_ttl")
|
565
566
|
|
566
567
|
@identity_token_ttl.setter
|
567
|
-
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
568
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
568
569
|
pulumi.set(self, "identity_token_ttl", value)
|
569
570
|
|
570
571
|
@property
|
571
572
|
@pulumi.getter(name="maxRetries")
|
572
|
-
def max_retries(self) -> Optional[pulumi.Input[int]]:
|
573
|
+
def max_retries(self) -> Optional[pulumi.Input[builtins.int]]:
|
573
574
|
"""
|
574
575
|
Number of max retries the client should use for recoverable errors.
|
575
576
|
The default `-1` falls back to the AWS SDK's default behavior.
|
@@ -577,12 +578,12 @@ class _AuthBackendClientState:
|
|
577
578
|
return pulumi.get(self, "max_retries")
|
578
579
|
|
579
580
|
@max_retries.setter
|
580
|
-
def max_retries(self, value: Optional[pulumi.Input[int]]):
|
581
|
+
def max_retries(self, value: Optional[pulumi.Input[builtins.int]]):
|
581
582
|
pulumi.set(self, "max_retries", value)
|
582
583
|
|
583
584
|
@property
|
584
585
|
@pulumi.getter
|
585
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
586
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
586
587
|
"""
|
587
588
|
The namespace to provision the resource in.
|
588
589
|
The value should not contain leading or trailing forward slashes.
|
@@ -592,12 +593,12 @@ class _AuthBackendClientState:
|
|
592
593
|
return pulumi.get(self, "namespace")
|
593
594
|
|
594
595
|
@namespace.setter
|
595
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
596
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
596
597
|
pulumi.set(self, "namespace", value)
|
597
598
|
|
598
599
|
@property
|
599
600
|
@pulumi.getter(name="roleArn")
|
600
|
-
def role_arn(self) -> Optional[pulumi.Input[str]]:
|
601
|
+
def role_arn(self) -> Optional[pulumi.Input[builtins.str]]:
|
601
602
|
"""
|
602
603
|
Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
603
604
|
*Available only for Vault Enterprise*
|
@@ -605,12 +606,12 @@ class _AuthBackendClientState:
|
|
605
606
|
return pulumi.get(self, "role_arn")
|
606
607
|
|
607
608
|
@role_arn.setter
|
608
|
-
def role_arn(self, value: Optional[pulumi.Input[str]]):
|
609
|
+
def role_arn(self, value: Optional[pulumi.Input[builtins.str]]):
|
609
610
|
pulumi.set(self, "role_arn", value)
|
610
611
|
|
611
612
|
@property
|
612
613
|
@pulumi.getter(name="rotationPeriod")
|
613
|
-
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
614
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
614
615
|
"""
|
615
616
|
The amount of time in seconds Vault should wait before rotating the root credential.
|
616
617
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
@@ -618,12 +619,12 @@ class _AuthBackendClientState:
|
|
618
619
|
return pulumi.get(self, "rotation_period")
|
619
620
|
|
620
621
|
@rotation_period.setter
|
621
|
-
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
622
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
622
623
|
pulumi.set(self, "rotation_period", value)
|
623
624
|
|
624
625
|
@property
|
625
626
|
@pulumi.getter(name="rotationSchedule")
|
626
|
-
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
627
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
627
628
|
"""
|
628
629
|
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
629
630
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
@@ -631,12 +632,12 @@ class _AuthBackendClientState:
|
|
631
632
|
return pulumi.get(self, "rotation_schedule")
|
632
633
|
|
633
634
|
@rotation_schedule.setter
|
634
|
-
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
635
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
635
636
|
pulumi.set(self, "rotation_schedule", value)
|
636
637
|
|
637
638
|
@property
|
638
639
|
@pulumi.getter(name="rotationWindow")
|
639
|
-
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
640
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
640
641
|
"""
|
641
642
|
The maximum amount of time in seconds allowed to complete
|
642
643
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
@@ -645,12 +646,12 @@ class _AuthBackendClientState:
|
|
645
646
|
return pulumi.get(self, "rotation_window")
|
646
647
|
|
647
648
|
@rotation_window.setter
|
648
|
-
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
649
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
649
650
|
pulumi.set(self, "rotation_window", value)
|
650
651
|
|
651
652
|
@property
|
652
653
|
@pulumi.getter(name="secretKey")
|
653
|
-
def secret_key(self) -> Optional[pulumi.Input[str]]:
|
654
|
+
def secret_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
654
655
|
"""
|
655
656
|
The AWS secret key that Vault should use for the
|
656
657
|
auth backend.
