pulumi-vault 6.7.0a1743576047__py3-none-any.whl → 6.7.0a1744267302__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1 -0
- pulumi_vault/_inputs.py +554 -553
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +253 -252
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +337 -336
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +113 -112
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +183 -182
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +239 -238
- pulumi_vault/azure/backend_role.py +141 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +2525 -2524
- pulumi_vault/database/outputs.py +1529 -1528
- pulumi_vault/database/secret_backend_connection.py +169 -168
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +179 -178
- pulumi_vault/database/secrets_mount.py +267 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +260 -259
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +232 -231
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +8 -7
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +588 -587
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +554 -553
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +56 -55
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +1 -0
- pulumi_vault/pkisecret/_inputs.py +31 -30
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +141 -140
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -27
- pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +715 -714
- pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
- pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +93 -92
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +1 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +54 -53
- pulumi_vault/transit/get_verify.py +60 -59
- pulumi_vault/transit/secret_backend_key.py +274 -273
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/METADATA +1 -1
- pulumi_vault-6.7.0a1744267302.dist-info/RECORD +265 -0
- pulumi_vault-6.7.0a1743576047.dist-info/RECORD +0 -265
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/WHEEL +0 -0
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,59 +20,59 @@ __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class SecretBackendRoleArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
backend: pulumi.Input[str],
|
23
|
-
allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
|
24
|
-
allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
25
|
-
extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
26
|
-
extra_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
27
|
-
generated_role_rules: Optional[pulumi.Input[str]] = None,
|
28
|
-
kubernetes_role_name: Optional[pulumi.Input[str]] = None,
|
29
|
-
kubernetes_role_type: Optional[pulumi.Input[str]] = None,
|
30
|
-
name: Optional[pulumi.Input[str]] = None,
|
31
|
-
name_template: Optional[pulumi.Input[str]] = None,
|
32
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
33
|
-
service_account_name: Optional[pulumi.Input[str]] = None,
|
34
|
-
token_default_ttl: Optional[pulumi.Input[int]] = None,
|
35
|
-
token_max_ttl: Optional[pulumi.Input[int]] = None):
|
23
|
+
backend: pulumi.Input[builtins.str],
|
24
|
+
allowed_kubernetes_namespace_selector: Optional[pulumi.Input[builtins.str]] = None,
|
25
|
+
allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
26
|
+
extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
27
|
+
extra_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
28
|
+
generated_role_rules: Optional[pulumi.Input[builtins.str]] = None,
|
29
|
+
kubernetes_role_name: Optional[pulumi.Input[builtins.str]] = None,
|
30
|
+
kubernetes_role_type: Optional[pulumi.Input[builtins.str]] = None,
|
31
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
32
|
+
name_template: Optional[pulumi.Input[builtins.str]] = None,
|
33
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
34
|
+
service_account_name: Optional[pulumi.Input[builtins.str]] = None,
|
35
|
+
token_default_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
36
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None):
|
36
37
|
"""
|
37
38
|
The set of arguments for constructing a SecretBackendRole resource.
|
38
|
-
:param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
|
39
|
+
:param pulumi.Input[builtins.str] backend: The path of the Kubernetes Secrets Engine backend mount to create
|
39
40
|
the role in.
|
40
|
-
:param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
|
41
|
+
:param pulumi.Input[builtins.str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
|
41
42
|
in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
|
42
43
|
of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
|
43
44
|
If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
|
44
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
|
45
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
|
45
46
|
can generate credentials for. If set to `*` all namespaces are allowed. If set with
|
46
47
|
`allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
|
47
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated
|
48
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] extra_annotations: Additional annotations to apply to all generated
|
48
49
|
Kubernetes objects.
|
49
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_labels: Additional labels to apply to all generated Kubernetes
|
50
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] extra_labels: Additional labels to apply to all generated Kubernetes
|
50
51
|
objects.
|
51
52
|
|
52
53
|
This resource also directly accepts all Mount fields.
|
53
|
-
:param pulumi.Input[str] generated_role_rules: The Role or ClusterRole rules to use when generating
|
54
|
+
:param pulumi.Input[builtins.str] generated_role_rules: The Role or ClusterRole rules to use when generating
|
54
55
|
a role. Accepts either JSON or YAML formatted rules. Mutually exclusive with `service_account_name`
|
55
56
|
and `kubernetes_role_name`. If set, the entire chain of Kubernetes objects will be generated
|
56
57
|
when credentials are requested.
|
57
|
-
:param pulumi.Input[str] kubernetes_role_name: The pre-existing Role or ClusterRole to bind a
|
58
|
+
:param pulumi.Input[builtins.str] kubernetes_role_name: The pre-existing Role or ClusterRole to bind a
|
58
59
|
generated service account to. Mutually exclusive with `service_account_name` and
|
59
60
|
`generated_role_rules`. If set, Kubernetes token, service account, and role
|
60
61
|
binding objects will be created when credentials are requested.
