pulumi-vault 6.7.0a1743576047__py3-none-any.whl → 6.7.0a1744267302__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1 -0
- pulumi_vault/_inputs.py +554 -553
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +253 -252
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +337 -336
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +113 -112
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +183 -182
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +239 -238
- pulumi_vault/azure/backend_role.py +141 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +2525 -2524
- pulumi_vault/database/outputs.py +1529 -1528
- pulumi_vault/database/secret_backend_connection.py +169 -168
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +179 -178
- pulumi_vault/database/secrets_mount.py +267 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +260 -259
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +232 -231
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +8 -7
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +588 -587
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +554 -553
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +56 -55
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +1 -0
- pulumi_vault/pkisecret/_inputs.py +31 -30
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +141 -140
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -27
- pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +715 -714
- pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
- pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +93 -92
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +1 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +54 -53
- pulumi_vault/transit/get_verify.py +60 -59
- pulumi_vault/transit/secret_backend_key.py +274 -273
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/METADATA +1 -1
- pulumi_vault-6.7.0a1744267302.dist-info/RECORD +265 -0
- pulumi_vault-6.7.0a1743576047.dist-info/RECORD +0 -265
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/WHEEL +0 -0
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,68 +20,68 @@ __all__ = ['SecretBackendArgs', 'SecretBackend']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class SecretBackendArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
access_key: Optional[pulumi.Input[str]] = None,
|
23
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
24
|
-
description: Optional[pulumi.Input[str]] = None,
|
25
|
-
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
26
|
-
disable_remount: Optional[pulumi.Input[bool]] = None,
|
27
|
-
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
28
|
-
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
29
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
30
|
-
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
31
|
-
local: Optional[pulumi.Input[bool]] = None,
|
32
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
33
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
34
|
-
path: Optional[pulumi.Input[str]] = None,
|
35
|
-
region: Optional[pulumi.Input[str]] = None,
|
36
|
-
role_arn: Optional[pulumi.Input[str]] = None,
|
37
|
-
rotation_period: Optional[pulumi.Input[int]] = None,
|
38
|
-
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
39
|
-
rotation_window: Optional[pulumi.Input[int]] = None,
|
40
|
-
secret_key: Optional[pulumi.Input[str]] = None,
|
41
|
-
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
42
|
-
sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
43
|
-
sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
44
|
-
sts_region: Optional[pulumi.Input[str]] = None,
|
45
|
-
username_template: Optional[pulumi.Input[str]] = None):
|
23
|
+
access_key: Optional[pulumi.Input[builtins.str]] = None,
|
24
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
25
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
26
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
27
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
28
|
+
iam_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
29
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
30
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
31
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
32
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
33
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
34
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
35
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
36
|
+
region: Optional[pulumi.Input[builtins.str]] = None,
|
37
|
+
role_arn: Optional[pulumi.Input[builtins.str]] = None,
|
38
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
39
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
40
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
41
|
+
secret_key: Optional[pulumi.Input[builtins.str]] = None,
|
42
|
+
sts_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
43
|
+
sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
44
|
+
sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
45
|
+
sts_region: Optional[pulumi.Input[builtins.str]] = None,
|
46
|
+
username_template: Optional[pulumi.Input[builtins.str]] = None):
|
46
47
|
"""
|
47
48
|
The set of arguments for constructing a SecretBackend resource.
|
48
|
-
:param pulumi.Input[str] access_key: The AWS Access Key ID this backend should use to
|
49
|
+
:param pulumi.Input[builtins.str] access_key: The AWS Access Key ID this backend should use to
|
49
50
|
issue new credentials. Vault uses the official AWS SDK to authenticate, and thus can also use standard AWS environment credentials, shared file credentials or IAM role/ECS task credentials.
|
50
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
|
51
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: The default TTL for credentials
|
51
52
|
issued by this backend.
|
52
|
-
:param pulumi.Input[str] description: A human-friendly description for this backend.
|
53
|
-
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
54
|
-
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
53
|
+
:param pulumi.Input[builtins.str] description: A human-friendly description for this backend.
|
54
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
55
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
55
56
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
56
|
-
:param pulumi.Input[str] iam_endpoint: Specifies a custom HTTP IAM endpoint to use.
|
57
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.16+.
|
58
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.16+.
|
59
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.16+.
|
60
|
-
:param pulumi.Input[bool] local: Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas.
|
61
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: The maximum TTL that can be requested
|
57
|
+
:param pulumi.Input[builtins.str] iam_endpoint: Specifies a custom HTTP IAM endpoint to use.
|
58
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value. Requires Vault 1.16+.
|
59
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.16+.
|
60
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.16+.
|
61
|
+
:param pulumi.Input[builtins.bool] local: Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas.
|
62
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: The maximum TTL that can be requested
|
62
63
|
for credentials issued by this backend.
|
63
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
64
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
64
65
|
The value should not contain leading or trailing forward slashes.
|
65
66
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
66
67
|
*Available only for Vault Enterprise*.
|
67
|
-
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
68
|
+
:param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
|
68
69
|
not begin or end with a `/`. Defaults to `aws`.
|
69
|
-
:param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
|
70
|
-
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
71
|
-
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
70
|
+
:param pulumi.Input[builtins.str] region: The AWS region to make API calls against. Defaults to us-east-1.
|
71
|
+
:param pulumi.Input[builtins.str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
72
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
72
73
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
73
|
-
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
74
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
74
75
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
75
|
-
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
76
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
76
77
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
77
78
|
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
78
|
-
:param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
79
|
-
:param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
80
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
|
81
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
|
82
|
-
:param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
|
83
|
-
:param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
79
|
+
:param pulumi.Input[builtins.str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
80
|
+
:param pulumi.Input[builtins.str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
81
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
|
82
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
|
83
|
+
:param pulumi.Input[builtins.str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
|
84
|
+
:param pulumi.Input[builtins.str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
84
85
|
|
85
86
|
```
|
86
87
|
{{ if (eq .Type "STS") }}
|
@@ -142,7 +143,7 @@ class SecretBackendArgs:
|
|
142
143
|
|
143
144
|
@property
|
144
145
|
@pulumi.getter(name="accessKey")
|
145
|
-
def access_key(self) -> Optional[pulumi.Input[str]]:
|
146
|
+
def access_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
146
147
|
"""
|
147
148
|
The AWS Access Key ID this backend should use to
|
148
149
|
issue new credentials. Vault uses the official AWS SDK to authenticate, and thus can also use standard AWS environment credentials, shared file credentials or IAM role/ECS task credentials.
|
@@ -150,12 +151,12 @@ class SecretBackendArgs:
|
|
150
151
|
return pulumi.get(self, "access_key")
|
151
152
|
|
152
153
|
@access_key.setter
|
153
|
-
def access_key(self, value: Optional[pulumi.Input[str]]):
|
154
|
+
def access_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
154
155
|
pulumi.set(self, "access_key", value)
|
155
156
|
|
156
157
|
@property
|
157
158
|
@pulumi.getter(name="defaultLeaseTtlSeconds")
|
158
|
-
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
159
|
+
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
159
160
|
"""
|
160
161
|
The default TTL for credentials
|
161
162
|
issued by this backend.
|
@@ -163,36 +164,36 @@ class SecretBackendArgs:
|
|
163
164
|
return pulumi.get(self, "default_lease_ttl_seconds")
|
164
165
|
|
165
166
|
@default_lease_ttl_seconds.setter
|
166
|
-
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
167
|
+
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
167
168
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
168
169
|
|
169
170
|
@property
|
170
171
|
@pulumi.getter
|
171
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
172
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
172
173
|
"""
|
173
174
|
A human-friendly description for this backend.
|
174
175
|
"""
|
175
176
|
return pulumi.get(self, "description")
|
176
177
|
|
177
178
|
@description.setter
|
178
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
179
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
179
180
|
pulumi.set(self, "description", value)
|
180
181
|
|
181
182
|
@property
|
182
183
|
@pulumi.getter(name="disableAutomatedRotation")
|
183
|
-
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
184
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
184
185
|
"""
|
185
186
|
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
186
187
|
"""
|
187
188
|
return pulumi.get(self, "disable_automated_rotation")
|
188
189
|
|
189
190
|
@disable_automated_rotation.setter
|
190
|
-
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
191
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
191
192
|
pulumi.set(self, "disable_automated_rotation", value)
|
192
193
|
|
193
194
|
@property
|
194
195
|
@pulumi.getter(name="disableRemount")
|
195
|
-
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
196
|
+
def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
|
196
197
|
"""
|
197
198
|
If set, opts out of mount migration on path updates.