|
@@ -658,12 +659,12 @@ class _AuthBackendClientState:
|
|
658
659
|
return pulumi.get(self, "secret_key")
|
659
660
|
|
660
661
|
@secret_key.setter
|
661
|
-
def secret_key(self, value: Optional[pulumi.Input[str]]):
|
662
|
+
def secret_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
662
663
|
pulumi.set(self, "secret_key", value)
|
663
664
|
|
664
665
|
@property
|
665
666
|
@pulumi.getter(name="stsEndpoint")
|
666
|
-
def sts_endpoint(self) -> Optional[pulumi.Input[str]]:
|
667
|
+
def sts_endpoint(self) -> Optional[pulumi.Input[builtins.str]]:
|
667
668
|
"""
|
668
669
|
Override the URL Vault uses when making STS API
|
669
670
|
calls.
|
@@ -671,12 +672,12 @@ class _AuthBackendClientState:
|
|
671
672
|
return pulumi.get(self, "sts_endpoint")
|
672
673
|
|
673
674
|
@sts_endpoint.setter
|
674
|
-
def sts_endpoint(self, value: Optional[pulumi.Input[str]]):
|
675
|
+
def sts_endpoint(self, value: Optional[pulumi.Input[builtins.str]]):
|
675
676
|
pulumi.set(self, "sts_endpoint", value)
|
676
677
|
|
677
678
|
@property
|
678
679
|
@pulumi.getter(name="stsRegion")
|
679
|
-
def sts_region(self) -> Optional[pulumi.Input[str]]:
|
680
|
+
def sts_region(self) -> Optional[pulumi.Input[builtins.str]]:
|
680
681
|
"""
|
681
682
|
Override the default region when making STS API
|
682
683
|
calls. The `sts_endpoint` argument must be set when using `sts_region`.
|
@@ -684,12 +685,12 @@ class _AuthBackendClientState:
|
|
684
685
|
return pulumi.get(self, "sts_region")
|
685
686
|
|
686
687
|
@sts_region.setter
|
687
|
-
def sts_region(self, value: Optional[pulumi.Input[str]]):
|
688
|
+
def sts_region(self, value: Optional[pulumi.Input[builtins.str]]):
|
688
689
|
pulumi.set(self, "sts_region", value)
|
689
690
|
|
690
691
|
@property
|
691
692
|
@pulumi.getter(name="useStsRegionFromClient")
|
692
|
-
def use_sts_region_from_client(self) -> Optional[pulumi.Input[bool]]:
|
693
|
+
def use_sts_region_from_client(self) -> Optional[pulumi.Input[builtins.bool]]:
|
693
694
|
"""
|
694
695
|
Available in Vault v1.15+. If set,
|
695
696
|
overrides both `sts_endpoint` and `sts_region` to instead use the region
|
@@ -700,7 +701,7 @@ class _AuthBackendClientState:
|
|
700
701
|
return pulumi.get(self, "use_sts_region_from_client")
|
701
702
|
|
702
703
|
@use_sts_region_from_client.setter
|
703
|
-
def use_sts_region_from_client(self, value: Optional[pulumi.Input[bool]]):
|
704
|
+
def use_sts_region_from_client(self, value: Optional[pulumi.Input[builtins.bool]]):
|
704
705
|
pulumi.set(self, "use_sts_region_from_client", value)
|
705
706
|
|
706
707
|
|
@@ -709,24 +710,24 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
709
710
|
def __init__(__self__,
|
710
711
|
resource_name: str,
|
711
712
|
opts: Optional[pulumi.ResourceOptions] = None,
|
712
|
-
access_key: Optional[pulumi.Input[str]] = None,
|
713
|
-
backend: Optional[pulumi.Input[str]] = None,
|
714
|
-
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
715
|
-
ec2_endpoint: Optional[pulumi.Input[str]] = None,
|
716
|
-
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
717
|
-
iam_server_id_header_value: Optional[pulumi.Input[str]] = None,
|
718
|
-
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
719
|
-
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
720
|
-
max_retries: Optional[pulumi.Input[int]] = None,
|
721