|
61
|
-
:param pulumi.Input[str] kubernetes_role_type: Specifies whether the Kubernetes role is a Role or
|
62
|
+
:param pulumi.Input[builtins.str] kubernetes_role_type: Specifies whether the Kubernetes role is a Role or
|
62
63
|
ClusterRole.
|
63
|
-
:param pulumi.Input[str] name: The name of the role.
|
64
|
-
:param pulumi.Input[str] name_template: The name template to use when generating service accounts,
|
64
|
+
:param pulumi.Input[builtins.str] name: The name of the role.
|
65
|
+
:param pulumi.Input[builtins.str] name_template: The name template to use when generating service accounts,
|
65
66
|
roles and role bindings. If unset, a default template is used.
|
66
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
67
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
67
68
|
The value should not contain leading or trailing forward slashes.
|
68
69
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
69
70
|
*Available only for Vault Enterprise*.
|
70
|
-
:param pulumi.Input[str] service_account_name: The pre-existing service account to generate tokens for.
|
71
|
+
:param pulumi.Input[builtins.str] service_account_name: The pre-existing service account to generate tokens for.
|
71
72
|
Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
|
72
73
|
Kubernetes token will be created when credentials are requested.
|
73
|
-
:param pulumi.Input[int] token_default_ttl: The default TTL for generated Kubernetes tokens in seconds.
|
74
|
-
:param pulumi.Input[int] token_max_ttl: The maximum TTL for generated Kubernetes tokens in seconds.
|
74
|
+
:param pulumi.Input[builtins.int] token_default_ttl: The default TTL for generated Kubernetes tokens in seconds.
|
75
|
+
:param pulumi.Input[builtins.int] token_max_ttl: The maximum TTL for generated Kubernetes tokens in seconds.
|
75
76
|
"""
|
76
77
|
pulumi.set(__self__, "backend", backend)
|
77
78
|
if allowed_kubernetes_namespace_selector is not None:
|
@@ -103,7 +104,7 @@ class SecretBackendRoleArgs:
|
|
103
104
|
|
104
105
|
@property
|
105
106
|
@pulumi.getter
|
106
|
-
def backend(self) -> pulumi.Input[str]:
|
107
|
+
def backend(self) -> pulumi.Input[builtins.str]:
|
107
108
|
"""
|
108
109
|
The path of the Kubernetes Secrets Engine backend mount to create
|
109
110
|
the role in.
|
@@ -111,12 +112,12 @@ class SecretBackendRoleArgs:
|
|
111
112
|
return pulumi.get(self, "backend")
|
112
113
|
|
113
114
|
@backend.setter
|
114
|
-
def backend(self, value: pulumi.Input[str]):
|
115
|
+
def backend(self, value: pulumi.Input[builtins.str]):
|
115
116
|
pulumi.set(self, "backend", value)
|
116
117
|
|
117
118
|
@property
|
118
119
|
@pulumi.getter(name="allowedKubernetesNamespaceSelector")
|
119
|
-
def allowed_kubernetes_namespace_selector(self) -> Optional[pulumi.Input[str]]:
|
120
|
+
def allowed_kubernetes_namespace_selector(self) -> Optional[pulumi.Input[builtins.str]]:
|
120
121
|
"""
|
121
122
|
A label selector for Kubernetes namespaces
|
122
123
|
in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
|
@@ -126,12 +127,12 @@ class SecretBackendRoleArgs:
|
|
126
127
|
return pulumi.get(self, "allowed_kubernetes_namespace_selector")
|
127
128
|
|
128
129
|
@allowed_kubernetes_namespace_selector.setter
|
129
|
-
def allowed_kubernetes_namespace_selector(self, value: Optional[pulumi.Input[str]]):
|
130
|
+
def allowed_kubernetes_namespace_selector(self, value: Optional[pulumi.Input[builtins.str]]):
|
130
131
|
pulumi.set(self, "allowed_kubernetes_namespace_selector", value)
|
131
132
|
|
132
133
|
@property
|
133
134
|
@pulumi.getter(name="allowedKubernetesNamespaces")
|
134
|
-
def allowed_kubernetes_namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
135
|
+
def allowed_kubernetes_namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
135
136
|
"""
|
136
137
|
The list of Kubernetes namespaces this role
|
137
138
|
can generate credentials for. If set to `*` all namespaces are allowed. If set with
|
@@ -140,12 +141,12 @@ class SecretBackendRoleArgs:
|
|
140
141
|
return pulumi.get(self, "allowed_kubernetes_namespaces")
|
141
142
|
|
142
143
|
@allowed_kubernetes_namespaces.setter
|
143
|
-
def allowed_kubernetes_namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
144
|
+
def allowed_kubernetes_namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
144
145
|
pulumi.set(self, "allowed_kubernetes_namespaces", value)
|
145
146
|
|
146
147
|
@property
|
147
148
|
@pulumi.getter(name="extraAnnotations")
|
148
|
-
def extra_annotations(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
149
|
+
def extra_annotations(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
149
150
|
"""
|
150
151
|
Additional annotations to apply to all generated
|
151
152
|
Kubernetes objects.
