pulumi-vault 6.7.0a1743576047__py3-none-any.whl → 6.7.0a1744267302__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1 -0
- pulumi_vault/_inputs.py +554 -553
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +253 -252
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +337 -336
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +113 -112
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +183 -182
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +239 -238
- pulumi_vault/azure/backend_role.py +141 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +2525 -2524
- pulumi_vault/database/outputs.py +1529 -1528
- pulumi_vault/database/secret_backend_connection.py +169 -168
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +179 -178
- pulumi_vault/database/secrets_mount.py +267 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +260 -259
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +232 -231
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +8 -7
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +588 -587
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +554 -553
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +56 -55
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +1 -0
- pulumi_vault/pkisecret/_inputs.py +31 -30
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +141 -140
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -27
- pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +715 -714
- pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
- pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +93 -92
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +1 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +54 -53
- pulumi_vault/transit/get_verify.py +60 -59
- pulumi_vault/transit/secret_backend_key.py +274 -273
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/METADATA +1 -1
- pulumi_vault-6.7.0a1744267302.dist-info/RECORD +265 -0
- pulumi_vault-6.7.0a1743576047.dist-info/RECORD +0 -265
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/WHEEL +0 -0
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,45 +20,45 @@ __all__ = ['SyncAwsDestinationArgs', 'SyncAwsDestination']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class SyncAwsDestinationArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
access_key_id: Optional[pulumi.Input[str]] = None,
|
23
|
-
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
24
|
-
external_id: Optional[pulumi.Input[str]] = None,
|
25
|
-
granularity: Optional[pulumi.Input[str]] = None,
|
26
|
-
name: Optional[pulumi.Input[str]] = None,
|
27
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
28
|
-
region: Optional[pulumi.Input[str]] = None,
|
29
|
-
role_arn: Optional[pulumi.Input[str]] = None,
|
30
|
-
secret_access_key: Optional[pulumi.Input[str]] = None,
|
31
|
-
secret_name_template: Optional[pulumi.Input[str]] = None):
|
23
|
+
access_key_id: Optional[pulumi.Input[builtins.str]] = None,
|
24
|
+
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
25
|
+
external_id: Optional[pulumi.Input[builtins.str]] = None,
|
26
|
+
granularity: Optional[pulumi.Input[builtins.str]] = None,
|
27
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
28
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
29
|
+
region: Optional[pulumi.Input[builtins.str]] = None,
|
30
|
+
role_arn: Optional[pulumi.Input[builtins.str]] = None,
|
31
|
+
secret_access_key: Optional[pulumi.Input[builtins.str]] = None,
|
32
|
+
secret_name_template: Optional[pulumi.Input[builtins.str]] = None):
|
32
33
|
"""
|
33
34
|
The set of arguments for constructing a SyncAwsDestination resource.
|
34
|
-
:param pulumi.Input[str] access_key_id: Access key id to authenticate against the AWS secrets manager.
|
35
|
+
:param pulumi.Input[builtins.str] access_key_id: Access key id to authenticate against the AWS secrets manager.
|
35
36
|
Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
|
36
37
|
variable.
|
37
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
|
38
|
-
:param pulumi.Input[str] external_id: Optional extra protection that must match the trust policy granting access to the
|
38
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] custom_tags: Custom tags to set on the secret managed at the destination.
|
39
|
+
:param pulumi.Input[builtins.str] external_id: Optional extra protection that must match the trust policy granting access to the
|
39
40
|
AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
|
40
41
|
The field is mutable with no special condition, but users must be careful that the new value fits with the trust
|
41
42
|
relationship condition they set on AWS otherwise sync operations will start to fail due to client-side access
|
42
43
|
denied errors. Ignored if the `role_arn` field is empty.
|
43
|
-
:param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
|
44
|
+
:param pulumi.Input[builtins.str] granularity: Determines what level of information is synced as a distinct resource
|
44
45
|
at the destination. Supports `secret-path` and `secret-key`.
|
45
|
-
:param pulumi.Input[str] name: Unique name of the AWS destination.
|
46
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
46
|
+
:param pulumi.Input[builtins.str] name: Unique name of the AWS destination.
|
47
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
47
48
|
The value should not contain leading or trailing forward slashes.
|
48
49
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
49
|
-
:param pulumi.Input[str] region: Region where to manage the secrets manager entries.
|
50
|
+
:param pulumi.Input[builtins.str] region: Region where to manage the secrets manager entries.
|
50
51
|
Can be omitted and directly provided to Vault using the `AWS_REGION` environment
|
51
52
|
variable.
|
52
|
-
:param pulumi.Input[str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role,
|
53
|
+
:param pulumi.Input[builtins.str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role,
|
53
54
|
Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
|
54
55
|
exist for Vault to be able to assume this role. The role can be in a different account.
|
55
56
|
The value is mutable as long as the new role targets the same AWS account ID. If not, the BE will return an error.
|
56
57
|
It is possible to provide both an access key pair and a role to assume.
|
57
|
-
:param pulumi.Input[str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
|
58
|
+
:param pulumi.Input[builtins.str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
|
58
59
|
Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
|
59
60
|
variable.
|
60
|
-
:param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
|
61
|
+
:param pulumi.Input[builtins.str] secret_name_template: Template describing how to generate external secret names.
|
61
62
|
Supports a subset of the Go Template syntax.