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
722
|
-
role_arn: Optional[pulumi.Input[str]] = None,
|
723
|
-
rotation_period: Optional[pulumi.Input[int]] = None,
|
724
|
-
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
725
|
-
rotation_window: Optional[pulumi.Input[int]] = None,
|
726
|
-
secret_key: Optional[pulumi.Input[str]] = None,
|
727
|
-
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
728
|
-
sts_region: Optional[pulumi.Input[str]] = None,
|
729
|
-
use_sts_region_from_client: Optional[pulumi.Input[bool]] = None,
|
713
|
+
access_key: Optional[pulumi.Input[builtins.str]] = None,
|
714
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
715
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
716
|
+
ec2_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
717
|
+
iam_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
718
|
+
iam_server_id_header_value: Optional[pulumi.Input[builtins.str]] = None,
|
719
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
720
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
721
|
+
max_retries: Optional[pulumi.Input[builtins.int]] = None,
|
722
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
723
|
+
role_arn: Optional[pulumi.Input[builtins.str]] = None,
|
724
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
725
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
726
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
727
|
+
secret_key: Optional[pulumi.Input[builtins.str]] = None,
|
728
|
+
sts_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
729
|
+
sts_region: Optional[pulumi.Input[builtins.str]] = None,
|
730
|
+
use_sts_region_from_client: Optional[pulumi.Input[builtins.bool]] = None,
|
730
731
|
__props__=None):
|
731
732
|
"""
|
732
733
|
## Example Usage
|
@@ -768,44 +769,44 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
768
769
|
|
769
770
|
:param str resource_name: The name of the resource.
|
770
771
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
771
|
-
:param pulumi.Input[str] access_key: The AWS access key that Vault should use for the
|
772
|
+
:param pulumi.Input[builtins.str] access_key: The AWS access key that Vault should use for the
|
772
773
|
auth backend. Mutually exclusive with `identity_token_audience`.
|
773
|
-
:param pulumi.Input[str] backend: The path the AWS auth backend being configured was
|
774
|
+
:param pulumi.Input[builtins.str] backend: The path the AWS auth backend being configured was
|
774
775
|
mounted at. Defaults to `aws`.
|
775
|
-
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
776
|
-
:param pulumi.Input[str] ec2_endpoint: Override the URL Vault uses when making EC2 API
|
776
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
777
|
+
:param pulumi.Input[builtins.str] ec2_endpoint: Override the URL Vault uses when making EC2 API
|
777
778
|
calls.
|
778
|
-
:param pulumi.Input[str] iam_endpoint: Override the URL Vault uses when making IAM API
|
779
|
+
:param pulumi.Input[builtins.str] iam_endpoint: Override the URL Vault uses when making IAM API
|
779
780
|
calls.
|
780
|
-
:param pulumi.Input[str] iam_server_id_header_value: The value to require in the
|
781
|
+
:param pulumi.Input[builtins.str] iam_server_id_header_value: The value to require in the
|
781
782
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
782
783
|
that are used in the IAM auth method.