|
@@ -153,12 +154,12 @@ class SecretBackendRoleArgs:
|
|
153
154
|
return pulumi.get(self, "extra_annotations")
|
154
155
|
|
155
156
|
@extra_annotations.setter
|
156
|
-
def extra_annotations(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
157
|
+
def extra_annotations(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
157
158
|
pulumi.set(self, "extra_annotations", value)
|
158
159
|
|
159
160
|
@property
|
160
161
|
@pulumi.getter(name="extraLabels")
|
161
|
-
def extra_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
162
|
+
def extra_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
162
163
|
"""
|
163
164
|
Additional labels to apply to all generated Kubernetes
|
164
165
|
objects.
|
@@ -168,12 +169,12 @@ class SecretBackendRoleArgs:
|
|
168
169
|
return pulumi.get(self, "extra_labels")
|
169
170
|
|
170
171
|
@extra_labels.setter
|
171
|
-
def extra_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
172
|
+
def extra_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
172
173
|
pulumi.set(self, "extra_labels", value)
|
173
174
|
|
174
175
|
@property
|
175
176
|
@pulumi.getter(name="generatedRoleRules")
|
176
|
-
def generated_role_rules(self) -> Optional[pulumi.Input[str]]:
|
177
|
+
def generated_role_rules(self) -> Optional[pulumi.Input[builtins.str]]:
|
177
178
|
"""
|
178
179
|
The Role or ClusterRole rules to use when generating
|
179
180
|
a role. Accepts either JSON or YAML formatted rules. Mutually exclusive with `service_account_name`
|
@@ -183,12 +184,12 @@ class SecretBackendRoleArgs:
|
|
183
184
|
return pulumi.get(self, "generated_role_rules")
|
184
185
|
|
185
186
|
@generated_role_rules.setter
|
186
|
-
def generated_role_rules(self, value: Optional[pulumi.Input[str]]):
|
187
|
+
def generated_role_rules(self, value: Optional[pulumi.Input[builtins.str]]):
|
187
188
|
pulumi.set(self, "generated_role_rules", value)
|
188
189
|
|
189
190
|
@property
|
190
191
|
@pulumi.getter(name="kubernetesRoleName")
|
191
|
-
def kubernetes_role_name(self) -> Optional[pulumi.Input[str]]:
|
192
|
+
def kubernetes_role_name(self) -> Optional[pulumi.Input[builtins.str]]:
|
192
193
|
"""
|
193
194
|
The pre-existing Role or ClusterRole to bind a
|
194
195
|
generated service account to. Mutually exclusive with `service_account_name` and
|
@@ -198,12 +199,12 @@ class SecretBackendRoleArgs:
|
|
198
199
|
return pulumi.get(self, "kubernetes_role_name")
|
199
200
|
|
200
201
|
@kubernetes_role_name.setter
|
201
|
-
def kubernetes_role_name(self, value: Optional[pulumi.Input[str]]):
|
202
|
+
def kubernetes_role_name(self, value: Optional[pulumi.Input[builtins.str]]):
|
202
203
|
pulumi.set(self, "kubernetes_role_name", value)
|
203
204
|
|
204
205
|
@property
|
205
206
|
@pulumi.getter(name="kubernetesRoleType")
|
206
|
-
def kubernetes_role_type(self) -> Optional[pulumi.Input[str]]:
|
207
|
+
def kubernetes_role_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
207
208
|
"""
|
208
209
|
Specifies whether the Kubernetes role is a Role or
|
209
210
|
ClusterRole.
|
@@ -211,24 +212,24 @@ class SecretBackendRoleArgs:
|
|
211
212
|
return pulumi.get(self, "kubernetes_role_type")
|
212
213
|
|
213
214
|
@kubernetes_role_type.setter
|
214
|
-
def kubernetes_role_type(self, value: Optional[pulumi.Input[str]]):
|
215
|
+
def kubernetes_role_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
215
216
|
pulumi.set(self, "kubernetes_role_type", value)
|
216
217
|
|
217
218
|
@property
|
218
219
|
@pulumi.getter
|
219
|
-
def name(self) -> Optional[pulumi.Input[str]]:
|
220
|
+
def name(self) -> Optional[pulumi.Input[builtins.str]]:
|
220
221
|
"""
|
221
222
|
The name of the role.
|
222
223
|
"""
|
223
224
|
return pulumi.get(self, "name")
|
224
225
|
|
225
226
|
@name.setter
|
226
|
-
def name(self, value: Optional[pulumi.Input[str]]):
|
227
|
+
def name(self, value: Optional[pulumi.Input[builtins.str]]):
|
227
228
|
pulumi.set(self, "name", value)
|
228
229
|
|
229
230
|
@property
|
230
231
|
@pulumi.getter(name="nameTemplate")
|
231
|
-
def name_template(self) -> Optional[pulumi.Input[str]]:
|
232
|
+
def name_template(self) -> Optional[pulumi.Input[builtins.str]]:
|
232
233
|
"""
|
233
234
|
The name template to use when generating service accounts,
|
234
235
|
roles and role bindings. If unset, a default template is used.
