pulumi-vault 6.7.0a1743576047__py3-none-any.whl → 6.7.0a1744267302__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1 -0
- pulumi_vault/_inputs.py +554 -553
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +253 -252
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +337 -336
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +113 -112
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +183 -182
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +239 -238
- pulumi_vault/azure/backend_role.py +141 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +2525 -2524
- pulumi_vault/database/outputs.py +1529 -1528
- pulumi_vault/database/secret_backend_connection.py +169 -168
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +179 -178
- pulumi_vault/database/secrets_mount.py +267 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +260 -259
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +232 -231
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +8 -7
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +588 -587
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +554 -553
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +56 -55
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +1 -0
- pulumi_vault/pkisecret/_inputs.py +31 -30
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +141 -140
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -27
- pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +715 -714
- pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
- pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +93 -92
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +1 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +54 -53
- pulumi_vault/transit/get_verify.py +60 -59
- pulumi_vault/transit/secret_backend_key.py +274 -273
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/METADATA +1 -1
- pulumi_vault-6.7.0a1744267302.dist-info/RECORD +265 -0
- pulumi_vault-6.7.0a1743576047.dist-info/RECORD +0 -265
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/WHEEL +0 -0
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,95 +20,95 @@ __all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class AuthBackendRoleArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
role: pulumi.Input[str],
|
23
|
-
allow_instance_migration: Optional[pulumi.Input[bool]] = None,
|
24
|
-
auth_type: Optional[pulumi.Input[str]] = None,
|
25
|
-
backend: Optional[pulumi.Input[str]] = None,
|
26
|
-
bound_account_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
27
|
-
bound_ami_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
28
|
-
bound_ec2_instance_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
29
|
-
bound_iam_instance_profile_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
30
|
-
bound_iam_principal_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
31
|
-
bound_iam_role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
32
|
-
bound_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
33
|
-
bound_subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
34
|
-
bound_vpc_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
35
|
-
disallow_reauthentication: Optional[pulumi.Input[bool]] = None,
|
36
|
-
inferred_aws_region: Optional[pulumi.Input[str]] = None,
|
37
|
-
inferred_entity_type: Optional[pulumi.Input[str]] = None,
|
38
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
39
|
-
resolve_aws_unique_ids: Optional[pulumi.Input[bool]] = None,
|
40
|
-
role_tag: Optional[pulumi.Input[str]] = None,
|
41
|
-
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
42
|
-
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
43
|
-
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
44
|
-
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
45
|
-
token_num_uses: Optional[pulumi.Input[int]] = None,
|
46
|
-
token_period: Optional[pulumi.Input[int]] = None,
|
47
|
-
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
48
|
-
token_ttl: Optional[pulumi.Input[int]] = None,
|
49
|
-
token_type: Optional[pulumi.Input[str]] = None):
|
23
|
+
role: pulumi.Input[builtins.str],
|
24
|
+
allow_instance_migration: Optional[pulumi.Input[builtins.bool]] = None,
|
25
|
+
auth_type: Optional[pulumi.Input[builtins.str]] = None,
|
26
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
27
|
+
bound_account_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
28
|
+
bound_ami_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
29
|
+
bound_ec2_instance_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
30
|
+
bound_iam_instance_profile_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
31
|
+
bound_iam_principal_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
32
|
+
bound_iam_role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
33
|
+
bound_regions: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
34
|
+
bound_subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
35
|
+
bound_vpc_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
36
|
+
disallow_reauthentication: Optional[pulumi.Input[builtins.bool]] = None,
|
37
|
+
inferred_aws_region: Optional[pulumi.Input[builtins.str]] = None,
|
38
|
+
inferred_entity_type: Optional[pulumi.Input[builtins.str]] = None,
|
39
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
40
|
+
resolve_aws_unique_ids: Optional[pulumi.Input[builtins.bool]] = None,
|
41
|
+
role_tag: Optional[pulumi.Input[builtins.str]] = None,
|
42
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
43
|
+
token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
44
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
45
|
+
token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
|
46
|
+
token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
|
47
|
+
token_period: Optional[pulumi.Input[builtins.int]] = None,
|
48
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
49
|
+
token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
50
|
+
token_type: Optional[pulumi.Input[builtins.str]] = None):
|
50
51
|
"""
|
51
52
|
The set of arguments for constructing a AuthBackendRole resource.
|
52
|
-
:param pulumi.Input[str] role: The name of the role.
|
53
|
-
:param pulumi.Input[bool] allow_instance_migration: If set to `true`, allows migration of
|
53
|
+
:param pulumi.Input[builtins.str] role: The name of the role.
|
54
|
+
:param pulumi.Input[builtins.bool] allow_instance_migration: If set to `true`, allows migration of
|
54
55
|
the underlying instance where the client resides.
|
55
|
-
:param pulumi.Input[str] auth_type: The auth type permitted for this role. Valid choices
|
56
|
+
:param pulumi.Input[builtins.str] auth_type: The auth type permitted for this role. Valid choices
|
56
57
|
are `ec2` and `iam`. Defaults to `iam`.
|
57
|
-
:param pulumi.Input[str] backend: Path to the mounted aws auth backend.
|
58
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_account_ids: If set, defines a constraint on the EC2
|
58
|
+
:param pulumi.Input[builtins.str] backend: Path to the mounted aws auth backend.
|
59
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_account_ids: If set, defines a constraint on the EC2
|
59
60
|
instances that can perform the login operation that they should be using the
|
60
61
|
account ID specified by this field. `auth_type` must be set to `ec2` or
|
61
62
|
`inferred_entity_type` must be set to `ec2_instance` to use this constraint.
|
62
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_ami_ids: If set, defines a constraint on the EC2 instances
|
63
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_ami_ids: If set, defines a constraint on the EC2 instances
|
63
64
|
that can perform the login operation that they should be using the AMI ID
|
64
65
|
specified by this field. `auth_type` must be set to `ec2` or
|
65
66
|
`inferred_entity_type` must be set to `ec2_instance` to use this constraint.
|
66
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_ec2_instance_ids: Only EC2 instances that match this instance ID will be permitted to log in.
|
67
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_iam_instance_profile_arns: If set, defines a constraint on
|
67
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_ec2_instance_ids: Only EC2 instances that match this instance ID will be permitted to log in.
|
68
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_iam_instance_profile_arns: If set, defines a constraint on
|
68
69
|
the EC2 instances that can perform the login operation that they must be
|
69
70
|
associated with an IAM instance profile ARN which has a prefix that matches
|
70
71
|
the value specified by this field. The value is prefix-matched as though it
|
71
72
|
were a glob ending in `*`. `auth_type` must be set to `ec2` or
|
72
73
|
`inferred_entity_type` must be set to `ec2_instance` to use this constraint.
|
73
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_iam_principal_arns: If set, defines the IAM principal that
|
74
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_iam_principal_arns: If set, defines the IAM principal that
|
74
75
|
must be authenticated when `auth_type` is set to `iam`. Wildcards are
|
75
76
|
supported at the end of the ARN.
|
76
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_iam_role_arns: If set, defines a constraint on the EC2
|
77
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_iam_role_arns: If set, defines a constraint on the EC2
|
77
78
|
instances that can perform the login operation that they must match the IAM
|
78
79
|
role ARN specified by this field. `auth_type` must be set to `ec2` or
|
79
80
|
`inferred_entity_type` must be set to `ec2_instance` to use this constraint.
|
80
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_regions: If set, defines a constraint on the EC2 instances
|
81
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_regions: If set, defines a constraint on the EC2 instances
|
81
82
|
that can perform the login operation that the region in their identity
|
82
83
|
document must match the one specified by this field. `auth_type` must be set
|
83
84
|
to `ec2` or `inferred_entity_type` must be set to `ec2_instance` to use this
|
84
85
|
constraint.
|
85
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_subnet_ids: If set, defines a constraint on the EC2
|
86
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_subnet_ids: If set, defines a constraint on the EC2
|
86
87
|
instances that can perform the login operation that they be associated with
|
87
88
|
the subnet ID that matches the value specified by this field. `auth_type`
|
88
89
|
must be set to `ec2` or `inferred_entity_type` must be set to `ec2_instance`
|
89
90
|
to use this constraint.
|
90
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_vpc_ids: If set, defines a constraint on the EC2 instances
|
91
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_vpc_ids: If set, defines a constraint on the EC2 instances
|
91
92
|
that can perform the login operation that they be associated with the VPC ID
|
92
93
|
that matches the value specified by this field. `auth_type` must be set to
|
93
94
|
`ec2` or `inferred_entity_type` must be set to `ec2_instance` to use this
|
94
95
|
constraint.
|
95
|
-
:param pulumi.Input[bool] disallow_reauthentication: IF set to `true`, only allows a
|
96
|
+
:param pulumi.Input[builtins.bool] disallow_reauthentication: IF set to `true`, only allows a
|
96
97
|
single token to be granted per instance ID. This can only be set when
|
97
98
|
`auth_type` is set to `ec2`.
|
98
|
-
:param pulumi.Input[str] inferred_aws_region: When `inferred_entity_type` is set, this
|
99
|
+
:param pulumi.Input[builtins.str] inferred_aws_region: When `inferred_entity_type` is set, this
|
99
100
|
is the region to search for the inferred entities. Required if
|
100
101
|
`inferred_entity_type` is set. This only applies when `auth_type` is set to
|
101
102
|
`iam`.
|
102
|
-
:param pulumi.Input[str] inferred_entity_type: If set, instructs Vault to turn on
|
103
|
+
:param pulumi.Input[builtins.str] inferred_entity_type: If set, instructs Vault to turn on
|
103
104
|
inferencing. The only valid value is `ec2_instance`, which instructs Vault to
|
104
105
|
infer that the role comes from an EC2 instance in an IAM instance profile.
|
105
106
|
This only applies when `auth_type` is set to `iam`.
|
106
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
107
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
107
108
|
The value should not contain leading or trailing forward slashes.
|
108
109
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
109
110
|
*Available only for Vault Enterprise*.
|
110
|
-
:param pulumi.Input[bool] resolve_aws_unique_ids: Only valid when
|
111
|
+
:param pulumi.Input[builtins.bool] resolve_aws_unique_ids: Only valid when
|
111
112
|
`auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are
|
112
113
|
resolved to [AWS Unique
|
113
114
|
IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)
|
@@ -118,19 +119,19 @@ class AuthBackendRoleArgs:
|
|
118
119
|
roles won't get access to roles in Vault that were permissioned to the prior
|
119
120
|
principals of the same name. Defaults to `true`.
|
120
121
|
Once set to `true`, this cannot be changed to `false` without recreating the role.
|
121
|
-
:param pulumi.Input[str] role_tag: If set, enable role tags for this role. The value set
|
122
|
+
:param pulumi.Input[builtins.str] role_tag: If set, enable role tags for this role. The value set
|
122
123
|
for this field should be the key of the tag on the EC2 instance. `auth_type`
|
123
124
|
must be set to `ec2` or `inferred_entity_type` must be set to `ec2_instance`
|
124
125
|
to use this constraint.
|
125
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
126
|
-
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
127
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
128
|
-
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
129
|
-
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
130
|
-
:param pulumi.Input[int] token_period: Generated Token's Period
|
131
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
132
|
-
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
133
|
-
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
126
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
127
|
+
:param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
128
|
+
:param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
|
129
|
+
:param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
130
|
+
:param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
131
|
+
:param pulumi.Input[builtins.int] token_period: Generated Token's Period
|
132
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
|
133
|
+
:param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
|
134
|
+
:param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
|
134
135
|
"""
|
135
136
|
pulumi.set(__self__, "role", role)
|
136
137
|
if allow_instance_migration is not None:
|
@@ -190,19 +191,19 @@ class AuthBackendRoleArgs:
|
|
190
191
|
|
191
192
|
@property
|
192
193
|
@pulumi.getter
|
193
|
-
def role(self) -> pulumi.Input[str]:
|
194
|
+
def role(self) -> pulumi.Input[builtins.str]:
|
194
195
|
"""
|
195
196
|
The name of the role.
|
196
197
|
"""
|
197
198
|
return pulumi.get(self, "role")
|
198
199
|
|
199
200
|
@role.setter
|
200
|
-
def role(self, value: pulumi.Input[str]):
|
201
|
+
def role(self, value: pulumi.Input[builtins.str]):
|
201
202
|
pulumi.set(self, "role", value)
|
202
203
|
|
203
204
|
@property
|
204
205
|
@pulumi.getter(name="allowInstanceMigration")
|
205
|
-
def allow_instance_migration(self) -> Optional[pulumi.Input[bool]]:
|
206
|
+
def allow_instance_migration(self) -> Optional[pulumi.Input[builtins.bool]]:
|
206
207
|
"""
|
207
208
|
If set to `true`, allows migration of
|
208
209
|
the underlying instance where the client resides.
