pulumi-vault 6.7.0a1743576047__py3-none-any.whl → 6.7.0a1744267302__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1 -0
- pulumi_vault/_inputs.py +554 -553
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +253 -252
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +337 -336
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +113 -112
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +183 -182
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +239 -238
- pulumi_vault/azure/backend_role.py +141 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +2525 -2524
- pulumi_vault/database/outputs.py +1529 -1528
- pulumi_vault/database/secret_backend_connection.py +169 -168
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +179 -178
- pulumi_vault/database/secrets_mount.py +267 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +260 -259
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +232 -231
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +8 -7
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +588 -587
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +554 -553
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +56 -55
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +1 -0
- pulumi_vault/pkisecret/_inputs.py +31 -30
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +141 -140
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -27
- pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +715 -714
- pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
- pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +93 -92
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +1 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +54 -53
- pulumi_vault/transit/get_verify.py +60 -59
- pulumi_vault/transit/secret_backend_key.py +274 -273
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/METADATA +1 -1
- pulumi_vault-6.7.0a1744267302.dist-info/RECORD +265 -0
- pulumi_vault-6.7.0a1743576047.dist-info/RECORD +0 -265
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/WHEEL +0 -0
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,100 +20,100 @@ __all__ = ['SecretBackendArgs', 'SecretBackend']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class SecretBackendArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
binddn: pulumi.Input[str],
|
23
|
-
bindpass: pulumi.Input[str],
|
24
|
-
anonymous_group_search: Optional[pulumi.Input[bool]] = None,
|
25
|
-
backend: Optional[pulumi.Input[str]] = None,
|
26
|
-
case_sensitive_names: Optional[pulumi.Input[bool]] = None,
|
27
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
28
|
-
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
29
|
-
client_tls_key: Optional[pulumi.Input[str]] = None,
|
30
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
31
|
-
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
32
|
-
description: Optional[pulumi.Input[str]] = None,
|
33
|
-
disable_remount: Optional[pulumi.Input[bool]] = None,
|
34
|
-
discoverdn: Optional[pulumi.Input[bool]] = None,
|
35
|
-
groupattr: Optional[pulumi.Input[str]] = None,
|
36
|
-
groupdn: Optional[pulumi.Input[str]] = None,
|
37
|
-
groupfilter: Optional[pulumi.Input[str]] = None,
|
38
|
-
insecure_tls: Optional[pulumi.Input[bool]] = None,
|
39
|
-
last_rotation_tolerance: Optional[pulumi.Input[int]] = None,
|
40
|
-
local: Optional[pulumi.Input[bool]] = None,
|
41
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
42
|
-
max_ttl: Optional[pulumi.Input[int]] = None,
|
43
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
44
|
-
password_policy: Optional[pulumi.Input[str]] = None,
|
45
|
-
request_timeout: Optional[pulumi.Input[int]] = None,
|
46
|
-
starttls: Optional[pulumi.Input[bool]] = None,
|
47
|
-
tls_max_version: Optional[pulumi.Input[str]] = None,
|
48
|
-
tls_min_version: Optional[pulumi.Input[str]] = None,
|
49
|
-
ttl: Optional[pulumi.Input[int]] = None,
|
50
|
-
upndomain: Optional[pulumi.Input[str]] = None,
|
51
|
-
url: Optional[pulumi.Input[str]] = None,
|
52
|
-
use_pre111_group_cn_behavior: Optional[pulumi.Input[bool]] = None,
|
53
|
-
use_token_groups: Optional[pulumi.Input[bool]] = None,
|
54
|
-
userattr: Optional[pulumi.Input[str]] = None,
|
55
|
-
userdn: Optional[pulumi.Input[str]] = None):
|
23
|
+
binddn: pulumi.Input[builtins.str],
|
24
|
+
bindpass: pulumi.Input[builtins.str],
|
25
|
+
anonymous_group_search: Optional[pulumi.Input[builtins.bool]] = None,
|
26
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
27
|
+
case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
|
28
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
29
|
+
client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
|
30
|
+
client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
|
31
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
32
|
+
deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
|
33
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
34
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
35
|
+
discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
|
36
|
+
groupattr: Optional[pulumi.Input[builtins.str]] = None,
|
37
|
+
groupdn: Optional[pulumi.Input[builtins.str]] = None,
|
38
|
+
groupfilter: Optional[pulumi.Input[builtins.str]] = None,
|
39
|
+
insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
|
40
|
+
last_rotation_tolerance: Optional[pulumi.Input[builtins.int]] = None,
|
41
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
42
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
43
|
+
max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
44
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
45
|
+
password_policy: Optional[pulumi.Input[builtins.str]] = None,
|
46
|
+
request_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
47
|
+
starttls: Optional[pulumi.Input[builtins.bool]] = None,
|
48
|
+
tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
|
49
|
+
tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
|
50
|
+
ttl: Optional[pulumi.Input[builtins.int]] = None,
|
51
|
+
upndomain: Optional[pulumi.Input[builtins.str]] = None,
|
52
|
+
url: Optional[pulumi.Input[builtins.str]] = None,
|
53
|
+
use_pre111_group_cn_behavior: Optional[pulumi.Input[builtins.bool]] = None,
|
54
|
+
use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
|
55
|
+
userattr: Optional[pulumi.Input[builtins.str]] = None,
|
56
|
+
userdn: Optional[pulumi.Input[builtins.str]] = None):
|
56
57
|
"""
|
57
58
|
The set of arguments for constructing a SecretBackend resource.
|
58
|
-
:param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
|
59
|
-
:param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
|
60
|
-
:param pulumi.Input[bool] anonymous_group_search: Use anonymous binds when performing LDAP group searches
|
59
|
+
:param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
|
60
|
+
:param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
|
61
|
+
:param pulumi.Input[builtins.bool] anonymous_group_search: Use anonymous binds when performing LDAP group searches
|
61
62
|
(if true the initial credentials will still be used for the initial connection test).
|
62
|
-
:param pulumi.Input[str] backend: The unique path this backend should be mounted at. Must
|
63
|
+
:param pulumi.Input[builtins.str] backend: The unique path this backend should be mounted at. Must
|
63
64
|
not begin or end with a `/`. Defaults to `ad`.
|
64
|
-
:param pulumi.Input[bool] case_sensitive_names: If set, user and group names assigned to policies within the
|
65
|
+
:param pulumi.Input[builtins.bool] case_sensitive_names: If set, user and group names assigned to policies within the
|
65
66
|
backend will be case sensitive. Otherwise, names will be normalized to lower case.
|
66
|
-
:param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
67
|
+
:param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
67
68
|
x509 PEM encoded.
|
68
|
-
:param pulumi.Input[str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
69
|
-
:param pulumi.Input[str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
70
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
71
|
-
:param pulumi.Input[bool] deny_null_bind: Denies an unauthenticated LDAP bind request if the user's password is empty;
|
69
|
+
:param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
70
|
+
:param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
71
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
72
|
+
:param pulumi.Input[builtins.bool] deny_null_bind: Denies an unauthenticated LDAP bind request if the user's password is empty;
|
72
73
|
defaults to true.
|
73
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
|
74
|
-
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
74
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
|
75
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
75
76
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
76
|
-
:param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
|
77
|
-
:param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
|
77
|
+
:param pulumi.Input[builtins.bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
|
78
|
+
:param pulumi.Input[builtins.str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
|
78
79
|
user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
|
79
|
-
:param pulumi.Input[str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
|
80
|
-
:param pulumi.Input[str] groupfilter: Go template for querying group membership of user (optional) The template can access
|
80
|
+
:param pulumi.Input[builtins.str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
|
81
|
+
:param pulumi.Input[builtins.str] groupfilter: Go template for querying group membership of user (optional) The template can access
|
81
82
|
the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
|
82
|
-
:param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
83
|
+
:param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
83
84
|
Defaults to `false`.
|
84
|
-
:param pulumi.Input[int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
|
85
|
+
:param pulumi.Input[builtins.int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
|
85
86
|
shows a later rotation, it should be considered out-of-band
|
86
|
-
:param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
87
|
+
:param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
87
88
|
replication.Tolerance duration to use when checking the last rotation time.
|
88
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
89
|
-
:param pulumi.Input[int] max_ttl: In seconds, the maximum password time-to-live.
|
90
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
89
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
90
|
+
:param pulumi.Input[builtins.int] max_ttl: In seconds, the maximum password time-to-live.
|
91
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
91
92
|
The value should not contain leading or trailing forward slashes.
|
92
93
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
93
94
|
*Available only for Vault Enterprise*.
|
94
|
-
:param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
|
95
|
-
:param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
95
|
+
:param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
|
96
|
+
:param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
96
97
|
before returning back an error.
|
97
|
-
:param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
98
|
-
:param pulumi.Input[str] tls_max_version: Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
|
98
|
+
:param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
99
|
+
:param pulumi.Input[builtins.str] tls_max_version: Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
|
99
100
|
`tls12` or `tls13`. Defaults to `tls12`.
|
100
|
-
:param pulumi.Input[str] tls_min_version: Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
|
101
|
+
:param pulumi.Input[builtins.str] tls_min_version: Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
|
101
102
|
`tls12` or `tls13`. Defaults to `tls12`.
|
102
|
-
:param pulumi.Input[int] ttl: In seconds, the default password time-to-live.
|
103
|
-
:param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
104
|
-
:param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
103
|
+
:param pulumi.Input[builtins.int] ttl: In seconds, the default password time-to-live.
|
104
|
+
:param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
105
|
+
:param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
105
106
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
106
|
-
:param pulumi.Input[bool] use_pre111_group_cn_behavior: In Vault 1.1.1 a fix for handling group CN values of
|
107
|
+
:param pulumi.Input[builtins.bool] use_pre111_group_cn_behavior: In Vault 1.1.1 a fix for handling group CN values of
|
107
108
|
different cases unfortunately introduced a regression that could cause previously defined groups
|
108
109
|
to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
|
109
110
|
matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
|
110
111
|
compatibility. It is enabled by default if the config is upgraded but disabled by default on
|
111
112
|
new configurations.
|
112
|
-
:param pulumi.Input[bool] use_token_groups: If true, use the Active Directory tokenGroups constructed attribute of the
|
113
|
+
:param pulumi.Input[builtins.bool] use_token_groups: If true, use the Active Directory tokenGroups constructed attribute of the
|
113
114
|
user to find the group memberships. This will find all security groups including nested ones.
|
114
|
-
:param pulumi.Input[str] userattr: Attribute used when searching users. Defaults to `cn`.
|
115
|
-
:param pulumi.Input[str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
115
|
+
:param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
|
116
|
+
:param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
116
117
|
"""
|
117
118
|
pulumi.set(__self__, "binddn", binddn)
|
118
119
|
pulumi.set(__self__, "bindpass", bindpass)
|
@@ -183,31 +184,31 @@ class SecretBackendArgs:
|
|
183
184
|
|
184
185
|
@property
|
185
186
|
@pulumi.getter
|
186
|
-
def binddn(self) -> pulumi.Input[str]:
|
187
|
+
def binddn(self) -> pulumi.Input[builtins.str]:
|
187
188
|
"""
|
188
189
|
Distinguished name of object to bind when performing user and group search.
|
189
190
|
"""
|
190
191
|
return pulumi.get(self, "binddn")
|
191
192
|
|
192
193
|
@binddn.setter
|
193
|
-
def binddn(self, value: pulumi.Input[str]):
|
194
|
+
def binddn(self, value: pulumi.Input[builtins.str]):
|
194
195
|
pulumi.set(self, "binddn", value)
|
195
196
|
|
196
197
|
@property
|
197
198
|
@pulumi.getter
|
198
|
-
def bindpass(self) -> pulumi.Input[str]:
|
199
|
+
def bindpass(self) -> pulumi.Input[builtins.str]:
|
199
200
|
"""
|
200
201
|
Password to use along with binddn when performing user search.
|
201
202
|
"""
|
202
203
|
return pulumi.get(self, "bindpass")
|
203
204
|
|
204
205
|
@bindpass.setter
|
205
|
-
def bindpass(self, value: pulumi.Input[str]):
|
206
|
+
def bindpass(self, value: pulumi.Input[builtins.str]):
|
206
207
|
pulumi.set(self, "bindpass", value)
|
207
208
|
|
208
209
|
@property
|
209
210
|
@pulumi.getter(name="anonymousGroupSearch")
|
210
|
-
def anonymous_group_search(self) -> Optional[pulumi.Input[bool]]:
|
211
|
+
def anonymous_group_search(self) -> Optional[pulumi.Input[builtins.bool]]:
|
211
212
|
"""
|
212
213
|
Use anonymous binds when performing LDAP group searches
|
213
214
|
(if true the initial credentials will still be used for the initial connection test).
|
@@ -215,12 +216,12 @@ class SecretBackendArgs:
|
|
215
216
|
return pulumi.get(self, "anonymous_group_search")
|
216
217
|
|
217
218
|
@anonymous_group_search.setter
|
218
|
-
def anonymous_group_search(self, value: Optional[pulumi.Input[bool]]):
|
219
|
+
def anonymous_group_search(self, value: Optional[pulumi.Input[builtins.bool]]):
|
219
220
|
pulumi.set(self, "anonymous_group_search", value)
|
220
221
|
|
221
222
|
@property
|
222
223
|
@pulumi.getter
|
223
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
224
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
224
225
|
"""
|
225
226
|
The unique path this backend should be mounted at. Must
|
226
227
|
not begin or end with a `/`. Defaults to `ad`.
|
@@ -228,12 +229,12 @@ class SecretBackendArgs:
|
|
228
229
|
return pulumi.get(self, "backend")
|
229
230
|
|
230
231
|
@backend.setter
|
231
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
232
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
232
233
|
pulumi.set(self, "backend", value)
|
233
234
|
|
234
235
|
@property
|
235
236
|
@pulumi.getter(name="caseSensitiveNames")
|
236
|
-
def case_sensitive_names(self) -> Optional[pulumi.Input[bool]]:
|
237
|
+
def case_sensitive_names(self) -> Optional[pulumi.Input[builtins.bool]]:
|
237
238
|
"""
|
238
239
|
If set, user and group names assigned to policies within the
|
239
240
|
backend will be case sensitive. Otherwise, names will be normalized to lower case.