|
198
199
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
@@ -200,72 +201,72 @@ class SecretBackendArgs:
|
|
200
201
|
return pulumi.get(self, "disable_remount")
|
201
202
|
|
202
203
|
@disable_remount.setter
|
203
|
-
def disable_remount(self, value: Optional[pulumi.Input[bool]]):
|
204
|
+
def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
|
204
205
|
pulumi.set(self, "disable_remount", value)
|
205
206
|
|
206
207
|
@property
|
207
208
|
@pulumi.getter(name="iamEndpoint")
|
208
|
-
def iam_endpoint(self) -> Optional[pulumi.Input[str]]:
|
209
|
+
def iam_endpoint(self) -> Optional[pulumi.Input[builtins.str]]:
|
209
210
|
"""
|
210
211
|
Specifies a custom HTTP IAM endpoint to use.
|
211
212
|
"""
|
212
213
|
return pulumi.get(self, "iam_endpoint")
|
213
214
|
|
214
215
|
@iam_endpoint.setter
|
215
|
-
def iam_endpoint(self, value: Optional[pulumi.Input[str]]):
|
216
|
+
def iam_endpoint(self, value: Optional[pulumi.Input[builtins.str]]):
|
216
217
|
pulumi.set(self, "iam_endpoint", value)
|
217
218
|
|
218
219
|
@property
|
219
220
|
@pulumi.getter(name="identityTokenAudience")
|
220
|
-
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
221
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
|
221
222
|
"""
|
222
223
|
The audience claim value. Requires Vault 1.16+.
|
223
224
|
"""
|
224
225
|
return pulumi.get(self, "identity_token_audience")
|
225
226
|
|
226
227
|
@identity_token_audience.setter
|
227
|
-
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
228
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
|
228
229
|
pulumi.set(self, "identity_token_audience", value)
|
229
230
|
|
230
231
|
@property
|
231
232
|
@pulumi.getter(name="identityTokenKey")
|
232
|
-
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
233
|
+
def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
233
234
|
"""
|
234
235
|
The key to use for signing identity tokens. Requires Vault 1.16+.
|
235
236
|
"""
|
236
237
|
return pulumi.get(self, "identity_token_key")
|
237
238
|
|
238
239
|
@identity_token_key.setter
|
239
|
-
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
240
|
+
def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
240
241
|
pulumi.set(self, "identity_token_key", value)
|
241
242
|
|
242
243
|
@property
|
243
244
|
@pulumi.getter(name="identityTokenTtl")
|
244
|
-
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
245
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
245
246
|
"""
|
246
247
|
The TTL of generated identity tokens in seconds. Requires Vault 1.16+.
|
247
248
|
"""
|
248
249
|
return pulumi.get(self, "identity_token_ttl")
|
249
250
|
|
250
251
|
@identity_token_ttl.setter
|
251
|
-
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
252
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
252
253
|
pulumi.set(self, "identity_token_ttl", value)
|
253
254
|
|
254
255
|
@property
|
255
256
|
@pulumi.getter
|
256
|
-
def local(self) -> Optional[pulumi.Input[bool]]:
|
257
|
+
def local(self) -> Optional[pulumi.Input[builtins.bool]]:
|
257
258
|
"""
|
258
259
|
Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas.
|
259
260
|
"""
|
260
261
|
return pulumi.get(self, "local")
|
261
262
|
|
262
263
|
@local.setter
|
263
|
-
def local(self, value: Optional[pulumi.Input[bool]]):
|
264
|
+
def local(self, value: Optional[pulumi.Input[builtins.bool]]):
|
264
265
|
pulumi.set(self, "local", value)
|
265
266
|
|
266
267
|
@property
|
267
268
|
@pulumi.getter(name="maxLeaseTtlSeconds")
|
268
|
-
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
269
|
+
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
269
270
|
"""
|
270
271
|
The maximum TTL that can be requested
|
271
272
|
for credentials issued by this backend.
|
@@ -273,12 +274,12 @@ class SecretBackendArgs:
|
|
273
274
|
return pulumi.get(self, "max_lease_ttl_seconds")
|
274
275
|
|
275
276
|
@max_lease_ttl_seconds.setter
|
276
|
-
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
277
|
+
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
277
278
|
pulumi.set(self, "max_lease_ttl_seconds", value)
|
278
279
|
|
279
280
|
@property
|
280
281
|
@pulumi.getter
|
281
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
282
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
282
283
|
"""
|
283
284
|
The namespace to provision the resource in.
|
284
285
|
The value should not contain leading or trailing forward slashes.
|
@@ -288,12 +289,12 @@ class SecretBackendArgs:
|
|
288
289
|
return pulumi.get(self, "namespace")
|
289
290
|
|
290
291
|
@namespace.setter
|
291
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
292
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
292
293
|
pulumi.set(self, "namespace", value)
|
293
294
|
|
294
295
|
@property
|
295
296
|
@pulumi.getter
|
296
|
-
def path(self) -> Optional[pulumi.Input[str]]:
|
297
|
+
def path(self) -> Optional[pulumi.Input[builtins.str]]:
|
297
298
|
"""
|
298
299
|
The unique path this backend should be mounted at. Must
|
299
300
|
not begin or end with a `/`. Defaults to `aws`.
|
@@ -301,36 +302,36 @@ class SecretBackendArgs:
|
|
301
302
|
return pulumi.get(self, "path")
|
302
303
|
|
303
304
|
@path.setter
|
304
|
-
def path(self, value: Optional[pulumi.Input[str]]):
|
305
|
+
def path(self, value: Optional[pulumi.Input[builtins.str]]):
|
305
306
|
pulumi.set(self, "path", value)
|
306
307
|
|
307
308
|
@property
|
308
309
|
@pulumi.getter
|
309
|
-
def region(self) -> Optional[pulumi.Input[str]]:
|
310
|
+
def region(self) -> Optional[pulumi.Input[builtins.str]]:
|
310
311
|
"""
|
311
312
|
The AWS region to make API calls against. Defaults to us-east-1.
|
312
313
|
"""
|
313
314
|
return pulumi.get(self, "region")
|
314
315
|
|
315
316
|
@region.setter
|
316
|
-
def region(self, value: Optional[pulumi.Input[str]]):
|
317
|
+
def region(self, value: Optional[pulumi.Input[builtins.str]]):
|
317
318
|
pulumi.set(self, "region", value)
|
318
319
|
|
319
320
|
@property
|
320
321
|
@pulumi.getter(name="roleArn")
|
321
|
-
def role_arn(self) -> Optional[pulumi.Input[str]]:
|
322
|
+
def role_arn(self) -> Optional[pulumi.Input[builtins.str]]:
|
322
323
|
"""
|
323
324
|
Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
324
325
|
"""
|
325
326
|
return pulumi.get(self, "role_arn")
|
326
327
|
|
327
328
|
@role_arn.setter
|
328
|
-
def role_arn(self, value: Optional[pulumi.Input[str]]):
|
329
|
+
def role_arn(self, value: Optional[pulumi.Input[builtins.str]]):
|
329
330
|
pulumi.set(self, "role_arn", value)
|
330
331
|
|
331
332
|
@property
|
332
333
|
@pulumi.getter(name="rotationPeriod")
|
333
|
-
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
334
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
334
335
|
"""
|
335
336
|
The amount of time in seconds Vault should wait before rotating the root credential.
|
336
337
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
@@ -338,12 +339,12 @@ class SecretBackendArgs:
|
|
338
339
|
return pulumi.get(self, "rotation_period")
|
339
340
|
|
340
341
|
@rotation_period.setter
|
341
|
-
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
342
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
342
343
|
pulumi.set(self, "rotation_period", value)
|
343
344
|
|
344
345
|
@property
|
345
346
|
@pulumi.getter(name="rotationSchedule")
|
346
|
-
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
347
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
347
348
|
"""
|
348
349
|
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
349
350
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
@@ -351,12 +352,12 @@ class SecretBackendArgs:
|
|
351
352
|
return pulumi.get(self, "rotation_schedule")
|
352
353
|
|
353
354
|
@rotation_schedule.setter
|
354
|
-
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
355
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
355
356
|
pulumi.set(self, "rotation_schedule", value)
|
356
357
|
|
357
358
|
@property
|
358
359
|
@pulumi.getter(name="rotationWindow")
|
359
|
-
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
360
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
360
361
|
"""
|
361
362
|
The maximum amount of time in seconds allowed to complete
|
362
363
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
@@ -365,72 +366,72 @@ class SecretBackendArgs:
|
|
365
366
|
return pulumi.get(self, "rotation_window")
|
366
367
|
|
367
368
|
@rotation_window.setter
|
368
|
-
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
369
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
369
370
|
pulumi.set(self, "rotation_window", value)
|
370
371
|
|
371
372
|
@property
|
372
373
|
@pulumi.getter(name="secretKey")
|
373
|
-
def secret_key(self) -> Optional[pulumi.Input[str]]:
|
374
|
+
def secret_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
374
375
|
"""
|
375
376
|
The AWS Secret Access Key to use when generating new credentials.