|
@@ -210,12 +211,12 @@ class AuthBackendRoleArgs:
|
|
210
211
|
return pulumi.get(self, "allow_instance_migration")
|
211
212
|
|
212
213
|
@allow_instance_migration.setter
|
213
|
-
def allow_instance_migration(self, value: Optional[pulumi.Input[bool]]):
|
214
|
+
def allow_instance_migration(self, value: Optional[pulumi.Input[builtins.bool]]):
|
214
215
|
pulumi.set(self, "allow_instance_migration", value)
|
215
216
|
|
216
217
|
@property
|
217
218
|
@pulumi.getter(name="authType")
|
218
|
-
def auth_type(self) -> Optional[pulumi.Input[str]]:
|
219
|
+
def auth_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
219
220
|
"""
|
220
221
|
The auth type permitted for this role. Valid choices
|
221
222
|
are `ec2` and `iam`. Defaults to `iam`.
|
@@ -223,24 +224,24 @@ class AuthBackendRoleArgs:
|
|
223
224
|
return pulumi.get(self, "auth_type")
|
224
225
|
|
225
226
|
@auth_type.setter
|
226
|
-
def auth_type(self, value: Optional[pulumi.Input[str]]):
|
227
|
+
def auth_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
227
228
|
pulumi.set(self, "auth_type", value)
|
228
229
|
|
229
230
|
@property
|
230
231
|
@pulumi.getter
|
231
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
232
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
232
233
|
"""
|
233
234
|
Path to the mounted aws auth backend.
|
234
235
|
"""
|
235
236
|
return pulumi.get(self, "backend")
|
236
237
|
|
237
238
|
@backend.setter
|
238
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
239
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
239
240
|
pulumi.set(self, "backend", value)
|
240
241
|
|
241
242
|
@property
|
242
243
|
@pulumi.getter(name="boundAccountIds")
|
243
|
-
def bound_account_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
244
|
+
def bound_account_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
244
245
|
"""
|
245
246
|
If set, defines a constraint on the EC2
|
246
247
|
instances that can perform the login operation that they should be using the
|
@@ -250,12 +251,12 @@ class AuthBackendRoleArgs:
|
|
250
251
|
return pulumi.get(self, "bound_account_ids")
|
251
252
|
|
252
253
|
@bound_account_ids.setter
|
253
|
-
def bound_account_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
254
|
+
def bound_account_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
254
255
|
pulumi.set(self, "bound_account_ids", value)
|
255
256
|
|
256
257
|
@property
|
257
258
|
@pulumi.getter(name="boundAmiIds")
|
258
|
-
def bound_ami_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
259
|
+
def bound_ami_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
259
260
|
"""
|
260
261
|
If set, defines a constraint on the EC2 instances
|
261
262
|
that can perform the login operation that they should be using the AMI ID
|
@@ -265,24 +266,24 @@ class AuthBackendRoleArgs:
|
|
265
266
|
return pulumi.get(self, "bound_ami_ids")
|
266
267
|
|
267
268
|
@bound_ami_ids.setter
|
268
|
-
def bound_ami_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
269
|
+
def bound_ami_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
269
270
|
pulumi.set(self, "bound_ami_ids", value)
|
270
271
|
|
271
272
|
@property
|
272
273
|
@pulumi.getter(name="boundEc2InstanceIds")
|
273
|
-
def bound_ec2_instance_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
274
|
+
def bound_ec2_instance_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
274
275
|
"""
|
275
276
|
Only EC2 instances that match this instance ID will be permitted to log in.
|
276
277
|
"""
|
277
278
|
return pulumi.get(self, "bound_ec2_instance_ids")
|
278
279
|
|
279
280
|
@bound_ec2_instance_ids.setter
|
280
|
-
def bound_ec2_instance_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
281
|
+
def bound_ec2_instance_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
281
282
|
pulumi.set(self, "bound_ec2_instance_ids", value)
|
282
283
|
|
283
284
|
@property
|
284
285
|
@pulumi.getter(name="boundIamInstanceProfileArns")
|
285
|
-
def bound_iam_instance_profile_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
286
|
+
def bound_iam_instance_profile_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
286
287
|
"""
|
287
288
|
If set, defines a constraint on
|
288
289
|
the EC2 instances that can perform the login operation that they must be
|
@@ -294,12 +295,12 @@ class AuthBackendRoleArgs:
|
|
294
295
|
return pulumi.get(self, "bound_iam_instance_profile_arns")
|
295
296
|
|
296
297
|
@bound_iam_instance_profile_arns.setter
|
297
|
-
def bound_iam_instance_profile_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
298
|
+
def bound_iam_instance_profile_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
298
299
|
pulumi.set(self, "bound_iam_instance_profile_arns", value)
|
299
300
|
|
300
301
|
@property
|
301
302
|
@pulumi.getter(name="boundIamPrincipalArns")
|
302
|
-
def bound_iam_principal_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
303
|
+
def bound_iam_principal_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
303
304
|
"""
|
304
305
|
If set, defines the IAM principal that
|
305
306
|
must be authenticated when `auth_type` is set to `iam`. Wildcards are
|
@@ -308,12 +309,12 @@ class AuthBackendRoleArgs:
|
|
308
309
|
return pulumi.get(self, "bound_iam_principal_arns")
|
309
310
|
|
310
311
|
@bound_iam_principal_arns.setter
|
311
|
-
def bound_iam_principal_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
312
|
+
def bound_iam_principal_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
312
313
|
pulumi.set(self, "bound_iam_principal_arns", value)
|
313
314
|
|
314
315
|
@property
|
315
316
|
@pulumi.getter(name="boundIamRoleArns")
|
316
|
-
def bound_iam_role_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
317
|
+
def bound_iam_role_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
317
318
|
"""
|
318
319
|
If set, defines a constraint on the EC2
|
319
320
|
instances that can perform the login operation that they must match the IAM
|
@@ -323,12 +324,12 @@ class AuthBackendRoleArgs:
|
|
323
324
|
return pulumi.get(self, "bound_iam_role_arns")
|
324
325
|
|
325
326
|
@bound_iam_role_arns.setter
|
326
|
-
def bound_iam_role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
327
|
+
def bound_iam_role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
327
328
|
pulumi.set(self, "bound_iam_role_arns", value)
|
328
329
|
|
329
330
|
@property
|
330
331
|
@pulumi.getter(name="boundRegions")
|
331
|
-
def bound_regions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
332
|
+
def bound_regions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
332
333
|
"""
|
333
334
|
If set, defines a constraint on the EC2 instances
|
334
335
|
that can perform the login operation that the region in their identity
|
@@ -339,12 +340,12 @@ class AuthBackendRoleArgs:
|
|
339
340
|
return pulumi.get(self, "bound_regions")
|
340
341
|
|
341
342
|
@bound_regions.setter
|
342
|
-
def bound_regions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
343
|
+
def bound_regions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
343
344
|
pulumi.set(self, "bound_regions", value)
|
344
345
|
|
345
346
|
@property
|
346
347
|
@pulumi.getter(name="boundSubnetIds")
|
347
|
-
def bound_subnet_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
348
|
+
def bound_subnet_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
348
349
|
"""
|
349
350
|
If set, defines a constraint on the EC2
|
350
351
|
instances that can perform the login operation that they be associated with
|
@@ -355,12 +356,12 @@ class AuthBackendRoleArgs:
|
|
355
356
|
return pulumi.get(self, "bound_subnet_ids")
|
356
357
|
|
357
358
|
@bound_subnet_ids.setter
|
358
|
-
def bound_subnet_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
359
|
+
def bound_subnet_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
359
360
|
pulumi.set(self, "bound_subnet_ids", value)
|
360
361
|
|
361
362
|
@property
|
362
363
|
@pulumi.getter(name="boundVpcIds")
|
363
|
-
def bound_vpc_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
364
|
+
def bound_vpc_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
364
365
|
"""
|
365
366
|
If set, defines a constraint on the EC2 instances
|
366
367
|
that can perform the login operation that they be associated with the VPC ID
|
@@ -371,12 +372,12 @@ class AuthBackendRoleArgs:
|
|
371
372
|
return pulumi.get(self, "bound_vpc_ids")
|
372
373
|
|
373
374
|
@bound_vpc_ids.setter
|
374
|
-
def bound_vpc_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
375
|
+
def bound_vpc_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
375
376
|
pulumi.set(self, "bound_vpc_ids", value)
|
376
377
|
|
377
378
|
@property
|
378
379
|
@pulumi.getter(name="disallowReauthentication")
|
379
|
-
def disallow_reauthentication(self) -> Optional[pulumi.Input[bool]]:
|
380
|
+
def disallow_reauthentication(self) -> Optional[pulumi.Input[builtins.bool]]:
|
380
381
|
"""
|
381
382
|
IF set to `true`, only allows a
|
382
383
|
single token to be granted per instance ID. This can only be set when
|
@@ -385,12 +386,12 @@ class AuthBackendRoleArgs:
|
|
385
386
|
return pulumi.get(self, "disallow_reauthentication")
|
386
387
|
|
387
388
|
@disallow_reauthentication.setter
|
388
|
-
def disallow_reauthentication(self, value: Optional[pulumi.Input[bool]]):
|
389
|
+
def disallow_reauthentication(self, value: Optional[pulumi.Input[builtins.bool]]):
|
389
390
|
pulumi.set(self, "disallow_reauthentication", value)
|
390
391
|
|
391
392
|
@property
|
392
393
|
@pulumi.getter(name="inferredAwsRegion")
|
393
|
-
def inferred_aws_region(self) -> Optional[pulumi.Input[str]]:
|
394
|
+
def inferred_aws_region(self) -> Optional[pulumi.Input[builtins.str]]:
|
394
395
|
"""
|
395
396
|
When `inferred_entity_type` is set, this
|
396
397
|
is the region to search for the inferred entities. Required if
|
@@ -400,12 +401,12 @@ class AuthBackendRoleArgs:
|
|
400
401
|
return pulumi.get(self, "inferred_aws_region")
|
401
402
|
|
402
403
|
@inferred_aws_region.setter
|
403
|
-
def inferred_aws_region(self, value: Optional[pulumi.Input[str]]):
|
404
|
+
def inferred_aws_region(self, value: Optional[pulumi.Input[builtins.str]]):
|
404
405
|
pulumi.set(self, "inferred_aws_region", value)
|
405
406
|
|
406
407
|
@property
|
407
408
|
@pulumi.getter(name="inferredEntityType")
|
408
|
-
def inferred_entity_type(self) -> Optional[pulumi.Input[str]]:
|
409
|
+
def inferred_entity_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
409
410
|
"""
|
410
411
|
If set, instructs Vault to turn on
|
411
412
|
inferencing. The only valid value is `ec2_instance`, which instructs Vault to
|
@@ -415,12 +416,12 @@ class AuthBackendRoleArgs:
|
|
415
416
|
return pulumi.get(self, "inferred_entity_type")
|
416
417
|
|
417
418
|
@inferred_entity_type.setter
|
418
|
-
def inferred_entity_type(self, value: Optional[pulumi.Input[str]]):
|
419
|
+
def inferred_entity_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
419
420
|
pulumi.set(self, "inferred_entity_type", value)
|
420
421
|
|
421
422
|
@property
|
422
423
|
@pulumi.getter
|
423
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
424
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
424
425
|
"""
|
425
426
|
The namespace to provision the resource in.
|
426
427
|
The value should not contain leading or trailing forward slashes.