|
62
63
|
"""
|
63
64
|
if access_key_id is not None:
|
@@ -83,7 +84,7 @@ class SyncAwsDestinationArgs:
|
|
83
84
|
|
84
85
|
@property
|
85
86
|
@pulumi.getter(name="accessKeyId")
|
86
|
-
def access_key_id(self) -> Optional[pulumi.Input[str]]:
|
87
|
+
def access_key_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
87
88
|
"""
|
88
89
|
Access key id to authenticate against the AWS secrets manager.
|
89
90
|
Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
|
@@ -92,24 +93,24 @@ class SyncAwsDestinationArgs:
|
|
92
93
|
return pulumi.get(self, "access_key_id")
|
93
94
|
|
94
95
|
@access_key_id.setter
|
95
|
-
def access_key_id(self, value: Optional[pulumi.Input[str]]):
|
96
|
+
def access_key_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
96
97
|
pulumi.set(self, "access_key_id", value)
|
97
98
|
|
98
99
|
@property
|
99
100
|
@pulumi.getter(name="customTags")
|
100
|
-
def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
101
|
+
def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
101
102
|
"""
|
102
103
|
Custom tags to set on the secret managed at the destination.
|
103
104
|
"""
|
104
105
|
return pulumi.get(self, "custom_tags")
|
105
106
|
|
106
107
|
@custom_tags.setter
|
107
|
-
def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
108
|
+
def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
108
109
|
pulumi.set(self, "custom_tags", value)
|
109
110
|
|
110
111
|
@property
|
111
112
|
@pulumi.getter(name="externalId")
|
112
|
-
def external_id(self) -> Optional[pulumi.Input[str]]:
|
113
|
+
def external_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
113
114
|
"""
|
114
115
|
Optional extra protection that must match the trust policy granting access to the
|
115
116
|
AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
|
@@ -120,12 +121,12 @@ class SyncAwsDestinationArgs:
|
|
120
121
|
return pulumi.get(self, "external_id")
|
121
122
|
|
122
123
|
@external_id.setter
|
123
|
-
def external_id(self, value: Optional[pulumi.Input[str]]):
|
124
|
+
def external_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
124
125
|
pulumi.set(self, "external_id", value)
|
125
126
|
|
126
127
|
@property
|
127
128
|
@pulumi.getter
|
128
|
-
def granularity(self) -> Optional[pulumi.Input[str]]:
|
129
|
+
def granularity(self) -> Optional[pulumi.Input[builtins.str]]:
|
129
130
|
"""
|
130
131
|
Determines what level of information is synced as a distinct resource
|
131
132
|
at the destination. Supports `secret-path` and `secret-key`.
|
@@ -133,24 +134,24 @@ class SyncAwsDestinationArgs:
|
|
133
134
|
return pulumi.get(self, "granularity")
|
134
135
|
|
135
136
|
@granularity.setter
|
136
|
-
def granularity(self, value: Optional[pulumi.Input[str]]):
|
137
|
+
def granularity(self, value: Optional[pulumi.Input[builtins.str]]):
|
137
138
|
pulumi.set(self, "granularity", value)
|
138
139
|
|
139
140
|
@property
|
140
141
|
@pulumi.getter
|
141
|
-
def name(self) -> Optional[pulumi.Input[str]]:
|
142
|
+
def name(self) -> Optional[pulumi.Input[builtins.str]]:
|
142
143
|
"""
|
143
144
|
Unique name of the AWS destination.
|
144
145
|
"""
|
145
146
|
return pulumi.get(self, "name")
|
146
147
|
|
147
148
|
@name.setter
|
148
|
-
def name(self, value: Optional[pulumi.Input[str]]):
|
149
|
+
def name(self, value: Optional[pulumi.Input[builtins.str]]):
|
149
150
|
pulumi.set(self, "name", value)
|
150
151
|
|
151
152
|
@property
|
152
153
|
@pulumi.getter
|
153
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
154
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
154
155
|
"""
|
155
156
|
The namespace to provision the resource in.
|
156
157
|
The value should not contain leading or trailing forward slashes.
|
@@ -159,12 +160,12 @@ class SyncAwsDestinationArgs:
|
|
159
160
|
return pulumi.get(self, "namespace")
|
160
161
|
|
161
162
|
@namespace.setter
|
162
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
163
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
163
164
|
pulumi.set(self, "namespace", value)
|
164
165
|
|
165
166
|
@property
|
166
167
|
@pulumi.getter
|
167
|
-
def region(self) -> Optional[pulumi.Input[str]]:
|
168
|
+
def region(self) -> Optional[pulumi.Input[builtins.str]]:
|
168
169
|
"""
|
169
170
|
Region where to manage the secrets manager entries.