|
376
377
|
"""
|
377
378
|
return pulumi.get(self, "secret_key")
|
378
379
|
|
379
380
|
@secret_key.setter
|
380
|
-
def secret_key(self, value: Optional[pulumi.Input[str]]):
|
381
|
+
def secret_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
381
382
|
pulumi.set(self, "secret_key", value)
|
382
383
|
|
383
384
|
@property
|
384
385
|
@pulumi.getter(name="stsEndpoint")
|
385
|
-
def sts_endpoint(self) -> Optional[pulumi.Input[str]]:
|
386
|
+
def sts_endpoint(self) -> Optional[pulumi.Input[builtins.str]]:
|
386
387
|
"""
|
387
388
|
Specifies a custom HTTP STS endpoint to use.
|
388
389
|
"""
|
389
390
|
return pulumi.get(self, "sts_endpoint")
|
390
391
|
|
391
392
|
@sts_endpoint.setter
|
392
|
-
def sts_endpoint(self, value: Optional[pulumi.Input[str]]):
|
393
|
+
def sts_endpoint(self, value: Optional[pulumi.Input[builtins.str]]):
|
393
394
|
pulumi.set(self, "sts_endpoint", value)
|
394
395
|
|
395
396
|
@property
|
396
397
|
@pulumi.getter(name="stsFallbackEndpoints")
|
397
|
-
def sts_fallback_endpoints(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
398
|
+
def sts_fallback_endpoints(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
398
399
|
"""
|
399
400
|
Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
|
400
401
|
"""
|
401
402
|
return pulumi.get(self, "sts_fallback_endpoints")
|
402
403
|
|
403
404
|
@sts_fallback_endpoints.setter
|
404
|
-
def sts_fallback_endpoints(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
405
|
+
def sts_fallback_endpoints(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
405
406
|
pulumi.set(self, "sts_fallback_endpoints", value)
|
406
407
|
|
407
408
|
@property
|
408
409
|
@pulumi.getter(name="stsFallbackRegions")
|
409
|
-
def sts_fallback_regions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
410
|
+
def sts_fallback_regions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
410
411
|
"""
|
411
412
|
Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
|
412
413
|
"""
|
413
414
|
return pulumi.get(self, "sts_fallback_regions")
|
414
415
|
|
415
416
|
@sts_fallback_regions.setter
|
416
|
-
def sts_fallback_regions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
417
|
+
def sts_fallback_regions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
417
418
|
pulumi.set(self, "sts_fallback_regions", value)
|
418
419
|
|
419
420
|
@property
|
420
421
|
@pulumi.getter(name="stsRegion")
|
421
|
-
def sts_region(self) -> Optional[pulumi.Input[str]]:
|
422
|
+
def sts_region(self) -> Optional[pulumi.Input[builtins.str]]:
|
422
423
|
"""
|
423
424
|
Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
|
424
425
|
"""
|
425
426
|
return pulumi.get(self, "sts_region")
|
426
427
|
|
427
428
|
@sts_region.setter
|
428
|
-
def sts_region(self, value: Optional[pulumi.Input[str]]):
|
429
|
+
def sts_region(self, value: Optional[pulumi.Input[builtins.str]]):
|
429
430
|
pulumi.set(self, "sts_region", value)
|
430
431
|
|
431
432
|
@property
|
432
433
|
@pulumi.getter(name="usernameTemplate")
|
433
|
-
def username_template(self) -> Optional[pulumi.Input[str]]:
|
434
|
+
def username_template(self) -> Optional[pulumi.Input[builtins.str]]:
|
434
435
|
"""
|
435
436
|
Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
436
437
|
|
@@ -446,75 +447,75 @@ class SecretBackendArgs:
|
|
446
447
|
return pulumi.get(self, "username_template")
|
447
448
|
|
448
449
|
@username_template.setter
|
449
|
-
def username_template(self, value: Optional[pulumi.Input[str]]):
|
450
|
+
def username_template(self, value: Optional[pulumi.Input[builtins.str]]):
|
450
451
|
pulumi.set(self, "username_template", value)
|
451
452
|
|
452
453
|
|
453
454
|
@pulumi.input_type
|
454
455
|
class _SecretBackendState:
|
455
456
|
def __init__(__self__, *,
|
456
|
-
access_key: Optional[pulumi.Input[str]] = None,
|
457
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
458
|
-
description: Optional[pulumi.Input[str]] = None,
|
459
|
-
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
460
|
-
disable_remount: Optional[pulumi.Input[bool]] = None,
|
461
|
-
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
462
|
-
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
463
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
464
|
-
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
465
|
-
local: Optional[pulumi.Input[bool]] = None,
|
466
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
467
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
468
|
-
path: Optional[pulumi.Input[str]] = None,
|
469
|
-
region: Optional[pulumi.Input[str]] = None,
|
470
|
-
role_arn: Optional[pulumi.Input[str]] = None,
|
471
|
-
rotation_period: Optional[pulumi.Input[int]] = None,
|
472
|
-
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
473
|
-
rotation_window: Optional[pulumi.Input[int]] = None,
|
474
|
-
secret_key: Optional[pulumi.Input[str]] = None,
|
475
|
-
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
476
|
-
sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
477
|
-
sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
478
|
-
sts_region: Optional[pulumi.Input[str]] = None,
|
479
|
-
username_template: Optional[pulumi.Input[str]] = None):
|
457
|
+
access_key: Optional[pulumi.Input[builtins.str]] = None,
|
458
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
459
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
460
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
461
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
462
|
+
iam_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
463
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
464
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
465
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
466
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
467
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
468
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
469
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
470
|
+
region: Optional[pulumi.Input[builtins.str]] = None,
|
471
|
+
role_arn: Optional[pulumi.Input[builtins.str]] = None,
|
472
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
473
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
474
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
475
|
+
secret_key: Optional[pulumi.Input[builtins.str]] = None,
|
476
|
+
sts_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
477
|
+
sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
478
|
+
sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
479
|
+
sts_region: Optional[pulumi.Input[builtins.str]] = None,
|
480
|
+
username_template: Optional[pulumi.Input[builtins.str]] = None):
|
480
481
|
"""
|
481
482
|
Input properties used for looking up and filtering SecretBackend resources.
|
482
|
-
:param pulumi.Input[str] access_key: The AWS Access Key ID this backend should use to
|
483
|
+
:param pulumi.Input[builtins.str] access_key: The AWS Access Key ID this backend should use to
|
483
484
|
issue new credentials. Vault uses the official AWS SDK to authenticate, and thus can also use standard AWS environment credentials, shared file credentials or IAM role/ECS task credentials.
|
484
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
|
485
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: The default TTL for credentials
|
485
486
|
issued by this backend.
|
486
|
-
:param pulumi.Input[str] description: A human-friendly description for this backend.
|
487
|
-
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
488
|
-
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
487
|
+
:param pulumi.Input[builtins.str] description: A human-friendly description for this backend.
|
488
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
489
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
489
490
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
490
|
-
:param pulumi.Input[str] iam_endpoint: Specifies a custom HTTP IAM endpoint to use.
|
491
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.16+.
|
492
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.16+.
|
493
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.16+.
|
494
|
-
:param pulumi.Input[bool] local: Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas.
|
495
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: The maximum TTL that can be requested
|
491
|
+
:param pulumi.Input[builtins.str] iam_endpoint: Specifies a custom HTTP IAM endpoint to use.
|
492
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value. Requires Vault 1.16+.
|
493
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.16+.
|
494
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.16+.
|
495
|
+
:param pulumi.Input[builtins.bool] local: Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas.
|
496
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: The maximum TTL that can be requested
|
496
497
|
for credentials issued by this backend.
|
497
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
498
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
498
499
|
The value should not contain leading or trailing forward slashes.
|
499
500
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
500
501
|
*Available only for Vault Enterprise*.