|
@@ -236,12 +237,12 @@ class SecretBackendRoleArgs:
|
|
236
237
|
return pulumi.get(self, "name_template")
|
237
238
|
|
238
239
|
@name_template.setter
|
239
|
-
def name_template(self, value: Optional[pulumi.Input[str]]):
|
240
|
+
def name_template(self, value: Optional[pulumi.Input[builtins.str]]):
|
240
241
|
pulumi.set(self, "name_template", value)
|
241
242
|
|
242
243
|
@property
|
243
244
|
@pulumi.getter
|
244
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
245
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
245
246
|
"""
|
246
247
|
The namespace to provision the resource in.
|
247
248
|
The value should not contain leading or trailing forward slashes.
|
@@ -251,12 +252,12 @@ class SecretBackendRoleArgs:
|
|
251
252
|
return pulumi.get(self, "namespace")
|
252
253
|
|
253
254
|
@namespace.setter
|
254
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
255
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
255
256
|
pulumi.set(self, "namespace", value)
|
256
257
|
|
257
258
|
@property
|
258
259
|
@pulumi.getter(name="serviceAccountName")
|
259
|
-
def service_account_name(self) -> Optional[pulumi.Input[str]]:
|
260
|
+
def service_account_name(self) -> Optional[pulumi.Input[builtins.str]]:
|
260
261
|
"""
|
261
262
|
The pre-existing service account to generate tokens for.
|
262
263
|
Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
|
@@ -265,90 +266,90 @@ class SecretBackendRoleArgs:
|
|
265
266
|
return pulumi.get(self, "service_account_name")
|
266
267
|
|
267
268
|
@service_account_name.setter
|
268
|
-
def service_account_name(self, value: Optional[pulumi.Input[str]]):
|
269
|
+
def service_account_name(self, value: Optional[pulumi.Input[builtins.str]]):
|
269
270
|
pulumi.set(self, "service_account_name", value)
|
270
271
|
|
271
272
|
@property
|
272
273
|
@pulumi.getter(name="tokenDefaultTtl")
|
273
|
-
def token_default_ttl(self) -> Optional[pulumi.Input[int]]:
|
274
|
+
def token_default_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
274
275
|
"""
|
275
276
|
The default TTL for generated Kubernetes tokens in seconds.
|
276
277
|
"""
|
277
278
|
return pulumi.get(self, "token_default_ttl")
|
278
279
|
|
279
280
|
@token_default_ttl.setter
|
280
|
-
def token_default_ttl(self, value: Optional[pulumi.Input[int]]):
|
281
|
+
def token_default_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
281
282
|
pulumi.set(self, "token_default_ttl", value)
|
282
283
|
|
283
284
|
@property
|
284
285
|
@pulumi.getter(name="tokenMaxTtl")
|
285
|
-
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
286
|
+
def token_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
286
287
|
"""
|
287
288
|
The maximum TTL for generated Kubernetes tokens in seconds.
|
288
289
|
"""
|
289
290
|
return pulumi.get(self, "token_max_ttl")
|
290
291
|
|
291
292
|
@token_max_ttl.setter
|
292
|
-
def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
293
|
+
def token_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
293
294
|
pulumi.set(self, "token_max_ttl", value)
|
294
295
|
|
295
296
|
|
296
297
|
@pulumi.input_type
|
297
298
|
class _SecretBackendRoleState:
|
298
299
|
def __init__(__self__, *,
|
299
|
-
allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
|
300
|
-
allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
301
|
-
backend: Optional[pulumi.Input[str]] = None,
|
302
|
-
extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
303
|
-
extra_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
304
|
-
generated_role_rules: Optional[pulumi.Input[str]] = None,
|
305
|
-
kubernetes_role_name: Optional[pulumi.Input[str]] = None,
|
306
|
-
kubernetes_role_type: Optional[pulumi.Input[str]] = None,
|
307
|
-
name: Optional[pulumi.Input[str]] = None,
|
308
|
-
name_template: Optional[pulumi.Input[str]] = None,
|
309
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
310
|
-
service_account_name: Optional[pulumi.Input[str]] = None,
|
311
|
-
token_default_ttl: Optional[pulumi.Input[int]] = None,
|
312
|
-
token_max_ttl: Optional[pulumi.Input[int]] = None):
|
300
|
+
allowed_kubernetes_namespace_selector: Optional[pulumi.Input[builtins.str]] = None,
|
301
|
+
allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
302
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
303
|
+
extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
304
|
+
extra_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
305
|
+
generated_role_rules: Optional[pulumi.Input[builtins.str]] = None,
|
306
|
+
kubernetes_role_name: Optional[pulumi.Input[builtins.str]] = None,
|
307
|
+
kubernetes_role_type: Optional[pulumi.Input[builtins.str]] = None,
|
308
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
309
|
+
name_template: Optional[pulumi.Input[builtins.str]] = None,
|
310
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
311
|
+
service_account_name: Optional[pulumi.Input[builtins.str]] = None,
|
312
|
+
token_default_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
313
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None):
|
313
314
|
"""
|
314
315
|
Input properties used for looking up and filtering SecretBackendRole resources.