|
170
171
|
Can be omitted and directly provided to Vault using the `AWS_REGION` environment
|
@@ -173,12 +174,12 @@ class SyncAwsDestinationArgs:
|
|
173
174
|
return pulumi.get(self, "region")
|
174
175
|
|
175
176
|
@region.setter
|
176
|
-
def region(self, value: Optional[pulumi.Input[str]]):
|
177
|
+
def region(self, value: Optional[pulumi.Input[builtins.str]]):
|
177
178
|
pulumi.set(self, "region", value)
|
178
179
|
|
179
180
|
@property
|
180
181
|
@pulumi.getter(name="roleArn")
|
181
|
-
def role_arn(self) -> Optional[pulumi.Input[str]]:
|
182
|
+
def role_arn(self) -> Optional[pulumi.Input[builtins.str]]:
|
182
183
|
"""
|
183
184
|
Specifies a role to assume when connecting to AWS. When assuming a role,
|
184
185
|
Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
|
@@ -189,12 +190,12 @@ class SyncAwsDestinationArgs:
|
|
189
190
|
return pulumi.get(self, "role_arn")
|
190
191
|
|
191
192
|
@role_arn.setter
|
192
|
-
def role_arn(self, value: Optional[pulumi.Input[str]]):
|
193
|
+
def role_arn(self, value: Optional[pulumi.Input[builtins.str]]):
|
193
194
|
pulumi.set(self, "role_arn", value)
|
194
195
|
|
195
196
|
@property
|
196
197
|
@pulumi.getter(name="secretAccessKey")
|
197
|
-
def secret_access_key(self) -> Optional[pulumi.Input[str]]:
|
198
|
+
def secret_access_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
198
199
|
"""
|
199
200
|
Secret access key to authenticate against the AWS secrets manager.
|
200
201
|
Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
|
@@ -203,12 +204,12 @@ class SyncAwsDestinationArgs:
|
|
203
204
|
return pulumi.get(self, "secret_access_key")
|
204
205
|
|
205
206
|
@secret_access_key.setter
|
206
|
-
def secret_access_key(self, value: Optional[pulumi.Input[str]]):
|
207
|
+
def secret_access_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
207
208
|
pulumi.set(self, "secret_access_key", value)
|
208
209
|
|
209
210
|
@property
|
210
211
|
@pulumi.getter(name="secretNameTemplate")
|
211
|
-
def secret_name_template(self) -> Optional[pulumi.Input[str]]:
|
212
|
+
def secret_name_template(self) -> Optional[pulumi.Input[builtins.str]]:
|
212
213
|
"""
|
213
214
|
Template describing how to generate external secret names.
|
214
215
|
Supports a subset of the Go Template syntax.
|
@@ -216,55 +217,55 @@ class SyncAwsDestinationArgs:
|
|
216
217
|
return pulumi.get(self, "secret_name_template")
|
217
218
|
|
218
219
|
@secret_name_template.setter
|
219
|
-
def secret_name_template(self, value: Optional[pulumi.Input[str]]):
|
220
|
+
def secret_name_template(self, value: Optional[pulumi.Input[builtins.str]]):
|
220
221
|
pulumi.set(self, "secret_name_template", value)
|
221
222
|
|
222
223
|
|
223
224
|
@pulumi.input_type
|
224
225
|
class _SyncAwsDestinationState:
|
225
226
|
def __init__(__self__, *,
|
226
|
-
access_key_id: Optional[pulumi.Input[str]] = None,
|
227
|
-
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
228
|
-
external_id: Optional[pulumi.Input[str]] = None,
|
229
|
-
granularity: Optional[pulumi.Input[str]] = None,
|
230
|
-
name: Optional[pulumi.Input[str]] = None,
|
231
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
232
|
-
region: Optional[pulumi.Input[str]] = None,
|
233
|
-
role_arn: Optional[pulumi.Input[str]] = None,
|
234
|
-
secret_access_key: Optional[pulumi.Input[str]] = None,
|
235
|
-
secret_name_template: Optional[pulumi.Input[str]] = None,
|
236
|
-
type: Optional[pulumi.Input[str]] = None):
|
227
|
+
access_key_id: Optional[pulumi.Input[builtins.str]] = None,
|
228
|
+
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
229
|
+
external_id: Optional[pulumi.Input[builtins.str]] = None,
|
230
|
+
granularity: Optional[pulumi.Input[builtins.str]] = None,
|
231
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
232
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
233
|
+
region: Optional[pulumi.Input[builtins.str]] = None,
|
234
|
+
role_arn: Optional[pulumi.Input[builtins.str]] = None,
|
235
|
+
secret_access_key: Optional[pulumi.Input[builtins.str]] = None,
|
236
|
+
secret_name_template: Optional[pulumi.Input[builtins.str]] = None,
|
237
|
+
type: Optional[pulumi.Input[builtins.str]] = None):
|
237
238
|
"""
|
238
239
|
Input properties used for looking up and filtering SyncAwsDestination resources.
|
239
|
-
:param pulumi.Input[str] access_key_id: Access key id to authenticate against the AWS secrets manager.
|
240
|
+
:param pulumi.Input[builtins.str] access_key_id: Access key id to authenticate against the AWS secrets manager.
|
240
241
|
Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
|
241
242
|
variable.
|
242
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
|
243
|
-
:param pulumi.Input[str] external_id: Optional extra protection that must match the trust policy granting access to the
|
243
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] custom_tags: Custom tags to set on the secret managed at the destination.
|
244
|
+
:param pulumi.Input[builtins.str] external_id: Optional extra protection that must match the trust policy granting access to the
|
244
245
|
AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
|
245
246
|
The field is mutable with no special condition, but users must be careful that the new value fits with the trust
|
246
247
|
relationship condition they set on AWS otherwise sync operations will start to fail due to client-side access
|
247
248
|
denied errors. Ignored if the `role_arn` field is empty.
|
248
|
-
:param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
|
249
|
+
:param pulumi.Input[builtins.str] granularity: Determines what level of information is synced as a distinct resource
|
249
250
|
at the destination. Supports `secret-path` and `secret-key`.
|
250
|
-
:param pulumi.Input[str] name: Unique name of the AWS destination.