|
783
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
784
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
784
785
|
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
785
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
786
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
786
787
|
*Available only for Vault Enterprise*
|
787
|
-
:param pulumi.Input[int] max_retries: Number of max retries the client should use for recoverable errors.
|
788
|
+
:param pulumi.Input[builtins.int] max_retries: Number of max retries the client should use for recoverable errors.
|
788
789
|
The default `-1` falls back to the AWS SDK's default behavior.
|
789
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
790
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
790
791
|
The value should not contain leading or trailing forward slashes.
|
791
792
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
792
793
|
*Available only for Vault Enterprise*.
|
793
|
-
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
794
|
+
:param pulumi.Input[builtins.str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
794
795
|
*Available only for Vault Enterprise*
|
795
|
-
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
796
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
796
797
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
797
|
-
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
798
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
798
799
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
799
|
-
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
800
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
800
801
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
801
802
|
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
802
|
-
:param pulumi.Input[str] secret_key: The AWS secret key that Vault should use for the
|
803
|
+
:param pulumi.Input[builtins.str] secret_key: The AWS secret key that Vault should use for the
|
803
804
|
auth backend.
|
804
|
-
:param pulumi.Input[str] sts_endpoint: Override the URL Vault uses when making STS API
|
805
|
+
:param pulumi.Input[builtins.str] sts_endpoint: Override the URL Vault uses when making STS API
|
805
806
|
calls.
|
806
|
-
:param pulumi.Input[str] sts_region: Override the default region when making STS API
|
807
|
+
:param pulumi.Input[builtins.str] sts_region: Override the default region when making STS API
|
807
808
|
calls. The `sts_endpoint` argument must be set when using `sts_region`.
|
808
|
-
:param pulumi.Input[bool] use_sts_region_from_client: Available in Vault v1.15+. If set,
|
809
|
+
:param pulumi.Input[builtins.bool] use_sts_region_from_client: Available in Vault v1.15+. If set,
|
809
810
|
overrides both `sts_endpoint` and `sts_region` to instead use the region
|
810
811
|
specified in the client request headers for IAM-based authentication.
|
811
812
|
This can be useful when you have client requests coming from different
|
@@ -870,24 +871,24 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
870
871
|
def _internal_init(__self__,
|
871
872
|
resource_name: str,
|
872
873
|
opts: Optional[pulumi.ResourceOptions] = None,
|
873
|
-
access_key: Optional[pulumi.Input[str]] = None,
|
874
|
-
backend: Optional[pulumi.Input[str]] = None,
|
875
|
-
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
876
|
-
ec2_endpoint: Optional[pulumi.Input[str]] = None,
|
877
|
-
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
878
|
-
iam_server_id_header_value: Optional[pulumi.Input[str]] = None,
|
879
|
-
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
880
|
-
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
881
|
-
max_retries: Optional[pulumi.Input[int]] = None,
|
882
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
883
|
-
role_arn: Optional[pulumi.Input[str]] = None,
|
884
|
-
rotation_period: Optional[pulumi.Input[int]] = None,
|
885
|
-
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
886
|
-
rotation_window: Optional[pulumi.Input[int]] = None,
|
887
|
-
secret_key: Optional[pulumi.Input[str]] = None,
|
888
|
-
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
889
|
-
sts_region: Optional[pulumi.Input[str]] = None,
|
890
|
-
use_sts_region_from_client: Optional[pulumi.Input[bool]] = None,
|
874
|
+
access_key: Optional[pulumi.Input[builtins.str]] = None,
|
875
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
876
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
877
|
+
ec2_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
878
|
+
iam_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
879
|
+
iam_server_id_header_value: Optional[pulumi.Input[builtins.str]] = None,
|
880
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