|
@@ -241,12 +242,12 @@ class SecretBackendArgs:
|
|
241
242
|
return pulumi.get(self, "case_sensitive_names")
|
242
243
|
|
243
244
|
@case_sensitive_names.setter
|
244
|
-
def case_sensitive_names(self, value: Optional[pulumi.Input[bool]]):
|
245
|
+
def case_sensitive_names(self, value: Optional[pulumi.Input[builtins.bool]]):
|
245
246
|
pulumi.set(self, "case_sensitive_names", value)
|
246
247
|
|
247
248
|
@property
|
248
249
|
@pulumi.getter
|
249
|
-
def certificate(self) -> Optional[pulumi.Input[str]]:
|
250
|
+
def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
|
250
251
|
"""
|
251
252
|
CA certificate to use when verifying LDAP server certificate, must be
|
252
253
|
x509 PEM encoded.
|
@@ -254,48 +255,48 @@ class SecretBackendArgs:
|
|
254
255
|
return pulumi.get(self, "certificate")
|
255
256
|
|
256
257
|
@certificate.setter
|
257
|
-
def certificate(self, value: Optional[pulumi.Input[str]]):
|
258
|
+
def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
|
258
259
|
pulumi.set(self, "certificate", value)
|
259
260
|
|
260
261
|
@property
|
261
262
|
@pulumi.getter(name="clientTlsCert")
|
262
|
-
def client_tls_cert(self) -> Optional[pulumi.Input[str]]:
|
263
|
+
def client_tls_cert(self) -> Optional[pulumi.Input[builtins.str]]:
|
263
264
|
"""
|
264
265
|
Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
265
266
|
"""
|
266
267
|
return pulumi.get(self, "client_tls_cert")
|
267
268
|
|
268
269
|
@client_tls_cert.setter
|
269
|
-
def client_tls_cert(self, value: Optional[pulumi.Input[str]]):
|
270
|
+
def client_tls_cert(self, value: Optional[pulumi.Input[builtins.str]]):
|
270
271
|
pulumi.set(self, "client_tls_cert", value)
|
271
272
|
|
272
273
|
@property
|
273
274
|
@pulumi.getter(name="clientTlsKey")
|
274
|
-
def client_tls_key(self) -> Optional[pulumi.Input[str]]:
|
275
|
+
def client_tls_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
275
276
|
"""
|
276
277
|
Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
277
278
|
"""
|
278
279
|
return pulumi.get(self, "client_tls_key")
|
279
280
|
|
280
281
|
@client_tls_key.setter
|
281
|
-
def client_tls_key(self, value: Optional[pulumi.Input[str]]):
|
282
|
+
def client_tls_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
282
283
|
pulumi.set(self, "client_tls_key", value)
|
283
284
|
|
284
285
|
@property
|
285
286
|
@pulumi.getter(name="defaultLeaseTtlSeconds")
|
286
|
-
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
287
|
+
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
287
288
|
"""
|
288
289
|
Default lease duration for secrets in seconds.
|
289
290
|
"""
|
290
291
|
return pulumi.get(self, "default_lease_ttl_seconds")
|
291
292
|
|
292
293
|
@default_lease_ttl_seconds.setter
|
293
|
-
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
294
|
+
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
294
295
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
295
296
|
|
296
297
|
@property
|
297
298
|
@pulumi.getter(name="denyNullBind")
|
298
|
-
def deny_null_bind(self) -> Optional[pulumi.Input[bool]]:
|
299
|
+
def deny_null_bind(self) -> Optional[pulumi.Input[builtins.bool]]:
|
299
300
|
"""
|
300
301
|
Denies an unauthenticated LDAP bind request if the user's password is empty;
|
301
302
|
defaults to true.
|
@@ -303,24 +304,24 @@ class SecretBackendArgs:
|
|
303
304
|
return pulumi.get(self, "deny_null_bind")
|
304
305
|
|
305
306
|
@deny_null_bind.setter
|
306
|
-
def deny_null_bind(self, value: Optional[pulumi.Input[bool]]):
|
307
|
+
def deny_null_bind(self, value: Optional[pulumi.Input[builtins.bool]]):
|
307
308
|
pulumi.set(self, "deny_null_bind", value)
|
308
309
|
|
309
310
|
@property
|
310
311
|
@pulumi.getter
|
311
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
312
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
312
313
|
"""
|
313
314
|
Human-friendly description of the mount for the Active Directory backend.
|
314
315
|
"""
|
315
316
|
return pulumi.get(self, "description")
|
316
317
|
|
317
318
|
@description.setter
|
318
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
319
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
319
320
|
pulumi.set(self, "description", value)
|
320
321
|
|
321
322
|
@property
|
322
323
|
@pulumi.getter(name="disableRemount")
|
323
|
-
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
324
|
+
def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
|
324
325
|
"""
|
325
326
|
If set, opts out of mount migration on path updates.
|
326
327
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
@@ -328,24 +329,24 @@ class SecretBackendArgs:
|
|
328
329
|
return pulumi.get(self, "disable_remount")
|
329
330
|
|
330
331
|
@disable_remount.setter
|
331
|
-
def disable_remount(self, value: Optional[pulumi.Input[bool]]):
|
332
|
+
def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
|
332
333
|
pulumi.set(self, "disable_remount", value)
|
333
334
|
|
334
335
|
@property
|
335
336
|
@pulumi.getter
|
336
|
-
def discoverdn(self) -> Optional[pulumi.Input[bool]]:
|
337
|
+
def discoverdn(self) -> Optional[pulumi.Input[builtins.bool]]:
|
337
338
|
"""
|
338
339
|
Use anonymous bind to discover the bind Distinguished Name of a user.
|
339
340
|
"""
|
340
341
|
return pulumi.get(self, "discoverdn")
|
341
342
|
|
342
343
|
@discoverdn.setter
|
343
|
-
def discoverdn(self, value: Optional[pulumi.Input[bool]]):
|
344
|
+
def discoverdn(self, value: Optional[pulumi.Input[builtins.bool]]):
|
344
345
|
pulumi.set(self, "discoverdn", value)
|
345
346
|
|
346
347
|
@property
|
347
348
|
@pulumi.getter
|
348
|
-
def groupattr(self) -> Optional[pulumi.Input[str]]:
|
349
|
+
def groupattr(self) -> Optional[pulumi.Input[builtins.str]]:
|
349
350
|
"""
|
350
351
|
LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
|
351
352
|
user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
|
@@ -353,24 +354,24 @@ class SecretBackendArgs:
|
|
353
354
|
return pulumi.get(self, "groupattr")
|
354
355
|
|
355
356
|
@groupattr.setter
|
356
|
-
def groupattr(self, value: Optional[pulumi.Input[str]]):
|
357
|
+
def groupattr(self, value: Optional[pulumi.Input[builtins.str]]):
|
357
358
|
pulumi.set(self, "groupattr", value)
|
358
359
|
|
359
360
|
@property
|
360
361
|
@pulumi.getter
|
361
|
-
def groupdn(self) -> Optional[pulumi.Input[str]]:
|
362
|
+
def groupdn(self) -> Optional[pulumi.Input[builtins.str]]:
|
362
363
|
"""
|
363
364
|
LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
|
364
365
|
"""
|
365
366
|
return pulumi.get(self, "groupdn")
|
366
367
|
|
367
368
|
@groupdn.setter
|
368
|
-
def groupdn(self, value: Optional[pulumi.Input[str]]):
|
369
|
+
def groupdn(self, value: Optional[pulumi.Input[builtins.str]]):
|
369
370
|
pulumi.set(self, "groupdn", value)
|
370
371
|
|
371
372
|
@property
|
372
373
|
@pulumi.getter
|
373
|
-
def groupfilter(self) -> Optional[pulumi.Input[str]]:
|
374
|
+
def groupfilter(self) -> Optional[pulumi.Input[builtins.str]]:
|
374
375
|
"""
|
375
376
|
Go template for querying group membership of user (optional) The template can access
|
376
377
|
the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
|
@@ -378,12 +379,12 @@ class SecretBackendArgs:
|
|
378
379
|
return pulumi.get(self, "groupfilter")
|
379
380
|
|
380
381
|
@groupfilter.setter
|
381
|
-
def groupfilter(self, value: Optional[pulumi.Input[str]]):
|
382
|
+
def groupfilter(self, value: Optional[pulumi.Input[builtins.str]]):
|
382
383
|
pulumi.set(self, "groupfilter", value)
|
383
384
|
|
384
385
|
@property
|
385
386
|
@pulumi.getter(name="insecureTls")
|
386
|
-
def insecure_tls(self) -> Optional[pulumi.Input[bool]]:
|
387
|
+
def insecure_tls(self) -> Optional[pulumi.Input[builtins.bool]]:
|
387
388
|
"""
|
388
389
|
Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
389
390
|
Defaults to `false`.
|
@@ -391,12 +392,12 @@ class SecretBackendArgs:
|
|
391
392
|
return pulumi.get(self, "insecure_tls")
|
392
393
|
|
393
394
|
@insecure_tls.setter
|
394
|
-
def insecure_tls(self, value: Optional[pulumi.Input[bool]]):
|
395
|
+
def insecure_tls(self, value: Optional[pulumi.Input[builtins.bool]]):
|
395
396
|
pulumi.set(self, "insecure_tls", value)
|
396
397
|
|
397
398
|
@property
|
398
399
|
@pulumi.getter(name="lastRotationTolerance")
|
399
|
-
def last_rotation_tolerance(self) -> Optional[pulumi.Input[int]]:
|
400
|
+
def last_rotation_tolerance(self) -> Optional[pulumi.Input[builtins.int]]:
|
400
401
|
"""
|
401
402
|
The number of seconds after a Vault rotation where, if Active Directory
|
402
403
|
shows a later rotation, it should be considered out-of-band
|
@@ -404,12 +405,12 @@ class SecretBackendArgs:
|
|
404
405
|
return pulumi.get(self, "last_rotation_tolerance")
|
405
406
|
|
406
407
|
@last_rotation_tolerance.setter
|
407
|
-
def last_rotation_tolerance(self, value: Optional[pulumi.Input[int]]):
|
408
|
+
def last_rotation_tolerance(self, value: Optional[pulumi.Input[builtins.int]]):
|
408
409
|
pulumi.set(self, "last_rotation_tolerance", value)
|
409
410
|
|
410
411
|
@property
|
411
412
|
@pulumi.getter
|
412
|
-
def local(self) -> Optional[pulumi.Input[bool]]:
|
413
|
+
def local(self) -> Optional[pulumi.Input[builtins.bool]]:
|
413
414
|
"""
|
414
415
|
Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
415
416
|
replication.Tolerance duration to use when checking the last rotation time.
|
@@ -417,36 +418,36 @@ class SecretBackendArgs:
|
|
417
418
|
return pulumi.get(self, "local")
|
418
419
|
|
419
420
|
@local.setter
|
420
|
-
def local(self, value: Optional[pulumi.Input[bool]]):
|
421
|
+
def local(self, value: Optional[pulumi.Input[builtins.bool]]):
|
421
422
|
pulumi.set(self, "local", value)
|
422
423
|
|
423
424
|
@property
|
424
425
|
@pulumi.getter(name="maxLeaseTtlSeconds")
|
425
|
-
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
426
|
+
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
426
427
|
"""
|
427
428
|
Maximum possible lease duration for secrets in seconds.
|
428
429
|
"""
|
429
430
|
return pulumi.get(self, "max_lease_ttl_seconds")
|
430
431
|
|
431
432
|
@max_lease_ttl_seconds.setter
|
432
|
-
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
433
|
+
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
433
434
|
pulumi.set(self, "max_lease_ttl_seconds", value)
|
434
435
|
|
435
436
|
@property
|
436
437
|
@pulumi.getter(name="maxTtl")
|
437
|
-
def max_ttl(self) -> Optional[pulumi.Input[int]]:
|
438
|
+
def max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
438
439
|
"""
|
439
440
|
In seconds, the maximum password time-to-live.
|
440
441
|
"""
|
441
442
|
return pulumi.get(self, "max_ttl")
|
442
443
|
|
443
444
|
@max_ttl.setter
|
444
|
-
def max_ttl(self, value: Optional[pulumi.Input[int]]):
|
445
|
+
def max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
445
446
|
pulumi.set(self, "max_ttl", value)
|
446
447
|
|
447
448
|
@property
|
448
449
|
@pulumi.getter
|
449
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
450
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
450
451
|
"""
|
451
452
|
The namespace to provision the resource in.
|
452
453
|
The value should not contain leading or trailing forward slashes.
|
@@ -456,24 +457,24 @@ class SecretBackendArgs:
|
|
456
457
|
return pulumi.get(self, "namespace")
|
457
458
|
|
458
459
|
@namespace.setter
|
459
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
460
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
460
461
|
pulumi.set(self, "namespace", value)
|
461
462
|
|
462
463
|
@property
|
463
464
|
@pulumi.getter(name="passwordPolicy")
|
464
|
-
def password_policy(self) -> Optional[pulumi.Input[str]]:
|
465
|
+
def password_policy(self) -> Optional[pulumi.Input[builtins.str]]:
|
465
466
|
"""
|
466
467
|
Name of the password policy to use to generate passwords.
|
467
468
|
"""
|
468
469
|
return pulumi.get(self, "password_policy")
|
469
470
|
|
470
471
|
@password_policy.setter
|
471
|
-
def password_policy(self, value: Optional[pulumi.Input[str]]):
|
472
|
+
def password_policy(self, value: Optional[pulumi.Input[builtins.str]]):
|
472
473
|
pulumi.set(self, "password_policy", value)
|
473
474
|
|
474
475
|
@property
|
475
476
|
@pulumi.getter(name="requestTimeout")
|
476
|
-
def request_timeout(self) -> Optional[pulumi.Input[int]]:
|
477
|
+
def request_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
|
477
478
|
"""
|
478
479
|
Timeout, in seconds, for the connection when making requests against the server
|
479
480
|
before returning back an error.
|
@@ -481,24 +482,24 @@ class SecretBackendArgs:
|
|
481
482
|
return pulumi.get(self, "request_timeout")
|
482
483
|
|
483
484
|
@request_timeout.setter
|
484
|
-
def request_timeout(self, value: Optional[pulumi.Input[int]]):
|
485
|
+
def request_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
|
485
486
|
pulumi.set(self, "request_timeout", value)
|
486
487
|
|
487
488
|
@property
|
488
489
|
@pulumi.getter
|
489
|
-
def starttls(self) -> Optional[pulumi.Input[bool]]:
|
490
|
+
def starttls(self) -> Optional[pulumi.Input[builtins.bool]]:
|
490
491
|
"""
|
491
492
|
Issue a StartTLS command after establishing unencrypted connection.