|
@@ -430,12 +431,12 @@ class AuthBackendRoleArgs:
|
|
430
431
|
return pulumi.get(self, "namespace")
|
431
432
|
|
432
433
|
@namespace.setter
|
433
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
434
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
434
435
|
pulumi.set(self, "namespace", value)
|
435
436
|
|
436
437
|
@property
|
437
438
|
@pulumi.getter(name="resolveAwsUniqueIds")
|
438
|
-
def resolve_aws_unique_ids(self) -> Optional[pulumi.Input[bool]]:
|
439
|
+
def resolve_aws_unique_ids(self) -> Optional[pulumi.Input[builtins.bool]]:
|
439
440
|
"""
|
440
441
|
Only valid when
|
441
442
|
`auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are
|
@@ -452,12 +453,12 @@ class AuthBackendRoleArgs:
|
|
452
453
|
return pulumi.get(self, "resolve_aws_unique_ids")
|
453
454
|
|
454
455
|
@resolve_aws_unique_ids.setter
|
455
|
-
def resolve_aws_unique_ids(self, value: Optional[pulumi.Input[bool]]):
|
456
|
+
def resolve_aws_unique_ids(self, value: Optional[pulumi.Input[builtins.bool]]):
|
456
457
|
pulumi.set(self, "resolve_aws_unique_ids", value)
|
457
458
|
|
458
459
|
@property
|
459
460
|
@pulumi.getter(name="roleTag")
|
460
|
-
def role_tag(self) -> Optional[pulumi.Input[str]]:
|
461
|
+
def role_tag(self) -> Optional[pulumi.Input[builtins.str]]:
|
461
462
|
"""
|
462
463
|
If set, enable role tags for this role. The value set
|
463
464
|
for this field should be the key of the tag on the EC2 instance. `auth_type`
|
@@ -467,210 +468,210 @@ class AuthBackendRoleArgs:
|
|
467
468
|
return pulumi.get(self, "role_tag")
|
468
469
|
|
469
470
|
@role_tag.setter
|
470
|
-
def role_tag(self, value: Optional[pulumi.Input[str]]):
|
471
|
+
def role_tag(self, value: Optional[pulumi.Input[builtins.str]]):
|
471
472
|
pulumi.set(self, "role_tag", value)
|
472
473
|
|
473
474
|
@property
|
474
475
|
@pulumi.getter(name="tokenBoundCidrs")
|
475
|
-
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
476
|
+
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
476
477
|
"""
|
477
478
|
Specifies the blocks of IP addresses which are allowed to use the generated token
|
478
479
|
"""
|
479
480
|
return pulumi.get(self, "token_bound_cidrs")
|
480
481
|
|
481
482
|
@token_bound_cidrs.setter
|
482
|
-
def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
483
|
+
def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
483
484
|
pulumi.set(self, "token_bound_cidrs", value)
|
484
485
|
|
485
486
|
@property
|
486
487
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
487
|
-
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
488
|
+
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
488
489
|
"""
|
489
490
|
Generated Token's Explicit Maximum TTL in seconds
|
490
491
|
"""
|
491
492
|
return pulumi.get(self, "token_explicit_max_ttl")
|
492
493
|
|
493
494
|
@token_explicit_max_ttl.setter
|
494
|
-
def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
495
|
+
def token_explicit_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
495
496
|
pulumi.set(self, "token_explicit_max_ttl", value)
|
496
497
|
|
497
498
|
@property
|
498
499
|
@pulumi.getter(name="tokenMaxTtl")
|
499
|
-
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
500
|
+
def token_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
500
501
|
"""
|
501
502
|
The maximum lifetime of the generated token
|
502
503
|
"""
|
503
504
|
return pulumi.get(self, "token_max_ttl")
|
504
505
|
|
505
506
|
@token_max_ttl.setter
|
506
|
-
def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
507
|
+
def token_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
507
508
|
pulumi.set(self, "token_max_ttl", value)
|
508
509
|
|
509
510
|
@property
|
510
511
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
511
|
-
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
512
|
+
def token_no_default_policy(self) -> Optional[pulumi.Input[builtins.bool]]:
|
512
513
|
"""
|
513
514
|
If true, the 'default' policy will not automatically be added to generated tokens
|
514
515
|
"""
|
515
516
|
return pulumi.get(self, "token_no_default_policy")
|
516
517
|
|
517
518
|
@token_no_default_policy.setter
|
518
|
-
def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
|
519
|
+
def token_no_default_policy(self, value: Optional[pulumi.Input[builtins.bool]]):
|
519
520
|
pulumi.set(self, "token_no_default_policy", value)
|
520
521
|
|
521
522
|
@property
|
522
523
|
@pulumi.getter(name="tokenNumUses")
|
523
|
-
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
524
|
+
def token_num_uses(self) -> Optional[pulumi.Input[builtins.int]]:
|
524
525
|
"""
|
525
526
|
The maximum number of times a token may be used, a value of zero means unlimited
|
526
527
|
"""
|
527
528
|
return pulumi.get(self, "token_num_uses")
|
528
529
|
|
529
530
|
@token_num_uses.setter
|
530
|
-
def token_num_uses(self, value: Optional[pulumi.Input[int]]):
|
531
|
+
def token_num_uses(self, value: Optional[pulumi.Input[builtins.int]]):
|
531
532
|
pulumi.set(self, "token_num_uses", value)
|
532
533
|
|
533
534
|
@property
|
534
535
|
@pulumi.getter(name="tokenPeriod")
|
535
|
-
def token_period(self) -> Optional[pulumi.Input[int]]:
|
536
|
+
def token_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
536
537
|
"""
|
537
538
|
Generated Token's Period
|
538
539
|
"""
|
539
540
|
return pulumi.get(self, "token_period")
|
540
541
|
|
541
542
|
@token_period.setter
|
542
|
-
def token_period(self, value: Optional[pulumi.Input[int]]):
|
543
|
+
def token_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
543
544
|
pulumi.set(self, "token_period", value)
|
544
545
|
|
545
546
|
@property
|
546
547
|
@pulumi.getter(name="tokenPolicies")
|
547
|
-
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
548
|
+
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
548
549
|
"""
|
549
550
|
Generated Token's Policies
|
550
551
|
"""
|
551
552
|
return pulumi.get(self, "token_policies")
|
552
553
|
|
553
554
|
@token_policies.setter
|
554
|
-
def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
555
|
+
def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
555
556
|
pulumi.set(self, "token_policies", value)
|
556
557
|
|
557
558
|
@property
|
558
559
|
@pulumi.getter(name="tokenTtl")
|
559
|
-
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
560
|
+
def token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
560
561
|
"""
|
561
562
|
The initial ttl of the token to generate in seconds
|
562
563
|
"""
|
563
564
|
return pulumi.get(self, "token_ttl")
|
564
565
|
|
565
566
|
@token_ttl.setter
|
566
|
-
def token_ttl(self, value: Optional[pulumi.Input[int]]):
|
567
|
+
def token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
567
568
|
pulumi.set(self, "token_ttl", value)
|
568
569
|
|
569
570
|
@property
|
570
571
|
@pulumi.getter(name="tokenType")
|
571
|
-
def token_type(self) -> Optional[pulumi.Input[str]]:
|
572
|
+
def token_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
572
573
|
"""
|
573
574
|
The type of token to generate, service or batch
|
574
575
|
"""
|
575
576
|
return pulumi.get(self, "token_type")
|
576
577
|
|
577
578
|
@token_type.setter
|
578
|
-
def token_type(self, value: Optional[pulumi.Input[str]]):
|
579
|
+
def token_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
579
580
|
pulumi.set(self, "token_type", value)
|
580
581
|
|
581
582
|
|
582
583
|
@pulumi.input_type
|
583
584
|
class _AuthBackendRoleState:
|
584
585
|
def __init__(__self__, *,
|
585
|
-
allow_instance_migration: Optional[pulumi.Input[bool]] = None,
|
586
|
-
auth_type: Optional[pulumi.Input[str]] = None,
|
587
|
-
backend: Optional[pulumi.Input[str]] = None,
|
588
|
-
bound_account_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
589
|
-
bound_ami_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
590
|
-
bound_ec2_instance_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
591
|
-
bound_iam_instance_profile_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
592
|
-
bound_iam_principal_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
593
|
-
bound_iam_role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
594
|
-
bound_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
595
|
-
bound_subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
596
|
-
bound_vpc_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
597
|
-
disallow_reauthentication: Optional[pulumi.Input[bool]] = None,
|
598
|
-
inferred_aws_region: Optional[pulumi.Input[str]] = None,
|
599
|
-
inferred_entity_type: Optional[pulumi.Input[str]] = None,
|
600
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
601
|
-
resolve_aws_unique_ids: Optional[pulumi.Input[bool]] = None,
|
602
|
-
role: Optional[pulumi.Input[str]] = None,
|
603
|
-
role_id: Optional[pulumi.Input[str]] = None,
|
604
|
-
role_tag: Optional[pulumi.Input[str]] = None,
|
605
|
-
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
606
|
-
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
607
|
-
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
608
|
-
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
609
|
-
token_num_uses: Optional[pulumi.Input[int]] = None,
|
610
|
-
token_period: Optional[pulumi.Input[int]] = None,
|
611
|
-
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
612
|
-
token_ttl: Optional[pulumi.Input[int]] = None,
|
613
|
-
token_type: Optional[pulumi.Input[str]] = None):
|
586
|
+
allow_instance_migration: Optional[pulumi.Input[builtins.bool]] = None,
|
587
|
+
auth_type: Optional[pulumi.Input[builtins.str]] = None,
|
588
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
589
|
+
bound_account_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
590
|
+
bound_ami_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
591
|
+
bound_ec2_instance_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
592
|
+
bound_iam_instance_profile_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
593
|
+
bound_iam_principal_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
594
|
+
bound_iam_role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
595
|
+
bound_regions: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
596
|
+
bound_subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
597
|
+
bound_vpc_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
598
|
+
disallow_reauthentication: Optional[pulumi.Input[builtins.bool]] = None,
|
599
|
+
inferred_aws_region: Optional[pulumi.Input[builtins.str]] = None,
|
600
|
+
inferred_entity_type: Optional[pulumi.Input[builtins.str]] = None,
|
601
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
602
|
+
resolve_aws_unique_ids: Optional[pulumi.Input[builtins.bool]] = None,
|
603
|
+
role: Optional[pulumi.Input[builtins.str]] = None,
|
604
|
+
role_id: Optional[pulumi.Input[builtins.str]] = None,
|
605
|
+
role_tag: Optional[pulumi.Input[builtins.str]] = None,
|
606
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
607
|
+
token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
608
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
609
|
+
token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
|
610
|
+
token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
|
611
|
+
token_period: Optional[pulumi.Input[builtins.int]] = None,
|
612
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
613
|
+
token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
614
|
+
token_type: Optional[pulumi.Input[builtins.str]] = None):
|
614
615
|
"""
|
615
616
|
Input properties used for looking up and filtering AuthBackendRole resources.
|
616
|
-
:param pulumi.Input[bool] allow_instance_migration: If set to `true`, allows migration of
|
617
|
+
:param pulumi.Input[builtins.bool] allow_instance_migration: If set to `true`, allows migration of
|
617
618
|
the underlying instance where the client resides.
|
618
|
-
:param pulumi.Input[str] auth_type: The auth type permitted for this role. Valid choices
|
619
|
+
:param pulumi.Input[builtins.str] auth_type: The auth type permitted for this role. Valid choices
|
619
620
|
are `ec2` and `iam`. Defaults to `iam`.
|
620
|
-
:param pulumi.Input[str] backend: Path to the mounted aws auth backend.
|
621
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_account_ids: If set, defines a constraint on the EC2
|
621
|
+
:param pulumi.Input[builtins.str] backend: Path to the mounted aws auth backend.
|
622
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_account_ids: If set, defines a constraint on the EC2
|
622
623
|
instances that can perform the login operation that they should be using the
|
623
624
|
account ID specified by this field. `auth_type` must be set to `ec2` or
|
624
625
|
`inferred_entity_type` must be set to `ec2_instance` to use this constraint.
|
625
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_ami_ids: If set, defines a constraint on the EC2 instances
|
626
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_ami_ids: If set, defines a constraint on the EC2 instances
|
626
627
|
that can perform the login operation that they should be using the AMI ID
|
627
628
|
specified by this field. `auth_type` must be set to `ec2` or
|
628
629
|
`inferred_entity_type` must be set to `ec2_instance` to use this constraint.
|
629
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_ec2_instance_ids: Only EC2 instances that match this instance ID will be permitted to log in.
|
630
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_iam_instance_profile_arns: If set, defines a constraint on
|
630
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_ec2_instance_ids: Only EC2 instances that match this instance ID will be permitted to log in.
|
631
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_iam_instance_profile_arns: If set, defines a constraint on
|
631
632
|
the EC2 instances that can perform the login operation that they must be
|
632
633
|
associated with an IAM instance profile ARN which has a prefix that matches
|
633
634
|
the value specified by this field. The value is prefix-matched as though it
|
634
635
|
were a glob ending in `*`. `auth_type` must be set to `ec2` or
|
635
636
|
`inferred_entity_type` must be set to `ec2_instance` to use this constraint.
|
636
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_iam_principal_arns: If set, defines the IAM principal that
|
637
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_iam_principal_arns: If set, defines the IAM principal that
|
637
638
|
must be authenticated when `auth_type` is set to `iam`. Wildcards are
|
638
639
|
supported at the end of the ARN.
|
639
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_iam_role_arns: If set, defines a constraint on the EC2
|
640
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_iam_role_arns: If set, defines a constraint on the EC2
|
640
641
|
instances that can perform the login operation that they must match the IAM
|
641
642
|
role ARN specified by this field. `auth_type` must be set to `ec2` or
|
642
643
|
`inferred_entity_type` must be set to `ec2_instance` to use this constraint.
|
643
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_regions: If set, defines a constraint on the EC2 instances
|
644
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_regions: If set, defines a constraint on the EC2 instances
|
644
645
|
that can perform the login operation that the region in their identity
|
645
646
|
document must match the one specified by this field. `auth_type` must be set
|
646
647
|
to `ec2` or `inferred_entity_type` must be set to `ec2_instance` to use this
|
647
648
|
constraint.