881
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
882
|
+
max_retries: Optional[pulumi.Input[builtins.int]] = None,
|
883
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
884
|
+
role_arn: Optional[pulumi.Input[builtins.str]] = None,
|
885
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
886
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
887
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
888
|
+
secret_key: Optional[pulumi.Input[builtins.str]] = None,
|
889
|
+
sts_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
890
|
+
sts_region: Optional[pulumi.Input[builtins.str]] = None,
|
891
|
+
use_sts_region_from_client: Optional[pulumi.Input[builtins.bool]] = None,
|
891
892
|
__props__=None):
|
892
893
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
893
894
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -927,24 +928,24 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
927
928
|
def get(resource_name: str,
|
928
929
|
id: pulumi.Input[str],
|
929
930
|
opts: Optional[pulumi.ResourceOptions] = None,
|
930
|
-
access_key: Optional[pulumi.Input[str]] = None,
|
931
|
-
backend: Optional[pulumi.Input[str]] = None,
|
932
|
-
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
933
|
-
ec2_endpoint: Optional[pulumi.Input[str]] = None,
|
934
|
-
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
935
|
-
iam_server_id_header_value: Optional[pulumi.Input[str]] = None,
|
936
|
-
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
937
|
-
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
938
|
-
max_retries: Optional[pulumi.Input[int]] = None,
|
939
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
940
|
-
role_arn: Optional[pulumi.Input[str]] = None,
|
941
|
-
rotation_period: Optional[pulumi.Input[int]] = None,
|
942
|
-
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
943
|
-
rotation_window: Optional[pulumi.Input[int]] = None,
|
944
|
-
secret_key: Optional[pulumi.Input[str]] = None,
|
945
|
-
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
946
|
-
sts_region: Optional[pulumi.Input[str]] = None,
|
947
|
-
use_sts_region_from_client: Optional[pulumi.Input[bool]] = None) -> 'AuthBackendClient':
|
931
|
+
access_key: Optional[pulumi.Input[builtins.str]] = None,
|
932
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
933
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
934
|
+
ec2_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
935
|
+
iam_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
936
|
+
iam_server_id_header_value: Optional[pulumi.Input[builtins.str]] = None,
|
937
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
938
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
939
|
+
max_retries: Optional[pulumi.Input[builtins.int]] = None,
|
940
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
941
|
+
role_arn: Optional[pulumi.Input[builtins.str]] = None,
|
942
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
943
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
944
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
945
|
+
secret_key: Optional[pulumi.Input[builtins.str]] = None,
|
946
|
+
sts_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
947
|
+
sts_region: Optional[pulumi.Input[builtins.str]] = None,
|
948
|
+
use_sts_region_from_client: Optional[pulumi.Input[builtins.bool]] = None) -> 'AuthBackendClient':
|
948
949
|
"""
|
949
950
|
Get an existing AuthBackendClient resource's state with the given name, id, and optional extra
|
950
951
|
properties used to qualify the lookup.
|
@@ -952,44 +953,44 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
952
953
|
:param str resource_name: The unique name of the resulting resource.
|
953
954
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
954
955
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
955
|
-
:param pulumi.Input[str] access_key: The AWS access key that Vault should use for the
|
956
|
+
:param pulumi.Input[builtins.str] access_key: The AWS access key that Vault should use for the
|
956
957
|
auth backend. Mutually exclusive with `identity_token_audience`.
|
957
|
-
:param pulumi.Input[str] backend: The path the AWS auth backend being configured was
|
958
|
+
:param pulumi.Input[builtins.str] backend: The path the AWS auth backend being configured was
|
958
959
|
mounted at. Defaults to `aws`.
|
959
|
-
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
960
|
-
:param pulumi.Input[str] ec2_endpoint: Override the URL Vault uses when making EC2 API
|
960
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
961
|
+
:param pulumi.Input[builtins.str] ec2_endpoint: Override the URL Vault uses when making EC2 API
|
961
962
|
calls.