|
492
493
|
"""
|
493
494
|
return pulumi.get(self, "starttls")
|
494
495
|
|
495
496
|
@starttls.setter
|
496
|
-
def starttls(self, value: Optional[pulumi.Input[bool]]):
|
497
|
+
def starttls(self, value: Optional[pulumi.Input[builtins.bool]]):
|
497
498
|
pulumi.set(self, "starttls", value)
|
498
499
|
|
499
500
|
@property
|
500
501
|
@pulumi.getter(name="tlsMaxVersion")
|
501
|
-
def tls_max_version(self) -> Optional[pulumi.Input[str]]:
|
502
|
+
def tls_max_version(self) -> Optional[pulumi.Input[builtins.str]]:
|
502
503
|
"""
|
503
504
|
Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
|
504
505
|
`tls12` or `tls13`. Defaults to `tls12`.
|
@@ -506,12 +507,12 @@ class SecretBackendArgs:
|
|
506
507
|
return pulumi.get(self, "tls_max_version")
|
507
508
|
|
508
509
|
@tls_max_version.setter
|
509
|
-
def tls_max_version(self, value: Optional[pulumi.Input[str]]):
|
510
|
+
def tls_max_version(self, value: Optional[pulumi.Input[builtins.str]]):
|
510
511
|
pulumi.set(self, "tls_max_version", value)
|
511
512
|
|
512
513
|
@property
|
513
514
|
@pulumi.getter(name="tlsMinVersion")
|
514
|
-
def tls_min_version(self) -> Optional[pulumi.Input[str]]:
|
515
|
+
def tls_min_version(self) -> Optional[pulumi.Input[builtins.str]]:
|
515
516
|
"""
|
516
517
|
Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
|
517
518
|
`tls12` or `tls13`. Defaults to `tls12`.
|
@@ -519,36 +520,36 @@ class SecretBackendArgs:
|
|
519
520
|
return pulumi.get(self, "tls_min_version")
|
520
521
|
|
521
522
|
@tls_min_version.setter
|
522
|
-
def tls_min_version(self, value: Optional[pulumi.Input[str]]):
|
523
|
+
def tls_min_version(self, value: Optional[pulumi.Input[builtins.str]]):
|
523
524
|
pulumi.set(self, "tls_min_version", value)
|
524
525
|
|
525
526
|
@property
|
526
527
|
@pulumi.getter
|
527
|
-
def ttl(self) -> Optional[pulumi.Input[int]]:
|
528
|
+
def ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
528
529
|
"""
|
529
530
|
In seconds, the default password time-to-live.
|
530
531
|
"""
|
531
532
|
return pulumi.get(self, "ttl")
|
532
533
|
|
533
534
|
@ttl.setter
|
534
|
-
def ttl(self, value: Optional[pulumi.Input[int]]):
|
535
|
+
def ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
535
536
|
pulumi.set(self, "ttl", value)
|
536
537
|
|
537
538
|
@property
|
538
539
|
@pulumi.getter
|
539
|
-
def upndomain(self) -> Optional[pulumi.Input[str]]:
|
540
|
+
def upndomain(self) -> Optional[pulumi.Input[builtins.str]]:
|
540
541
|
"""
|
541
542
|
Enables userPrincipalDomain login with [username]@UPNDomain.
|
542
543
|
"""
|
543
544
|
return pulumi.get(self, "upndomain")
|
544
545
|
|
545
546
|
@upndomain.setter
|
546
|
-
def upndomain(self, value: Optional[pulumi.Input[str]]):
|
547
|
+
def upndomain(self, value: Optional[pulumi.Input[builtins.str]]):
|
547
548
|
pulumi.set(self, "upndomain", value)
|
548
549
|
|
549
550
|
@property
|
550
551
|
@pulumi.getter
|
551
|
-
def url(self) -> Optional[pulumi.Input[str]]:
|
552
|
+
def url(self) -> Optional[pulumi.Input[builtins.str]]:
|
552
553
|
"""
|
553
554
|
LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
554
555
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
@@ -556,12 +557,12 @@ class SecretBackendArgs:
|
|
556
557
|
return pulumi.get(self, "url")
|
557
558
|
|
558
559
|
@url.setter
|
559
|
-
def url(self, value: Optional[pulumi.Input[str]]):
|
560
|
+
def url(self, value: Optional[pulumi.Input[builtins.str]]):
|
560
561
|
pulumi.set(self, "url", value)
|
561
562
|
|
562
563
|
@property
|
563
564
|
@pulumi.getter(name="usePre111GroupCnBehavior")
|
564
|
-
def use_pre111_group_cn_behavior(self) -> Optional[pulumi.Input[bool]]:
|
565
|
+
def use_pre111_group_cn_behavior(self) -> Optional[pulumi.Input[builtins.bool]]:
|
565
566
|
"""
|
566
567
|
In Vault 1.1.1 a fix for handling group CN values of
|
567
568
|
different cases unfortunately introduced a regression that could cause previously defined groups
|
@@ -573,12 +574,12 @@ class SecretBackendArgs:
|
|
573
574
|
return pulumi.get(self, "use_pre111_group_cn_behavior")
|
574
575
|
|
575
576
|
@use_pre111_group_cn_behavior.setter
|
576
|
-
def use_pre111_group_cn_behavior(self, value: Optional[pulumi.Input[bool]]):
|
577
|
+
def use_pre111_group_cn_behavior(self, value: Optional[pulumi.Input[builtins.bool]]):
|
577
578
|
pulumi.set(self, "use_pre111_group_cn_behavior", value)
|
578
579
|
|
579
580
|
@property
|
580
581
|
@pulumi.getter(name="useTokenGroups")
|
581
|
-
def use_token_groups(self) -> Optional[pulumi.Input[bool]]:
|
582
|
+
def use_token_groups(self) -> Optional[pulumi.Input[builtins.bool]]:
|
582
583
|
"""
|
583
584
|
If true, use the Active Directory tokenGroups constructed attribute of the
|
584
585
|
user to find the group memberships. This will find all security groups including nested ones.
|
@@ -586,131 +587,131 @@ class SecretBackendArgs:
|
|
586
587
|
return pulumi.get(self, "use_token_groups")
|
587
588
|
|
588
589
|
@use_token_groups.setter
|
589
|
-
def use_token_groups(self, value: Optional[pulumi.Input[bool]]):
|
590
|
+
def use_token_groups(self, value: Optional[pulumi.Input[builtins.bool]]):
|
590
591
|
pulumi.set(self, "use_token_groups", value)
|
591
592
|
|
592
593
|
@property
|
593
594
|
@pulumi.getter
|
594
|
-
def userattr(self) -> Optional[pulumi.Input[str]]:
|
595
|
+
def userattr(self) -> Optional[pulumi.Input[builtins.str]]:
|
595
596
|
"""
|
596
597
|
Attribute used when searching users. Defaults to `cn`.
|
597
598
|
"""
|
598
599
|
return pulumi.get(self, "userattr")
|
599
600
|
|
600
601
|
@userattr.setter
|
601
|
-
def userattr(self, value: Optional[pulumi.Input[str]]):
|
602
|
+
def userattr(self, value: Optional[pulumi.Input[builtins.str]]):
|
602
603
|
pulumi.set(self, "userattr", value)
|
603
604
|
|
604
605
|
@property
|
605
606
|
@pulumi.getter
|
606
|
-
def userdn(self) -> Optional[pulumi.Input[str]]:
|
607
|
+
def userdn(self) -> Optional[pulumi.Input[builtins.str]]:
|
607
608
|
"""
|
608
609
|
LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
609
610
|
"""
|
610
611
|
return pulumi.get(self, "userdn")
|
611
612
|
|
612
613
|
@userdn.setter
|
613
|
-
def userdn(self, value: Optional[pulumi.Input[str]]):
|
614
|
+
def userdn(self, value: Optional[pulumi.Input[builtins.str]]):
|
614
615
|
pulumi.set(self, "userdn", value)
|
615
616
|
|
616
617
|
|
617
618
|
@pulumi.input_type
|
618
619
|
class _SecretBackendState:
|
619
620
|
def __init__(__self__, *,
|
620
|
-
anonymous_group_search: Optional[pulumi.Input[bool]] = None,
|
621
|
-
backend: Optional[pulumi.Input[str]] = None,
|
622
|
-
binddn: Optional[pulumi.Input[str]] = None,
|
623
|
-
bindpass: Optional[pulumi.Input[str]] = None,
|
624
|
-
case_sensitive_names: Optional[pulumi.Input[bool]] = None,
|
625
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
626
|
-
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
627
|
-
client_tls_key: Optional[pulumi.Input[str]] = None,
|
628
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
629
|
-
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
630
|
-
description: Optional[pulumi.Input[str]] = None,
|
631
|
-
disable_remount: Optional[pulumi.Input[bool]] = None,
|
632
|
-
discoverdn: Optional[pulumi.Input[bool]] = None,
|
633
|
-
groupattr: Optional[pulumi.Input[str]] = None,
|
634
|
-
groupdn: Optional[pulumi.Input[str]] = None,
|
635
|
-
groupfilter: Optional[pulumi.Input[str]] = None,
|
636
|
-
insecure_tls: Optional[pulumi.Input[bool]] = None,
|
637
|
-
last_rotation_tolerance: Optional[pulumi.Input[int]] = None,
|
638
|
-
local: Optional[pulumi.Input[bool]] = None,
|
639
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
640
|
-
max_ttl: Optional[pulumi.Input[int]] = None,
|
641
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
642
|
-
password_policy: Optional[pulumi.Input[str]] = None,
|
643
|
-
request_timeout: Optional[pulumi.Input[int]] = None,
|
644
|
-
starttls: Optional[pulumi.Input[bool]] = None,
|
645
|
-
tls_max_version: Optional[pulumi.Input[str]] = None,
|
646
|
-
tls_min_version: Optional[pulumi.Input[str]] = None,
|
647
|
-
ttl: Optional[pulumi.Input[int]] = None,
|
648
|
-
upndomain: Optional[pulumi.Input[str]] = None,
|
649
|
-
url: Optional[pulumi.Input[str]] = None,
|
650
|
-
use_pre111_group_cn_behavior: Optional[pulumi.Input[bool]] = None,
|
651
|
-
use_token_groups: Optional[pulumi.Input[bool]] = None,
|
652
|
-
userattr: Optional[pulumi.Input[str]] = None,
|
653
|
-
userdn: Optional[pulumi.Input[str]] = None):
|
621
|
+
anonymous_group_search: Optional[pulumi.Input[builtins.bool]] = None,
|
622
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
623
|
+
binddn: Optional[pulumi.Input[builtins.str]] = None,
|
624
|
+
bindpass: Optional[pulumi.Input[builtins.str]] = None,
|
625
|
+
case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
|
626
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
627
|
+
client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
|
628
|
+
client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
|
629
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
630
|
+
deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
|
631
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
632
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
633
|
+
discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
|
634
|
+
groupattr: Optional[pulumi.Input[builtins.str]] = None,
|
635
|
+
groupdn: Optional[pulumi.Input[builtins.str]] = None,
|
636
|
+
groupfilter: Optional[pulumi.Input[builtins.str]] = None,
|
637
|
+
insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
|
638
|
+
last_rotation_tolerance: Optional[pulumi.Input[builtins.int]] = None,
|
639
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
640
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
641
|
+
max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
642
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
643
|
+
password_policy: Optional[pulumi.Input[builtins.str]] = None,
|
644
|
+
request_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
645
|
+
starttls: Optional[pulumi.Input[builtins.bool]] = None,
|
646
|
+
tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
|
647
|
+
tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
|
648
|
+
ttl: Optional[pulumi.Input[builtins.int]] = None,
|
649
|
+
upndomain: Optional[pulumi.Input[builtins.str]] = None,
|
650
|
+
url: Optional[pulumi.Input[builtins.str]] = None,
|
651
|
+
use_pre111_group_cn_behavior: Optional[pulumi.Input[builtins.bool]] = None,
|
652
|
+
use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
|
653
|
+
userattr: Optional[pulumi.Input[builtins.str]] = None,
|
654
|
+
userdn: Optional[pulumi.Input[builtins.str]] = None):
|
654
655
|
"""
|
655
656
|
Input properties used for looking up and filtering SecretBackend resources.
|
656
|
-
:param pulumi.Input[bool] anonymous_group_search: Use anonymous binds when performing LDAP group searches
|
657
|
+
:param pulumi.Input[builtins.bool] anonymous_group_search: Use anonymous binds when performing LDAP group searches
|
657
658
|
(if true the initial credentials will still be used for the initial connection test).
|
658
|
-
:param pulumi.Input[str] backend: The unique path this backend should be mounted at. Must
|
659
|
+
:param pulumi.Input[builtins.str] backend: The unique path this backend should be mounted at. Must
|
659
660
|
not begin or end with a `/`. Defaults to `ad`.
|
660
|
-
:param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
|
661
|
-
:param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
|
662
|
-
:param pulumi.Input[bool] case_sensitive_names: If set, user and group names assigned to policies within the
|
661
|
+
:param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
|
662
|
+
:param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
|
663
|
+
:param pulumi.Input[builtins.bool] case_sensitive_names: If set, user and group names assigned to policies within the
|
663
664
|
backend will be case sensitive. Otherwise, names will be normalized to lower case.
|
664
|
-
:param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
665
|
+
:param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
665
666
|
x509 PEM encoded.
|
666
|
-
:param pulumi.Input[str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
667
|
-
:param pulumi.Input[str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
668
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
669
|
-
:param pulumi.Input[bool] deny_null_bind: Denies an unauthenticated LDAP bind request if the user's password is empty;
|
667
|
+
:param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
668
|
+
:param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
669
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
670
|
+
:param pulumi.Input[builtins.bool] deny_null_bind: Denies an unauthenticated LDAP bind request if the user's password is empty;
|
670
671
|
defaults to true.