|
648
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_subnet_ids: If set, defines a constraint on the EC2
|
649
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_subnet_ids: If set, defines a constraint on the EC2
|
649
650
|
instances that can perform the login operation that they be associated with
|
650
651
|
the subnet ID that matches the value specified by this field. `auth_type`
|
651
652
|
must be set to `ec2` or `inferred_entity_type` must be set to `ec2_instance`
|
652
653
|
to use this constraint.
|
653
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_vpc_ids: If set, defines a constraint on the EC2 instances
|
654
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_vpc_ids: If set, defines a constraint on the EC2 instances
|
654
655
|
that can perform the login operation that they be associated with the VPC ID
|
655
656
|
that matches the value specified by this field. `auth_type` must be set to
|
656
657
|
`ec2` or `inferred_entity_type` must be set to `ec2_instance` to use this
|
657
658
|
constraint.
|
658
|
-
:param pulumi.Input[bool] disallow_reauthentication: IF set to `true`, only allows a
|
659
|
+
:param pulumi.Input[builtins.bool] disallow_reauthentication: IF set to `true`, only allows a
|
659
660
|
single token to be granted per instance ID. This can only be set when
|
660
661
|
`auth_type` is set to `ec2`.
|
661
|
-
:param pulumi.Input[str] inferred_aws_region: When `inferred_entity_type` is set, this
|
662
|
+
:param pulumi.Input[builtins.str] inferred_aws_region: When `inferred_entity_type` is set, this
|
662
663
|
is the region to search for the inferred entities. Required if
|
663
664
|
`inferred_entity_type` is set. This only applies when `auth_type` is set to
|
664
665
|
`iam`.
|
665
|
-
:param pulumi.Input[str] inferred_entity_type: If set, instructs Vault to turn on
|
666
|
+
:param pulumi.Input[builtins.str] inferred_entity_type: If set, instructs Vault to turn on
|
666
667
|
inferencing. The only valid value is `ec2_instance`, which instructs Vault to
|
667
668
|
infer that the role comes from an EC2 instance in an IAM instance profile.
|
668
669
|
This only applies when `auth_type` is set to `iam`.
|
669
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
670
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
670
671
|
The value should not contain leading or trailing forward slashes.
|
671
672
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
672
673
|
*Available only for Vault Enterprise*.
|
673
|
-
:param pulumi.Input[bool] resolve_aws_unique_ids: Only valid when
|
674
|
+
:param pulumi.Input[builtins.bool] resolve_aws_unique_ids: Only valid when
|
674
675
|
`auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are
|
675
676
|
resolved to [AWS Unique
|
676
677
|
IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)
|
@@ -681,21 +682,21 @@ class _AuthBackendRoleState:
|
|
681
682
|
roles won't get access to roles in Vault that were permissioned to the prior
|
682
683
|
principals of the same name. Defaults to `true`.
|
683
684
|
Once set to `true`, this cannot be changed to `false` without recreating the role.
|
684
|
-
:param pulumi.Input[str] role: The name of the role.
|
685
|
-
:param pulumi.Input[str] role_id: The Vault generated role ID.
|
686
|
-
:param pulumi.Input[str] role_tag: If set, enable role tags for this role. The value set
|
685
|
+
:param pulumi.Input[builtins.str] role: The name of the role.
|
686
|
+
:param pulumi.Input[builtins.str] role_id: The Vault generated role ID.
|
687
|
+
:param pulumi.Input[builtins.str] role_tag: If set, enable role tags for this role. The value set
|
687
688
|
for this field should be the key of the tag on the EC2 instance. `auth_type`
|
688
689
|
must be set to `ec2` or `inferred_entity_type` must be set to `ec2_instance`
|
689
690
|
to use this constraint.
|
690
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
691
|
-
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
692
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
693
|
-
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
694
|
-
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
695
|
-
:param pulumi.Input[int] token_period: Generated Token's Period
|
696
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
697
|
-
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
698
|
-
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
691
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
692
|
+
:param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
693
|
+
:param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
|
694
|
+
:param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
695
|
+
:param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
696
|
+
:param pulumi.Input[builtins.int] token_period: Generated Token's Period
|
697
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
|
698
|
+
:param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
|
699
|
+
:param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
|
699
700
|
"""
|
700
701
|
if allow_instance_migration is not None:
|
701
702
|
pulumi.set(__self__, "allow_instance_migration", allow_instance_migration)
|
@@ -758,7 +759,7 @@ class _AuthBackendRoleState:
|
|
758
759
|
|
759
760
|
@property
|
760
761
|
@pulumi.getter(name="allowInstanceMigration")
|
761
|
-
def allow_instance_migration(self) -> Optional[pulumi.Input[bool]]:
|
762
|
+
def allow_instance_migration(self) -> Optional[pulumi.Input[builtins.bool]]:
|
762
763
|
"""
|
763
764
|
If set to `true`, allows migration of
|
764
765
|
the underlying instance where the client resides.
|
@@ -766,12 +767,12 @@ class _AuthBackendRoleState:
|
|
766
767
|
return pulumi.get(self, "allow_instance_migration")
|
767
768
|
|
768
769
|
@allow_instance_migration.setter
|
769
|
-
def allow_instance_migration(self, value: Optional[pulumi.Input[bool]]):
|
770
|
+
def allow_instance_migration(self, value: Optional[pulumi.Input[builtins.bool]]):
|
770
771
|
pulumi.set(self, "allow_instance_migration", value)
|
771
772
|
|
772
773
|
@property
|
773
774
|
@pulumi.getter(name="authType")
|
774
|
-
def auth_type(self) -> Optional[pulumi.Input[str]]:
|
775
|
+
def auth_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
775
776
|
"""
|
776
777
|
The auth type permitted for this role. Valid choices
|
777
778
|
are `ec2` and `iam`. Defaults to `iam`.
|
@@ -779,24 +780,24 @@ class _AuthBackendRoleState:
|
|
779
780
|
return pulumi.get(self, "auth_type")
|
780
781
|
|
781
782
|
@auth_type.setter
|
782
|
-
def auth_type(self, value: Optional[pulumi.Input[str]]):
|
783
|
+
def auth_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
783
784
|
pulumi.set(self, "auth_type", value)
|
784
785
|
|
785
786
|
@property
|
786
787
|
@pulumi.getter
|
787
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
788
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
788
789
|
"""
|
789
790
|
Path to the mounted aws auth backend.
|
790
791
|
"""
|
791
792
|
return pulumi.get(self, "backend")
|
792
793
|
|
793
794
|
@backend.setter
|
794
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
795
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
795
796
|
pulumi.set(self, "backend", value)
|
796
797
|
|
797
798
|
@property
|
798
799
|
@pulumi.getter(name="boundAccountIds")
|
799
|
-
def bound_account_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
800
|
+
def bound_account_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
800
801
|
"""
|
801
802
|
If set, defines a constraint on the EC2
|
802
803
|
instances that can perform the login operation that they should be using the
|
@@ -806,12 +807,12 @@ class _AuthBackendRoleState:
|
|
806
807
|
return pulumi.get(self, "bound_account_ids")
|
807
808
|
|
808
809
|
@bound_account_ids.setter
|
809
|
-
def bound_account_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
810
|
+
def bound_account_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
810
811
|
pulumi.set(self, "bound_account_ids", value)
|
811
812
|
|
812
813
|
@property
|
813
814
|
@pulumi.getter(name="boundAmiIds")
|
814
|
-
def bound_ami_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
815
|
+
def bound_ami_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
815
816
|
"""
|
816
817
|
If set, defines a constraint on the EC2 instances
|
817
818
|
that can perform the login operation that they should be using the AMI ID
|
@@ -821,24 +822,24 @@ class _AuthBackendRoleState:
|
|
821
822
|
return pulumi.get(self, "bound_ami_ids")
|
822
823
|
|
823
824
|
@bound_ami_ids.setter
|
824
|
-
def bound_ami_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
825
|
+
def bound_ami_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
825
826
|
pulumi.set(self, "bound_ami_ids", value)
|
826
827
|
|
827
828
|
@property
|
828
829
|
@pulumi.getter(name="boundEc2InstanceIds")
|
829
|
-
def bound_ec2_instance_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
830
|
+
def bound_ec2_instance_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
830
831
|
"""
|
831
832
|
Only EC2 instances that match this instance ID will be permitted to log in.
|
832
833
|
"""
|
833
834
|
return pulumi.get(self, "bound_ec2_instance_ids")
|
834
835
|
|
835
836
|
@bound_ec2_instance_ids.setter
|
836
|
-
def bound_ec2_instance_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
837
|
+
def bound_ec2_instance_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
837
838
|
pulumi.set(self, "bound_ec2_instance_ids", value)
|
838
839
|
|
839
840
|
@property
|
840
841
|
@pulumi.getter(name="boundIamInstanceProfileArns")
|
841
|
-
def bound_iam_instance_profile_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
842
|
+
def bound_iam_instance_profile_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
842
843
|
"""
|
843
844
|
If set, defines a constraint on
|
844
845
|
the EC2 instances that can perform the login operation that they must be
|
@@ -850,12 +851,12 @@ class _AuthBackendRoleState:
|
|
850
851
|
return pulumi.get(self, "bound_iam_instance_profile_arns")
|
851
852
|
|
852
853
|
@bound_iam_instance_profile_arns.setter
|
853
|
-
def bound_iam_instance_profile_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
854
|
+
def bound_iam_instance_profile_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
854
855
|
pulumi.set(self, "bound_iam_instance_profile_arns", value)
|
855
856
|
|
856
857
|
@property
|
857
858
|
@pulumi.getter(name="boundIamPrincipalArns")
|
858
|
-
def bound_iam_principal_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
859
|
+
def bound_iam_principal_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
859
860
|
"""
|
860
861
|
If set, defines the IAM principal that
|
861
862
|
must be authenticated when `auth_type` is set to `iam`. Wildcards are
|
@@ -864,12 +865,12 @@ class _AuthBackendRoleState:
|
|
864
865
|
return pulumi.get(self, "bound_iam_principal_arns")
|
865
866
|
|
866
867
|
@bound_iam_principal_arns.setter
|
867
|
-
def bound_iam_principal_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
868
|
+
def bound_iam_principal_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
868
869
|
pulumi.set(self, "bound_iam_principal_arns", value)
|
869
870
|
|
870
871
|
@property
|
871
872
|
@pulumi.getter(name="boundIamRoleArns")
|
872
|
-
def bound_iam_role_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
873
|
+
def bound_iam_role_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
873
874
|
"""
|
874
875
|
If set, defines a constraint on the EC2
|
875
876
|
instances that can perform the login operation that they must match the IAM
|
@@ -879,12 +880,12 @@ class _AuthBackendRoleState:
|
|
879
880
|
return pulumi.get(self, "bound_iam_role_arns")
|
880
881
|
|
881
882
|
@bound_iam_role_arns.setter
|
882
|
-
def bound_iam_role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
883
|
+
def bound_iam_role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
883
884
|
pulumi.set(self, "bound_iam_role_arns", value)
|
884
885
|
|
885
886
|
@property
|
886
887
|
@pulumi.getter(name="boundRegions")
|
887
|
-
def bound_regions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
888
|
+
def bound_regions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
888
889
|
"""
|
889
890
|
If set, defines a constraint on the EC2 instances
|
890
891
|
that can perform the login operation that the region in their identity
|
@@ -895,12 +896,12 @@ class _AuthBackendRoleState:
|
|
895
896
|
return pulumi.get(self, "bound_regions")
|
896
897
|
|
897
898
|
@bound_regions.setter
|
898
|
-
def bound_regions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
899
|
+
def bound_regions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
899
900
|
pulumi.set(self, "bound_regions", value)
|
900
901
|
|
901
902
|
@property
|
902
903
|
@pulumi.getter(name="boundSubnetIds")
|
903
|
-
def bound_subnet_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
904
|
+
def bound_subnet_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
904
905
|
"""
|
905
906
|
If set, defines a constraint on the EC2
|
906
907
|
instances that can perform the login operation that they be associated with
|
@@ -911,12 +912,12 @@ class _AuthBackendRoleState:
|
|
911
912
|
return pulumi.get(self, "bound_subnet_ids")
|
912
913
|
|
913
914
|
@bound_subnet_ids.setter
|
914
|
-
def bound_subnet_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
915
|
+
def bound_subnet_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
915
916
|
pulumi.set(self, "bound_subnet_ids", value)
|
916
917
|
|
917
918
|
@property
|
918
919
|
@pulumi.getter(name="boundVpcIds")
|
919
|
-
def bound_vpc_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
920
|
+
def bound_vpc_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
920
921
|
"""
|
921
922
|
If set, defines a constraint on the EC2 instances
|
922
923
|
that can perform the login operation that they be associated with the VPC ID
|
@@ -927,12 +928,12 @@ class _AuthBackendRoleState:
|
|
927
928
|
return pulumi.get(self, "bound_vpc_ids")
|
928
929
|
|
929
930
|
@bound_vpc_ids.setter
|
930
|
-
def bound_vpc_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
931
|
+
def bound_vpc_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
931
932
|
pulumi.set(self, "bound_vpc_ids", value)
|
932
933
|
|
933
934
|
@property
|
934
935
|
@pulumi.getter(name="disallowReauthentication")
|
935
|
-
def disallow_reauthentication(self) -> Optional[pulumi.Input[bool]]:
|
936
|
+
def disallow_reauthentication(self) -> Optional[pulumi.Input[builtins.bool]]:
|
936
937
|
"""
|
937
938
|
IF set to `true`, only allows a
|
938
939
|
single token to be granted per instance ID. This can only be set when
|
@@ -941,12 +942,12 @@ class _AuthBackendRoleState:
|
|
941
942
|
return pulumi.get(self, "disallow_reauthentication")
|
942
943
|
|
943
944
|
@disallow_reauthentication.setter
|
944
|
-
def disallow_reauthentication(self, value: Optional[pulumi.Input[bool]]):
|
945
|
+
def disallow_reauthentication(self, value: Optional[pulumi.Input[builtins.bool]]):
|
945
946
|
pulumi.set(self, "disallow_reauthentication", value)
|
946
947
|
|
947
948
|
@property
|
948
949
|
@pulumi.getter(name="inferredAwsRegion")
|
949
|
-
def inferred_aws_region(self) -> Optional[pulumi.Input[str]]:
|
950
|
+
def inferred_aws_region(self) -> Optional[pulumi.Input[builtins.str]]:
|
950
951
|
"""
|
951
952
|
When `inferred_entity_type` is set, this
|
952
953
|
is the region to search for the inferred entities. Required if
|
@@ -956,12 +957,12 @@ class _AuthBackendRoleState:
|
|
956
957
|
return pulumi.get(self, "inferred_aws_region")
|
957
958
|
|
958
959
|
@inferred_aws_region.setter
|
959
|
-
def inferred_aws_region(self, value: Optional[pulumi.Input[str]]):
|
960
|
+
def inferred_aws_region(self, value: Optional[pulumi.Input[builtins.str]]):
|
960
961
|
pulumi.set(self, "inferred_aws_region", value)
|
961
962
|
|
962
963
|
@property
|
963
964
|
@pulumi.getter(name="inferredEntityType")
|
964
|
-
def inferred_entity_type(self) -> Optional[pulumi.Input[str]]:
|
965
|
+
def inferred_entity_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
965
966
|
"""
|
966
967
|
If set, instructs Vault to turn on
|
967
968
|
inferencing. The only valid value is `ec2_instance`, which instructs Vault to
|
@@ -971,12 +972,12 @@ class _AuthBackendRoleState:
|
|
971
972
|
return pulumi.get(self, "inferred_entity_type")
|
972
973
|
|
973
974
|
@inferred_entity_type.setter
|
974
|
-
def inferred_entity_type(self, value: Optional[pulumi.Input[str]]):
|
975
|
+
def inferred_entity_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
975
976
|
pulumi.set(self, "inferred_entity_type", value)
|
976
977
|
|
977
978
|
@property
|
978
979
|
@pulumi.getter
|
979
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
980
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
980
981
|
"""
|
981
982
|
The namespace to provision the resource in.