|
315
|
-
:param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
|
316
|
+
:param pulumi.Input[builtins.str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
|
316
317
|
in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
|
317
318
|
of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
|
318
319
|
If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
|
319
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
|
320
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
|
320
321
|
can generate credentials for. If set to `*` all namespaces are allowed. If set with
|
321
322
|
`allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
|
322
|
-
:param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
|
323
|
+
:param pulumi.Input[builtins.str] backend: The path of the Kubernetes Secrets Engine backend mount to create
|
323
324
|
the role in.
|
324
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated
|
325
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] extra_annotations: Additional annotations to apply to all generated
|
325
326
|
Kubernetes objects.
|
326
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_labels: Additional labels to apply to all generated Kubernetes
|
327
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] extra_labels: Additional labels to apply to all generated Kubernetes
|
327
328
|
objects.
|
328
329
|
|
329
330
|
This resource also directly accepts all Mount fields.
|
330
|
-
:param pulumi.Input[str] generated_role_rules: The Role or ClusterRole rules to use when generating
|
331
|
+
:param pulumi.Input[builtins.str] generated_role_rules: The Role or ClusterRole rules to use when generating
|
331
332
|
a role. Accepts either JSON or YAML formatted rules. Mutually exclusive with `service_account_name`
|
332
333
|
and `kubernetes_role_name`. If set, the entire chain of Kubernetes objects will be generated
|
333
334
|
when credentials are requested.
|
334
|
-
:param pulumi.Input[str] kubernetes_role_name: The pre-existing Role or ClusterRole to bind a
|
335
|
+
:param pulumi.Input[builtins.str] kubernetes_role_name: The pre-existing Role or ClusterRole to bind a
|
335
336
|
generated service account to. Mutually exclusive with `service_account_name` and
|
336
337
|
`generated_role_rules`. If set, Kubernetes token, service account, and role
|
337
338
|
binding objects will be created when credentials are requested.
|
338
|
-
:param pulumi.Input[str] kubernetes_role_type: Specifies whether the Kubernetes role is a Role or
|
339
|
+
:param pulumi.Input[builtins.str] kubernetes_role_type: Specifies whether the Kubernetes role is a Role or
|
339
340
|
ClusterRole.
|
340
|
-
:param pulumi.Input[str] name: The name of the role.
|
341
|
-
:param pulumi.Input[str] name_template: The name template to use when generating service accounts,
|
341
|
+
:param pulumi.Input[builtins.str] name: The name of the role.
|
342
|
+
:param pulumi.Input[builtins.str] name_template: The name template to use when generating service accounts,
|
342
343
|
roles and role bindings. If unset, a default template is used.
|
343
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
344
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
344
345
|
The value should not contain leading or trailing forward slashes.
|
345
346
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
346
347
|
*Available only for Vault Enterprise*.
|
347
|
-
:param pulumi.Input[str] service_account_name: The pre-existing service account to generate tokens for.
|
348
|
+
:param pulumi.Input[builtins.str] service_account_name: The pre-existing service account to generate tokens for.
|
348
349
|
Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
|
349
350
|
Kubernetes token will be created when credentials are requested.
|
350
|
-
:param pulumi.Input[int] token_default_ttl: The default TTL for generated Kubernetes tokens in seconds.
|
351
|
-
:param pulumi.Input[int] token_max_ttl: The maximum TTL for generated Kubernetes tokens in seconds.
|
351
|
+
:param pulumi.Input[builtins.int] token_default_ttl: The default TTL for generated Kubernetes tokens in seconds.
|
352
|
+
:param pulumi.Input[builtins.int] token_max_ttl: The maximum TTL for generated Kubernetes tokens in seconds.
|
352
353
|
"""
|
353
354
|
if allowed_kubernetes_namespace_selector is not None:
|
354
355
|
pulumi.set(__self__, "allowed_kubernetes_namespace_selector", allowed_kubernetes_namespace_selector)
|
@@ -381,7 +382,7 @@ class _SecretBackendRoleState:
|
|
381
382
|
|
382
383
|
@property
|
383
384
|
@pulumi.getter(name="allowedKubernetesNamespaceSelector")
|
384
|
-
def allowed_kubernetes_namespace_selector(self) -> Optional[pulumi.Input[str]]:
|
385
|
+
def allowed_kubernetes_namespace_selector(self) -> Optional[pulumi.Input[builtins.str]]:
|
385
386
|
"""
|
386
387
|
A label selector for Kubernetes namespaces
|
387
388
|
in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
|
@@ -391,12 +392,12 @@ class _SecretBackendRoleState:
|
|
391
392
|
return pulumi.get(self, "allowed_kubernetes_namespace_selector")
|
392
393
|
|
393
394
|
@allowed_kubernetes_namespace_selector.setter
|
394
|
-
def allowed_kubernetes_namespace_selector(self, value: Optional[pulumi.Input[str]]):
|
395
|
+
def allowed_kubernetes_namespace_selector(self, value: Optional[pulumi.Input[builtins.str]]):
|
395
396
|
pulumi.set(self, "allowed_kubernetes_namespace_selector", value)
|
396
397
|
|
397
398
|
@property
|
398
399
|
@pulumi.getter(name="allowedKubernetesNamespaces")
|
399
|
-
def allowed_kubernetes_namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
400
|
+
def allowed_kubernetes_namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
400
401
|
"""
|
401
402
|
The list of Kubernetes namespaces this role
|
402
403
|
can generate credentials for. If set to `*` all namespaces are allowed. If set with
|
@@ -405,12 +406,12 @@ class _SecretBackendRoleState:
|
|
405
406
|
return pulumi.get(self, "allowed_kubernetes_namespaces")
|
406
407
|
|
407
408
|
@allowed_kubernetes_namespaces.setter
|
408
|
-
def allowed_kubernetes_namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
409
|
+
def allowed_kubernetes_namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
409
410
|
pulumi.set(self, "allowed_kubernetes_namespaces", value)
|
410
411
|
|
411
412
|
@property
|
412
413
|
@pulumi.getter
|
413
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
414
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
414
415
|
"""
|
415
416
|
The path of the Kubernetes Secrets Engine backend mount to create
|
416
417
|
the role in.