|
251
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
251
|
+
:param pulumi.Input[builtins.str] name: Unique name of the AWS destination.
|
252
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
252
253
|
The value should not contain leading or trailing forward slashes.
|
253
254
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
254
|
-
:param pulumi.Input[str] region: Region where to manage the secrets manager entries.
|
255
|
+
:param pulumi.Input[builtins.str] region: Region where to manage the secrets manager entries.
|
255
256
|
Can be omitted and directly provided to Vault using the `AWS_REGION` environment
|
256
257
|
variable.
|
257
|
-
:param pulumi.Input[str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role,
|
258
|
+
:param pulumi.Input[builtins.str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role,
|
258
259
|
Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
|
259
260
|
exist for Vault to be able to assume this role. The role can be in a different account.
|
260
261
|
The value is mutable as long as the new role targets the same AWS account ID. If not, the BE will return an error.
|
261
262
|
It is possible to provide both an access key pair and a role to assume.
|
262
|
-
:param pulumi.Input[str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
|
263
|
+
:param pulumi.Input[builtins.str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
|
263
264
|
Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
|
264
265
|
variable.
|
265
|
-
:param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
|
266
|
+
:param pulumi.Input[builtins.str] secret_name_template: Template describing how to generate external secret names.
|
266
267
|
Supports a subset of the Go Template syntax.
|
267
|
-
:param pulumi.Input[str] type: The type of the secrets destination (`aws-sm`).
|
268
|
+
:param pulumi.Input[builtins.str] type: The type of the secrets destination (`aws-sm`).
|
268
269
|
"""
|
269
270
|
if access_key_id is not None:
|
270
271
|
pulumi.set(__self__, "access_key_id", access_key_id)
|
@@ -291,7 +292,7 @@ class _SyncAwsDestinationState:
|
|
291
292
|
|
292
293
|
@property
|
293
294
|
@pulumi.getter(name="accessKeyId")
|
294
|
-
def access_key_id(self) -> Optional[pulumi.Input[str]]:
|
295
|
+
def access_key_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
295
296
|
"""
|
296
297
|
Access key id to authenticate against the AWS secrets manager.
|
297
298
|
Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
|
@@ -300,24 +301,24 @@ class _SyncAwsDestinationState:
|
|
300
301
|
return pulumi.get(self, "access_key_id")
|
301
302
|
|
302
303
|
@access_key_id.setter
|
303
|
-
def access_key_id(self, value: Optional[pulumi.Input[str]]):
|
304
|
+
def access_key_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
304
305
|
pulumi.set(self, "access_key_id", value)
|
305
306
|
|
306
307
|
@property
|
307
308
|
@pulumi.getter(name="customTags")
|
308
|
-
def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
309
|
+
def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
309
310
|
"""
|
310
311
|
Custom tags to set on the secret managed at the destination.
|
311
312
|
"""
|
312
313
|
return pulumi.get(self, "custom_tags")
|
313
314
|
|
314
315
|
@custom_tags.setter
|
315
|
-
def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
316
|
+
def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
316
317
|
pulumi.set(self, "custom_tags", value)
|
317
318
|
|
318
319
|
@property
|
319
320
|
@pulumi.getter(name="externalId")
|
320
|
-
def external_id(self) -> Optional[pulumi.Input[str]]:
|
321
|
+
def external_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
321
322
|
"""
|
322
323
|
Optional extra protection that must match the trust policy granting access to the
|
323
324
|
AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
|
@@ -328,12 +329,12 @@ class _SyncAwsDestinationState:
|
|
328
329
|
return pulumi.get(self, "external_id")
|
329
330
|
|
330
331
|
@external_id.setter
|
331
|
-
def external_id(self, value: Optional[pulumi.Input[str]]):
|
332
|
+
def external_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
332
333
|
pulumi.set(self, "external_id", value)
|
333
334
|
|
334
335
|
@property
|
335
336
|
@pulumi.getter
|
336
|
-
def granularity(self) -> Optional[pulumi.Input[str]]:
|
337
|
+
def granularity(self) -> Optional[pulumi.Input[builtins.str]]:
|
337
338
|
"""
|
338
339
|
Determines what level of information is synced as a distinct resource
|
339
340
|
at the destination. Supports `secret-path` and `secret-key`.
|
@@ -341,24 +342,24 @@ class _SyncAwsDestinationState:
|
|
341
342
|
return pulumi.get(self, "granularity")
|
342
343
|
|
343
344
|
@granularity.setter
|
344
|
-
def granularity(self, value: Optional[pulumi.Input[str]]):
|
345
|
+
def granularity(self, value: Optional[pulumi.Input[builtins.str]]):
|
345
346
|
pulumi.set(self, "granularity", value)
|
346
347
|
|
347
348
|
@property
|
348
349
|
@pulumi.getter
|
349
|
-
def name(self) -> Optional[pulumi.Input[str]]:
|
350
|
+
def name(self) -> Optional[pulumi.Input[builtins.str]]:
|
350
351
|
"""
|
351
352
|
Unique name of the AWS destination.
|
352
353
|
"""
|
353
354
|
return pulumi.get(self, "name")
|
354
355
|
|
355
356
|
@name.setter
|
356
|
-
def name(self, value: Optional[pulumi.Input[str]]):
|
357
|
+
def name(self, value: Optional[pulumi.Input[builtins.str]]):
|
357
358
|
pulumi.set(self, "name", value)
|
358
359
|
|
359
360
|
@property
|
360
361
|
@pulumi.getter
|
361
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
362
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
362
363
|
"""
|
363
364
|
The namespace to provision the resource in.