|
982
983
|
The value should not contain leading or trailing forward slashes.
|
@@ -986,12 +987,12 @@ class _AuthBackendRoleState:
|
|
986
987
|
return pulumi.get(self, "namespace")
|
987
988
|
|
988
989
|
@namespace.setter
|
989
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
990
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
990
991
|
pulumi.set(self, "namespace", value)
|
991
992
|
|
992
993
|
@property
|
993
994
|
@pulumi.getter(name="resolveAwsUniqueIds")
|
994
|
-
def resolve_aws_unique_ids(self) -> Optional[pulumi.Input[bool]]:
|
995
|
+
def resolve_aws_unique_ids(self) -> Optional[pulumi.Input[builtins.bool]]:
|
995
996
|
"""
|
996
997
|
Only valid when
|
997
998
|
`auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are
|
@@ -1008,36 +1009,36 @@ class _AuthBackendRoleState:
|
|
1008
1009
|
return pulumi.get(self, "resolve_aws_unique_ids")
|
1009
1010
|
|
1010
1011
|
@resolve_aws_unique_ids.setter
|
1011
|
-
def resolve_aws_unique_ids(self, value: Optional[pulumi.Input[bool]]):
|
1012
|
+
def resolve_aws_unique_ids(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1012
1013
|
pulumi.set(self, "resolve_aws_unique_ids", value)
|
1013
1014
|
|
1014
1015
|
@property
|
1015
1016
|
@pulumi.getter
|
1016
|
-
def role(self) -> Optional[pulumi.Input[str]]:
|
1017
|
+
def role(self) -> Optional[pulumi.Input[builtins.str]]:
|
1017
1018
|
"""
|
1018
1019
|
The name of the role.
|
1019
1020
|
"""
|
1020
1021
|
return pulumi.get(self, "role")
|
1021
1022
|
|
1022
1023
|
@role.setter
|
1023
|
-
def role(self, value: Optional[pulumi.Input[str]]):
|
1024
|
+
def role(self, value: Optional[pulumi.Input[builtins.str]]):
|
1024
1025
|
pulumi.set(self, "role", value)
|
1025
1026
|
|
1026
1027
|
@property
|
1027
1028
|
@pulumi.getter(name="roleId")
|
1028
|
-
def role_id(self) -> Optional[pulumi.Input[str]]:
|
1029
|
+
def role_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
1029
1030
|
"""
|
1030
1031
|
The Vault generated role ID.
|
1031
1032
|
"""
|
1032
1033
|
return pulumi.get(self, "role_id")
|
1033
1034
|
|
1034
1035
|
@role_id.setter
|
1035
|
-
def role_id(self, value: Optional[pulumi.Input[str]]):
|
1036
|
+
def role_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
1036
1037
|
pulumi.set(self, "role_id", value)
|
1037
1038
|
|
1038
1039
|
@property
|
1039
1040
|
@pulumi.getter(name="roleTag")
|
1040
|
-
def role_tag(self) -> Optional[pulumi.Input[str]]:
|
1041
|
+
def role_tag(self) -> Optional[pulumi.Input[builtins.str]]:
|
1041
1042
|
"""
|
1042
1043
|
If set, enable role tags for this role. The value set
|
1043
1044
|
for this field should be the key of the tag on the EC2 instance. `auth_type`
|
@@ -1047,115 +1048,115 @@ class _AuthBackendRoleState:
|
|
1047
1048
|
return pulumi.get(self, "role_tag")
|
1048
1049
|
|
1049
1050
|
@role_tag.setter
|
1050
|
-
def role_tag(self, value: Optional[pulumi.Input[str]]):
|
1051
|
+
def role_tag(self, value: Optional[pulumi.Input[builtins.str]]):
|
1051
1052
|
pulumi.set(self, "role_tag", value)
|
1052
1053
|
|
1053
1054
|
@property
|
1054
1055
|
@pulumi.getter(name="tokenBoundCidrs")
|
1055
|
-
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1056
|
+
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1056
1057
|
"""
|
1057
1058
|
Specifies the blocks of IP addresses which are allowed to use the generated token
|
1058
1059
|
"""
|
1059
1060
|
return pulumi.get(self, "token_bound_cidrs")
|
1060
1061
|
|
1061
1062
|
@token_bound_cidrs.setter
|
1062
|
-
def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1063
|
+
def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1063
1064
|
pulumi.set(self, "token_bound_cidrs", value)
|
1064
1065
|
|
1065
1066
|
@property
|
1066
1067
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
1067
|
-
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
1068
|
+
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
1068
1069
|
"""
|
1069
1070
|
Generated Token's Explicit Maximum TTL in seconds
|
1070
1071
|
"""
|
1071
1072
|
return pulumi.get(self, "token_explicit_max_ttl")
|
1072
1073
|
|
1073
1074
|
@token_explicit_max_ttl.setter
|
1074
|
-
def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
1075
|
+
def token_explicit_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
1075
1076
|
pulumi.set(self, "token_explicit_max_ttl", value)
|
1076
1077
|
|
1077
1078
|
@property
|
1078
1079
|
@pulumi.getter(name="tokenMaxTtl")
|
1079
|
-
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
1080
|
+
def token_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
1080
1081
|
"""
|
1081
1082
|
The maximum lifetime of the generated token
|
1082
1083
|
"""
|
1083
1084
|
return pulumi.get(self, "token_max_ttl")
|
1084
1085
|
|
1085
1086
|
@token_max_ttl.setter
|
1086
|
-
def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
1087
|
+
def token_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
1087
1088
|
pulumi.set(self, "token_max_ttl", value)
|
1088
1089
|
|
1089
1090
|
@property
|
1090
1091
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
1091
|
-
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
1092
|
+
def token_no_default_policy(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1092
1093
|
"""
|
1093
1094
|
If true, the 'default' policy will not automatically be added to generated tokens
|
1094
1095
|
"""
|
1095
1096
|
return pulumi.get(self, "token_no_default_policy")
|
1096
1097
|
|
1097
1098
|
@token_no_default_policy.setter
|
1098
|
-
def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
|
1099
|
+
def token_no_default_policy(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1099
1100
|
pulumi.set(self, "token_no_default_policy", value)
|
1100
1101
|
|
1101
1102
|
@property
|
1102
1103
|
@pulumi.getter(name="tokenNumUses")
|
1103
|
-
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
1104
|
+
def token_num_uses(self) -> Optional[pulumi.Input[builtins.int]]:
|
1104
1105
|
"""
|
1105
1106
|
The maximum number of times a token may be used, a value of zero means unlimited
|
1106
1107
|
"""
|
1107
1108
|
return pulumi.get(self, "token_num_uses")
|
1108
1109
|
|
1109
1110
|
@token_num_uses.setter
|
1110
|
-
def token_num_uses(self, value: Optional[pulumi.Input[int]]):
|
1111
|
+
def token_num_uses(self, value: Optional[pulumi.Input[builtins.int]]):
|
1111
1112
|
pulumi.set(self, "token_num_uses", value)
|
1112
1113
|
|
1113
1114
|
@property
|
1114
1115
|
@pulumi.getter(name="tokenPeriod")
|
1115
|
-
def token_period(self) -> Optional[pulumi.Input[int]]:
|
1116
|
+
def token_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
1116
1117
|
"""
|
1117
1118
|
Generated Token's Period
|
1118
1119
|
"""
|
1119
1120
|
return pulumi.get(self, "token_period")
|
1120
1121
|
|
1121
1122
|
@token_period.setter
|
1122
|
-
def token_period(self, value: Optional[pulumi.Input[int]]):
|
1123
|
+
def token_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
1123
1124
|
pulumi.set(self, "token_period", value)
|
1124
1125
|
|
1125
1126
|
@property
|
1126
1127
|
@pulumi.getter(name="tokenPolicies")
|
1127
|
-
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1128
|
+
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1128
1129
|
"""
|
1129
1130
|
Generated Token's Policies
|
1130
1131
|
"""
|
1131
1132
|
return pulumi.get(self, "token_policies")
|
1132
1133
|
|
1133
1134
|
@token_policies.setter
|
1134
|
-
def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1135
|
+
def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1135
1136
|
pulumi.set(self, "token_policies", value)
|
1136
1137
|
|
1137
1138
|
@property
|
1138
1139
|
@pulumi.getter(name="tokenTtl")
|
1139
|
-
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
1140
|
+
def token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
1140
1141
|
"""
|
1141
1142
|
The initial ttl of the token to generate in seconds
|
1142
1143
|
"""
|
1143
1144
|
return pulumi.get(self, "token_ttl")
|
1144
1145
|
|
1145
1146
|
@token_ttl.setter
|
1146
|
-
def token_ttl(self, value: Optional[pulumi.Input[int]]):
|
1147
|
+
def token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
1147
1148
|
pulumi.set(self, "token_ttl", value)
|
1148
1149
|
|
1149
1150
|
@property
|
1150
1151
|
@pulumi.getter(name="tokenType")
|
1151
|
-
def token_type(self) -> Optional[pulumi.Input[str]]:
|
1152
|
+
def token_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
1152
1153
|
"""
|
1153
1154
|
The type of token to generate, service or batch
|
1154
1155
|
"""
|
1155
1156
|
return pulumi.get(self, "token_type")
|
1156
1157
|
|
1157
1158
|
@token_type.setter
|
1158
|
-
def token_type(self, value: Optional[pulumi.Input[str]]):
|
1159
|
+
def token_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
1159
1160
|
pulumi.set(self, "token_type", value)
|
1160
1161
|
|
1161
1162
|
|
@@ -1164,34 +1165,34 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1164
1165
|
def __init__(__self__,
|
1165
1166
|
resource_name: str,
|
1166
1167
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1167
|
-
allow_instance_migration: Optional[pulumi.Input[bool]] = None,
|
1168
|
-
auth_type: Optional[pulumi.Input[str]] = None,
|
1169
|
-
backend: Optional[pulumi.Input[str]] = None,
|
1170
|
-
bound_account_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1171
|
-
bound_ami_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1172
|
-
bound_ec2_instance_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1173
|
-
bound_iam_instance_profile_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1174
|
-
bound_iam_principal_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1175
|
-
bound_iam_role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1176
|
-
bound_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1177
|
-
bound_subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1178
|
-
bound_vpc_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1179
|
-
disallow_reauthentication: Optional[pulumi.Input[bool]] = None,
|
1180
|
-
inferred_aws_region: Optional[pulumi.Input[str]] = None,
|
1181
|
-
inferred_entity_type: Optional[pulumi.Input[str]] = None,
|
1182
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1183
|
-
resolve_aws_unique_ids: Optional[pulumi.Input[bool]] = None,
|
1184
|
-
role: Optional[pulumi.Input[str]] = None,
|
1185
|
-
role_tag: Optional[pulumi.Input[str]] = None,
|
1186
|
-
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1187
|
-
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
1188
|
-
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
1189
|
-
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
1190
|
-
token_num_uses: Optional[pulumi.Input[int]] = None,
|
1191
|
-
token_period: Optional[pulumi.Input[int]] = None,
|
1192
|
-
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1193
|
-
token_ttl: Optional[pulumi.Input[int]] = None,
|
1194
|
-
token_type: Optional[pulumi.Input[str]] = None,
|
1168
|
+
allow_instance_migration: Optional[pulumi.Input[builtins.bool]] = None,
|
1169
|
+
auth_type: Optional[pulumi.Input[builtins.str]] = None,
|
1170
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
1171
|
+
bound_account_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1172
|
+
bound_ami_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1173
|
+
bound_ec2_instance_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1174
|
+
bound_iam_instance_profile_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1175
|
+
bound_iam_principal_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1176
|
+
bound_iam_role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1177
|
+
bound_regions: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1178
|
+
bound_subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1179
|
+
bound_vpc_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1180
|
+
disallow_reauthentication: Optional[pulumi.Input[builtins.bool]] = None,
|
1181
|
+
inferred_aws_region: Optional[pulumi.Input[builtins.str]] = None,
|
1182
|
+
inferred_entity_type: Optional[pulumi.Input[builtins.str]] = None,
|
1183
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1184
|
+
resolve_aws_unique_ids: Optional[pulumi.Input[builtins.bool]] = None,
|
1185
|
+
role: Optional[pulumi.Input[builtins.str]] = None,
|
1186
|
+
role_tag: Optional[pulumi.Input[builtins.str]] = None,
|
1187
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1188
|
+
token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1189
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1190
|
+
token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
|
1191
|
+
token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
|
1192
|
+
token_period: Optional[pulumi.Input[builtins.int]] = None,
|
1193
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1194
|
+
token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1195
|
+
token_type: Optional[pulumi.Input[builtins.str]] = None,
|
1195
1196
|
__props__=None):
|
1196
1197
|
"""
|
1197
1198
|
Manages an AWS auth backend role in a Vault server. Roles constrain the
|
@@ -1238,64 +1239,64 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1238
1239
|
|
1239
1240
|
:param str resource_name: The name of the resource.