|
501
|
-
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
502
|
+
:param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
|
502
503
|
not begin or end with a `/`. Defaults to `aws`.
|
503
|
-
:param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
|
504
|
-
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
505
|
-
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
504
|
+
:param pulumi.Input[builtins.str] region: The AWS region to make API calls against. Defaults to us-east-1.
|
505
|
+
:param pulumi.Input[builtins.str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
506
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
506
507
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
507
|
-
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
508
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
508
509
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
509
|
-
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
510
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
510
511
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
511
512
|
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
512
|
-
:param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
513
|
-
:param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
514
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
|
515
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
|
516
|
-
:param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
|
517
|
-
:param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
513
|
+
:param pulumi.Input[builtins.str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
514
|
+
:param pulumi.Input[builtins.str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
515
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
|
516
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
|
517
|
+
:param pulumi.Input[builtins.str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
|
518
|
+
:param pulumi.Input[builtins.str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
518
519
|
|
519
520
|
```
|
520
521
|
{{ if (eq .Type "STS") }}
|
@@ -576,7 +577,7 @@ class _SecretBackendState:
|
|
576
577
|
|
577
578
|
@property
|
578
579
|
@pulumi.getter(name="accessKey")
|
579
|
-
def access_key(self) -> Optional[pulumi.Input[str]]:
|
580
|
+
def access_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
580
581
|
"""
|
581
582
|
The AWS Access Key ID this backend should use to
|
582
583
|
issue new credentials. Vault uses the official AWS SDK to authenticate, and thus can also use standard AWS environment credentials, shared file credentials or IAM role/ECS task credentials.
|
@@ -584,12 +585,12 @@ class _SecretBackendState:
|
|
584
585
|
return pulumi.get(self, "access_key")
|
585
586
|
|
586
587
|
@access_key.setter
|
587
|
-
def access_key(self, value: Optional[pulumi.Input[str]]):
|
588
|
+
def access_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
588
589
|
pulumi.set(self, "access_key", value)
|
589
590
|
|
590
591
|
@property
|
591
592
|
@pulumi.getter(name="defaultLeaseTtlSeconds")
|
592
|
-
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
593
|
+
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
593
594
|
"""
|
594
595
|
The default TTL for credentials
|
595
596
|
issued by this backend.
|
@@ -597,36 +598,36 @@ class _SecretBackendState:
|
|
597
598
|
return pulumi.get(self, "default_lease_ttl_seconds")
|
598
599
|
|
599
600
|
@default_lease_ttl_seconds.setter
|
600
|
-
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
601
|
+
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
601
602
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
602
603
|
|
603
604
|
@property
|
604
605
|
@pulumi.getter
|
605
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
606
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
606
607
|
"""
|
607
608
|
A human-friendly description for this backend.
|
608
609
|
"""
|
609
610
|
return pulumi.get(self, "description")
|
610
611
|
|
611
612
|
@description.setter
|
612
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
613
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
613
614
|
pulumi.set(self, "description", value)
|
614
615
|
|
615
616
|
@property
|
616
617
|
@pulumi.getter(name="disableAutomatedRotation")
|
617
|
-
def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
|
618
|
+
def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
618
619
|
"""
|
619
620
|
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
620
621
|
"""
|
621
622
|
return pulumi.get(self, "disable_automated_rotation")
|
622
623
|
|
623
624
|
@disable_automated_rotation.setter
|
624
|
-
def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
|
625
|
+
def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
625
626
|
pulumi.set(self, "disable_automated_rotation", value)
|
626
627
|
|
627
628
|
@property
|
628
629
|
@pulumi.getter(name="disableRemount")
|
629
|
-
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
630
|
+
def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
|
630
631
|
"""
|
631
632
|
If set, opts out of mount migration on path updates.
|
632
633
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
@@ -634,72 +635,72 @@ class _SecretBackendState:
|
|
634
635
|
return pulumi.get(self, "disable_remount")
|
635
636
|
|
636
637
|
@disable_remount.setter
|
637
|
-
def disable_remount(self, value: Optional[pulumi.Input[bool]]):
|
638
|
+
def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
|
638
639
|
pulumi.set(self, "disable_remount", value)
|
639
640
|
|
640
641
|
@property
|
641
642
|
@pulumi.getter(name="iamEndpoint")
|
642
|
-
def iam_endpoint(self) -> Optional[pulumi.Input[str]]:
|
643
|
+
def iam_endpoint(self) -> Optional[pulumi.Input[builtins.str]]:
|
643
644
|
"""
|
644
645
|
Specifies a custom HTTP IAM endpoint to use.
|
645
646
|
"""
|
646
647
|
return pulumi.get(self, "iam_endpoint")
|
647
648
|
|
648
649
|
@iam_endpoint.setter
|
649
|
-
def iam_endpoint(self, value: Optional[pulumi.Input[str]]):
|
650
|
+
def iam_endpoint(self, value: Optional[pulumi.Input[builtins.str]]):
|
650
651
|
pulumi.set(self, "iam_endpoint", value)
|
651
652
|
|
652
653
|
@property
|
653
654
|
@pulumi.getter(name="identityTokenAudience")
|
654
|
-
def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
|
655
|
+
def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
|
655
656
|
"""
|
656
657
|
The audience claim value. Requires Vault 1.16+.
|
657
658
|
"""
|
658
659
|
return pulumi.get(self, "identity_token_audience")
|
659
660
|
|
660
661
|
@identity_token_audience.setter
|
661
|
-
def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
|
662
|
+
def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
|
662
663
|
pulumi.set(self, "identity_token_audience", value)
|
663
664
|
|
664
665
|
@property
|
665
666
|
@pulumi.getter(name="identityTokenKey")
|
666
|
-
def identity_token_key(self) -> Optional[pulumi.Input[str]]:
|
667
|
+
def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
667
668
|
"""
|
668
669
|
The key to use for signing identity tokens. Requires Vault 1.16+.
|
669
670
|
"""
|
670
671
|
return pulumi.get(self, "identity_token_key")
|
671
672
|
|
672
673
|
@identity_token_key.setter
|
673
|
-
def identity_token_key(self, value: Optional[pulumi.Input[str]]):
|
674
|
+
def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
674
675
|
pulumi.set(self, "identity_token_key", value)
|
675
676
|
|
676
677
|
@property
|
677
678
|
@pulumi.getter(name="identityTokenTtl")
|
678
|
-
def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
|
679
|
+
def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
679
680
|
"""
|
680
681
|
The TTL of generated identity tokens in seconds. Requires Vault 1.16+.
|
681
682
|
"""
|
682
683
|
return pulumi.get(self, "identity_token_ttl")
|
683
684
|
|
684
685
|
@identity_token_ttl.setter
|
685
|
-
def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
|
686
|
+
def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
686
687
|
pulumi.set(self, "identity_token_ttl", value)
|
687
688
|
|
688
689
|
@property
|
689
690
|
@pulumi.getter
|
690
|
-
def local(self) -> Optional[pulumi.Input[bool]]:
|
691
|
+
def local(self) -> Optional[pulumi.Input[builtins.bool]]:
|
691
692
|
"""
|
692
693
|
Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas.
|
693
694
|
"""
|
694
695
|
return pulumi.get(self, "local")
|
695
696
|
|
696
697
|
@local.setter
|
697
|
-
def local(self, value: Optional[pulumi.Input[bool]]):
|
698
|
+
def local(self, value: Optional[pulumi.Input[builtins.bool]]):
|
698
699
|
pulumi.set(self, "local", value)
|
699
700
|
|
700
701
|
@property
|
701
702
|
@pulumi.getter(name="maxLeaseTtlSeconds")
|
702
|
-
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
703
|
+
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
703
704
|
"""
|
704
705
|
The maximum TTL that can be requested
|
705
706
|
for credentials issued by this backend.
|
@@ -707,12 +708,12 @@ class _SecretBackendState:
|
|
707
708
|
return pulumi.get(self, "max_lease_ttl_seconds")
|
708
709
|
|
709
710
|
@max_lease_ttl_seconds.setter
|
710
|
-
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
711
|
+
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
711
712
|
pulumi.set(self, "max_lease_ttl_seconds", value)
|
712
713
|
|
713
714
|
@property
|
714
715
|
@pulumi.getter
|
715
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
716
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
716
717
|
"""
|
717
718
|
The namespace to provision the resource in.
|
718
719
|
The value should not contain leading or trailing forward slashes.