|
@@ -418,12 +419,12 @@ class _SecretBackendRoleState:
|
|
418
419
|
return pulumi.get(self, "backend")
|
419
420
|
|
420
421
|
@backend.setter
|
421
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
422
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
422
423
|
pulumi.set(self, "backend", value)
|
423
424
|
|
424
425
|
@property
|
425
426
|
@pulumi.getter(name="extraAnnotations")
|
426
|
-
def extra_annotations(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
427
|
+
def extra_annotations(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
427
428
|
"""
|
428
429
|
Additional annotations to apply to all generated
|
429
430
|
Kubernetes objects.
|
@@ -431,12 +432,12 @@ class _SecretBackendRoleState:
|
|
431
432
|
return pulumi.get(self, "extra_annotations")
|
432
433
|
|
433
434
|
@extra_annotations.setter
|
434
|
-
def extra_annotations(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
435
|
+
def extra_annotations(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
435
436
|
pulumi.set(self, "extra_annotations", value)
|
436
437
|
|
437
438
|
@property
|
438
439
|
@pulumi.getter(name="extraLabels")
|
439
|
-
def extra_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
440
|
+
def extra_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
440
441
|
"""
|
441
442
|
Additional labels to apply to all generated Kubernetes
|
442
443
|
objects.
|
@@ -446,12 +447,12 @@ class _SecretBackendRoleState:
|
|
446
447
|
return pulumi.get(self, "extra_labels")
|
447
448
|
|
448
449
|
@extra_labels.setter
|
449
|
-
def extra_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
450
|
+
def extra_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
450
451
|
pulumi.set(self, "extra_labels", value)
|
451
452
|
|
452
453
|
@property
|
453
454
|
@pulumi.getter(name="generatedRoleRules")
|
454
|
-
def generated_role_rules(self) -> Optional[pulumi.Input[str]]:
|
455
|
+
def generated_role_rules(self) -> Optional[pulumi.Input[builtins.str]]:
|
455
456
|
"""
|
456
457
|
The Role or ClusterRole rules to use when generating
|
457
458
|
a role. Accepts either JSON or YAML formatted rules. Mutually exclusive with `service_account_name`
|
@@ -461,12 +462,12 @@ class _SecretBackendRoleState:
|
|
461
462
|
return pulumi.get(self, "generated_role_rules")
|
462
463
|
|
463
464
|
@generated_role_rules.setter
|
464
|
-
def generated_role_rules(self, value: Optional[pulumi.Input[str]]):
|
465
|
+
def generated_role_rules(self, value: Optional[pulumi.Input[builtins.str]]):
|
465
466
|
pulumi.set(self, "generated_role_rules", value)
|
466
467
|
|
467
468
|
@property
|
468
469
|
@pulumi.getter(name="kubernetesRoleName")
|
469
|
-
def kubernetes_role_name(self) -> Optional[pulumi.Input[str]]:
|
470
|
+
def kubernetes_role_name(self) -> Optional[pulumi.Input[builtins.str]]:
|
470
471
|
"""
|
471
472
|
The pre-existing Role or ClusterRole to bind a
|
472
473
|
generated service account to. Mutually exclusive with `service_account_name` and
|
@@ -476,12 +477,12 @@ class _SecretBackendRoleState:
|
|
476
477
|
return pulumi.get(self, "kubernetes_role_name")
|
477
478
|
|
478
479
|
@kubernetes_role_name.setter
|
479
|
-
def kubernetes_role_name(self, value: Optional[pulumi.Input[str]]):
|
480
|
+
def kubernetes_role_name(self, value: Optional[pulumi.Input[builtins.str]]):
|
480
481
|
pulumi.set(self, "kubernetes_role_name", value)
|
481
482
|
|
482
483
|
@property
|
483
484
|
@pulumi.getter(name="kubernetesRoleType")
|
484
|
-
def kubernetes_role_type(self) -> Optional[pulumi.Input[str]]:
|
485
|
+
def kubernetes_role_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
485
486
|
"""
|
486
487
|
Specifies whether the Kubernetes role is a Role or
|
487
488
|
ClusterRole.