|
1240
1241
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1241
|
-
:param pulumi.Input[bool] allow_instance_migration: If set to `true`, allows migration of
|
1242
|
+
:param pulumi.Input[builtins.bool] allow_instance_migration: If set to `true`, allows migration of
|
1242
1243
|
the underlying instance where the client resides.
|
1243
|
-
:param pulumi.Input[str] auth_type: The auth type permitted for this role. Valid choices
|
1244
|
+
:param pulumi.Input[builtins.str] auth_type: The auth type permitted for this role. Valid choices
|
1244
1245
|
are `ec2` and `iam`. Defaults to `iam`.
|
1245
|
-
:param pulumi.Input[str] backend: Path to the mounted aws auth backend.
|
1246
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_account_ids: If set, defines a constraint on the EC2
|
1246
|
+
:param pulumi.Input[builtins.str] backend: Path to the mounted aws auth backend.
|
1247
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_account_ids: If set, defines a constraint on the EC2
|
1247
1248
|
instances that can perform the login operation that they should be using the
|
1248
1249
|
account ID specified by this field. `auth_type` must be set to `ec2` or
|
1249
1250
|
`inferred_entity_type` must be set to `ec2_instance` to use this constraint.
|
1250
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_ami_ids: If set, defines a constraint on the EC2 instances
|
1251
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_ami_ids: If set, defines a constraint on the EC2 instances
|
1251
1252
|
that can perform the login operation that they should be using the AMI ID
|
1252
1253
|
specified by this field. `auth_type` must be set to `ec2` or
|
1253
1254
|
`inferred_entity_type` must be set to `ec2_instance` to use this constraint.
|
1254
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_ec2_instance_ids: Only EC2 instances that match this instance ID will be permitted to log in.
|
1255
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_iam_instance_profile_arns: If set, defines a constraint on
|
1255
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_ec2_instance_ids: Only EC2 instances that match this instance ID will be permitted to log in.
|
1256
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_iam_instance_profile_arns: If set, defines a constraint on
|
1256
1257
|
the EC2 instances that can perform the login operation that they must be
|
1257
1258
|
associated with an IAM instance profile ARN which has a prefix that matches
|
1258
1259
|
the value specified by this field. The value is prefix-matched as though it
|
1259
1260
|
were a glob ending in `*`. `auth_type` must be set to `ec2` or
|
1260
1261
|
`inferred_entity_type` must be set to `ec2_instance` to use this constraint.
|
1261
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_iam_principal_arns: If set, defines the IAM principal that
|
1262
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_iam_principal_arns: If set, defines the IAM principal that
|
1262
1263
|
must be authenticated when `auth_type` is set to `iam`. Wildcards are
|
1263
1264
|
supported at the end of the ARN.
|
1264
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_iam_role_arns: If set, defines a constraint on the EC2
|
1265
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_iam_role_arns: If set, defines a constraint on the EC2
|
1265
1266
|
instances that can perform the login operation that they must match the IAM
|
1266
1267
|
role ARN specified by this field. `auth_type` must be set to `ec2` or
|
1267
1268
|
`inferred_entity_type` must be set to `ec2_instance` to use this constraint.
|
1268
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_regions: If set, defines a constraint on the EC2 instances
|
1269
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_regions: If set, defines a constraint on the EC2 instances
|
1269
1270
|
that can perform the login operation that the region in their identity
|
1270
1271
|
document must match the one specified by this field. `auth_type` must be set
|
1271
1272
|
to `ec2` or `inferred_entity_type` must be set to `ec2_instance` to use this
|
1272
1273
|
constraint.
|
1273
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_subnet_ids: If set, defines a constraint on the EC2
|
1274
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_subnet_ids: If set, defines a constraint on the EC2
|
1274
1275
|
instances that can perform the login operation that they be associated with
|
1275
1276
|
the subnet ID that matches the value specified by this field. `auth_type`
|
1276
1277
|
must be set to `ec2` or `inferred_entity_type` must be set to `ec2_instance`
|
1277
1278
|
to use this constraint.
|
1278
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_vpc_ids: If set, defines a constraint on the EC2 instances
|
1279
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_vpc_ids: If set, defines a constraint on the EC2 instances
|
1279
1280
|
that can perform the login operation that they be associated with the VPC ID
|
1280
1281
|
that matches the value specified by this field. `auth_type` must be set to
|
1281
1282
|
`ec2` or `inferred_entity_type` must be set to `ec2_instance` to use this
|
1282
1283
|
constraint.
|
1283
|
-
:param pulumi.Input[bool] disallow_reauthentication: IF set to `true`, only allows a
|
1284
|
+
:param pulumi.Input[builtins.bool] disallow_reauthentication: IF set to `true`, only allows a
|
1284
1285
|
single token to be granted per instance ID. This can only be set when
|
1285
1286
|
`auth_type` is set to `ec2`.
|
1286
|
-
:param pulumi.Input[str] inferred_aws_region: When `inferred_entity_type` is set, this
|
1287
|
+
:param pulumi.Input[builtins.str] inferred_aws_region: When `inferred_entity_type` is set, this
|
1287
1288
|
is the region to search for the inferred entities. Required if
|
1288
1289
|
`inferred_entity_type` is set. This only applies when `auth_type` is set to
|
1289
1290
|
`iam`.
|
1290
|
-
:param pulumi.Input[str] inferred_entity_type: If set, instructs Vault to turn on
|
1291
|
+
:param pulumi.Input[builtins.str] inferred_entity_type: If set, instructs Vault to turn on
|
1291
1292
|
inferencing. The only valid value is `ec2_instance`, which instructs Vault to
|
1292
1293
|
infer that the role comes from an EC2 instance in an IAM instance profile.
|
1293
1294
|
This only applies when `auth_type` is set to `iam`.
|
1294
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1295
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1295
1296
|
The value should not contain leading or trailing forward slashes.
|
1296
1297
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1297
1298
|
*Available only for Vault Enterprise*.
|
1298
|
-
:param pulumi.Input[bool] resolve_aws_unique_ids: Only valid when
|
1299
|
+
:param pulumi.Input[builtins.bool] resolve_aws_unique_ids: Only valid when
|
1299
1300
|
`auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are
|
1300
1301
|
resolved to [AWS Unique
|
1301
1302
|
IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)
|
@@ -1306,20 +1307,20 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1306
1307
|
roles won't get access to roles in Vault that were permissioned to the prior
|
1307
1308
|
principals of the same name. Defaults to `true`.
|
1308
1309
|
Once set to `true`, this cannot be changed to `false` without recreating the role.
|
1309
|
-
:param pulumi.Input[str] role: The name of the role.
|
1310
|
-
:param pulumi.Input[str] role_tag: If set, enable role tags for this role. The value set
|
1310
|
+
:param pulumi.Input[builtins.str] role: The name of the role.
|
1311
|
+
:param pulumi.Input[builtins.str] role_tag: If set, enable role tags for this role. The value set
|
1311
1312
|
for this field should be the key of the tag on the EC2 instance. `auth_type`
|
1312
1313
|
must be set to `ec2` or `inferred_entity_type` must be set to `ec2_instance`
|
1313
1314
|
to use this constraint.
|
1314
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
1315
|
-
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
1316
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
1317
|
-
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
1318
|
-
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
1319
|
-
:param pulumi.Input[int] token_period: Generated Token's Period
|
1320
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
1321
|
-
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
1322
|
-
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
1315
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
1316
|
+
:param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
1317
|
+
:param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
|
1318
|
+
:param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
1319
|
+
:param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
1320
|
+
:param pulumi.Input[builtins.int] token_period: Generated Token's Period
|
1321
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
|
1322
|
+
:param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
|
1323
|
+
:param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
|
1323
1324
|
"""
|
1324
1325
|
...