|
@@ -722,12 +723,12 @@ class _SecretBackendState:
|
|
722
723
|
return pulumi.get(self, "namespace")
|
723
724
|
|
724
725
|
@namespace.setter
|
725
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
726
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
726
727
|
pulumi.set(self, "namespace", value)
|
727
728
|
|
728
729
|
@property
|
729
730
|
@pulumi.getter
|
730
|
-
def path(self) -> Optional[pulumi.Input[str]]:
|
731
|
+
def path(self) -> Optional[pulumi.Input[builtins.str]]:
|
731
732
|
"""
|
732
733
|
The unique path this backend should be mounted at. Must
|
733
734
|
not begin or end with a `/`. Defaults to `aws`.
|
@@ -735,36 +736,36 @@ class _SecretBackendState:
|
|
735
736
|
return pulumi.get(self, "path")
|
736
737
|
|
737
738
|
@path.setter
|
738
|
-
def path(self, value: Optional[pulumi.Input[str]]):
|
739
|
+
def path(self, value: Optional[pulumi.Input[builtins.str]]):
|
739
740
|
pulumi.set(self, "path", value)
|
740
741
|
|
741
742
|
@property
|
742
743
|
@pulumi.getter
|
743
|
-
def region(self) -> Optional[pulumi.Input[str]]:
|
744
|
+
def region(self) -> Optional[pulumi.Input[builtins.str]]:
|
744
745
|
"""
|
745
746
|
The AWS region to make API calls against. Defaults to us-east-1.
|
746
747
|
"""
|
747
748
|
return pulumi.get(self, "region")
|
748
749
|
|
749
750
|
@region.setter
|
750
|
-
def region(self, value: Optional[pulumi.Input[str]]):
|
751
|
+
def region(self, value: Optional[pulumi.Input[builtins.str]]):
|
751
752
|
pulumi.set(self, "region", value)
|
752
753
|
|
753
754
|
@property
|
754
755
|
@pulumi.getter(name="roleArn")
|
755
|
-
def role_arn(self) -> Optional[pulumi.Input[str]]:
|
756
|
+
def role_arn(self) -> Optional[pulumi.Input[builtins.str]]:
|
756
757
|
"""
|
757
758
|
Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
758
759
|
"""
|
759
760
|
return pulumi.get(self, "role_arn")
|
760
761
|
|
761
762
|
@role_arn.setter
|
762
|
-
def role_arn(self, value: Optional[pulumi.Input[str]]):
|
763
|
+
def role_arn(self, value: Optional[pulumi.Input[builtins.str]]):
|
763
764
|
pulumi.set(self, "role_arn", value)
|
764
765
|
|
765
766
|
@property
|
766
767
|
@pulumi.getter(name="rotationPeriod")
|
767
|
-
def rotation_period(self) -> Optional[pulumi.Input[int]]:
|
768
|
+
def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
768
769
|
"""
|
769
770
|
The amount of time in seconds Vault should wait before rotating the root credential.
|
770
771
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
@@ -772,12 +773,12 @@ class _SecretBackendState:
|
|
772
773
|
return pulumi.get(self, "rotation_period")
|
773
774
|
|
774
775
|
@rotation_period.setter
|
775
|
-
def rotation_period(self, value: Optional[pulumi.Input[int]]):
|
776
|
+
def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
776
777
|
pulumi.set(self, "rotation_period", value)
|
777
778
|
|
778
779
|
@property
|
779
780
|
@pulumi.getter(name="rotationSchedule")
|
780
|
-
def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
|
781
|
+
def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
|
781
782
|
"""
|
782
783
|
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
783
784
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
@@ -785,12 +786,12 @@ class _SecretBackendState:
|
|
785
786
|
return pulumi.get(self, "rotation_schedule")
|
786
787
|
|
787
788
|
@rotation_schedule.setter
|
788
|
-
def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
|
789
|
+
def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
|
789
790
|
pulumi.set(self, "rotation_schedule", value)
|
790
791
|
|
791
792
|
@property
|
792
793
|
@pulumi.getter(name="rotationWindow")
|
793
|
-
def rotation_window(self) -> Optional[pulumi.Input[int]]:
|
794
|
+
def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
|
794
795
|
"""
|
795
796
|
The maximum amount of time in seconds allowed to complete
|
796
797
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
@@ -799,72 +800,72 @@ class _SecretBackendState:
|
|
799
800
|
return pulumi.get(self, "rotation_window")
|
800
801
|
|
801
802
|
@rotation_window.setter
|
802
|
-
def rotation_window(self, value: Optional[pulumi.Input[int]]):
|
803
|
+
def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
|
803
804
|
pulumi.set(self, "rotation_window", value)
|
804
805
|
|
805
806
|
@property
|
806
807
|
@pulumi.getter(name="secretKey")
|
807
|
-
def secret_key(self) -> Optional[pulumi.Input[str]]:
|
808
|
+
def secret_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
808
809
|
"""
|
809
810
|
The AWS Secret Access Key to use when generating new credentials.
|
810
811
|
"""
|
811
812
|
return pulumi.get(self, "secret_key")
|
812
813
|
|
813
814
|
@secret_key.setter
|
814
|
-
def secret_key(self, value: Optional[pulumi.Input[str]]):
|
815
|
+
def secret_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
815
816
|
pulumi.set(self, "secret_key", value)
|
816
817
|
|
817
818
|
@property
|
818
819
|
@pulumi.getter(name="stsEndpoint")
|
819
|
-
def sts_endpoint(self) -> Optional[pulumi.Input[str]]:
|
820
|
+
def sts_endpoint(self) -> Optional[pulumi.Input[builtins.str]]:
|
820
821
|
"""
|
821
822
|
Specifies a custom HTTP STS endpoint to use.
|
822
823
|
"""
|
823
824
|
return pulumi.get(self, "sts_endpoint")
|
824
825
|
|
825
826
|
@sts_endpoint.setter
|
826
|
-
def sts_endpoint(self, value: Optional[pulumi.Input[str]]):
|
827
|
+
def sts_endpoint(self, value: Optional[pulumi.Input[builtins.str]]):
|
827
828
|
pulumi.set(self, "sts_endpoint", value)
|
828
829
|
|
829
830
|
@property
|
830
831
|
@pulumi.getter(name="stsFallbackEndpoints")
|
831
|
-
def sts_fallback_endpoints(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
832
|
+
def sts_fallback_endpoints(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
832
833
|
"""
|
833
834
|
Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
|
834
835
|
"""
|
835
836
|
return pulumi.get(self, "sts_fallback_endpoints")
|
836
837
|
|
837
838
|
@sts_fallback_endpoints.setter
|
838
|
-
def sts_fallback_endpoints(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
839
|
+
def sts_fallback_endpoints(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
839
840
|
pulumi.set(self, "sts_fallback_endpoints", value)
|
840
841
|
|
841
842
|
@property
|
842
843
|
@pulumi.getter(name="stsFallbackRegions")
|
843
|
-
def sts_fallback_regions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
844
|
+
def sts_fallback_regions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
844
845
|
"""
|
845
846
|
Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
|
846
847
|
"""
|
847
848
|
return pulumi.get(self, "sts_fallback_regions")
|
848
849
|
|
849
850
|
@sts_fallback_regions.setter
|
850
|
-
def sts_fallback_regions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
851
|
+
def sts_fallback_regions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
851
852
|
pulumi.set(self, "sts_fallback_regions", value)
|
852
853
|
|
853
854
|
@property
|
854
855
|
@pulumi.getter(name="stsRegion")
|
855
|
-
def sts_region(self) -> Optional[pulumi.Input[str]]:
|
856
|
+
def sts_region(self) -> Optional[pulumi.Input[builtins.str]]:
|
856
857
|
"""
|
857
858
|
Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
|
858
859
|
"""
|
859
860
|
return pulumi.get(self, "sts_region")
|
860
861
|
|
861
862
|
@sts_region.setter
|
862
|
-
def sts_region(self, value: Optional[pulumi.Input[str]]):
|
863
|
+
def sts_region(self, value: Optional[pulumi.Input[builtins.str]]):
|
863
864
|
pulumi.set(self, "sts_region", value)
|
864
865
|
|
865
866
|
@property
|
866
867
|
@pulumi.getter(name="usernameTemplate")
|
867
|
-
def username_template(self) -> Optional[pulumi.Input[str]]:
|
868
|
+
def username_template(self) -> Optional[pulumi.Input[builtins.str]]:
|
868
869
|
"""
|
869
870
|
Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
870
871
|
|
@@ -880,7 +881,7 @@ class _SecretBackendState:
|
|
880
881
|
return pulumi.get(self, "username_template")
|
881
882
|
|
882
883
|
@username_template.setter
|
883
|
-
def username_template(self, value: Optional[pulumi.Input[str]]):
|
884
|
+
def username_template(self, value: Optional[pulumi.Input[builtins.str]]):
|
884
885
|
pulumi.set(self, "username_template", value)
|
885
886
|
|
886
887
|
|
@@ -889,30 +890,30 @@ class SecretBackend(pulumi.CustomResource):
|
|
889
890
|
def __init__(__self__,
|
890
891
|
resource_name: str,
|
891
892
|
opts: Optional[pulumi.ResourceOptions] = None,
|
892
|
-
access_key: Optional[pulumi.Input[str]] = None,
|
893
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
894
|
-
description: Optional[pulumi.Input[str]] = None,
|
895
|
-
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
896
|
-
disable_remount: Optional[pulumi.Input[bool]] = None,
|
897
|
-
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
898
|
-
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
899
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
900
|
-
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
901
|
-
local: Optional[pulumi.Input[bool]] = None,
|
902
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
903
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
904
|
-
path: Optional[pulumi.Input[str]] = None,
|
905
|
-
region: Optional[pulumi.Input[str]] = None,
|
906
|
-
role_arn: Optional[pulumi.Input[str]] = None,
|
907
|
-
rotation_period: Optional[pulumi.Input[int]] = None,
|
908
|
-
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
909
|
-
rotation_window: Optional[pulumi.Input[int]] = None,
|
910
|
-
secret_key: Optional[pulumi.Input[str]] = None,
|
911
|
-
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
912
|
-
sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
913
|
-
sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
914
|
-
sts_region: Optional[pulumi.Input[str]] = None,
|
915
|
-
username_template: Optional[pulumi.Input[str]] = None,
|
893
|
+
access_key: Optional[pulumi.Input[builtins.str]] = None,
|
894
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
895
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
896
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
897
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
898
|
+
iam_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
899
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
900
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
901
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
902
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
903
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
904
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
905
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
906
|
+
region: Optional[pulumi.Input[builtins.str]] = None,
|
907
|
+
role_arn: Optional[pulumi.Input[builtins.str]] = None,
|
908
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
909
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
910
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
911
|
+
secret_key: Optional[pulumi.Input[builtins.str]] = None,
|
912
|
+
sts_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
913
|
+
sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
914
|
+
sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
915
|
+
sts_region: Optional[pulumi.Input[builtins.str]] = None,
|
916
|
+
username_template: Optional[pulumi.Input[builtins.str]] = None,
|
916
917
|
__props__=None):
|
917
918
|
"""
|
918
919
|
## Import
|
@@ -925,42 +926,42 @@ class SecretBackend(pulumi.CustomResource):
|
|
925
926