|
671
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
|
672
|
-
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
672
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
|
673
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
673
674
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
674
|
-
:param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
|
675
|
-
:param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
|
675
|
+
:param pulumi.Input[builtins.bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
|
676
|
+
:param pulumi.Input[builtins.str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
|
676
677
|
user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
|
677
|
-
:param pulumi.Input[str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
|
678
|
-
:param pulumi.Input[str] groupfilter: Go template for querying group membership of user (optional) The template can access
|
678
|
+
:param pulumi.Input[builtins.str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
|
679
|
+
:param pulumi.Input[builtins.str] groupfilter: Go template for querying group membership of user (optional) The template can access
|
679
680
|
the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
|
680
|
-
:param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
681
|
+
:param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
681
682
|
Defaults to `false`.
|
682
|
-
:param pulumi.Input[int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
|
683
|
+
:param pulumi.Input[builtins.int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
|
683
684
|
shows a later rotation, it should be considered out-of-band
|
684
|
-
:param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
685
|
+
:param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
685
686
|
replication.Tolerance duration to use when checking the last rotation time.
|
686
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
687
|
-
:param pulumi.Input[int] max_ttl: In seconds, the maximum password time-to-live.
|
688
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
687
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
688
|
+
:param pulumi.Input[builtins.int] max_ttl: In seconds, the maximum password time-to-live.
|
689
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
689
690
|
The value should not contain leading or trailing forward slashes.
|
690
691
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
691
692
|
*Available only for Vault Enterprise*.
|
692
|
-
:param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
|
693
|
-
:param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
693
|
+
:param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
|
694
|
+
:param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
694
695
|
before returning back an error.
|
695
|
-
:param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
696
|
-
:param pulumi.Input[str] tls_max_version: Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
|
696
|
+
:param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
697
|
+
:param pulumi.Input[builtins.str] tls_max_version: Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
|
697
698
|
`tls12` or `tls13`. Defaults to `tls12`.
|
698
|
-
:param pulumi.Input[str] tls_min_version: Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
|
699
|
+
:param pulumi.Input[builtins.str] tls_min_version: Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
|
699
700
|
`tls12` or `tls13`. Defaults to `tls12`.
|
700
|
-
:param pulumi.Input[int] ttl: In seconds, the default password time-to-live.
|
701
|
-
:param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
702
|
-
:param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
701
|
+
:param pulumi.Input[builtins.int] ttl: In seconds, the default password time-to-live.
|
702
|
+
:param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
703
|
+
:param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
703
704
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
704
|
-
:param pulumi.Input[bool] use_pre111_group_cn_behavior: In Vault 1.1.1 a fix for handling group CN values of
|
705
|
+
:param pulumi.Input[builtins.bool] use_pre111_group_cn_behavior: In Vault 1.1.1 a fix for handling group CN values of
|
705
706
|
different cases unfortunately introduced a regression that could cause previously defined groups
|
706
707
|
to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
|
707
708
|
matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
|
708
709
|
compatibility. It is enabled by default if the config is upgraded but disabled by default on
|
709
710
|
new configurations.
|
710
|
-
:param pulumi.Input[bool] use_token_groups: If true, use the Active Directory tokenGroups constructed attribute of the
|
711
|
+
:param pulumi.Input[builtins.bool] use_token_groups: If true, use the Active Directory tokenGroups constructed attribute of the
|
711
712
|
user to find the group memberships. This will find all security groups including nested ones.
|
712
|
-
:param pulumi.Input[str] userattr: Attribute used when searching users. Defaults to `cn`.
|
713
|
-
:param pulumi.Input[str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
713
|
+
:param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
|
714
|
+
:param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
714
715
|
"""
|
715
716
|
if anonymous_group_search is not None:
|
716
717
|
pulumi.set(__self__, "anonymous_group_search", anonymous_group_search)
|
@@ -783,7 +784,7 @@ class _SecretBackendState:
|
|
783
784
|
|
784
785
|
@property
|
785
786
|
@pulumi.getter(name="anonymousGroupSearch")
|
786
|
-
def anonymous_group_search(self) -> Optional[pulumi.Input[bool]]:
|
787
|
+
def anonymous_group_search(self) -> Optional[pulumi.Input[builtins.bool]]:
|
787
788
|
"""
|
788
789
|
Use anonymous binds when performing LDAP group searches
|
789
790
|
(if true the initial credentials will still be used for the initial connection test).
|
@@ -791,12 +792,12 @@ class _SecretBackendState:
|
|
791
792
|
return pulumi.get(self, "anonymous_group_search")
|
792
793
|
|
793
794
|
@anonymous_group_search.setter
|
794
|
-
def anonymous_group_search(self, value: Optional[pulumi.Input[bool]]):
|
795
|
+
def anonymous_group_search(self, value: Optional[pulumi.Input[builtins.bool]]):
|
795
796
|
pulumi.set(self, "anonymous_group_search", value)
|
796
797
|
|
797
798
|
@property
|
798
799
|
@pulumi.getter
|
799
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
800
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
800
801
|
"""
|
801
802
|
The unique path this backend should be mounted at. Must
|
802
803
|
not begin or end with a `/`. Defaults to `ad`.
|
@@ -804,36 +805,36 @@ class _SecretBackendState:
|
|
804
805
|
return pulumi.get(self, "backend")
|
805
806
|
|
806
807
|
@backend.setter
|
807
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
808
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
808
809
|
pulumi.set(self, "backend", value)
|
809
810
|
|
810
811
|
@property
|
811
812
|
@pulumi.getter
|
812
|
-
def binddn(self) -> Optional[pulumi.Input[str]]:
|
813
|
+
def binddn(self) -> Optional[pulumi.Input[builtins.str]]:
|
813
814
|
"""
|
814
815
|
Distinguished name of object to bind when performing user and group search.
|
815
816
|
"""
|
816
817
|
return pulumi.get(self, "binddn")
|
817
818
|
|
818
819
|
@binddn.setter
|
819
|
-
def binddn(self, value: Optional[pulumi.Input[str]]):
|
820
|
+
def binddn(self, value: Optional[pulumi.Input[builtins.str]]):
|
820
821
|
pulumi.set(self, "binddn", value)
|
821
822
|
|
822
823
|
@property
|
823
824
|
@pulumi.getter
|
824
|
-
def bindpass(self) -> Optional[pulumi.Input[str]]:
|
825
|
+
def bindpass(self) -> Optional[pulumi.Input[builtins.str]]:
|
825
826
|
"""
|
826
827
|
Password to use along with binddn when performing user search.
|
827
828
|
"""
|
828
829
|
return pulumi.get(self, "bindpass")
|
829
830
|
|
830
831
|
@bindpass.setter
|
831
|
-
def bindpass(self, value: Optional[pulumi.Input[str]]):
|
832
|
+
def bindpass(self, value: Optional[pulumi.Input[builtins.str]]):
|
832
833
|
pulumi.set(self, "bindpass", value)
|
833
834
|
|
834
835
|
@property
|
835
836
|
@pulumi.getter(name="caseSensitiveNames")
|
836
|
-
def case_sensitive_names(self) -> Optional[pulumi.Input[bool]]:
|
837
|
+
def case_sensitive_names(self) -> Optional[pulumi.Input[builtins.bool]]:
|
837
838
|
"""
|
838
839
|
If set, user and group names assigned to policies within the
|
839
840
|
backend will be case sensitive. Otherwise, names will be normalized to lower case.
|
@@ -841,12 +842,12 @@ class _SecretBackendState:
|
|
841
842
|
return pulumi.get(self, "case_sensitive_names")
|
842
843
|
|
843
844
|
@case_sensitive_names.setter
|
844
|
-
def case_sensitive_names(self, value: Optional[pulumi.Input[bool]]):
|
845
|
+
def case_sensitive_names(self, value: Optional[pulumi.Input[builtins.bool]]):
|
845
846
|
pulumi.set(self, "case_sensitive_names", value)
|
846
847
|
|
847
848
|
@property
|
848
849
|
@pulumi.getter
|
849
|
-
def certificate(self) -> Optional[pulumi.Input[str]]:
|
850
|
+
def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
|
850
851
|
"""
|
851
852
|
CA certificate to use when verifying LDAP server certificate, must be
|
852
853
|
x509 PEM encoded.
|
@@ -854,48 +855,48 @@ class _SecretBackendState:
|
|
854
855
|
return pulumi.get(self, "certificate")
|
855
856
|
|
856
857
|
@certificate.setter
|
857
|
-
def certificate(self, value: Optional[pulumi.Input[str]]):
|
858
|
+
def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
|
858
859
|
pulumi.set(self, "certificate", value)
|
859
860
|
|
860
861
|
@property
|
861
862
|
@pulumi.getter(name="clientTlsCert")
|
862
|
-
def client_tls_cert(self) -> Optional[pulumi.Input[str]]:
|
863
|
+
def client_tls_cert(self) -> Optional[pulumi.Input[builtins.str]]:
|
863
864
|
"""
|
864
865
|
Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
865
866
|
"""
|
866
867
|
return pulumi.get(self, "client_tls_cert")
|
867
868
|
|
868
869
|
@client_tls_cert.setter
|
869
|
-
def client_tls_cert(self, value: Optional[pulumi.Input[str]]):
|
870
|
+
def client_tls_cert(self, value: Optional[pulumi.Input[builtins.str]]):
|
870
871
|
pulumi.set(self, "client_tls_cert", value)
|
871
872
|
|
872
873
|
@property
|
873
874
|
@pulumi.getter(name="clientTlsKey")
|
874
|
-
def client_tls_key(self) -> Optional[pulumi.Input[str]]:
|
875
|
+
def client_tls_key(self) -> Optional[pulumi.Input[builtins.str]]:
|
875
876
|
"""
|
876
877
|
Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
877
878
|
"""
|
878
879
|
return pulumi.get(self, "client_tls_key")
|
879
880
|
|
880
881
|
@client_tls_key.setter
|
881
|
-
def client_tls_key(self, value: Optional[pulumi.Input[str]]):
|
882
|
+
def client_tls_key(self, value: Optional[pulumi.Input[builtins.str]]):
|
882
883
|
pulumi.set(self, "client_tls_key", value)
|
883
884
|
|
884
885
|
@property
|
885
886
|
@pulumi.getter(name="defaultLeaseTtlSeconds")
|
886
|
-
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
887
|
+
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
887
888
|
"""
|
888
889
|
Default lease duration for secrets in seconds.
|
889
890
|
"""
|
890
891
|
return pulumi.get(self, "default_lease_ttl_seconds")
|
891
892
|
|
892
893
|
@default_lease_ttl_seconds.setter
|
893
|
-
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
894
|
+
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
894
895
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
895
896
|
|
896
897
|
@property
|
897
898
|
@pulumi.getter(name="denyNullBind")
|
898
|
-
def deny_null_bind(self) -> Optional[pulumi.Input[bool]]:
|
899
|
+
def deny_null_bind(self) -> Optional[pulumi.Input[builtins.bool]]:
|
899
900
|
"""
|
900
901
|
Denies an unauthenticated LDAP bind request if the user's password is empty;
|
901
902
|
defaults to true.
|
@@ -903,24 +904,24 @@ class _SecretBackendState:
|
|
903
904
|
return pulumi.get(self, "deny_null_bind")
|
904
905
|
|
905
906
|
@deny_null_bind.setter
|
906
|
-
def deny_null_bind(self, value: Optional[pulumi.Input[bool]]):
|
907
|
+
def deny_null_bind(self, value: Optional[pulumi.Input[builtins.bool]]):
|
907
908
|
pulumi.set(self, "deny_null_bind", value)
|
908
909
|
|
909
910
|
@property
|
910
911
|
@pulumi.getter
|
911
|
-
def description(self) -> Optional[pulumi.Input[str]]:
|
912
|
+
def description(self) -> Optional[pulumi.Input[builtins.str]]:
|
912
913
|
"""
|
913
914
|
Human-friendly description of the mount for the Active Directory backend.
|
914
915
|
"""
|
915
916
|
return pulumi.get(self, "description")
|
916
917
|
|
917
918
|
@description.setter
|
918
|
-
def description(self, value: Optional[pulumi.Input[str]]):
|
919
|
+
def description(self, value: Optional[pulumi.Input[builtins.str]]):
|
919
920
|
pulumi.set(self, "description", value)
|
920
921
|
|
921
922
|
@property
|
922
923
|
@pulumi.getter(name="disableRemount")
|
923
|
-
def disable_remount(self) -> Optional[pulumi.Input[bool]]:
|
924
|
+
def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
|
924
925
|
"""
|
925
926
|
If set, opts out of mount migration on path updates.
|
926
927
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
@@ -928,24 +929,24 @@ class _SecretBackendState:
|
|
928
929
|
return pulumi.get(self, "disable_remount")
|
929
930
|
|
930
931
|
@disable_remount.setter
|
931
|
-
def disable_remount(self, value: Optional[pulumi.Input[bool]]):
|
932
|
+
def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
|
932
933
|
pulumi.set(self, "disable_remount", value)
|
933
934
|
|
934
935
|
@property
|
935
936
|
@pulumi.getter
|
936
|
-
def discoverdn(self) -> Optional[pulumi.Input[bool]]:
|
937
|
+
def discoverdn(self) -> Optional[pulumi.Input[builtins.bool]]:
|
937
938
|
"""
|
938
939
|
Use anonymous bind to discover the bind Distinguished Name of a user.