|
364
365
|
The value should not contain leading or trailing forward slashes.
|
@@ -367,12 +368,12 @@ class _SyncAwsDestinationState:
|
|
367
368
|
return pulumi.get(self, "namespace")
|
368
369
|
|
369
370
|
@namespace.setter
|
370
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
371
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
371
372
|
pulumi.set(self, "namespace", value)
|
372
373
|
|
373
374
|
@property
|
374
375
|
@pulumi.getter
|
375
|
-
def region(self) -> Optional[pulumi.Input[str]]:
|
376
|
+
def region(self) -> Optional[pulumi.Input[builtins.str]]:
|
376
377
|
"""
|
377
378
|
Region where to manage the secrets manager entries.
|
378
379
|
Can be omitted and directly provided to Vault using the `AWS_REGION` environment
|
@@ -381,12 +382,12 @@ class _SyncAwsDestinationState:
|
|
381
382
|
return pulumi.get(self, "region")
|
382
383
|
|
383
384
|
@region.setter
|
384
|
-
def region(self, value: Optional[pulumi.Input[str]]):
|
385
|
+
def region(self, value: Optional[pulumi.Input[builtins.str]]):
|
385
386
|
pulumi.set(self, "region", value)
|
386
387
|
|
387
388
|
@property
|
388
389
|
@pulumi.getter(name="roleArn")
|
389
|
-
def role_arn(self) -> Optional[pulumi.Input[str]]:
|
390
|
+
def role_arn(self) -> Optional[pulumi.Input[builtins.str]]:
|
390
391
|
"""
|
391
392
|
Specifies a role to assume when connecting to AWS. When assuming a role,
|
392
393
|
Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
|
@@ -397,12 +398,12 @@ class _SyncAwsDestinationState:
|
|
397
398
|
return pulumi.get(self, "role_arn")
|
398
399
|
|
399
400
|
@role_arn.setter
|
400
|
-
def role_arn(self, value: Optional[pulumi.Input[str]]):
|
401
|
+
def role_arn(self, value: Optional[pulumi.Input[builtins.str]]):
|
401
402
|
pulumi.set(self, "role_arn", value)
|
402
403
|
|
403
404
|
@property
|
404
405
|
@pulumi.getter(name="secretAccessKey")
|
405
|
-
def secret_access_key(self) -> Optional[pulumi.Input[str]]:
|
406
|
+
def secret_access_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
406
407
|
"""
|
407
408
|
Secret access key to authenticate against the AWS secrets manager.
|
408
409
|
Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
|
@@ -411,12 +412,12 @@ class _SyncAwsDestinationState:
|
|
411
412
|
return pulumi.get(self, "secret_access_key")
|
412
413
|
|
413
414
|
@secret_access_key.setter
|
414
|
-
def secret_access_key(self, value: Optional[pulumi.Input[str]]):
|
415
|
+
def secret_access_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
415
416
|
pulumi.set(self, "secret_access_key", value)
|
416
417
|
|
417
418
|
@property
|
418
419
|
@pulumi.getter(name="secretNameTemplate")
|
419
|
-
def secret_name_template(self) -> Optional[pulumi.Input[str]]:
|
420
|
+
def secret_name_template(self) -> Optional[pulumi.Input[builtins.str]]:
|
420
421
|
"""
|
421
422
|
Template describing how to generate external secret names.
|
422
423
|
Supports a subset of the Go Template syntax.
|
@@ -424,19 +425,19 @@ class _SyncAwsDestinationState:
|
|
424
425
|
return pulumi.get(self, "secret_name_template")
|
425
426
|
|
426
427
|
@secret_name_template.setter
|
427
|
-
def secret_name_template(self, value: Optional[pulumi.Input[str]]):
|
428
|
+
def secret_name_template(self, value: Optional[pulumi.Input[builtins.str]]):
|
428
429
|
pulumi.set(self, "secret_name_template", value)
|
429
430
|
|
430
431
|
@property
|
431
432
|
@pulumi.getter
|
432
|
-
def type(self) -> Optional[pulumi.Input[str]]:
|
433
|
+
def type(self) -> Optional[pulumi.Input[builtins.str]]:
|
433
434
|
"""
|
434
435
|
The type of the secrets destination (`aws-sm`).