|
|
926
927
|
:param str resource_name: The name of the resource.
|
927
928
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
928
|
-
:param pulumi.Input[str] access_key: The AWS Access Key ID this backend should use to
|
929
|
+
:param pulumi.Input[builtins.str] access_key: The AWS Access Key ID this backend should use to
|
929
930
|
issue new credentials. Vault uses the official AWS SDK to authenticate, and thus can also use standard AWS environment credentials, shared file credentials or IAM role/ECS task credentials.
|
930
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
|
931
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: The default TTL for credentials
|
931
932
|
issued by this backend.
|
932
|
-
:param pulumi.Input[str] description: A human-friendly description for this backend.
|
933
|
-
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
934
|
-
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
933
|
+
:param pulumi.Input[builtins.str] description: A human-friendly description for this backend.
|
934
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
935
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
935
936
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
936
|
-
:param pulumi.Input[str] iam_endpoint: Specifies a custom HTTP IAM endpoint to use.
|
937
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.16+.
|
938
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.16+.
|
939
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.16+.
|
940
|
-
:param pulumi.Input[bool] local: Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas.
|
941
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: The maximum TTL that can be requested
|
937
|
+
:param pulumi.Input[builtins.str] iam_endpoint: Specifies a custom HTTP IAM endpoint to use.
|
938
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value. Requires Vault 1.16+.
|
939
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.16+.
|
940
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.16+.
|
941
|
+
:param pulumi.Input[builtins.bool] local: Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas.
|
942
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: The maximum TTL that can be requested
|
942
943
|
for credentials issued by this backend.
|
943
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
944
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
944
945
|
The value should not contain leading or trailing forward slashes.
|
945
946
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
946
947
|
*Available only for Vault Enterprise*.
|
947
|
-
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
948
|
+
:param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
|
948
949
|
not begin or end with a `/`. Defaults to `aws`.
|
949
|
-
:param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
|
950
|
-
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
951
|
-
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
950
|
+
:param pulumi.Input[builtins.str] region: The AWS region to make API calls against. Defaults to us-east-1.
|
951
|
+
:param pulumi.Input[builtins.str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
952
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
952
953
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
953
|
-
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
954
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
954
955
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
955
|
-
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
956
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
956
957
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
957
958
|
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
958
|
-
:param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
959
|
-
:param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
960
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
|
961
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
|
962
|
-
:param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
|
963
|
-
:param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
959
|
+
:param pulumi.Input[builtins.str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
960
|
+
:param pulumi.Input[builtins.str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
961
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
|
962
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
|
963
|
+
:param pulumi.Input[builtins.str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
|
964
|
+
:param pulumi.Input[builtins.str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
964
965
|
|
965
966
|
```
|
966
967
|
{{ if (eq .Type "STS") }}
|
@@ -1001,30 +1002,30 @@ class SecretBackend(pulumi.CustomResource):
|
|
1001
1002
|
def _internal_init(__self__,
|
1002
1003
|
resource_name: str,
|
1003
1004
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1004
|
-
access_key: Optional[pulumi.Input[str]] = None,
|
1005
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1006
|
-
description: Optional[pulumi.Input[str]] = None,
|
1007
|
-
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
1008
|
-
disable_remount: Optional[pulumi.Input[bool]] = None,
|
1009
|
-
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
1010
|
-
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
1011
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
1012
|
-
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
1013
|
-
local: Optional[pulumi.Input[bool]] = None,
|
1014
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1015
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1016
|
-
path: Optional[pulumi.Input[str]] = None,
|
1017
|
-
region: Optional[pulumi.Input[str]] = None,
|
1018
|
-
role_arn: Optional[pulumi.Input[str]] = None,
|
1019
|
-
rotation_period: Optional[pulumi.Input[int]] = None,
|
1020
|
-
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
1021
|
-
rotation_window: Optional[pulumi.Input[int]] = None,
|
1022
|
-
secret_key: Optional[pulumi.Input[str]] = None,
|
1023
|
-
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
1024
|
-
sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1025
|
-
sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1026
|
-
sts_region: Optional[pulumi.Input[str]] = None,
|
1027
|
-
username_template: Optional[pulumi.Input[str]] = None,
|
1005
|
+
access_key: Optional[pulumi.Input[builtins.str]] = None,
|
1006
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1007
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
1008
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
1009
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
1010
|
+
iam_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
1011
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
1012
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
1013
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1014
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
1015
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1016
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1017
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
1018
|
+
region: Optional[pulumi.Input[builtins.str]] = None,
|
1019
|
+
role_arn: Optional[pulumi.Input[builtins.str]] = None,
|
1020
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
1021
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
1022
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
1023
|
+
secret_key: Optional[pulumi.Input[builtins.str]] = None,
|
1024
|
+
sts_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
1025
|
+
sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1026
|
+
sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1027
|
+
sts_region: Optional[pulumi.Input[builtins.str]] = None,
|
1028
|
+
username_template: Optional[pulumi.Input[builtins.str]] = None,
|
1028
1029
|
__props__=None):
|
1029
1030
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
1030
1031
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -1070,30 +1071,30 @@ class SecretBackend(pulumi.CustomResource):
|
|
1070
1071
|
def get(resource_name: str,
|
1071
1072
|
id: pulumi.Input[str],
|
1072
1073
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1073
|
-
access_key: Optional[pulumi.Input[str]] = None,
|
1074
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1075
|
-
description: Optional[pulumi.Input[str]] = None,
|
1076
|
-
disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
|
1077
|
-
disable_remount: Optional[pulumi.Input[bool]] = None,
|
1078
|
-
iam_endpoint: Optional[pulumi.Input[str]] = None,
|
1079
|
-
identity_token_audience: Optional[pulumi.Input[str]] = None,
|
1080
|
-
identity_token_key: Optional[pulumi.Input[str]] = None,
|
1081
|
-
identity_token_ttl: Optional[pulumi.Input[int]] = None,
|
1082
|
-
local: Optional[pulumi.Input[bool]] = None,
|
1083
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1084
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1085
|
-
path: Optional[pulumi.Input[str]] = None,
|
1086
|
-
region: Optional[pulumi.Input[str]] = None,
|
1087
|
-
role_arn: Optional[pulumi.Input[str]] = None,
|
1088
|
-
rotation_period: Optional[pulumi.Input[int]] = None,
|
1089
|
-
rotation_schedule: Optional[pulumi.Input[str]] = None,
|
1090
|
-
rotation_window: Optional[pulumi.Input[int]] = None,
|
1091
|
-
secret_key: Optional[pulumi.Input[str]] = None,
|
1092
|
-
sts_endpoint: Optional[pulumi.Input[str]] = None,
|
1093
|
-
sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1094
|
-
sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1095
|
-
sts_region: Optional[pulumi.Input[str]] = None,
|
1096
|
-
username_template: Optional[pulumi.Input[str]] = None) -> 'SecretBackend':
|
1074
|
+
access_key: Optional[pulumi.Input[builtins.str]] = None,
|
1075
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1076
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
1077
|
+
disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
|
1078
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
1079
|
+
iam_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
1080
|
+
identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
|
1081
|
+
identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
|
1082
|
+
identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1083
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
1084
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1085
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1086
|
+
path: Optional[pulumi.Input[builtins.str]] = None,
|
1087
|
+
region: Optional[pulumi.Input[builtins.str]] = None,
|
1088
|
+
role_arn: Optional[pulumi.Input[builtins.str]] = None,
|
1089
|
+
rotation_period: Optional[pulumi.Input[builtins.int]] = None,
|
1090
|
+
rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
|
1091
|
+
rotation_window: Optional[pulumi.Input[builtins.int]] = None,
|
1092
|
+
secret_key: Optional[pulumi.Input[builtins.str]] = None,
|
1093
|
+
sts_endpoint: Optional[pulumi.Input[builtins.str]] = None,
|
1094
|
+
sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1095
|
+
sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1096
|
+
sts_region: Optional[pulumi.Input[builtins.str]] = None,
|
1097
|
+
username_template: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackend':
|
1097
1098
|
"""
|
1098
1099
|
Get an existing SecretBackend resource's state with the given name, id, and optional extra
|
1099
1100
|
properties used to qualify the lookup.