|
1325
1326
|
@overload
|
@@ -1385,34 +1386,34 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1385
1386
|
def _internal_init(__self__,
|
1386
1387
|
resource_name: str,
|
1387
1388
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1388
|
-
allow_instance_migration: Optional[pulumi.Input[bool]] = None,
|
1389
|
-
auth_type: Optional[pulumi.Input[str]] = None,
|
1390
|
-
backend: Optional[pulumi.Input[str]] = None,
|
1391
|
-
bound_account_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1392
|
-
bound_ami_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1393
|
-
bound_ec2_instance_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1394
|
-
bound_iam_instance_profile_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1395
|
-
bound_iam_principal_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1396
|
-
bound_iam_role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1397
|
-
bound_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1398
|
-
bound_subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1399
|
-
bound_vpc_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1400
|
-
disallow_reauthentication: Optional[pulumi.Input[bool]] = None,
|
1401
|
-
inferred_aws_region: Optional[pulumi.Input[str]] = None,
|
1402
|
-
inferred_entity_type: Optional[pulumi.Input[str]] = None,
|
1403
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1404
|
-
resolve_aws_unique_ids: Optional[pulumi.Input[bool]] = None,
|
1405
|
-
role: Optional[pulumi.Input[str]] = None,
|
1406
|
-
role_tag: Optional[pulumi.Input[str]] = None,
|
1407
|
-
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1408
|
-
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
1409
|
-
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
1410
|
-
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
1411
|
-
token_num_uses: Optional[pulumi.Input[int]] = None,
|
1412
|
-
token_period: Optional[pulumi.Input[int]] = None,
|
1413
|
-
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1414
|
-
token_ttl: Optional[pulumi.Input[int]] = None,
|
1415
|
-
token_type: Optional[pulumi.Input[str]] = None,
|
1389
|
+
allow_instance_migration: Optional[pulumi.Input[builtins.bool]] = None,
|
1390
|
+
auth_type: Optional[pulumi.Input[builtins.str]] = None,
|
1391
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
1392
|
+
bound_account_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1393
|
+
bound_ami_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1394
|
+
bound_ec2_instance_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1395
|
+
bound_iam_instance_profile_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1396
|
+
bound_iam_principal_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1397
|
+
bound_iam_role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1398
|
+
bound_regions: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1399
|
+
bound_subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1400
|
+
bound_vpc_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1401
|
+
disallow_reauthentication: Optional[pulumi.Input[builtins.bool]] = None,
|
1402
|
+
inferred_aws_region: Optional[pulumi.Input[builtins.str]] = None,
|
1403
|
+
inferred_entity_type: Optional[pulumi.Input[builtins.str]] = None,
|
1404
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1405
|
+
resolve_aws_unique_ids: Optional[pulumi.Input[builtins.bool]] = None,
|
1406
|
+
role: Optional[pulumi.Input[builtins.str]] = None,
|
1407
|
+
role_tag: Optional[pulumi.Input[builtins.str]] = None,
|
1408
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1409
|
+
token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1410
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1411
|
+
token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
|
1412
|
+
token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
|
1413
|
+
token_period: Optional[pulumi.Input[builtins.int]] = None,
|
1414
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1415
|
+
token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1416
|
+
token_type: Optional[pulumi.Input[builtins.str]] = None,
|
1416
1417
|
__props__=None):
|
1417
1418
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
1418
1419
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -1463,35 +1464,35 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1463
1464
|
def get(resource_name: str,
|
1464
1465
|
id: pulumi.Input[str],
|
1465
1466
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1466
|
-
allow_instance_migration: Optional[pulumi.Input[bool]] = None,
|
1467
|
-
auth_type: Optional[pulumi.Input[str]] = None,
|
1468
|
-
backend: Optional[pulumi.Input[str]] = None,
|
1469
|
-
bound_account_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1470
|
-
bound_ami_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1471
|
-
bound_ec2_instance_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1472
|
-
bound_iam_instance_profile_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1473
|
-
bound_iam_principal_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1474
|
-
bound_iam_role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1475
|
-
bound_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1476
|
-
bound_subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1477
|
-
bound_vpc_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1478
|
-
disallow_reauthentication: Optional[pulumi.Input[bool]] = None,
|
1479
|
-
inferred_aws_region: Optional[pulumi.Input[str]] = None,
|
1480
|
-
inferred_entity_type: Optional[pulumi.Input[str]] = None,
|
1481
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1482
|
-
resolve_aws_unique_ids: Optional[pulumi.Input[bool]] = None,
|
1483
|
-
role: Optional[pulumi.Input[str]] = None,
|
1484
|
-
role_id: Optional[pulumi.Input[str]] = None,
|
1485
|
-
role_tag: Optional[pulumi.Input[str]] = None,
|
1486
|
-
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1487
|
-
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
1488
|
-
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
1489
|
-
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
1490
|
-
token_num_uses: Optional[pulumi.Input[int]] = None,
|
1491
|
-
token_period: Optional[pulumi.Input[int]] = None,
|
1492
|
-
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1493
|
-
token_ttl: Optional[pulumi.Input[int]] = None,
|
1494
|
-
token_type: Optional[pulumi.Input[str]] = None) -> 'AuthBackendRole':
|
1467
|
+
allow_instance_migration: Optional[pulumi.Input[builtins.bool]] = None,
|
1468
|
+
auth_type: Optional[pulumi.Input[builtins.str]] = None,
|
1469
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
1470
|
+
bound_account_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1471
|
+
bound_ami_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1472
|
+
bound_ec2_instance_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1473
|
+
bound_iam_instance_profile_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1474
|
+
bound_iam_principal_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1475
|
+
bound_iam_role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1476
|
+
bound_regions: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1477
|
+
bound_subnet_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1478
|
+
bound_vpc_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1479
|
+
disallow_reauthentication: Optional[pulumi.Input[builtins.bool]] = None,
|
1480
|
+
inferred_aws_region: Optional[pulumi.Input[builtins.str]] = None,
|
1481
|
+
inferred_entity_type: Optional[pulumi.Input[builtins.str]] = None,
|
1482
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1483
|
+
resolve_aws_unique_ids: Optional[pulumi.Input[builtins.bool]] = None,
|
1484
|
+
role: Optional[pulumi.Input[builtins.str]] = None,
|
1485
|
+
role_id: Optional[pulumi.Input[builtins.str]] = None,
|
1486
|
+
role_tag: Optional[pulumi.Input[builtins.str]] = None,
|
1487
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1488
|
+
token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1489
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1490
|
+
token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
|
1491
|
+
token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
|
1492
|
+
token_period: Optional[pulumi.Input[builtins.int]] = None,
|
1493
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1494
|
+
token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1495
|
+
token_type: Optional[pulumi.Input[builtins.str]] = None) -> 'AuthBackendRole':
|
1495
1496
|
"""
|
1496
1497
|
Get an existing AuthBackendRole resource's state with the given name, id, and optional extra
|
1497
1498
|
properties used to qualify the lookup.
|
@@ -1499,64 +1500,64 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1499
1500
|
:param str resource_name: The unique name of the resulting resource.
|
1500
1501
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
1501
1502
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1502
|
-
:param pulumi.Input[bool] allow_instance_migration: If set to `true`, allows migration of
|
1503
|
+
:param pulumi.Input[builtins.bool] allow_instance_migration: If set to `true`, allows migration of
|
1503
1504
|
the underlying instance where the client resides.
|
1504
|
-
:param pulumi.Input[str] auth_type: The auth type permitted for this role. Valid choices
|
1505
|
+
:param pulumi.Input[builtins.str] auth_type: The auth type permitted for this role. Valid choices
|
1505
1506
|
are `ec2` and `iam`. Defaults to `iam`.
|
1506
|
-
:param pulumi.Input[str] backend: Path to the mounted aws auth backend.
|
1507
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_account_ids: If set, defines a constraint on the EC2
|
1507
|
+
:param pulumi.Input[builtins.str] backend: Path to the mounted aws auth backend.
|
1508
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_account_ids: If set, defines a constraint on the EC2
|
1508
1509
|
instances that can perform the login operation that they should be using the
|
1509
1510
|
account ID specified by this field. `auth_type` must be set to `ec2` or
|
1510
1511
|
`inferred_entity_type` must be set to `ec2_instance` to use this constraint.
|
1511
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_ami_ids: If set, defines a constraint on the EC2 instances
|
1512
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_ami_ids: If set, defines a constraint on the EC2 instances
|
1512
1513
|
that can perform the login operation that they should be using the AMI ID
|
1513
1514
|
specified by this field. `auth_type` must be set to `ec2` or
|
1514
1515
|
`inferred_entity_type` must be set to `ec2_instance` to use this constraint.
|
1515
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_ec2_instance_ids: Only EC2 instances that match this instance ID will be permitted to log in.
|
1516
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_iam_instance_profile_arns: If set, defines a constraint on
|
1516
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_ec2_instance_ids: Only EC2 instances that match this instance ID will be permitted to log in.
|
1517
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_iam_instance_profile_arns: If set, defines a constraint on
|
1517
1518
|
the EC2 instances that can perform the login operation that they must be
|
1518
1519
|
associated with an IAM instance profile ARN which has a prefix that matches
|
1519
1520
|
the value specified by this field. The value is prefix-matched as though it
|
1520
1521
|
were a glob ending in `*`. `auth_type` must be set to `ec2` or
|
1521
1522
|
`inferred_entity_type` must be set to `ec2_instance` to use this constraint.
|
1522
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_iam_principal_arns: If set, defines the IAM principal that
|
1523
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_iam_principal_arns: If set, defines the IAM principal that
|
1523
1524
|
must be authenticated when `auth_type` is set to `iam`. Wildcards are
|
1524
1525
|
supported at the end of the ARN.
|
1525
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_iam_role_arns: If set, defines a constraint on the EC2
|
1526
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_iam_role_arns: If set, defines a constraint on the EC2
|
1526
1527
|
instances that can perform the login operation that they must match the IAM
|
1527
1528
|
role ARN specified by this field. `auth_type` must be set to `ec2` or
|
1528
1529
|
`inferred_entity_type` must be set to `ec2_instance` to use this constraint.
|
1529
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_regions: If set, defines a constraint on the EC2 instances
|
1530
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_regions: If set, defines a constraint on the EC2 instances
|
1530
1531
|
that can perform the login operation that the region in their identity
|
1531
1532
|
document must match the one specified by this field. `auth_type` must be set
|
1532
1533
|
to `ec2` or `inferred_entity_type` must be set to `ec2_instance` to use this
|
1533
1534
|
constraint.
|
1534
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_subnet_ids: If set, defines a constraint on the EC2
|
1535
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_subnet_ids: If set, defines a constraint on the EC2
|
1535
1536
|
instances that can perform the login operation that they be associated with
|
1536
1537
|
the subnet ID that matches the value specified by this field. `auth_type`
|
1537
1538
|
must be set to `ec2` or `inferred_entity_type` must be set to `ec2_instance`
|
1538
1539
|
to use this constraint.
|
1539
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] bound_vpc_ids: If set, defines a constraint on the EC2 instances
|
1540
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_vpc_ids: If set, defines a constraint on the EC2 instances
|
1540
1541
|
that can perform the login operation that they be associated with the VPC ID
|
1541
1542
|
that matches the value specified by this field. `auth_type` must be set to
|
1542
1543
|
`ec2` or `inferred_entity_type` must be set to `ec2_instance` to use this
|
1543
1544
|
constraint.
|
1544
|
-
:param pulumi.Input[bool] disallow_reauthentication: IF set to `true`, only allows a
|
1545
|
+
:param pulumi.Input[builtins.bool] disallow_reauthentication: IF set to `true`, only allows a
|
1545
1546
|
single token to be granted per instance ID. This can only be set when
|
1546
1547
|
`auth_type` is set to `ec2`.
|
1547
|
-
:param pulumi.Input[str] inferred_aws_region: When `inferred_entity_type` is set, this
|
1548
|
+
:param pulumi.Input[builtins.str] inferred_aws_region: When `inferred_entity_type` is set, this
|
1548
1549
|
is the region to search for the inferred entities. Required if
|
1549
1550
|
`inferred_entity_type` is set. This only applies when `auth_type` is set to
|
1550
1551
|
`iam`.
|
1551
|
-
:param pulumi.Input[str] inferred_entity_type: If set, instructs Vault to turn on
|
1552
|
+
:param pulumi.Input[builtins.str] inferred_entity_type: If set, instructs Vault to turn on
|
1552
1553
|
inferencing. The only valid value is `ec2_instance`, which instructs Vault to
|
1553
1554
|
infer that the role comes from an EC2 instance in an IAM instance profile.
|
1554
1555
|
This only applies when `auth_type` is set to `iam`.
|
1555
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1556
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1556
1557
|
The value should not contain leading or trailing forward slashes.
|
1557
1558
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1558
1559
|
*Available only for Vault Enterprise*.
|
1559
|
-
:param pulumi.Input[bool] resolve_aws_unique_ids: Only valid when
|
1560
|
+
:param pulumi.Input[builtins.bool] resolve_aws_unique_ids: Only valid when
|
1560
1561
|
`auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are
|
1561
1562
|
resolved to [AWS Unique
|
1562
1563
|
IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)
|
@@ -1567,21 +1568,21 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1567
1568
|
roles won't get access to roles in Vault that were permissioned to the prior
|
1568
1569
|
principals of the same name. Defaults to `true`.
|
1569
1570
|
Once set to `true`, this cannot be changed to `false` without recreating the role.
|
1570
|
-
:param pulumi.Input[str] role: The name of the role.
|
1571
|
-
:param pulumi.Input[str] role_id: The Vault generated role ID.
|
1572
|
-
:param pulumi.Input[str] role_tag: If set, enable role tags for this role. The value set
|
1571
|
+
:param pulumi.Input[builtins.str] role: The name of the role.
|
1572
|
+
:param pulumi.Input[builtins.str] role_id: The Vault generated role ID.
|
1573
|
+
:param pulumi.Input[builtins.str] role_tag: If set, enable role tags for this role. The value set
|
1573
1574
|
for this field should be the key of the tag on the EC2 instance. `auth_type`
|
1574
1575
|
must be set to `ec2` or `inferred_entity_type` must be set to `ec2_instance`
|
1575
1576
|
to use this constraint.