|
435
436
|
"""
|
436
437
|
return pulumi.get(self, "type")
|
437
438
|
|
438
439
|
@type.setter
|
439
|
-
def type(self, value: Optional[pulumi.Input[str]]):
|
440
|
+
def type(self, value: Optional[pulumi.Input[builtins.str]]):
|
440
441
|
pulumi.set(self, "type", value)
|
441
442
|
|
442
443
|
|
@@ -445,16 +446,16 @@ class SyncAwsDestination(pulumi.CustomResource):
|
|
445
446
|
def __init__(__self__,
|
446
447
|
resource_name: str,
|
447
448
|
opts: Optional[pulumi.ResourceOptions] = None,
|
448
|
-
access_key_id: Optional[pulumi.Input[str]] = None,
|
449
|
-
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
450
|
-
external_id: Optional[pulumi.Input[str]] = None,
|
451
|
-
granularity: Optional[pulumi.Input[str]] = None,
|
452
|
-
name: Optional[pulumi.Input[str]] = None,
|
453
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
454
|
-
region: Optional[pulumi.Input[str]] = None,
|
455
|
-
role_arn: Optional[pulumi.Input[str]] = None,
|
456
|
-
secret_access_key: Optional[pulumi.Input[str]] = None,
|
457
|
-
secret_name_template: Optional[pulumi.Input[str]] = None,
|
449
|
+
access_key_id: Optional[pulumi.Input[builtins.str]] = None,
|
450
|
+
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
451
|
+
external_id: Optional[pulumi.Input[builtins.str]] = None,
|
452
|
+
granularity: Optional[pulumi.Input[builtins.str]] = None,
|
453
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
454
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
455
|
+
region: Optional[pulumi.Input[builtins.str]] = None,
|
456
|
+
role_arn: Optional[pulumi.Input[builtins.str]] = None,
|
457
|
+
secret_access_key: Optional[pulumi.Input[builtins.str]] = None,
|
458
|
+
secret_name_template: Optional[pulumi.Input[builtins.str]] = None,
|
458
459
|
__props__=None):
|
459
460
|
"""
|
460
461
|
## Example Usage
|
@@ -486,33 +487,33 @@ class SyncAwsDestination(pulumi.CustomResource):
|
|
486
487
|
|
487
488
|
:param str resource_name: The name of the resource.
|
488
489
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
489
|
-
:param pulumi.Input[str] access_key_id: Access key id to authenticate against the AWS secrets manager.
|
490
|
+
:param pulumi.Input[builtins.str] access_key_id: Access key id to authenticate against the AWS secrets manager.
|
490
491
|
Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
|
491
492
|
variable.
|
492
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
|
493
|
-
:param pulumi.Input[str] external_id: Optional extra protection that must match the trust policy granting access to the
|
493
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] custom_tags: Custom tags to set on the secret managed at the destination.
|
494
|
+
:param pulumi.Input[builtins.str] external_id: Optional extra protection that must match the trust policy granting access to the
|
494
495
|
AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
|
495
496
|
The field is mutable with no special condition, but users must be careful that the new value fits with the trust
|
496
497
|
relationship condition they set on AWS otherwise sync operations will start to fail due to client-side access
|
497
498
|
denied errors. Ignored if the `role_arn` field is empty.
|
498
|
-
:param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
|
499
|
+
:param pulumi.Input[builtins.str] granularity: Determines what level of information is synced as a distinct resource
|
499
500
|
at the destination. Supports `secret-path` and `secret-key`.
|
500
|
-
:param pulumi.Input[str] name: Unique name of the AWS destination.
|
501
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
501
|
+
:param pulumi.Input[builtins.str] name: Unique name of the AWS destination.
|
502
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
502
503
|
The value should not contain leading or trailing forward slashes.
|
503
504
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
504
|
-
:param pulumi.Input[str] region: Region where to manage the secrets manager entries.
|
505
|
+
:param pulumi.Input[builtins.str] region: Region where to manage the secrets manager entries.
|
505
506
|
Can be omitted and directly provided to Vault using the `AWS_REGION` environment
|
506
507
|
variable.
|
507
|
-
:param pulumi.Input[str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role,
|
508
|
+
:param pulumi.Input[builtins.str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role,
|
508
509
|
Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
|
509
510
|
exist for Vault to be able to assume this role. The role can be in a different account.
|
510
511
|
The value is mutable as long as the new role targets the same AWS account ID. If not, the BE will return an error.
|
511
512
|
It is possible to provide both an access key pair and a role to assume.
|
512
|
-
:param pulumi.Input[str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
|
513
|
+
:param pulumi.Input[builtins.str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
|
513
514
|
Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
|
514
515
|
variable.
|
515
|
-
:param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
|
516
|
+
:param pulumi.Input[builtins.str] secret_name_template: Template describing how to generate external secret names.
|
516
517
|
Supports a subset of the Go Template syntax.
|
517
518
|
"""
|
518
519
|
...