|
@@ -1101,42 +1102,42 @@ class SecretBackend(pulumi.CustomResource):
|
|
1101
1102
|
:param str resource_name: The unique name of the resulting resource.
|
1102
1103
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
1103
1104
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1104
|
-
:param pulumi.Input[str] access_key: The AWS Access Key ID this backend should use to
|
1105
|
+
:param pulumi.Input[builtins.str] access_key: The AWS Access Key ID this backend should use to
|
1105
1106
|
issue new credentials. Vault uses the official AWS SDK to authenticate, and thus can also use standard AWS environment credentials, shared file credentials or IAM role/ECS task credentials.
|
1106
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
|
1107
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: The default TTL for credentials
|
1107
1108
|
issued by this backend.
|
1108
|
-
:param pulumi.Input[str] description: A human-friendly description for this backend.
|
1109
|
-
:param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1110
|
-
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
1109
|
+
:param pulumi.Input[builtins.str] description: A human-friendly description for this backend.
|
1110
|
+
:param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1111
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
1111
1112
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
1112
|
-
:param pulumi.Input[str] iam_endpoint: Specifies a custom HTTP IAM endpoint to use.
|
1113
|
-
:param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.16+.
|
1114
|
-
:param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.16+.
|
1115
|
-
:param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.16+.
|
1116
|
-
:param pulumi.Input[bool] local: Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas.
|
1117
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: The maximum TTL that can be requested
|
1113
|
+
:param pulumi.Input[builtins.str] iam_endpoint: Specifies a custom HTTP IAM endpoint to use.
|
1114
|
+
:param pulumi.Input[builtins.str] identity_token_audience: The audience claim value. Requires Vault 1.16+.
|
1115
|
+
:param pulumi.Input[builtins.str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.16+.
|
1116
|
+
:param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.16+.
|
1117
|
+
:param pulumi.Input[builtins.bool] local: Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas.
|
1118
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: The maximum TTL that can be requested
|
1118
1119
|
for credentials issued by this backend.
|
1119
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1120
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1120
1121
|
The value should not contain leading or trailing forward slashes.
|
1121
1122
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1122
1123
|
*Available only for Vault Enterprise*.
|
1123
|
-
:param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
|
1124
|
+
:param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
|
1124
1125
|
not begin or end with a `/`. Defaults to `aws`.
|
1125
|
-
:param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
|
1126
|
-
:param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
1127
|
-
:param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
1126
|
+
:param pulumi.Input[builtins.str] region: The AWS region to make API calls against. Defaults to us-east-1.
|
1127
|
+
:param pulumi.Input[builtins.str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
1128
|
+
:param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
|
1128
1129
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
1129
|
-
:param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1130
|
+
:param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1130
1131
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
1131
|
-
:param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
|
1132
|
+
:param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
|
1132
1133
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
1133
1134
|
unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
|
1134
|
-
:param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
1135
|
-
:param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
1136
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
|
1137
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
|
1138
|
-
:param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
|
1139
|
-
:param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
1135
|
+
:param pulumi.Input[builtins.str] secret_key: The AWS Secret Access Key to use when generating new credentials.
|
1136
|
+
:param pulumi.Input[builtins.str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
|
1137
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
|
1138
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
|
1139
|
+
:param pulumi.Input[builtins.str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
|
1140
|
+
:param pulumi.Input[builtins.str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
1140
1141
|
|
1141
1142
|
```
|
1142
1143
|
{{ if (eq .Type "STS") }}
|
@@ -1179,7 +1180,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1179
1180
|
|
1180
1181
|
@property
|
1181
1182
|
@pulumi.getter(name="accessKey")
|
1182
|
-
def access_key(self) -> pulumi.Output[Optional[str]]:
|
1183
|
+
def access_key(self) -> pulumi.Output[Optional[builtins.str]]:
|
1183
1184
|
"""
|
1184
1185
|
The AWS Access Key ID this backend should use to
|
1185
1186
|
issue new credentials. Vault uses the official AWS SDK to authenticate, and thus can also use standard AWS environment credentials, shared file credentials or IAM role/ECS task credentials.
|
@@ -1188,7 +1189,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1188
1189
|
|
1189
1190
|
@property
|
1190
1191
|
@pulumi.getter(name="defaultLeaseTtlSeconds")
|
1191
|
-
def default_lease_ttl_seconds(self) -> pulumi.Output[int]:
|
1192
|
+
def default_lease_ttl_seconds(self) -> pulumi.Output[builtins.int]:
|
1192
1193
|
"""
|
1193
1194
|
The default TTL for credentials
|
1194
1195
|
issued by this backend.
|
@@ -1197,7 +1198,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1197
1198
|
|
1198
1199
|
@property
|
1199
1200
|
@pulumi.getter
|
1200
|
-
def description(self) -> pulumi.Output[Optional[str]]:
|
1201
|
+
def description(self) -> pulumi.Output[Optional[builtins.str]]:
|
1201
1202
|
"""
|
1202
1203
|
A human-friendly description for this backend.
|
1203
1204
|
"""
|
@@ -1205,7 +1206,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1205
1206
|
|
1206
1207
|
@property
|
1207
1208
|
@pulumi.getter(name="disableAutomatedRotation")
|
1208
|
-
def disable_automated_rotation(self) -> pulumi.Output[Optional[bool]]:
|
1209
|
+
def disable_automated_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1209
1210
|
"""
|
1210
1211
|
Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
|
1211
1212
|
"""
|
@@ -1213,7 +1214,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1213
1214
|
|
1214
1215
|
@property
|
1215
1216
|
@pulumi.getter(name="disableRemount")
|
1216
|
-
def disable_remount(self) -> pulumi.Output[Optional[bool]]:
|
1217
|
+
def disable_remount(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1217
1218
|
"""
|
1218
1219
|
If set, opts out of mount migration on path updates.