|
939
940
|
"""
|
940
941
|
return pulumi.get(self, "discoverdn")
|
941
942
|
|
942
943
|
@discoverdn.setter
|
943
|
-
def discoverdn(self, value: Optional[pulumi.Input[bool]]):
|
944
|
+
def discoverdn(self, value: Optional[pulumi.Input[builtins.bool]]):
|
944
945
|
pulumi.set(self, "discoverdn", value)
|
945
946
|
|
946
947
|
@property
|
947
948
|
@pulumi.getter
|
948
|
-
def groupattr(self) -> Optional[pulumi.Input[str]]:
|
949
|
+
def groupattr(self) -> Optional[pulumi.Input[builtins.str]]:
|
949
950
|
"""
|
950
951
|
LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
|
951
952
|
user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
|
@@ -953,24 +954,24 @@ class _SecretBackendState:
|
|
953
954
|
return pulumi.get(self, "groupattr")
|
954
955
|
|
955
956
|
@groupattr.setter
|
956
|
-
def groupattr(self, value: Optional[pulumi.Input[str]]):
|
957
|
+
def groupattr(self, value: Optional[pulumi.Input[builtins.str]]):
|
957
958
|
pulumi.set(self, "groupattr", value)
|
958
959
|
|
959
960
|
@property
|
960
961
|
@pulumi.getter
|
961
|
-
def groupdn(self) -> Optional[pulumi.Input[str]]:
|
962
|
+
def groupdn(self) -> Optional[pulumi.Input[builtins.str]]:
|
962
963
|
"""
|
963
964
|
LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
|
964
965
|
"""
|
965
966
|
return pulumi.get(self, "groupdn")
|
966
967
|
|
967
968
|
@groupdn.setter
|
968
|
-
def groupdn(self, value: Optional[pulumi.Input[str]]):
|
969
|
+
def groupdn(self, value: Optional[pulumi.Input[builtins.str]]):
|
969
970
|
pulumi.set(self, "groupdn", value)
|
970
971
|
|
971
972
|
@property
|
972
973
|
@pulumi.getter
|
973
|
-
def groupfilter(self) -> Optional[pulumi.Input[str]]:
|
974
|
+
def groupfilter(self) -> Optional[pulumi.Input[builtins.str]]:
|
974
975
|
"""
|
975
976
|
Go template for querying group membership of user (optional) The template can access
|
976
977
|
the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
|
@@ -978,12 +979,12 @@ class _SecretBackendState:
|
|
978
979
|
return pulumi.get(self, "groupfilter")
|
979
980
|
|
980
981
|
@groupfilter.setter
|
981
|
-
def groupfilter(self, value: Optional[pulumi.Input[str]]):
|
982
|
+
def groupfilter(self, value: Optional[pulumi.Input[builtins.str]]):
|
982
983
|
pulumi.set(self, "groupfilter", value)
|
983
984
|
|
984
985
|
@property
|
985
986
|
@pulumi.getter(name="insecureTls")
|
986
|
-
def insecure_tls(self) -> Optional[pulumi.Input[bool]]:
|
987
|
+
def insecure_tls(self) -> Optional[pulumi.Input[builtins.bool]]:
|
987
988
|
"""
|
988
989
|
Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
989
990
|
Defaults to `false`.
|
@@ -991,12 +992,12 @@ class _SecretBackendState:
|
|
991
992
|
return pulumi.get(self, "insecure_tls")
|
992
993
|
|
993
994
|
@insecure_tls.setter
|
994
|
-
def insecure_tls(self, value: Optional[pulumi.Input[bool]]):
|
995
|
+
def insecure_tls(self, value: Optional[pulumi.Input[builtins.bool]]):
|
995
996
|
pulumi.set(self, "insecure_tls", value)
|
996
997
|
|
997
998
|
@property
|
998
999
|
@pulumi.getter(name="lastRotationTolerance")
|
999
|
-
def last_rotation_tolerance(self) -> Optional[pulumi.Input[int]]:
|
1000
|
+
def last_rotation_tolerance(self) -> Optional[pulumi.Input[builtins.int]]:
|
1000
1001
|
"""
|
1001
1002
|
The number of seconds after a Vault rotation where, if Active Directory
|
1002
1003
|
shows a later rotation, it should be considered out-of-band
|
@@ -1004,12 +1005,12 @@ class _SecretBackendState:
|
|
1004
1005
|
return pulumi.get(self, "last_rotation_tolerance")
|
1005
1006
|
|
1006
1007
|
@last_rotation_tolerance.setter
|
1007
|
-
def last_rotation_tolerance(self, value: Optional[pulumi.Input[int]]):
|
1008
|
+
def last_rotation_tolerance(self, value: Optional[pulumi.Input[builtins.int]]):
|
1008
1009
|
pulumi.set(self, "last_rotation_tolerance", value)
|
1009
1010
|
|
1010
1011
|
@property
|
1011
1012
|
@pulumi.getter
|
1012
|
-
def local(self) -> Optional[pulumi.Input[bool]]:
|
1013
|
+
def local(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1013
1014
|
"""
|
1014
1015
|
Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
1015
1016
|
replication.Tolerance duration to use when checking the last rotation time.
|
@@ -1017,36 +1018,36 @@ class _SecretBackendState:
|
|
1017
1018
|
return pulumi.get(self, "local")
|
1018
1019
|
|
1019
1020
|
@local.setter
|
1020
|
-
def local(self, value: Optional[pulumi.Input[bool]]):
|
1021
|
+
def local(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1021
1022
|
pulumi.set(self, "local", value)
|
1022
1023
|
|
1023
1024
|
@property
|
1024
1025
|
@pulumi.getter(name="maxLeaseTtlSeconds")
|
1025
|
-
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
|
1026
|
+
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
|
1026
1027
|
"""
|
1027
1028
|
Maximum possible lease duration for secrets in seconds.
|
1028
1029
|
"""
|
1029
1030
|
return pulumi.get(self, "max_lease_ttl_seconds")
|
1030
1031
|
|
1031
1032
|
@max_lease_ttl_seconds.setter
|
1032
|
-
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
|
1033
|
+
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
|
1033
1034
|
pulumi.set(self, "max_lease_ttl_seconds", value)
|
1034
1035
|
|
1035
1036
|
@property
|
1036
1037
|
@pulumi.getter(name="maxTtl")
|
1037
|
-
def max_ttl(self) -> Optional[pulumi.Input[int]]:
|
1038
|
+
def max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
1038
1039
|
"""
|
1039
1040
|
In seconds, the maximum password time-to-live.
|
1040
1041
|
"""
|
1041
1042
|
return pulumi.get(self, "max_ttl")
|
1042
1043
|
|
1043
1044
|
@max_ttl.setter
|
1044
|
-
def max_ttl(self, value: Optional[pulumi.Input[int]]):
|
1045
|
+
def max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
1045
1046
|
pulumi.set(self, "max_ttl", value)
|
1046
1047
|
|
1047
1048
|
@property
|
1048
1049
|
@pulumi.getter
|
1049
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
1050
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
1050
1051
|
"""
|
1051
1052
|
The namespace to provision the resource in.
|
1052
1053
|
The value should not contain leading or trailing forward slashes.
|
@@ -1056,24 +1057,24 @@ class _SecretBackendState:
|
|
1056
1057
|
return pulumi.get(self, "namespace")
|
1057
1058
|
|
1058
1059
|
@namespace.setter
|
1059
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
1060
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
1060
1061
|
pulumi.set(self, "namespace", value)
|
1061
1062
|
|
1062
1063
|
@property
|
1063
1064
|
@pulumi.getter(name="passwordPolicy")
|
1064
|
-
def password_policy(self) -> Optional[pulumi.Input[str]]:
|
1065
|
+
def password_policy(self) -> Optional[pulumi.Input[builtins.str]]:
|
1065
1066
|
"""
|
1066
1067
|
Name of the password policy to use to generate passwords.
|
1067
1068
|
"""
|
1068
1069
|
return pulumi.get(self, "password_policy")
|
1069
1070
|
|
1070
1071
|
@password_policy.setter
|
1071
|
-
def password_policy(self, value: Optional[pulumi.Input[str]]):
|
1072
|
+
def password_policy(self, value: Optional[pulumi.Input[builtins.str]]):
|
1072
1073
|
pulumi.set(self, "password_policy", value)
|
1073
1074
|
|
1074
1075
|
@property
|
1075
1076
|
@pulumi.getter(name="requestTimeout")
|
1076
|
-
def request_timeout(self) -> Optional[pulumi.Input[int]]:
|
1077
|
+
def request_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
|
1077
1078
|
"""
|
1078
1079
|
Timeout, in seconds, for the connection when making requests against the server
|
1079
1080
|
before returning back an error.
|
@@ -1081,24 +1082,24 @@ class _SecretBackendState:
|
|
1081
1082
|
return pulumi.get(self, "request_timeout")
|
1082
1083
|
|
1083
1084
|
@request_timeout.setter
|
1084
|
-
def request_timeout(self, value: Optional[pulumi.Input[int]]):
|
1085
|
+
def request_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
|
1085
1086
|
pulumi.set(self, "request_timeout", value)
|
1086
1087
|
|
1087
1088
|
@property
|
1088
1089
|
@pulumi.getter
|
1089
|
-
def starttls(self) -> Optional[pulumi.Input[bool]]:
|
1090
|
+
def starttls(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1090
1091
|
"""
|
1091
1092
|
Issue a StartTLS command after establishing unencrypted connection.
|
1092
1093
|
"""
|
1093
1094
|
return pulumi.get(self, "starttls")
|
1094
1095
|
|
1095
1096
|
@starttls.setter
|
1096
|
-
def starttls(self, value: Optional[pulumi.Input[bool]]):
|
1097
|
+
def starttls(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1097
1098
|
pulumi.set(self, "starttls", value)
|
1098
1099
|
|
1099
1100
|
@property
|
1100
1101
|
@pulumi.getter(name="tlsMaxVersion")
|
1101
|
-
def tls_max_version(self) -> Optional[pulumi.Input[str]]:
|
1102
|
+
def tls_max_version(self) -> Optional[pulumi.Input[builtins.str]]:
|
1102
1103
|
"""
|
1103
1104
|
Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
|
1104
1105
|
`tls12` or `tls13`. Defaults to `tls12`.
|
@@ -1106,12 +1107,12 @@ class _SecretBackendState:
|
|
1106
1107
|
return pulumi.get(self, "tls_max_version")
|
1107
1108
|
|
1108
1109
|
@tls_max_version.setter
|
1109
|
-
def tls_max_version(self, value: Optional[pulumi.Input[str]]):
|
1110
|
+
def tls_max_version(self, value: Optional[pulumi.Input[builtins.str]]):
|
1110
1111
|
pulumi.set(self, "tls_max_version", value)
|
1111
1112
|
|
1112
1113
|
@property
|
1113
1114
|
@pulumi.getter(name="tlsMinVersion")
|
1114
|
-
def tls_min_version(self) -> Optional[pulumi.Input[str]]:
|
1115
|
+
def tls_min_version(self) -> Optional[pulumi.Input[builtins.str]]:
|
1115
1116
|
"""
|
1116
1117
|
Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
|
1117
1118
|
`tls12` or `tls13`. Defaults to `tls12`.
|
@@ -1119,36 +1120,36 @@ class _SecretBackendState:
|
|
1119
1120
|
return pulumi.get(self, "tls_min_version")
|
1120
1121
|
|
1121
1122
|
@tls_min_version.setter
|
1122
|
-
def tls_min_version(self, value: Optional[pulumi.Input[str]]):
|
1123
|
+
def tls_min_version(self, value: Optional[pulumi.Input[builtins.str]]):
|
1123
1124
|
pulumi.set(self, "tls_min_version", value)
|
1124
1125
|
|
1125
1126
|
@property
|
1126
1127
|
@pulumi.getter
|
1127
|
-
def ttl(self) -> Optional[pulumi.Input[int]]:
|
1128
|
+
def ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
1128
1129
|
"""
|
1129
1130
|
In seconds, the default password time-to-live.
|
1130
1131
|
"""
|
1131
1132
|
return pulumi.get(self, "ttl")
|
1132
1133
|
|
1133
1134
|
@ttl.setter
|
1134
|
-
def ttl(self, value: Optional[pulumi.Input[int]]):
|
1135
|
+
def ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
1135
1136
|
pulumi.set(self, "ttl", value)
|
1136
1137
|
|
1137
1138
|
@property
|
1138
1139
|
@pulumi.getter
|
1139
|
-
def upndomain(self) -> Optional[pulumi.Input[str]]:
|
1140
|
+
def upndomain(self) -> Optional[pulumi.Input[builtins.str]]:
|
1140
1141
|
"""
|
1141
1142
|
Enables userPrincipalDomain login with [username]@UPNDomain.
|
1142
1143
|
"""
|
1143
1144
|
return pulumi.get(self, "upndomain")
|
1144
1145
|
|
1145
1146
|
@upndomain.setter
|
1146
|
-
def upndomain(self, value: Optional[pulumi.Input[str]]):
|
1147
|
+
def upndomain(self, value: Optional[pulumi.Input[builtins.str]]):
|
1147
1148
|
pulumi.set(self, "upndomain", value)
|
1148
1149
|
|
1149
1150
|
@property
|
1150
1151
|
@pulumi.getter
|
1151
|
-
def url(self) -> Optional[pulumi.Input[str]]:
|
1152
|
+
def url(self) -> Optional[pulumi.Input[builtins.str]]:
|
1152
1153
|
"""
|
1153
1154
|
LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
1154
1155
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
@@ -1156,12 +1157,12 @@ class _SecretBackendState:
|
|
1156
1157
|
return pulumi.get(self, "url")
|
1157
1158
|
|
1158
1159
|
@url.setter
|
1159
|
-
def url(self, value: Optional[pulumi.Input[str]]):
|
1160
|
+
def url(self, value: Optional[pulumi.Input[builtins.str]]):
|
1160
1161
|
pulumi.set(self, "url", value)
|
1161
1162
|
|
1162
1163
|
@property
|
1163
1164
|
@pulumi.getter(name="usePre111GroupCnBehavior")
|
1164
|
-
def use_pre111_group_cn_behavior(self) -> Optional[pulumi.Input[bool]]:
|
1165
|
+
def use_pre111_group_cn_behavior(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1165
1166
|
"""
|
1166
1167
|
In Vault 1.1.1 a fix for handling group CN values of
|
1167
1168
|
different cases unfortunately introduced a regression that could cause previously defined groups
|
@@ -1173,12 +1174,12 @@ class _SecretBackendState:
|
|
1173
1174
|
return pulumi.get(self, "use_pre111_group_cn_behavior")
|
1174
1175
|
|
1175
1176
|
@use_pre111_group_cn_behavior.setter
|
1176
|
-
def use_pre111_group_cn_behavior(self, value: Optional[pulumi.Input[bool]]):
|
1177
|
+
def use_pre111_group_cn_behavior(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1177
1178
|
pulumi.set(self, "use_pre111_group_cn_behavior", value)
|
1178
1179
|
|
1179
1180
|
@property
|
1180
1181
|
@pulumi.getter(name="useTokenGroups")
|
1181
|
-
def use_token_groups(self) -> Optional[pulumi.Input[bool]]:
|
1182
|
+
def use_token_groups(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1182
1183
|
"""
|
1183
1184
|
If true, use the Active Directory tokenGroups constructed attribute of the
|
1184
1185
|
user to find the group memberships. This will find all security groups including nested ones.