|
1576
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
1577
|
-
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
1578
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
1579
|
-
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
1580
|
-
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
1581
|
-
:param pulumi.Input[int] token_period: Generated Token's Period
|
1582
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
1583
|
-
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
1584
|
-
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
1577
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
1578
|
+
:param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
1579
|
+
:param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
|
1580
|
+
:param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
1581
|
+
:param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
1582
|
+
:param pulumi.Input[builtins.int] token_period: Generated Token's Period
|
1583
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
|
1584
|
+
:param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
|
1585
|
+
:param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
|
1585
1586
|
"""
|
1586
1587
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
1587
1588
|
|
@@ -1620,7 +1621,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1620
1621
|
|
1621
1622
|
@property
|
1622
1623
|
@pulumi.getter(name="allowInstanceMigration")
|
1623
|
-
def allow_instance_migration(self) -> pulumi.Output[Optional[bool]]:
|
1624
|
+
def allow_instance_migration(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1624
1625
|
"""
|
1625
1626
|
If set to `true`, allows migration of
|
1626
1627
|
the underlying instance where the client resides.
|
@@ -1629,7 +1630,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1629
1630
|
|
1630
1631
|
@property
|
1631
1632
|
@pulumi.getter(name="authType")
|
1632
|
-
def auth_type(self) -> pulumi.Output[Optional[str]]:
|
1633
|
+
def auth_type(self) -> pulumi.Output[Optional[builtins.str]]:
|
1633
1634
|
"""
|
1634
1635
|
The auth type permitted for this role. Valid choices
|
1635
1636
|
are `ec2` and `iam`. Defaults to `iam`.
|
@@ -1638,7 +1639,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1638
1639
|
|
1639
1640
|
@property
|
1640
1641
|
@pulumi.getter
|
1641
|
-
def backend(self) -> pulumi.Output[Optional[str]]:
|
1642
|
+
def backend(self) -> pulumi.Output[Optional[builtins.str]]:
|
1642
1643
|
"""
|
1643
1644
|
Path to the mounted aws auth backend.
|
1644
1645
|
"""
|
@@ -1646,7 +1647,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1646
1647
|
|
1647
1648
|
@property
|
1648
1649
|
@pulumi.getter(name="boundAccountIds")
|
1649
|
-
def bound_account_ids(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1650
|
+
def bound_account_ids(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1650
1651
|
"""
|
1651
1652
|
If set, defines a constraint on the EC2
|
1652
1653
|
instances that can perform the login operation that they should be using the
|
@@ -1657,7 +1658,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1657
1658
|
|
1658
1659
|
@property
|
1659
1660
|
@pulumi.getter(name="boundAmiIds")
|
1660
|
-
def bound_ami_ids(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1661
|
+
def bound_ami_ids(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1661
1662
|
"""
|
1662
1663
|
If set, defines a constraint on the EC2 instances
|
1663
1664
|
that can perform the login operation that they should be using the AMI ID
|
@@ -1668,7 +1669,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1668
1669
|
|
1669
1670
|
@property
|
1670
1671
|
@pulumi.getter(name="boundEc2InstanceIds")
|
1671
|
-
def bound_ec2_instance_ids(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1672
|
+
def bound_ec2_instance_ids(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1672
1673
|
"""
|
1673
1674
|
Only EC2 instances that match this instance ID will be permitted to log in.
|
1674
1675
|
"""
|
@@ -1676,7 +1677,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1676
1677
|
|
1677
1678
|
@property
|
1678
1679
|
@pulumi.getter(name="boundIamInstanceProfileArns")
|
1679
|
-
def bound_iam_instance_profile_arns(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1680
|
+
def bound_iam_instance_profile_arns(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1680
1681
|
"""
|
1681
1682
|
If set, defines a constraint on
|
1682
1683
|
the EC2 instances that can perform the login operation that they must be
|
@@ -1689,7 +1690,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1689
1690
|
|
1690
1691
|
@property
|
1691
1692
|
@pulumi.getter(name="boundIamPrincipalArns")
|
1692
|
-
def bound_iam_principal_arns(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1693
|
+
def bound_iam_principal_arns(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1693
1694
|
"""
|
1694
1695
|
If set, defines the IAM principal that
|
1695
1696
|
must be authenticated when `auth_type` is set to `iam`. Wildcards are
|
@@ -1699,7 +1700,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1699
1700
|
|
1700
1701
|
@property
|
1701
1702
|
@pulumi.getter(name="boundIamRoleArns")
|
1702
|
-
def bound_iam_role_arns(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1703
|
+
def bound_iam_role_arns(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1703
1704
|
"""
|
1704
1705
|
If set, defines a constraint on the EC2
|
1705
1706
|
instances that can perform the login operation that they must match the IAM
|
@@ -1710,7 +1711,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1710
1711
|
|
1711
1712
|
@property
|
1712
1713
|
@pulumi.getter(name="boundRegions")
|
1713
|
-
def bound_regions(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1714
|
+
def bound_regions(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1714
1715
|
"""
|
1715
1716
|
If set, defines a constraint on the EC2 instances
|
1716
1717
|
that can perform the login operation that the region in their identity
|
@@ -1722,7 +1723,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1722
1723
|
|
1723
1724
|
@property
|
1724
1725
|
@pulumi.getter(name="boundSubnetIds")
|
1725
|
-
def bound_subnet_ids(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1726
|
+
def bound_subnet_ids(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1726
1727
|
"""
|
1727
1728
|
If set, defines a constraint on the EC2
|
1728
1729
|
instances that can perform the login operation that they be associated with
|
@@ -1734,7 +1735,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1734
1735
|
|
1735
1736
|
@property
|
1736
1737
|
@pulumi.getter(name="boundVpcIds")
|
1737
|
-
def bound_vpc_ids(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1738
|
+
def bound_vpc_ids(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1738
1739
|
"""
|
1739
1740
|
If set, defines a constraint on the EC2 instances
|
1740
1741
|
that can perform the login operation that they be associated with the VPC ID
|
@@ -1746,7 +1747,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1746
1747
|
|
1747
1748
|
@property
|
1748
1749
|
@pulumi.getter(name="disallowReauthentication")
|
1749
|
-
def disallow_reauthentication(self) -> pulumi.Output[Optional[bool]]:
|
1750
|
+
def disallow_reauthentication(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1750
1751
|
"""
|
1751
1752
|
IF set to `true`, only allows a
|
1752
1753
|
single token to be granted per instance ID. This can only be set when
|
@@ -1756,7 +1757,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1756
1757
|
|
1757
1758
|
@property
|
1758
1759
|
@pulumi.getter(name="inferredAwsRegion")
|
1759
|
-
def inferred_aws_region(self) -> pulumi.Output[Optional[str]]:
|
1760
|
+
def inferred_aws_region(self) -> pulumi.Output[Optional[builtins.str]]:
|
1760
1761
|
"""
|
1761
1762
|
When `inferred_entity_type` is set, this
|
1762
1763
|
is the region to search for the inferred entities. Required if
|
@@ -1767,7 +1768,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1767
1768
|
|
1768
1769
|
@property
|
1769
1770
|
@pulumi.getter(name="inferredEntityType")
|
1770
|
-
def inferred_entity_type(self) -> pulumi.Output[Optional[str]]:
|
1771
|
+
def inferred_entity_type(self) -> pulumi.Output[Optional[builtins.str]]:
|
1771
1772
|
"""
|
1772
1773
|
If set, instructs Vault to turn on
|
1773
1774
|
inferencing. The only valid value is `ec2_instance`, which instructs Vault to
|
@@ -1778,7 +1779,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1778
1779
|
|
1779
1780
|
@property
|
1780
1781
|
@pulumi.getter
|
1781
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
1782
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
1782
1783
|
"""
|
1783
1784
|
The namespace to provision the resource in.
|
1784
1785
|
The value should not contain leading or trailing forward slashes.
|
@@ -1789,7 +1790,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1789
1790
|
|
1790
1791
|
@property
|
1791
1792
|
@pulumi.getter(name="resolveAwsUniqueIds")
|
1792
|
-
def resolve_aws_unique_ids(self) -> pulumi.Output[Optional[bool]]:
|
1793
|
+
def resolve_aws_unique_ids(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1793
1794
|
"""
|
1794
1795
|
Only valid when
|
1795
1796
|
`auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are
|
@@ -1807,7 +1808,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1807
1808
|
|
1808
1809
|
@property
|
1809
1810
|
@pulumi.getter
|
1810
|
-
def role(self) -> pulumi.Output[str]:
|
1811
|
+
def role(self) -> pulumi.Output[builtins.str]:
|
1811
1812
|
"""
|
1812
1813
|
The name of the role.
|
1813
1814
|
"""
|
@@ -1815,7 +1816,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1815
1816
|
|
1816
1817
|
@property
|
1817
1818
|
@pulumi.getter(name="roleId")
|
1818
|
-
def role_id(self) -> pulumi.Output[str]:
|
1819
|
+
def role_id(self) -> pulumi.Output[builtins.str]:
|
1819
1820
|
"""
|
1820
1821
|
The Vault generated role ID.
|
1821
1822
|
"""
|
@@ -1823,7 +1824,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1823
1824
|
|
1824
1825
|
@property
|
1825
1826
|
@pulumi.getter(name="roleTag")
|
1826
|
-
def role_tag(self) -> pulumi.Output[Optional[str]]:
|
1827
|
+
def role_tag(self) -> pulumi.Output[Optional[builtins.str]]:
|
1827
1828
|
"""
|
1828
1829
|
If set, enable role tags for this role. The value set
|
1829
1830
|
for this field should be the key of the tag on the EC2 instance. `auth_type`
|
@@ -1834,7 +1835,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1834
1835
|
|
1835
1836
|
@property
|
1836
1837
|
@pulumi.getter(name="tokenBoundCidrs")
|
1837
|
-
def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1838
|
+
def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1838
1839
|
"""
|
1839
1840
|
Specifies the blocks of IP addresses which are allowed to use the generated token
|
1840
1841
|
"""
|
@@ -1842,7 +1843,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1842
1843
|
|
1843
1844
|
@property
|
1844
1845
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
1845
|
-
def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1846
|
+
def token_explicit_max_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
|
1846
1847
|
"""
|
1847
1848
|
Generated Token's Explicit Maximum TTL in seconds
|
1848
1849
|
"""
|
@@ -1850,7 +1851,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1850
1851
|
|
1851
1852
|
@property
|
1852
1853
|
@pulumi.getter(name="tokenMaxTtl")
|
1853
|
-
def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1854
|
+
def token_max_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
|
1854
1855
|
"""
|
1855
1856
|
The maximum lifetime of the generated token
|
1856
1857
|
"""
|
@@ -1858,7 +1859,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1858
1859
|
|
1859
1860
|
@property
|
1860
1861
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
1861
|
-
def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
|
1862
|
+
def token_no_default_policy(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1862
1863
|
"""
|
1863
1864
|
If true, the 'default' policy will not automatically be added to generated tokens
|
1864
1865
|
"""
|
@@ -1866,7 +1867,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1866
1867
|
|
1867
1868
|
@property
|
1868
1869
|
@pulumi.getter(name="tokenNumUses")
|
1869
|
-
def token_num_uses(self) -> pulumi.Output[Optional[int]]:
|
1870
|
+
def token_num_uses(self) -> pulumi.Output[Optional[builtins.int]]:
|
1870
1871
|
"""
|
1871
1872
|
The maximum number of times a token may be used, a value of zero means unlimited
|
1872
1873
|
"""
|
@@ -1874,7 +1875,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1874
1875
|
|
1875
1876
|
@property
|
1876
1877
|
@pulumi.getter(name="tokenPeriod")
|
1877
|
-
def token_period(self) -> pulumi.Output[Optional[int]]:
|
1878
|
+
def token_period(self) -> pulumi.Output[Optional[builtins.int]]:
|
1878
1879
|
"""
|
1879
1880
|
Generated Token's Period
|
1880
1881
|
"""
|
@@ -1882,7 +1883,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1882
1883
|
|
1883
1884
|
@property
|
1884
1885
|
@pulumi.getter(name="tokenPolicies")
|
1885
|
-
def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1886
|
+
def token_policies(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1886
1887
|
"""
|
1887
1888
|
Generated Token's Policies
|
1888
1889
|
"""
|
@@ -1890,7 +1891,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1890
1891
|
|
1891
1892
|
@property
|
1892
1893
|
@pulumi.getter(name="tokenTtl")
|
1893
|
-
def token_ttl(self) -> pulumi.Output[Optional[int]]:
|
1894
|
+
def token_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
|
1894
1895
|
"""
|
1895
1896
|
The initial ttl of the token to generate in seconds
|
1896
1897
|
"""
|
@@ -1898,7 +1899,7 @@ class AuthBackendRole(pulumi.CustomResource):
|
|
1898
1899
|
|
1899
1900
|
@property
|
1900
1901
|
@pulumi.getter(name="tokenType")
|
1901
|
-
def token_type(self) -> pulumi.Output[Optional[str]]:
|
1902
|
+
def token_type(self) -> pulumi.Output[Optional[builtins.str]]:
|
1902
1903
|
"""
|
1903
1904
|
The type of token to generate, service or batch
|
1904
1905
|
"""
|