|
1219
1220
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
@@ -1222,7 +1223,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1222
1223
|
|
1223
1224
|
@property
|
1224
1225
|
@pulumi.getter(name="iamEndpoint")
|
1225
|
-
def iam_endpoint(self) -> pulumi.Output[Optional[str]]:
|
1226
|
+
def iam_endpoint(self) -> pulumi.Output[Optional[builtins.str]]:
|
1226
1227
|
"""
|
1227
1228
|
Specifies a custom HTTP IAM endpoint to use.
|
1228
1229
|
"""
|
@@ -1230,7 +1231,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1230
1231
|
|
1231
1232
|
@property
|
1232
1233
|
@pulumi.getter(name="identityTokenAudience")
|
1233
|
-
def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
|
1234
|
+
def identity_token_audience(self) -> pulumi.Output[Optional[builtins.str]]:
|
1234
1235
|
"""
|
1235
1236
|
The audience claim value. Requires Vault 1.16+.
|
1236
1237
|
"""
|
@@ -1238,7 +1239,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1238
1239
|
|
1239
1240
|
@property
|
1240
1241
|
@pulumi.getter(name="identityTokenKey")
|
1241
|
-
def identity_token_key(self) -> pulumi.Output[Optional[str]]:
|
1242
|
+
def identity_token_key(self) -> pulumi.Output[Optional[builtins.str]]:
|
1242
1243
|
"""
|
1243
1244
|
The key to use for signing identity tokens. Requires Vault 1.16+.
|
1244
1245
|
"""
|
@@ -1246,7 +1247,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1246
1247
|
|
1247
1248
|
@property
|
1248
1249
|
@pulumi.getter(name="identityTokenTtl")
|
1249
|
-
def identity_token_ttl(self) -> pulumi.Output[int]:
|
1250
|
+
def identity_token_ttl(self) -> pulumi.Output[builtins.int]:
|
1250
1251
|
"""
|
1251
1252
|
The TTL of generated identity tokens in seconds. Requires Vault 1.16+.
|
1252
1253
|
"""
|
@@ -1254,7 +1255,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1254
1255
|
|
1255
1256
|
@property
|
1256
1257
|
@pulumi.getter
|
1257
|
-
def local(self) -> pulumi.Output[Optional[bool]]:
|
1258
|
+
def local(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1258
1259
|
"""
|
1259
1260
|
Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas.
|
1260
1261
|
"""
|
@@ -1262,7 +1263,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1262
1263
|
|
1263
1264
|
@property
|
1264
1265
|
@pulumi.getter(name="maxLeaseTtlSeconds")
|
1265
|
-
def max_lease_ttl_seconds(self) -> pulumi.Output[int]:
|
1266
|
+
def max_lease_ttl_seconds(self) -> pulumi.Output[builtins.int]:
|
1266
1267
|
"""
|
1267
1268
|
The maximum TTL that can be requested
|
1268
1269
|
for credentials issued by this backend.
|
@@ -1271,7 +1272,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1271
1272
|
|
1272
1273
|
@property
|
1273
1274
|
@pulumi.getter
|
1274
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
1275
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
1275
1276
|
"""
|
1276
1277
|
The namespace to provision the resource in.
|
1277
1278
|
The value should not contain leading or trailing forward slashes.
|
@@ -1282,7 +1283,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1282
1283
|
|
1283
1284
|
@property
|
1284
1285
|
@pulumi.getter
|
1285
|
-
def path(self) -> pulumi.Output[Optional[str]]:
|
1286
|
+
def path(self) -> pulumi.Output[Optional[builtins.str]]:
|
1286
1287
|
"""
|
1287
1288
|
The unique path this backend should be mounted at. Must
|
1288
1289
|
not begin or end with a `/`. Defaults to `aws`.
|
@@ -1291,7 +1292,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1291
1292
|
|
1292
1293
|
@property
|
1293
1294
|
@pulumi.getter
|
1294
|
-
def region(self) -> pulumi.Output[str]:
|
1295
|
+
def region(self) -> pulumi.Output[builtins.str]:
|
1295
1296
|
"""
|
1296
1297
|
The AWS region to make API calls against. Defaults to us-east-1.
|
1297
1298
|
"""
|
@@ -1299,7 +1300,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1299
1300
|
|
1300
1301
|
@property
|
1301
1302
|
@pulumi.getter(name="roleArn")
|
1302
|
-
def role_arn(self) -> pulumi.Output[Optional[str]]:
|
1303
|
+
def role_arn(self) -> pulumi.Output[Optional[builtins.str]]:
|
1303
1304
|
"""
|
1304
1305
|
Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
|
1305
1306
|
"""
|
@@ -1307,7 +1308,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1307
1308
|
|
1308
1309
|
@property
|
1309
1310
|
@pulumi.getter(name="rotationPeriod")
|
1310
|
-
def rotation_period(self) -> pulumi.Output[Optional[int]]:
|
1311
|
+
def rotation_period(self) -> pulumi.Output[Optional[builtins.int]]:
|
1311
1312
|
"""
|
1312
1313
|
The amount of time in seconds Vault should wait before rotating the root credential.
|
1313
1314
|
A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
|
@@ -1316,7 +1317,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1316
1317
|
|
1317
1318
|
@property
|
1318
1319
|
@pulumi.getter(name="rotationSchedule")
|
1319
|
-
def rotation_schedule(self) -> pulumi.Output[Optional[str]]:
|
1320
|
+
def rotation_schedule(self) -> pulumi.Output[Optional[builtins.str]]:
|
1320
1321
|
"""
|
1321
1322
|
The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
|
1322
1323
|
defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
|
@@ -1325,7 +1326,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1325
1326
|
|
1326
1327
|
@property
|
1327
1328
|
@pulumi.getter(name="rotationWindow")
|
1328
|
-
def rotation_window(self) -> pulumi.Output[Optional[int]]:
|
1329
|
+
def rotation_window(self) -> pulumi.Output[Optional[builtins.int]]:
|
1329
1330
|
"""
|
1330
1331
|
The maximum amount of time in seconds allowed to complete
|
1331
1332
|
a rotation when a scheduled token rotation occurs. The default rotation window is
|
@@ -1335,7 +1336,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1335
1336
|
|
1336
1337
|
@property
|
1337
1338
|
@pulumi.getter(name="secretKey")
|
1338
|
-
def secret_key(self) -> pulumi.Output[Optional[str]]:
|
1339
|
+
def secret_key(self) -> pulumi.Output[Optional[builtins.str]]:
|
1339
1340
|
"""
|
1340
1341
|
The AWS Secret Access Key to use when generating new credentials.
|
1341
1342
|
"""
|
@@ -1343,7 +1344,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1343
1344
|
|
1344
1345
|
@property
|
1345
1346
|
@pulumi.getter(name="stsEndpoint")
|
1346
|
-
def sts_endpoint(self) -> pulumi.Output[Optional[str]]:
|
1347
|
+
def sts_endpoint(self) -> pulumi.Output[Optional[builtins.str]]:
|
1347
1348
|
"""
|
1348
1349
|
Specifies a custom HTTP STS endpoint to use.
|
1349
1350
|
"""
|
@@ -1351,7 +1352,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1351
1352
|
|
1352
1353
|
@property
|
1353
1354
|
@pulumi.getter(name="stsFallbackEndpoints")
|
1354
|
-
def sts_fallback_endpoints(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1355
|
+
def sts_fallback_endpoints(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1355
1356
|
"""
|
1356
1357
|
Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
|
1357
1358
|
"""
|
@@ -1359,7 +1360,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1359
1360
|
|
1360
1361
|
@property
|
1361
1362
|
@pulumi.getter(name="stsFallbackRegions")
|
1362
|
-
def sts_fallback_regions(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1363
|
+
def sts_fallback_regions(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1363
1364
|
"""
|
1364
1365
|
Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
|
1365
1366
|
"""
|
@@ -1367,7 +1368,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1367
1368
|
|
1368
1369
|
@property
|
1369
1370
|
@pulumi.getter(name="stsRegion")
|
1370
|
-
def sts_region(self) -> pulumi.Output[Optional[str]]:
|
1371
|
+
def sts_region(self) -> pulumi.Output[Optional[builtins.str]]:
|
1371
1372
|
"""
|
1372
1373
|
Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
|
1373
1374
|
"""
|
@@ -1375,7 +1376,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1375
1376
|
|
1376
1377
|
@property
|
1377
1378
|
@pulumi.getter(name="usernameTemplate")
|
1378
|
-
def username_template(self) -> pulumi.Output[str]:
|
1379
|
+
def username_template(self) -> pulumi.Output[builtins.str]:
|
1379
1380
|
"""
|
1380
1381
|
Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
|
1381
1382
|
|