|
@@ -1186,31 +1187,31 @@ class _SecretBackendState:
|
|
1186
1187
|
return pulumi.get(self, "use_token_groups")
|
1187
1188
|
|
1188
1189
|
@use_token_groups.setter
|
1189
|
-
def use_token_groups(self, value: Optional[pulumi.Input[bool]]):
|
1190
|
+
def use_token_groups(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1190
1191
|
pulumi.set(self, "use_token_groups", value)
|
1191
1192
|
|
1192
1193
|
@property
|
1193
1194
|
@pulumi.getter
|
1194
|
-
def userattr(self) -> Optional[pulumi.Input[str]]:
|
1195
|
+
def userattr(self) -> Optional[pulumi.Input[builtins.str]]:
|
1195
1196
|
"""
|
1196
1197
|
Attribute used when searching users. Defaults to `cn`.
|
1197
1198
|
"""
|
1198
1199
|
return pulumi.get(self, "userattr")
|
1199
1200
|
|
1200
1201
|
@userattr.setter
|
1201
|
-
def userattr(self, value: Optional[pulumi.Input[str]]):
|
1202
|
+
def userattr(self, value: Optional[pulumi.Input[builtins.str]]):
|
1202
1203
|
pulumi.set(self, "userattr", value)
|
1203
1204
|
|
1204
1205
|
@property
|
1205
1206
|
@pulumi.getter
|
1206
|
-
def userdn(self) -> Optional[pulumi.Input[str]]:
|
1207
|
+
def userdn(self) -> Optional[pulumi.Input[builtins.str]]:
|
1207
1208
|
"""
|
1208
1209
|
LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
1209
1210
|
"""
|
1210
1211
|
return pulumi.get(self, "userdn")
|
1211
1212
|
|
1212
1213
|
@userdn.setter
|
1213
|
-
def userdn(self, value: Optional[pulumi.Input[str]]):
|
1214
|
+
def userdn(self, value: Optional[pulumi.Input[builtins.str]]):
|
1214
1215
|
pulumi.set(self, "userdn", value)
|
1215
1216
|
|
1216
1217
|
|
@@ -1219,40 +1220,40 @@ class SecretBackend(pulumi.CustomResource):
|
|
1219
1220
|
def __init__(__self__,
|
1220
1221
|
resource_name: str,
|
1221
1222
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1222
|
-
anonymous_group_search: Optional[pulumi.Input[bool]] = None,
|
1223
|
-
backend: Optional[pulumi.Input[str]] = None,
|
1224
|
-
binddn: Optional[pulumi.Input[str]] = None,
|
1225
|
-
bindpass: Optional[pulumi.Input[str]] = None,
|
1226
|
-
case_sensitive_names: Optional[pulumi.Input[bool]] = None,
|
1227
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
1228
|
-
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
1229
|
-
client_tls_key: Optional[pulumi.Input[str]] = None,
|
1230
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1231
|
-
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
1232
|
-
description: Optional[pulumi.Input[str]] = None,
|
1233
|
-
disable_remount: Optional[pulumi.Input[bool]] = None,
|
1234
|
-
discoverdn: Optional[pulumi.Input[bool]] = None,
|
1235
|
-
groupattr: Optional[pulumi.Input[str]] = None,
|
1236
|
-
groupdn: Optional[pulumi.Input[str]] = None,
|
1237
|
-
groupfilter: Optional[pulumi.Input[str]] = None,
|
1238
|
-
insecure_tls: Optional[pulumi.Input[bool]] = None,
|
1239
|
-
last_rotation_tolerance: Optional[pulumi.Input[int]] = None,
|
1240
|
-
local: Optional[pulumi.Input[bool]] = None,
|
1241
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1242
|
-
max_ttl: Optional[pulumi.Input[int]] = None,
|
1243
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1244
|
-
password_policy: Optional[pulumi.Input[str]] = None,
|
1245
|
-
request_timeout: Optional[pulumi.Input[int]] = None,
|
1246
|
-
starttls: Optional[pulumi.Input[bool]] = None,
|
1247
|
-
tls_max_version: Optional[pulumi.Input[str]] = None,
|
1248
|
-
tls_min_version: Optional[pulumi.Input[str]] = None,
|
1249
|
-
ttl: Optional[pulumi.Input[int]] = None,
|
1250
|
-
upndomain: Optional[pulumi.Input[str]] = None,
|
1251
|
-
url: Optional[pulumi.Input[str]] = None,
|
1252
|
-
use_pre111_group_cn_behavior: Optional[pulumi.Input[bool]] = None,
|
1253
|
-
use_token_groups: Optional[pulumi.Input[bool]] = None,
|
1254
|
-
userattr: Optional[pulumi.Input[str]] = None,
|
1255
|
-
userdn: Optional[pulumi.Input[str]] = None,
|
1223
|
+
anonymous_group_search: Optional[pulumi.Input[builtins.bool]] = None,
|
1224
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
1225
|
+
binddn: Optional[pulumi.Input[builtins.str]] = None,
|
1226
|
+
bindpass: Optional[pulumi.Input[builtins.str]] = None,
|
1227
|
+
case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
|
1228
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
1229
|
+
client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
|
1230
|
+
client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
|
1231
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1232
|
+
deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
|
1233
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
1234
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
1235
|
+
discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
|
1236
|
+
groupattr: Optional[pulumi.Input[builtins.str]] = None,
|
1237
|
+
groupdn: Optional[pulumi.Input[builtins.str]] = None,
|
1238
|
+
groupfilter: Optional[pulumi.Input[builtins.str]] = None,
|
1239
|
+
insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
|
1240
|
+
last_rotation_tolerance: Optional[pulumi.Input[builtins.int]] = None,
|
1241
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
1242
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1243
|
+
max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1244
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1245
|
+
password_policy: Optional[pulumi.Input[builtins.str]] = None,
|
1246
|
+
request_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
1247
|
+
starttls: Optional[pulumi.Input[builtins.bool]] = None,
|
1248
|
+
tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
|
1249
|
+
tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
|
1250
|
+
ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1251
|
+
upndomain: Optional[pulumi.Input[builtins.str]] = None,
|
1252
|
+
url: Optional[pulumi.Input[builtins.str]] = None,
|
1253
|
+
use_pre111_group_cn_behavior: Optional[pulumi.Input[builtins.bool]] = None,
|
1254
|
+
use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
|
1255
|
+
userattr: Optional[pulumi.Input[builtins.str]] = None,
|
1256
|
+
userdn: Optional[pulumi.Input[builtins.str]] = None,
|
1256
1257
|
__props__=None):
|
1257
1258
|
"""
|
1258
1259
|
## Example Usage
|
@@ -1280,64 +1281,64 @@ class SecretBackend(pulumi.CustomResource):
|
|
1280
1281
|
|
1281
1282
|
:param str resource_name: The name of the resource.
|
1282
1283
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1283
|
-
:param pulumi.Input[bool] anonymous_group_search: Use anonymous binds when performing LDAP group searches
|
1284
|
+
:param pulumi.Input[builtins.bool] anonymous_group_search: Use anonymous binds when performing LDAP group searches
|
1284
1285
|
(if true the initial credentials will still be used for the initial connection test).
|
1285
|
-
:param pulumi.Input[str] backend: The unique path this backend should be mounted at. Must
|
1286
|
+
:param pulumi.Input[builtins.str] backend: The unique path this backend should be mounted at. Must
|
1286
1287
|
not begin or end with a `/`. Defaults to `ad`.
|
1287
|
-
:param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
|
1288
|
-
:param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
|
1289
|
-
:param pulumi.Input[bool] case_sensitive_names: If set, user and group names assigned to policies within the
|
1288
|
+
:param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
|
1289
|
+
:param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
|
1290
|
+
:param pulumi.Input[builtins.bool] case_sensitive_names: If set, user and group names assigned to policies within the
|
1290
1291
|
backend will be case sensitive. Otherwise, names will be normalized to lower case.
|
1291
|
-
:param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
1292
|
+
:param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
1292
1293
|
x509 PEM encoded.
|
1293
|
-
:param pulumi.Input[str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
1294
|
-
:param pulumi.Input[str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
1295
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
1296
|
-
:param pulumi.Input[bool] deny_null_bind: Denies an unauthenticated LDAP bind request if the user's password is empty;
|
1294
|
+
:param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
1295
|
+
:param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
1296
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
1297
|
+
:param pulumi.Input[builtins.bool] deny_null_bind: Denies an unauthenticated LDAP bind request if the user's password is empty;
|
1297
1298
|
defaults to true.
|
1298
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
|
1299
|
-
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
1299
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
|
1300
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
1300
1301
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
1301
|
-
:param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
|
1302
|
-
:param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
|
1302
|
+
:param pulumi.Input[builtins.bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
|
1303
|
+
:param pulumi.Input[builtins.str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
|
1303
1304
|
user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
|
1304
|
-
:param pulumi.Input[str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
|
1305
|
-
:param pulumi.Input[str] groupfilter: Go template for querying group membership of user (optional) The template can access
|
1305
|
+
:param pulumi.Input[builtins.str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
|
1306
|
+
:param pulumi.Input[builtins.str] groupfilter: Go template for querying group membership of user (optional) The template can access
|
1306
1307
|
the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
|
1307
|
-
:param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
1308
|
+
:param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
1308
1309
|
Defaults to `false`.
|
1309
|
-
:param pulumi.Input[int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
|
1310
|
+
:param pulumi.Input[builtins.int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
|
1310
1311
|
shows a later rotation, it should be considered out-of-band
|
1311
|
-
:param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
1312
|
+
:param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
1312
1313
|
replication.Tolerance duration to use when checking the last rotation time.
|
1313
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
1314
|
-
:param pulumi.Input[int] max_ttl: In seconds, the maximum password time-to-live.
|
1315
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1314
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
1315
|
+
:param pulumi.Input[builtins.int] max_ttl: In seconds, the maximum password time-to-live.
|
1316
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1316
1317
|
The value should not contain leading or trailing forward slashes.
|
1317
1318
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1318
1319
|
*Available only for Vault Enterprise*.
|
1319
|
-
:param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
|
1320
|
-
:param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
1320
|
+
:param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
|
1321
|
+
:param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
1321
1322
|
before returning back an error.
|
1322
|
-
:param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
1323
|
-
:param pulumi.Input[str] tls_max_version: Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
|
1323
|
+
:param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
1324
|
+
:param pulumi.Input[builtins.str] tls_max_version: Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
|
1324
1325
|
`tls12` or `tls13`. Defaults to `tls12`.
|
1325
|
-
:param pulumi.Input[str] tls_min_version: Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
|
1326
|
+
:param pulumi.Input[builtins.str] tls_min_version: Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
|
1326
1327
|
`tls12` or `tls13`. Defaults to `tls12`.
|
1327
|
-
:param pulumi.Input[int] ttl: In seconds, the default password time-to-live.
|
1328
|
-
:param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
1329
|
-
:param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
1328
|
+
:param pulumi.Input[builtins.int] ttl: In seconds, the default password time-to-live.
|
1329
|
+
:param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
1330
|
+
:param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
1330
1331
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
1331
|
-
:param pulumi.Input[bool] use_pre111_group_cn_behavior: In Vault 1.1.1 a fix for handling group CN values of
|
1332
|
+
:param pulumi.Input[builtins.bool] use_pre111_group_cn_behavior: In Vault 1.1.1 a fix for handling group CN values of
|
1332
1333
|
different cases unfortunately introduced a regression that could cause previously defined groups
|
1333
1334
|
to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
|
1334
1335
|
matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
|
1335
1336
|
compatibility. It is enabled by default if the config is upgraded but disabled by default on
|
1336
1337
|
new configurations.
|
1337
|
-
:param pulumi.Input[bool] use_token_groups: If true, use the Active Directory tokenGroups constructed attribute of the
|
1338
|
+
:param pulumi.Input[builtins.bool] use_token_groups: If true, use the Active Directory tokenGroups constructed attribute of the
|
1338
1339
|
user to find the group memberships. This will find all security groups including nested ones.
|
1339
|
-
:param pulumi.Input[str] userattr: Attribute used when searching users. Defaults to `cn`.
|
1340
|
-
:param pulumi.Input[str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
1340
|
+
:param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
|
1341
|
+
:param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
1341
1342
|
"""
|
1342
1343
|
...