|
@@ -489,24 +490,24 @@ class _SecretBackendRoleState:
|
|
489
490
|
return pulumi.get(self, "kubernetes_role_type")
|
490
491
|
|
491
492
|
@kubernetes_role_type.setter
|
492
|
-
def kubernetes_role_type(self, value: Optional[pulumi.Input[str]]):
|
493
|
+
def kubernetes_role_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
493
494
|
pulumi.set(self, "kubernetes_role_type", value)
|
494
495
|
|
495
496
|
@property
|
496
497
|
@pulumi.getter
|
497
|
-
def name(self) -> Optional[pulumi.Input[str]]:
|
498
|
+
def name(self) -> Optional[pulumi.Input[builtins.str]]:
|
498
499
|
"""
|
499
500
|
The name of the role.
|
500
501
|
"""
|
501
502
|
return pulumi.get(self, "name")
|
502
503
|
|
503
504
|
@name.setter
|
504
|
-
def name(self, value: Optional[pulumi.Input[str]]):
|
505
|
+
def name(self, value: Optional[pulumi.Input[builtins.str]]):
|
505
506
|
pulumi.set(self, "name", value)
|
506
507
|
|
507
508
|
@property
|
508
509
|
@pulumi.getter(name="nameTemplate")
|
509
|
-
def name_template(self) -> Optional[pulumi.Input[str]]:
|
510
|
+
def name_template(self) -> Optional[pulumi.Input[builtins.str]]:
|
510
511
|
"""
|
511
512
|
The name template to use when generating service accounts,
|
512
513
|
roles and role bindings. If unset, a default template is used.
|
@@ -514,12 +515,12 @@ class _SecretBackendRoleState:
|
|
514
515
|
return pulumi.get(self, "name_template")
|
515
516
|
|
516
517
|
@name_template.setter
|
517
|
-
def name_template(self, value: Optional[pulumi.Input[str]]):
|
518
|
+
def name_template(self, value: Optional[pulumi.Input[builtins.str]]):
|
518
519
|
pulumi.set(self, "name_template", value)
|
519
520
|
|
520
521
|
@property
|
521
522
|
@pulumi.getter
|
522
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
523
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
523
524
|
"""
|
524
525
|
The namespace to provision the resource in.
|
525
526
|
The value should not contain leading or trailing forward slashes.
|
@@ -529,12 +530,12 @@ class _SecretBackendRoleState:
|
|
529
530
|
return pulumi.get(self, "namespace")
|
530
531
|
|
531
532
|
@namespace.setter
|
532
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
533
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
533
534
|
pulumi.set(self, "namespace", value)
|
534
535
|
|
535
536
|
@property
|
536
537
|
@pulumi.getter(name="serviceAccountName")
|
537
|
-
def service_account_name(self) -> Optional[pulumi.Input[str]]:
|
538
|
+
def service_account_name(self) -> Optional[pulumi.Input[builtins.str]]:
|
538
539
|
"""
|
539
540
|
The pre-existing service account to generate tokens for.
|
540
541
|
Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
|
@@ -543,31 +544,31 @@ class _SecretBackendRoleState:
|
|
543
544
|
return pulumi.get(self, "service_account_name")
|
544
545
|
|
545
546
|
@service_account_name.setter
|
546
|
-
def service_account_name(self, value: Optional[pulumi.Input[str]]):
|
547
|
+
def service_account_name(self, value: Optional[pulumi.Input[builtins.str]]):
|
547
548
|
pulumi.set(self, "service_account_name", value)
|
548
549
|
|
549
550
|
@property
|
550
551
|
@pulumi.getter(name="tokenDefaultTtl")
|
551
|
-
def token_default_ttl(self) -> Optional[pulumi.Input[int]]:
|
552
|
+
def token_default_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
552
553
|
"""
|
553
554
|
The default TTL for generated Kubernetes tokens in seconds.
|
554
555
|
"""
|
555
556
|
return pulumi.get(self, "token_default_ttl")
|
556
557
|
|
557
558
|
@token_default_ttl.setter
|
558
|
-
def token_default_ttl(self, value: Optional[pulumi.Input[int]]):
|
559
|
+
def token_default_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
559
560
|
pulumi.set(self, "token_default_ttl", value)
|
560
561
|
|
561
562
|
@property
|
562
563
|
@pulumi.getter(name="tokenMaxTtl")
|
563
|
-
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
564
|
+
def token_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
564
565
|
"""
|
565
566
|
The maximum TTL for generated Kubernetes tokens in seconds.