|
@@ -564,16 +565,16 @@ class SyncAwsDestination(pulumi.CustomResource):
|
|
564
565
|
def _internal_init(__self__,
|
565
566
|
resource_name: str,
|
566
567
|
opts: Optional[pulumi.ResourceOptions] = None,
|
567
|
-
access_key_id: Optional[pulumi.Input[str]] = None,
|
568
|
-
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
569
|
-
external_id: Optional[pulumi.Input[str]] = None,
|
570
|
-
granularity: Optional[pulumi.Input[str]] = None,
|
571
|
-
name: Optional[pulumi.Input[str]] = None,
|
572
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
573
|
-
region: Optional[pulumi.Input[str]] = None,
|
574
|
-
role_arn: Optional[pulumi.Input[str]] = None,
|
575
|
-
secret_access_key: Optional[pulumi.Input[str]] = None,
|
576
|
-
secret_name_template: Optional[pulumi.Input[str]] = None,
|
568
|
+
access_key_id: Optional[pulumi.Input[builtins.str]] = None,
|
569
|
+
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
570
|
+
external_id: Optional[pulumi.Input[builtins.str]] = None,
|
571
|
+
granularity: Optional[pulumi.Input[builtins.str]] = None,
|
572
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
573
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
574
|
+
region: Optional[pulumi.Input[builtins.str]] = None,
|
575
|
+
role_arn: Optional[pulumi.Input[builtins.str]] = None,
|
576
|
+
secret_access_key: Optional[pulumi.Input[builtins.str]] = None,
|
577
|
+
secret_name_template: Optional[pulumi.Input[builtins.str]] = None,
|
577
578
|
__props__=None):
|
578
579
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
579
580
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -606,17 +607,17 @@ class SyncAwsDestination(pulumi.CustomResource):
|
|
606
607
|
def get(resource_name: str,
|
607
608
|
id: pulumi.Input[str],
|
608
609
|
opts: Optional[pulumi.ResourceOptions] = None,
|
609
|
-
access_key_id: Optional[pulumi.Input[str]] = None,
|
610
|
-
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
611
|
-
external_id: Optional[pulumi.Input[str]] = None,
|
612
|
-
granularity: Optional[pulumi.Input[str]] = None,
|
613
|
-
name: Optional[pulumi.Input[str]] = None,
|
614
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
615
|
-
region: Optional[pulumi.Input[str]] = None,
|
616
|
-
role_arn: Optional[pulumi.Input[str]] = None,
|
617
|
-
secret_access_key: Optional[pulumi.Input[str]] = None,
|
618
|
-
secret_name_template: Optional[pulumi.Input[str]] = None,
|
619
|
-
type: Optional[pulumi.Input[str]] = None) -> 'SyncAwsDestination':
|
610
|
+
access_key_id: Optional[pulumi.Input[builtins.str]] = None,
|
611
|
+
custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
612
|
+
external_id: Optional[pulumi.Input[builtins.str]] = None,
|
613
|
+
granularity: Optional[pulumi.Input[builtins.str]] = None,
|
614
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
615
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
616
|
+
region: Optional[pulumi.Input[builtins.str]] = None,
|
617
|
+
role_arn: Optional[pulumi.Input[builtins.str]] = None,
|
618
|
+
secret_access_key: Optional[pulumi.Input[builtins.str]] = None,
|
619
|
+
secret_name_template: Optional[pulumi.Input[builtins.str]] = None,
|
620
|
+
type: Optional[pulumi.Input[builtins.str]] = None) -> 'SyncAwsDestination':
|
620
621
|
"""
|
621
622
|
Get an existing SyncAwsDestination resource's state with the given name, id, and optional extra
|
622
623
|
properties used to qualify the lookup.
|
@@ -624,35 +625,35 @@ class SyncAwsDestination(pulumi.CustomResource):
|
|
624
625
|
:param str resource_name: The unique name of the resulting resource.
|
625
626
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
626
627
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
627
|
-
:param pulumi.Input[str] access_key_id: Access key id to authenticate against the AWS secrets manager.
|
628
|
+
:param pulumi.Input[builtins.str] access_key_id: Access key id to authenticate against the AWS secrets manager.
|
628
629
|
Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
|
629
630
|
variable.
|
630
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
|
631
|
-
:param pulumi.Input[str] external_id: Optional extra protection that must match the trust policy granting access to the
|
631
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] custom_tags: Custom tags to set on the secret managed at the destination.
|
632
|
+
:param pulumi.Input[builtins.str] external_id: Optional extra protection that must match the trust policy granting access to the
|
632
633
|
AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
|
633
634
|
The field is mutable with no special condition, but users must be careful that the new value fits with the trust
|
634
635
|
relationship condition they set on AWS otherwise sync operations will start to fail due to client-side access
|
635
636
|
denied errors. Ignored if the `role_arn` field is empty.
|
636
|
-
:param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
|
637
|
+
:param pulumi.Input[builtins.str] granularity: Determines what level of information is synced as a distinct resource
|
637
638
|
at the destination. Supports `secret-path` and `secret-key`.
|
638
|
-
:param pulumi.Input[str] name: Unique name of the AWS destination.
|
639
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
639
|
+
:param pulumi.Input[builtins.str] name: Unique name of the AWS destination.
|
640
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
640
641
|
The value should not contain leading or trailing forward slashes.
|
641
642
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
642
|
-
:param pulumi.Input[str] region: Region where to manage the secrets manager entries.
|
643
|
+
:param pulumi.Input[builtins.str] region: Region where to manage the secrets manager entries.
|
643
644
|
Can be omitted and directly provided to Vault using the `AWS_REGION` environment
|
644
645
|
variable.
|
645
|
-
:param pulumi.Input[str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role,
|
646
|
+
:param pulumi.Input[builtins.str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role,
|
646
647
|
Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
|
647
648
|
exist for Vault to be able to assume this role. The role can be in a different account.
|
648
649
|
The value is mutable as long as the new role targets the same AWS account ID. If not, the BE will return an error.
|
649
650
|
It is possible to provide both an access key pair and a role to assume.
|
650
|
-
:param pulumi.Input[str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
|
651
|
+
:param pulumi.Input[builtins.str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
|
651
652
|
Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
|
652
653
|
variable.
|
653
|
-
:param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
|
654
|
+
:param pulumi.Input[builtins.str] secret_name_template: Template describing how to generate external secret names.
|
654
655
|
Supports a subset of the Go Template syntax.
|
655
|
-
:param pulumi.Input[str] type: The type of the secrets destination (`aws-sm`).
|
656
|
+
:param pulumi.Input[builtins.str] type: The type of the secrets destination (`aws-sm`).