|
1343
1344
|
@overload
|
@@ -1384,40 +1385,40 @@ class SecretBackend(pulumi.CustomResource):
|
|
1384
1385
|
def _internal_init(__self__,
|
1385
1386
|
resource_name: str,
|
1386
1387
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1387
|
-
anonymous_group_search: Optional[pulumi.Input[bool]] = None,
|
1388
|
-
backend: Optional[pulumi.Input[str]] = None,
|
1389
|
-
binddn: Optional[pulumi.Input[str]] = None,
|
1390
|
-
bindpass: Optional[pulumi.Input[str]] = None,
|
1391
|
-
case_sensitive_names: Optional[pulumi.Input[bool]] = None,
|
1392
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
1393
|
-
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
1394
|
-
client_tls_key: Optional[pulumi.Input[str]] = None,
|
1395
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1396
|
-
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
1397
|
-
description: Optional[pulumi.Input[str]] = None,
|
1398
|
-
disable_remount: Optional[pulumi.Input[bool]] = None,
|
1399
|
-
discoverdn: Optional[pulumi.Input[bool]] = None,
|
1400
|
-
groupattr: Optional[pulumi.Input[str]] = None,
|
1401
|
-
groupdn: Optional[pulumi.Input[str]] = None,
|
1402
|
-
groupfilter: Optional[pulumi.Input[str]] = None,
|
1403
|
-
insecure_tls: Optional[pulumi.Input[bool]] = None,
|
1404
|
-
last_rotation_tolerance: Optional[pulumi.Input[int]] = None,
|
1405
|
-
local: Optional[pulumi.Input[bool]] = None,
|
1406
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1407
|
-
max_ttl: Optional[pulumi.Input[int]] = None,
|
1408
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1409
|
-
password_policy: Optional[pulumi.Input[str]] = None,
|
1410
|
-
request_timeout: Optional[pulumi.Input[int]] = None,
|
1411
|
-
starttls: Optional[pulumi.Input[bool]] = None,
|
1412
|
-
tls_max_version: Optional[pulumi.Input[str]] = None,
|
1413
|
-
tls_min_version: Optional[pulumi.Input[str]] = None,
|
1414
|
-
ttl: Optional[pulumi.Input[int]] = None,
|
1415
|
-
upndomain: Optional[pulumi.Input[str]] = None,
|
1416
|
-
url: Optional[pulumi.Input[str]] = None,
|
1417
|
-
use_pre111_group_cn_behavior: Optional[pulumi.Input[bool]] = None,
|
1418
|
-
use_token_groups: Optional[pulumi.Input[bool]] = None,
|
1419
|
-
userattr: Optional[pulumi.Input[str]] = None,
|
1420
|
-
userdn: Optional[pulumi.Input[str]] = None,
|
1388
|
+
anonymous_group_search: Optional[pulumi.Input[builtins.bool]] = None,
|
1389
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
1390
|
+
binddn: Optional[pulumi.Input[builtins.str]] = None,
|
1391
|
+
bindpass: Optional[pulumi.Input[builtins.str]] = None,
|
1392
|
+
case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
|
1393
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
1394
|
+
client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
|
1395
|
+
client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
|
1396
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1397
|
+
deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
|
1398
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
1399
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
1400
|
+
discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
|
1401
|
+
groupattr: Optional[pulumi.Input[builtins.str]] = None,
|
1402
|
+
groupdn: Optional[pulumi.Input[builtins.str]] = None,
|
1403
|
+
groupfilter: Optional[pulumi.Input[builtins.str]] = None,
|
1404
|
+
insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
|
1405
|
+
last_rotation_tolerance: Optional[pulumi.Input[builtins.int]] = None,
|
1406
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
1407
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1408
|
+
max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1409
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1410
|
+
password_policy: Optional[pulumi.Input[builtins.str]] = None,
|
1411
|
+
request_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
1412
|
+
starttls: Optional[pulumi.Input[builtins.bool]] = None,
|
1413
|
+
tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
|
1414
|
+
tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
|
1415
|
+
ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1416
|
+
upndomain: Optional[pulumi.Input[builtins.str]] = None,
|
1417
|
+
url: Optional[pulumi.Input[builtins.str]] = None,
|
1418
|
+
use_pre111_group_cn_behavior: Optional[pulumi.Input[builtins.bool]] = None,
|
1419
|
+
use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
|
1420
|
+
userattr: Optional[pulumi.Input[builtins.str]] = None,
|
1421
|
+
userdn: Optional[pulumi.Input[builtins.str]] = None,
|
1421
1422
|
__props__=None):
|
1422
1423
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
1423
1424
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -1477,40 +1478,40 @@ class SecretBackend(pulumi.CustomResource):
|
|
1477
1478
|
def get(resource_name: str,
|
1478
1479
|
id: pulumi.Input[str],
|
1479
1480
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1480
|
-
anonymous_group_search: Optional[pulumi.Input[bool]] = None,
|
1481
|
-
backend: Optional[pulumi.Input[str]] = None,
|
1482
|
-
binddn: Optional[pulumi.Input[str]] = None,
|
1483
|
-
bindpass: Optional[pulumi.Input[str]] = None,
|
1484
|
-
case_sensitive_names: Optional[pulumi.Input[bool]] = None,
|
1485
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
1486
|
-
client_tls_cert: Optional[pulumi.Input[str]] = None,
|
1487
|
-
client_tls_key: Optional[pulumi.Input[str]] = None,
|
1488
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1489
|
-
deny_null_bind: Optional[pulumi.Input[bool]] = None,
|
1490
|
-
description: Optional[pulumi.Input[str]] = None,
|
1491
|
-
disable_remount: Optional[pulumi.Input[bool]] = None,
|
1492
|
-
discoverdn: Optional[pulumi.Input[bool]] = None,
|
1493
|
-
groupattr: Optional[pulumi.Input[str]] = None,
|
1494
|
-
groupdn: Optional[pulumi.Input[str]] = None,
|
1495
|
-
groupfilter: Optional[pulumi.Input[str]] = None,
|
1496
|
-
insecure_tls: Optional[pulumi.Input[bool]] = None,
|
1497
|
-
last_rotation_tolerance: Optional[pulumi.Input[int]] = None,
|
1498
|
-
local: Optional[pulumi.Input[bool]] = None,
|
1499
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
|
1500
|
-
max_ttl: Optional[pulumi.Input[int]] = None,
|
1501
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1502
|
-
password_policy: Optional[pulumi.Input[str]] = None,
|
1503
|
-
request_timeout: Optional[pulumi.Input[int]] = None,
|
1504
|
-
starttls: Optional[pulumi.Input[bool]] = None,
|
1505
|
-
tls_max_version: Optional[pulumi.Input[str]] = None,
|
1506
|
-
tls_min_version: Optional[pulumi.Input[str]] = None,
|
1507
|
-
ttl: Optional[pulumi.Input[int]] = None,
|
1508
|
-
upndomain: Optional[pulumi.Input[str]] = None,
|
1509
|
-
url: Optional[pulumi.Input[str]] = None,
|
1510
|
-
use_pre111_group_cn_behavior: Optional[pulumi.Input[bool]] = None,
|
1511
|
-
use_token_groups: Optional[pulumi.Input[bool]] = None,
|
1512
|
-
userattr: Optional[pulumi.Input[str]] = None,
|
1513
|
-
userdn: Optional[pulumi.Input[str]] = None) -> 'SecretBackend':
|
1481
|
+
anonymous_group_search: Optional[pulumi.Input[builtins.bool]] = None,
|
1482
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
1483
|
+
binddn: Optional[pulumi.Input[builtins.str]] = None,
|
1484
|
+
bindpass: Optional[pulumi.Input[builtins.str]] = None,
|
1485
|
+
case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
|
1486
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
1487
|
+
client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
|
1488
|
+
client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
|
1489
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1490
|
+
deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
|
1491
|
+
description: Optional[pulumi.Input[builtins.str]] = None,
|
1492
|
+
disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
|
1493
|
+
discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
|
1494
|
+
groupattr: Optional[pulumi.Input[builtins.str]] = None,
|
1495
|
+
groupdn: Optional[pulumi.Input[builtins.str]] = None,
|
1496
|
+
groupfilter: Optional[pulumi.Input[builtins.str]] = None,
|
1497
|
+
insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
|
1498
|
+
last_rotation_tolerance: Optional[pulumi.Input[builtins.int]] = None,
|
1499
|
+
local: Optional[pulumi.Input[builtins.bool]] = None,
|
1500
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
|
1501
|
+
max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1502
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1503
|
+
password_policy: Optional[pulumi.Input[builtins.str]] = None,
|
1504
|
+
request_timeout: Optional[pulumi.Input[builtins.int]] = None,
|
1505
|
+
starttls: Optional[pulumi.Input[builtins.bool]] = None,
|
1506
|
+
tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
|
1507
|
+
tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
|
1508
|
+
ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1509
|
+
upndomain: Optional[pulumi.Input[builtins.str]] = None,
|
1510
|
+
url: Optional[pulumi.Input[builtins.str]] = None,
|
1511
|
+
use_pre111_group_cn_behavior: Optional[pulumi.Input[builtins.bool]] = None,
|
1512
|
+
use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
|
1513
|
+
userattr: Optional[pulumi.Input[builtins.str]] = None,
|
1514
|
+
userdn: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackend':
|
1514
1515
|
"""
|
1515
1516
|
Get an existing SecretBackend resource's state with the given name, id, and optional extra
|
1516
1517
|
properties used to qualify the lookup.
|
@@ -1518,64 +1519,64 @@ class SecretBackend(pulumi.CustomResource):
|
|
1518
1519
|
:param str resource_name: The unique name of the resulting resource.
|
1519
1520
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
1520
1521
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1521
|
-
:param pulumi.Input[bool] anonymous_group_search: Use anonymous binds when performing LDAP group searches
|
1522
|
+
:param pulumi.Input[builtins.bool] anonymous_group_search: Use anonymous binds when performing LDAP group searches
|
1522
1523
|
(if true the initial credentials will still be used for the initial connection test).
|
1523
|
-
:param pulumi.Input[str] backend: The unique path this backend should be mounted at. Must
|
1524
|
+
:param pulumi.Input[builtins.str] backend: The unique path this backend should be mounted at. Must
|
1524
1525
|
not begin or end with a `/`. Defaults to `ad`.
|
1525
|
-
:param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
|
1526
|
-
:param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
|
1527
|
-
:param pulumi.Input[bool] case_sensitive_names: If set, user and group names assigned to policies within the
|
1526
|
+
:param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
|
1527
|
+
:param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
|
1528
|
+
:param pulumi.Input[builtins.bool] case_sensitive_names: If set, user and group names assigned to policies within the
|
1528
1529
|
backend will be case sensitive. Otherwise, names will be normalized to lower case.
|
1529
|
-
:param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
1530
|
+
:param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
1530
1531
|
x509 PEM encoded.
|
1531
|
-
:param pulumi.Input[str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
1532
|
-
:param pulumi.Input[str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
1533
|
-
:param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
1534
|
-
:param pulumi.Input[bool] deny_null_bind: Denies an unauthenticated LDAP bind request if the user's password is empty;
|
1532
|
+
:param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
1533
|
+
:param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
1534
|
+
:param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
1535
|
+
:param pulumi.Input[builtins.bool] deny_null_bind: Denies an unauthenticated LDAP bind request if the user's password is empty;
|
1535
1536
|
defaults to true.
|
1536
|
-
:param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
|
1537
|
-
:param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
|
1537
|
+
:param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
|
1538
|
+
:param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
1538
1539
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
1539
|
-
:param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
|
1540
|
-
:param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
|
1540
|
+
:param pulumi.Input[builtins.bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
|
1541
|
+
:param pulumi.Input[builtins.str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
|
1541
1542
|
user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
|
1542
|
-
:param pulumi.Input[str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
|
1543
|
-
:param pulumi.Input[str] groupfilter: Go template for querying group membership of user (optional) The template can access
|
1543
|
+
:param pulumi.Input[builtins.str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
|
1544
|
+
:param pulumi.Input[builtins.str] groupfilter: Go template for querying group membership of user (optional) The template can access
|
1544
1545
|
the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
|
1545
|
-
:param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
1546
|
+
:param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
1546
1547
|
Defaults to `false`.
|
1547
|
-
:param pulumi.Input[int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
|
1548
|
+
:param pulumi.Input[builtins.int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
|
1548
1549
|
shows a later rotation, it should be considered out-of-band
|
1549
|
-
:param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
1550
|
+
:param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
1550
1551
|
replication.Tolerance duration to use when checking the last rotation time.
|
1551
|
-
:param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
1552
|
-
:param pulumi.Input[int] max_ttl: In seconds, the maximum password time-to-live.
|
1553
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1552
|
+
:param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
1553
|
+
:param pulumi.Input[builtins.int] max_ttl: In seconds, the maximum password time-to-live.
|
1554
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1554
1555
|
The value should not contain leading or trailing forward slashes.
|
1555
1556
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1556
1557
|
*Available only for Vault Enterprise*.
|
1557
|
-
:param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
|
1558
|
-
:param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
1558
|
+
:param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
|
1559
|
+
:param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
1559
1560
|
before returning back an error.
|
1560
|
-
:param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
1561
|
-
:param pulumi.Input[str] tls_max_version: Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
|
1561
|
+
:param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
1562
|
+
:param pulumi.Input[builtins.str] tls_max_version: Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
|
1562
1563
|
`tls12` or `tls13`. Defaults to `tls12`.
|
1563
|
-
:param pulumi.Input[str] tls_min_version: Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
|
1564
|
+
:param pulumi.Input[builtins.str] tls_min_version: Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
|
1564
1565
|
`tls12` or `tls13`. Defaults to `tls12`.
|
1565
|
-
:param pulumi.Input[int] ttl: In seconds, the default password time-to-live.
|
1566
|
-
:param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
1567
|
-
:param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
1566
|
+
:param pulumi.Input[builtins.int] ttl: In seconds, the default password time-to-live.
|
1567
|
+
:param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
1568
|
+
:param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
1568
1569
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
1569
|
-
:param pulumi.Input[bool] use_pre111_group_cn_behavior: In Vault 1.1.1 a fix for handling group CN values of
|
1570
|
+
:param pulumi.Input[builtins.bool] use_pre111_group_cn_behavior: In Vault 1.1.1 a fix for handling group CN values of
|
1570
1571
|
different cases unfortunately introduced a regression that could cause previously defined groups
|
1571
1572
|
to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
|
1572
1573
|
matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
|
1573
1574
|
compatibility. It is enabled by default if the config is upgraded but disabled by default on
|
1574
1575
|
new configurations.
|
1575
|
-
:param pulumi.Input[bool] use_token_groups: If true, use the Active Directory tokenGroups constructed attribute of the
|
1576
|
+
:param pulumi.Input[builtins.bool] use_token_groups: If true, use the Active Directory tokenGroups constructed attribute of the
|
1576
1577
|
user to find the group memberships. This will find all security groups including nested ones.
|
1577
|
-
:param pulumi.Input[str] userattr: Attribute used when searching users. Defaults to `cn`.
|
1578
|
-
:param pulumi.Input[str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
1578
|
+
:param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
|
1579
|
+
:param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
1579
1580
|
"""
|
1580
1581
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
1581
1582
|
|
@@ -1619,7 +1620,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1619
1620
|
|
1620
1621
|
@property
|
1621
1622
|
@pulumi.getter(name="anonymousGroupSearch")
|
1622
|
-
def anonymous_group_search(self) -> pulumi.Output[Optional[bool]]:
|
1623
|
+
def anonymous_group_search(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1623
1624
|
"""
|
1624
1625
|
Use anonymous binds when performing LDAP group searches
|
1625
1626
|
(if true the initial credentials will still be used for the initial connection test).
|
@@ -1628,7 +1629,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1628
1629
|
|
1629
1630
|
@property
|
1630
1631
|
@pulumi.getter
|
1631
|
-
def backend(self) -> pulumi.Output[Optional[str]]:
|
1632
|
+
def backend(self) -> pulumi.Output[Optional[builtins.str]]:
|
1632
1633
|
"""
|
1633
1634
|
The unique path this backend should be mounted at. Must
|
1634
1635
|
not begin or end with a `/`. Defaults to `ad`.
|
@@ -1637,7 +1638,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1637
1638
|
|
1638
1639
|
@property
|
1639
1640
|
@pulumi.getter
|
1640
|
-
def binddn(self) -> pulumi.Output[str]:
|
1641
|
+
def binddn(self) -> pulumi.Output[builtins.str]:
|
1641
1642
|
"""
|
1642
1643
|
Distinguished name of object to bind when performing user and group search.