|
962
|
-
:param pulumi.Input[str] iam_endpoint: Override the URL Vault uses when making IAM API
|
963
|
+
:param pulumi.Input[builtins.str] iam_endpoint: Override the URL Vault uses when making IAM API
|
963
964
|
calls.
|
964
|
-
:param pulumi.Input[str] iam_server_id_header_value: The value to require in the
|
965
|
+
:param pulumi.Input[builtins.str] iam_server_id_header_value: The value to require in the
|
965
966
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
966
967
|
that are used in the IAM auth method.
|
967
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
968
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
|
968
969
|
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
969
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
970
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
970
971
|
*Available only for Vault Enterprise*
|
971
|
-
:param pulumi.Input[int] max_retries: Number of max retries the client should use for recoverable errors.
|
972
|
+
:param pulumi.Input[builtins.int] max_retries: Number of max retries the client should use for recoverable errors.
|
972
973
|
The default `-1` falls back to the AWS SDK's default behavior.
|
973
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
974
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
974
975
|
The value should not contain leading or trailing forward slashes.
|
975
976
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
976
977
|
*Available only for Vault Enterprise*.
|
977
|
-
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
978
|
+
:param pulumi.Input[builtins.str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
978
979
|
*Available only for Vault Enterprise*
|
979
|
-
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
980
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
980
981
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
981
|
-
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
982
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
982
983
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
983
|
-
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
984
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
984
985
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
985
986
|
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
986
|
-
:param pulumi.Input[str] secret_key: The AWS secret key that Vault should use for the
|
987
|
+
:param pulumi.Input[builtins.str] secret_key: The AWS secret key that Vault should use for the
|
987
988
|
auth backend.
|
988
|
-
:param pulumi.Input[str] sts_endpoint: Override the URL Vault uses when making STS API
|
989
|
+
:param pulumi.Input[builtins.str] sts_endpoint: Override the URL Vault uses when making STS API
|
989
990
|
calls.
|
990
|
-
:param pulumi.Input[str] sts_region: Override the default region when making STS API
|
991
|
+
:param pulumi.Input[builtins.str] sts_region: Override the default region when making STS API
|
991
992
|
calls. The `sts_endpoint` argument must be set when using `sts_region`.
|
992
|
-
:param pulumi.Input[bool] use_sts_region_from_client: Available in Vault v1.15+. If set,
|
993
|
+
:param pulumi.Input[builtins.bool] use_sts_region_from_client: Available in Vault v1.15+. If set,
|
993
994
|
overrides both `sts_endpoint` and `sts_region` to instead use the region
|
994
995
|
specified in the client request headers for IAM-based authentication.
|
995
996
|
This can be useful when you have client requests coming from different
|
@@ -1021,7 +1022,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
1021
1022
|
|
1022
1023
|
@property
|
1023
1024
|
@pulumi.getter(name="accessKey")
|
1024
|
-
def access_key(self) -> pulumi.Output[Optional[str]]:
|
1025
|
+
def access_key(self) -> pulumi.Output[Optional[builtins.str]]:
|
1025
1026
|
"""
|
1026
1027
|
The AWS access key that Vault should use for the
|
1027
1028
|
auth backend. Mutually exclusive with `identity_token_audience`.
|
@@ -1030,7 +1031,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
1030
1031
|
|
1031
1032
|
@property
|
1032
1033
|
@pulumi.getter
|
1033
|
-
def backend(self) -> pulumi.Output[Optional[str]]:
|
1034
|
+
def backend(self) -> pulumi.Output[Optional[builtins.str]]:
|
1034
1035
|
"""
|
1035
1036
|
The path the AWS auth backend being configured was
|
1036
1037
|
mounted at. Defaults to `aws`.