|
656
657
|
"""
|
657
658
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
658
659
|
|
@@ -673,7 +674,7 @@ class SyncAwsDestination(pulumi.CustomResource):
|
|
673
674
|
|
674
675
|
@property
|
675
676
|
@pulumi.getter(name="accessKeyId")
|
676
|
-
def access_key_id(self) -> pulumi.Output[Optional[str]]:
|
677
|
+
def access_key_id(self) -> pulumi.Output[Optional[builtins.str]]:
|
677
678
|
"""
|
678
679
|
Access key id to authenticate against the AWS secrets manager.
|
679
680
|
Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
|
@@ -683,7 +684,7 @@ class SyncAwsDestination(pulumi.CustomResource):
|
|
683
684
|
|
684
685
|
@property
|
685
686
|
@pulumi.getter(name="customTags")
|
686
|
-
def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
687
|
+
def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
|
687
688
|
"""
|
688
689
|
Custom tags to set on the secret managed at the destination.
|
689
690
|
"""
|
@@ -691,7 +692,7 @@ class SyncAwsDestination(pulumi.CustomResource):
|
|
691
692
|
|
692
693
|
@property
|
693
694
|
@pulumi.getter(name="externalId")
|
694
|
-
def external_id(self) -> pulumi.Output[Optional[str]]:
|
695
|
+
def external_id(self) -> pulumi.Output[Optional[builtins.str]]:
|
695
696
|
"""
|
696
697
|
Optional extra protection that must match the trust policy granting access to the
|
697
698
|
AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
|
@@ -703,7 +704,7 @@ class SyncAwsDestination(pulumi.CustomResource):
|
|
703
704
|
|
704
705
|
@property
|
705
706
|
@pulumi.getter
|
706
|
-
def granularity(self) -> pulumi.Output[Optional[str]]:
|
707
|
+
def granularity(self) -> pulumi.Output[Optional[builtins.str]]:
|
707
708
|
"""
|
708
709
|
Determines what level of information is synced as a distinct resource
|
709
710
|
at the destination. Supports `secret-path` and `secret-key`.
|
@@ -712,7 +713,7 @@ class SyncAwsDestination(pulumi.CustomResource):
|
|
712
713
|
|
713
714
|
@property
|
714
715
|
@pulumi.getter
|
715
|
-
def name(self) -> pulumi.Output[str]:
|
716
|
+
def name(self) -> pulumi.Output[builtins.str]:
|
716
717
|
"""
|
717
718
|
Unique name of the AWS destination.
|
718
719
|
"""
|
@@ -720,7 +721,7 @@ class SyncAwsDestination(pulumi.CustomResource):
|
|
720
721
|
|
721
722
|
@property
|
722
723
|
@pulumi.getter
|
723
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
724
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
724
725
|
"""
|
725
726
|
The namespace to provision the resource in.
|
726
727
|
The value should not contain leading or trailing forward slashes.
|
@@ -730,7 +731,7 @@ class SyncAwsDestination(pulumi.CustomResource):
|
|
730
731
|
|
731
732
|
@property
|
732
733
|
@pulumi.getter
|
733
|
-
def region(self) -> pulumi.Output[Optional[str]]:
|
734
|
+
def region(self) -> pulumi.Output[Optional[builtins.str]]:
|
734
735
|
"""
|
735
736
|
Region where to manage the secrets manager entries.
|
736
737
|
Can be omitted and directly provided to Vault using the `AWS_REGION` environment
|
@@ -740,7 +741,7 @@ class SyncAwsDestination(pulumi.CustomResource):
|
|
740
741
|
|
741
742
|
@property
|
742
743
|
@pulumi.getter(name="roleArn")
|
743
|
-
def role_arn(self) -> pulumi.Output[Optional[str]]:
|
744
|
+
def role_arn(self) -> pulumi.Output[Optional[builtins.str]]:
|
744
745
|
"""
|
745
746
|
Specifies a role to assume when connecting to AWS. When assuming a role,
|
746
747
|
Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
|
@@ -752,7 +753,7 @@ class SyncAwsDestination(pulumi.CustomResource):
|
|
752
753
|
|
753
754
|
@property
|
754
755
|
@pulumi.getter(name="secretAccessKey")
|
755
|
-
def secret_access_key(self) -> pulumi.Output[Optional[str]]:
|
756
|
+
def secret_access_key(self) -> pulumi.Output[Optional[builtins.str]]:
|
756
757
|
"""
|
757
758
|
Secret access key to authenticate against the AWS secrets manager.
|
758
759
|
Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
|
@@ -762,7 +763,7 @@ class SyncAwsDestination(pulumi.CustomResource):
|
|
762
763
|
|
763
764
|
@property
|
764
765
|
@pulumi.getter(name="secretNameTemplate")
|
765
|
-
def secret_name_template(self) -> pulumi.Output[str]:
|
766
|
+
def secret_name_template(self) -> pulumi.Output[builtins.str]:
|
766
767
|
"""
|
767
768
|
Template describing how to generate external secret names.
|
768
769
|
Supports a subset of the Go Template syntax.
|
@@ -771,7 +772,7 @@ class SyncAwsDestination(pulumi.CustomResource):
|
|
771
772
|
|
772
773
|
@property
|
773
774
|
@pulumi.getter
|
774
|
-
def type(self) -> pulumi.Output[str]:
|
775
|
+
def type(self) -> pulumi.Output[builtins.str]:
|
775
776
|
"""
|
776
777
|
The type of the secrets destination (`aws-sm`).
|
777
778
|
"""
|