|
1643
1644
|
"""
|
@@ -1645,7 +1646,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1645
1646
|
|
1646
1647
|
@property
|
1647
1648
|
@pulumi.getter
|
1648
|
-
def bindpass(self) -> pulumi.Output[str]:
|
1649
|
+
def bindpass(self) -> pulumi.Output[builtins.str]:
|
1649
1650
|
"""
|
1650
1651
|
Password to use along with binddn when performing user search.
|
1651
1652
|
"""
|
@@ -1653,7 +1654,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1653
1654
|
|
1654
1655
|
@property
|
1655
1656
|
@pulumi.getter(name="caseSensitiveNames")
|
1656
|
-
def case_sensitive_names(self) -> pulumi.Output[Optional[bool]]:
|
1657
|
+
def case_sensitive_names(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1657
1658
|
"""
|
1658
1659
|
If set, user and group names assigned to policies within the
|
1659
1660
|
backend will be case sensitive. Otherwise, names will be normalized to lower case.
|
@@ -1662,7 +1663,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1662
1663
|
|
1663
1664
|
@property
|
1664
1665
|
@pulumi.getter
|
1665
|
-
def certificate(self) -> pulumi.Output[Optional[str]]:
|
1666
|
+
def certificate(self) -> pulumi.Output[Optional[builtins.str]]:
|
1666
1667
|
"""
|
1667
1668
|
CA certificate to use when verifying LDAP server certificate, must be
|
1668
1669
|
x509 PEM encoded.
|
@@ -1671,7 +1672,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1671
1672
|
|
1672
1673
|
@property
|
1673
1674
|
@pulumi.getter(name="clientTlsCert")
|
1674
|
-
def client_tls_cert(self) -> pulumi.Output[Optional[str]]:
|
1675
|
+
def client_tls_cert(self) -> pulumi.Output[Optional[builtins.str]]:
|
1675
1676
|
"""
|
1676
1677
|
Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
1677
1678
|
"""
|
@@ -1679,7 +1680,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1679
1680
|
|
1680
1681
|
@property
|
1681
1682
|
@pulumi.getter(name="clientTlsKey")
|
1682
|
-
def client_tls_key(self) -> pulumi.Output[Optional[str]]:
|
1683
|
+
def client_tls_key(self) -> pulumi.Output[Optional[builtins.str]]:
|
1683
1684
|
"""
|
1684
1685
|
Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
1685
1686
|
"""
|
@@ -1687,7 +1688,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1687
1688
|
|
1688
1689
|
@property
|
1689
1690
|
@pulumi.getter(name="defaultLeaseTtlSeconds")
|
1690
|
-
def default_lease_ttl_seconds(self) -> pulumi.Output[int]:
|
1691
|
+
def default_lease_ttl_seconds(self) -> pulumi.Output[builtins.int]:
|
1691
1692
|
"""
|
1692
1693
|
Default lease duration for secrets in seconds.
|
1693
1694
|
"""
|
@@ -1695,7 +1696,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1695
1696
|
|
1696
1697
|
@property
|
1697
1698
|
@pulumi.getter(name="denyNullBind")
|
1698
|
-
def deny_null_bind(self) -> pulumi.Output[Optional[bool]]:
|
1699
|
+
def deny_null_bind(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1699
1700
|
"""
|
1700
1701
|
Denies an unauthenticated LDAP bind request if the user's password is empty;
|
1701
1702
|
defaults to true.
|
@@ -1704,7 +1705,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1704
1705
|
|
1705
1706
|
@property
|
1706
1707
|
@pulumi.getter
|
1707
|
-
def description(self) -> pulumi.Output[Optional[str]]:
|
1708
|
+
def description(self) -> pulumi.Output[Optional[builtins.str]]:
|
1708
1709
|
"""
|
1709
1710
|
Human-friendly description of the mount for the Active Directory backend.
|
1710
1711
|
"""
|
@@ -1712,7 +1713,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1712
1713
|
|
1713
1714
|
@property
|
1714
1715
|
@pulumi.getter(name="disableRemount")
|
1715
|
-
def disable_remount(self) -> pulumi.Output[Optional[bool]]:
|
1716
|
+
def disable_remount(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1716
1717
|
"""
|
1717
1718
|
If set, opts out of mount migration on path updates.
|
1718
1719
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
@@ -1721,7 +1722,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1721
1722
|
|
1722
1723
|
@property
|
1723
1724
|
@pulumi.getter
|
1724
|
-
def discoverdn(self) -> pulumi.Output[Optional[bool]]:
|
1725
|
+
def discoverdn(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1725
1726
|
"""
|
1726
1727
|
Use anonymous bind to discover the bind Distinguished Name of a user.
|
1727
1728
|
"""
|
@@ -1729,7 +1730,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1729
1730
|
|
1730
1731
|
@property
|
1731
1732
|
@pulumi.getter
|
1732
|
-
def groupattr(self) -> pulumi.Output[Optional[str]]:
|
1733
|
+
def groupattr(self) -> pulumi.Output[Optional[builtins.str]]:
|
1733
1734
|
"""
|
1734
1735
|
LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
|
1735
1736
|
user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
|
@@ -1738,7 +1739,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1738
1739
|
|
1739
1740
|
@property
|
1740
1741
|
@pulumi.getter
|
1741
|
-
def groupdn(self) -> pulumi.Output[Optional[str]]:
|
1742
|
+
def groupdn(self) -> pulumi.Output[Optional[builtins.str]]:
|
1742
1743
|
"""
|
1743
1744
|
LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
|
1744
1745
|
"""
|
@@ -1746,7 +1747,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1746
1747
|
|
1747
1748
|
@property
|
1748
1749
|
@pulumi.getter
|
1749
|
-
def groupfilter(self) -> pulumi.Output[Optional[str]]:
|
1750
|
+
def groupfilter(self) -> pulumi.Output[Optional[builtins.str]]:
|
1750
1751
|
"""
|
1751
1752
|
Go template for querying group membership of user (optional) The template can access
|
1752
1753
|
the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
|
@@ -1755,7 +1756,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1755
1756
|
|
1756
1757
|
@property
|
1757
1758
|
@pulumi.getter(name="insecureTls")
|
1758
|
-
def insecure_tls(self) -> pulumi.Output[Optional[bool]]:
|
1759
|
+
def insecure_tls(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1759
1760
|
"""
|
1760
1761
|
Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
1761
1762
|
Defaults to `false`.
|
@@ -1764,7 +1765,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1764
1765
|
|
1765
1766
|
@property
|
1766
1767
|
@pulumi.getter(name="lastRotationTolerance")
|
1767
|
-
def last_rotation_tolerance(self) -> pulumi.Output[int]:
|
1768
|
+
def last_rotation_tolerance(self) -> pulumi.Output[builtins.int]:
|
1768
1769
|
"""
|
1769
1770
|
The number of seconds after a Vault rotation where, if Active Directory
|
1770
1771
|
shows a later rotation, it should be considered out-of-band
|
@@ -1773,7 +1774,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1773
1774
|
|
1774
1775
|
@property
|
1775
1776
|
@pulumi.getter
|
1776
|
-
def local(self) -> pulumi.Output[Optional[bool]]:
|
1777
|
+
def local(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1777
1778
|
"""
|
1778
1779
|
Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
1779
1780
|
replication.Tolerance duration to use when checking the last rotation time.
|
@@ -1782,7 +1783,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1782
1783
|
|
1783
1784
|
@property
|
1784
1785
|
@pulumi.getter(name="maxLeaseTtlSeconds")
|
1785
|
-
def max_lease_ttl_seconds(self) -> pulumi.Output[int]:
|
1786
|
+
def max_lease_ttl_seconds(self) -> pulumi.Output[builtins.int]:
|
1786
1787
|
"""
|
1787
1788
|
Maximum possible lease duration for secrets in seconds.
|
1788
1789
|
"""
|
@@ -1790,7 +1791,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1790
1791
|
|
1791
1792
|
@property
|
1792
1793
|
@pulumi.getter(name="maxTtl")
|
1793
|
-
def max_ttl(self) -> pulumi.Output[int]:
|
1794
|
+
def max_ttl(self) -> pulumi.Output[builtins.int]:
|
1794
1795
|
"""
|
1795
1796
|
In seconds, the maximum password time-to-live.
|
1796
1797
|
"""
|
@@ -1798,7 +1799,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1798
1799
|
|
1799
1800
|
@property
|
1800
1801
|
@pulumi.getter
|
1801
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
1802
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
1802
1803
|
"""
|
1803
1804
|
The namespace to provision the resource in.
|
1804
1805
|
The value should not contain leading or trailing forward slashes.
|
@@ -1809,7 +1810,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1809
1810
|
|
1810
1811
|
@property
|
1811
1812
|
@pulumi.getter(name="passwordPolicy")
|
1812
|
-
def password_policy(self) -> pulumi.Output[Optional[str]]:
|
1813
|
+
def password_policy(self) -> pulumi.Output[Optional[builtins.str]]:
|
1813
1814
|
"""
|
1814
1815
|
Name of the password policy to use to generate passwords.
|
1815
1816
|
"""
|
@@ -1817,7 +1818,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1817
1818
|
|
1818
1819
|
@property
|
1819
1820
|
@pulumi.getter(name="requestTimeout")
|
1820
|
-
def request_timeout(self) -> pulumi.Output[Optional[int]]:
|
1821
|
+
def request_timeout(self) -> pulumi.Output[Optional[builtins.int]]:
|
1821
1822
|
"""
|
1822
1823
|
Timeout, in seconds, for the connection when making requests against the server
|
1823
1824
|
before returning back an error.
|
@@ -1826,7 +1827,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1826
1827
|
|
1827
1828
|
@property
|
1828
1829
|
@pulumi.getter
|
1829
|
-
def starttls(self) -> pulumi.Output[bool]:
|
1830
|
+
def starttls(self) -> pulumi.Output[builtins.bool]:
|
1830
1831
|
"""
|
1831
1832
|
Issue a StartTLS command after establishing unencrypted connection.
|
1832
1833
|
"""
|
@@ -1834,7 +1835,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1834
1835
|
|
1835
1836
|
@property
|
1836
1837
|
@pulumi.getter(name="tlsMaxVersion")
|
1837
|
-
def tls_max_version(self) -> pulumi.Output[str]:
|
1838
|
+
def tls_max_version(self) -> pulumi.Output[builtins.str]:
|
1838
1839
|
"""
|
1839
1840
|
Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
|
1840
1841
|
`tls12` or `tls13`. Defaults to `tls12`.
|
@@ -1843,7 +1844,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1843
1844
|
|
1844
1845
|
@property
|
1845
1846
|
@pulumi.getter(name="tlsMinVersion")
|
1846
|
-
def tls_min_version(self) -> pulumi.Output[str]:
|
1847
|
+
def tls_min_version(self) -> pulumi.Output[builtins.str]:
|
1847
1848
|
"""
|
1848
1849
|
Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
|
1849
1850
|
`tls12` or `tls13`. Defaults to `tls12`.
|
@@ -1852,7 +1853,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1852
1853
|
|
1853
1854
|
@property
|
1854
1855
|
@pulumi.getter
|
1855
|
-
def ttl(self) -> pulumi.Output[int]:
|
1856
|
+
def ttl(self) -> pulumi.Output[builtins.int]:
|
1856
1857
|
"""
|
1857
1858
|
In seconds, the default password time-to-live.
|
1858
1859
|
"""
|
@@ -1860,7 +1861,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1860
1861
|
|
1861
1862
|
@property
|
1862
1863
|
@pulumi.getter
|
1863
|
-
def upndomain(self) -> pulumi.Output[str]:
|
1864
|
+
def upndomain(self) -> pulumi.Output[builtins.str]:
|
1864
1865
|
"""
|
1865
1866
|
Enables userPrincipalDomain login with [username]@UPNDomain.
|
1866
1867
|
"""
|
@@ -1868,7 +1869,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1868
1869
|
|
1869
1870
|
@property
|
1870
1871
|
@pulumi.getter
|
1871
|
-
def url(self) -> pulumi.Output[Optional[str]]:
|
1872
|
+
def url(self) -> pulumi.Output[Optional[builtins.str]]:
|
1872
1873
|
"""
|
1873
1874
|
LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
1874
1875
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
@@ -1877,7 +1878,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1877
1878
|
|
1878
1879
|
@property
|
1879
1880
|
@pulumi.getter(name="usePre111GroupCnBehavior")
|
1880
|
-
def use_pre111_group_cn_behavior(self) -> pulumi.Output[bool]:
|
1881
|
+
def use_pre111_group_cn_behavior(self) -> pulumi.Output[builtins.bool]:
|
1881
1882
|
"""
|
1882
1883
|
In Vault 1.1.1 a fix for handling group CN values of
|
1883
1884
|
different cases unfortunately introduced a regression that could cause previously defined groups
|
@@ -1890,7 +1891,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1890
1891
|
|
1891
1892
|
@property
|
1892
1893
|
@pulumi.getter(name="useTokenGroups")
|
1893
|
-
def use_token_groups(self) -> pulumi.Output[Optional[bool]]:
|
1894
|
+
def use_token_groups(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1894
1895
|
"""
|
1895
1896
|
If true, use the Active Directory tokenGroups constructed attribute of the
|
1896
1897
|
user to find the group memberships. This will find all security groups including nested ones.
|
@@ -1899,7 +1900,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1899
1900
|
|
1900
1901
|
@property
|
1901
1902
|
@pulumi.getter
|
1902
|
-
def userattr(self) -> pulumi.Output[Optional[str]]:
|
1903
|
+
def userattr(self) -> pulumi.Output[Optional[builtins.str]]:
|
1903
1904
|
"""
|
1904
1905
|
Attribute used when searching users. Defaults to `cn`.
|
1905
1906
|
"""
|
@@ -1907,7 +1908,7 @@ class SecretBackend(pulumi.CustomResource):
|
|
1907
1908
|
|
1908
1909
|
@property
|
1909
1910
|
@pulumi.getter
|
1910
|
-
def userdn(self) -> pulumi.Output[Optional[str]]:
|
1911
|
+
def userdn(self) -> pulumi.Output[Optional[builtins.str]]:
|
1911
1912
|
"""
|
1912
1913
|
LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
1913
1914
|
"""
|