|
@@ -1039,7 +1040,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
1039
1040
|
|
1040
1041
|
@property
|
1041
1042
|
@pulumi.getter(name="disableAutomatedRotation")
|
1042
|
-
def disable_automated_rotation(self) -> pulumi.Output[Optional[bool]]:
|
1043
|
+
def disable_automated_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1043
1044
|
"""
|
1044
1045
|
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1045
1046
|
"""
|
@@ -1047,7 +1048,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
1047
1048
|
|
1048
1049
|
@property
|
1049
1050
|
@pulumi.getter(name="ec2Endpoint")
|
1050
|
-
def ec2_endpoint(self) -> pulumi.Output[Optional[str]]:
|
1051
|
+
def ec2_endpoint(self) -> pulumi.Output[Optional[builtins.str]]:
|
1051
1052
|
"""
|
1052
1053
|
Override the URL Vault uses when making EC2 API
|
1053
1054
|
calls.
|
@@ -1056,7 +1057,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
1056
1057
|
|
1057
1058
|
@property
|
1058
1059
|
@pulumi.getter(name="iamEndpoint")
|
1059
|
-
def iam_endpoint(self) -> pulumi.Output[Optional[str]]:
|
1060
|
+
def iam_endpoint(self) -> pulumi.Output[Optional[builtins.str]]:
|
1060
1061
|
"""
|
1061
1062
|
Override the URL Vault uses when making IAM API
|
1062
1063
|
calls.
|
@@ -1065,7 +1066,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
1065
1066
|
|
1066
1067
|
@property
|
1067
1068
|
@pulumi.getter(name="iamServerIdHeaderValue")
|
1068
|
-
def iam_server_id_header_value(self) -> pulumi.Output[Optional[str]]:
|
1069
|
+
def iam_server_id_header_value(self) -> pulumi.Output[Optional[builtins.str]]:
|
1069
1070
|
"""
|
1070
1071
|
The value to require in the
|
1071
1072
|
`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
|
@@ -1075,7 +1076,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
1075
1076
|
|
1076
1077
|
@property
|
1077
1078
|
@pulumi.getter(name="identityTokenAudience")
|
1078
|
-
def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
|
1079
|
+
def identity_token_audience(self) -> pulumi.Output[Optional[builtins.str]]:
|
1079
1080
|
"""
|
1080
1081
|
The audience claim value. Mutually exclusive with `access_key`.
|
1081
1082
|
Requires Vault 1.17+. *Available only for Vault Enterprise*
|
@@ -1084,7 +1085,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
1084
1085
|
|
1085
1086
|
@property
|
1086
1087
|
@pulumi.getter(name="identityTokenTtl")
|
1087
|
-
def identity_token_ttl(self) -> pulumi.Output[int]:
|
1088
|
+
def identity_token_ttl(self) -> pulumi.Output[builtins.int]:
|
1088
1089
|
"""
|
1089
1090
|
The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
|
1090
1091
|
*Available only for Vault Enterprise*
|
@@ -1093,7 +1094,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
1093
1094
|
|
1094
1095
|
@property
|
1095
1096
|
@pulumi.getter(name="maxRetries")
|
1096
|
-
def max_retries(self) -> pulumi.Output[Optional[int]]:
|
1097
|
+
def max_retries(self) -> pulumi.Output[Optional[builtins.int]]:
|
1097
1098
|
"""
|
1098
1099
|
Number of max retries the client should use for recoverable errors.
|
1099
1100
|
The default `-1` falls back to the AWS SDK's default behavior.
|
@@ -1102,7 +1103,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
1102
1103
|
|
1103
1104
|
@property
|
1104
1105
|
@pulumi.getter
|
1105
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
1106
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
1106
1107
|
"""
|
1107
1108
|
The namespace to provision the resource in.
|
1108
1109
|
The value should not contain leading or trailing forward slashes.
|
@@ -1113,7 +1114,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
1113
1114
|
|
1114
1115
|
@property
|
1115
1116
|
@pulumi.getter(name="roleArn")
|
1116
|
-
def role_arn(self) -> pulumi.Output[Optional[str]]:
|
1117
|
+
def role_arn(self) -> pulumi.Output[Optional[builtins.str]]:
|
1117
1118
|
"""
|
1118
1119
|
Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
|
1119
1120
|
*Available only for Vault Enterprise*
|
@@ -1122,7 +1123,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
1122
1123
|
|
1123
1124
|
@property
|
1124
1125
|
@pulumi.getter(name="rotationPeriod")
|
1125
|
-
def rotation_period(self) -> pulumi.Output[Optional[int]]:
|
1126
|
+
def rotation_period(self) -> pulumi.Output[Optional[builtins.int]]:
|
1126
1127
|
"""
|
1127
1128
|
The amount of time in seconds Vault should wait before rotating the root credential.
|
1128
1129
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
@@ -1131,7 +1132,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
1131
1132
|
|
1132
1133
|
@property
|
1133
1134
|
@pulumi.getter(name="rotationSchedule")
|
1134
|
-
def rotation_schedule(self) -> pulumi.Output[Optional[str]]:
|
1135
|
+
def rotation_schedule(self) -> pulumi.Output[Optional[builtins.str]]:
|
1135
1136
|
"""
|
1136
1137
|
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1137
1138
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
@@ -1140,7 +1141,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
1140
1141
|
|
1141
1142
|
@property
|
1142
1143
|
@pulumi.getter(name="rotationWindow")
|
1143
|
-
def rotation_window(self) -> pulumi.Output[Optional[int]]:
|
1144
|
+
def rotation_window(self) -> pulumi.Output[Optional[builtins.int]]:
|
1144
1145
|
"""
|
1145
1146
|
The maximum amount of time in seconds allowed to complete
|
1146
1147
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
@@ -1150,7 +1151,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
1150
1151
|
|
1151
1152
|
@property
|
1152
1153
|
@pulumi.getter(name="secretKey")
|
1153
|
-
def secret_key(self) -> pulumi.Output[Optional[str]]:
|
1154
|
+
def secret_key(self) -> pulumi.Output[Optional[builtins.str]]:
|
1154
1155
|
"""
|
1155
1156
|
The AWS secret key that Vault should use for the
|
1156
1157
|
auth backend.
|
@@ -1159,7 +1160,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
1159
1160
|
|
1160
1161
|
@property
|
1161
1162
|
@pulumi.getter(name="stsEndpoint")
|
1162
|
-
def sts_endpoint(self) -> pulumi.Output[Optional[str]]:
|
1163
|
+
def sts_endpoint(self) -> pulumi.Output[Optional[builtins.str]]:
|
1163
1164
|
"""
|
1164
1165
|
Override the URL Vault uses when making STS API
|
1165
1166
|
calls.
|
@@ -1168,7 +1169,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
1168
1169
|
|
1169
1170
|
@property
|
1170
1171
|
@pulumi.getter(name="stsRegion")
|
1171
|
-
def sts_region(self) -> pulumi.Output[Optional[str]]:
|
1172
|
+
def sts_region(self) -> pulumi.Output[Optional[builtins.str]]:
|
1172
1173
|
"""
|
1173
1174
|
Override the default region when making STS API
|
1174
1175
|
calls. The `sts_endpoint` argument must be set when using `sts_region`.
|
@@ -1177,7 +1178,7 @@ class AuthBackendClient(pulumi.CustomResource):
|
|
1177
1178
|
|
1178
1179
|
@property
|
1179
1180
|
@pulumi.getter(name="useStsRegionFromClient")
|
1180
|
-
def use_sts_region_from_client(self) -> pulumi.Output[bool]:
|
1181
|
+
def use_sts_region_from_client(self) -> pulumi.Output[builtins.bool]:
|
1181
1182
|
"""
|
1182
1183
|
Available in Vault v1.15+. If set,
|
1183
1184
|
overrides both `sts_endpoint` and `sts_region` to instead use the region
|