|
566
567
|
"""
|
567
568
|
return pulumi.get(self, "token_max_ttl")
|
568
569
|
|
569
570
|
@token_max_ttl.setter
|
570
|
-
def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
571
|
+
def token_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
571
572
|
pulumi.set(self, "token_max_ttl", value)
|
572
573
|
|
573
574
|
|
@@ -576,20 +577,20 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
576
577
|
def __init__(__self__,
|
577
578
|
resource_name: str,
|
578
579
|
opts: Optional[pulumi.ResourceOptions] = None,
|
579
|
-
allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
|
580
|
-
allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
581
|
-
backend: Optional[pulumi.Input[str]] = None,
|
582
|
-
extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
583
|
-
extra_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
584
|
-
generated_role_rules: Optional[pulumi.Input[str]] = None,
|
585
|
-
kubernetes_role_name: Optional[pulumi.Input[str]] = None,
|
586
|
-
kubernetes_role_type: Optional[pulumi.Input[str]] = None,
|
587
|
-
name: Optional[pulumi.Input[str]] = None,
|
588
|
-
name_template: Optional[pulumi.Input[str]] = None,
|
589
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
590
|
-
service_account_name: Optional[pulumi.Input[str]] = None,
|
591
|
-
token_default_ttl: Optional[pulumi.Input[int]] = None,
|
592
|
-
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
580
|
+
allowed_kubernetes_namespace_selector: Optional[pulumi.Input[builtins.str]] = None,
|
581
|
+
allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
582
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
583
|
+
extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
584
|
+
extra_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
585
|
+
generated_role_rules: Optional[pulumi.Input[builtins.str]] = None,
|
586
|
+
kubernetes_role_name: Optional[pulumi.Input[builtins.str]] = None,
|
587
|
+
kubernetes_role_type: Optional[pulumi.Input[builtins.str]] = None,
|
588
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
589
|
+
name_template: Optional[pulumi.Input[builtins.str]] = None,
|
590
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
591
|
+
service_account_name: Optional[pulumi.Input[builtins.str]] = None,
|
592
|
+
token_default_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
593
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
593
594
|
__props__=None):
|
594
595
|
"""
|
595
596
|
## Example Usage
|
@@ -704,43 +705,43 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
704
705
|
|
705
706
|
:param str resource_name: The name of the resource.
|
706
707
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
707
|
-
:param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
|
708
|
+
:param pulumi.Input[builtins.str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
|
708
709
|
in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
|
709
710
|
of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
|
710
711
|
If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
|
711
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
|
712
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
|
712
713
|
can generate credentials for. If set to `*` all namespaces are allowed. If set with
|
713
714
|
`allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
|
714
|
-
:param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
|
715
|
+
:param pulumi.Input[builtins.str] backend: The path of the Kubernetes Secrets Engine backend mount to create
|
715
716
|
the role in.
|
716
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated
|
717
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] extra_annotations: Additional annotations to apply to all generated
|
717
718
|
Kubernetes objects.
|
718
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_labels: Additional labels to apply to all generated Kubernetes
|
719
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] extra_labels: Additional labels to apply to all generated Kubernetes
|
719
720
|
objects.
|
720
721
|
|
721
722
|
This resource also directly accepts all Mount fields.
|
722
|
-
:param pulumi.Input[str] generated_role_rules: The Role or ClusterRole rules to use when generating
|
723
|
+
:param pulumi.Input[builtins.str] generated_role_rules: The Role or ClusterRole rules to use when generating
|
723
724
|
a role. Accepts either JSON or YAML formatted rules. Mutually exclusive with `service_account_name`
|
724
725
|
and `kubernetes_role_name`. If set, the entire chain of Kubernetes objects will be generated
|
725
726
|
when credentials are requested.
|
726
|
-
:param pulumi.Input[str] kubernetes_role_name: The pre-existing Role or ClusterRole to bind a
|
727
|
+
:param pulumi.Input[builtins.str] kubernetes_role_name: The pre-existing Role or ClusterRole to bind a
|
727
728
|
generated service account to. Mutually exclusive with `service_account_name` and
|
728
729
|
`generated_role_rules`. If set, Kubernetes token, service account, and role
|
729
730
|
binding objects will be created when credentials are requested.
|
730
|
-
:param pulumi.Input[str] kubernetes_role_type: Specifies whether the Kubernetes role is a Role or
|
731
|
+
:param pulumi.Input[builtins.str] kubernetes_role_type: Specifies whether the Kubernetes role is a Role or
|
731
732
|
ClusterRole.
|
732
|
-
:param pulumi.Input[str] name: The name of the role.
|
733
|
-
:param pulumi.Input[str] name_template: The name template to use when generating service accounts,
|
733
|
+
:param pulumi.Input[builtins.str] name: The name of the role.
|
734
|
+
:param pulumi.Input[builtins.str] name_template: The name template to use when generating service accounts,
|
734
735
|
roles and role bindings. If unset, a default template is used.
|
735
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
736
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
736
737
|
The value should not contain leading or trailing forward slashes.
|
737
738
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
738
739
|
*Available only for Vault Enterprise*.
|
739
|
-
:param pulumi.Input[str] service_account_name: The pre-existing service account to generate tokens for.
|
740
|
+
:param pulumi.Input[builtins.str] service_account_name: The pre-existing service account to generate tokens for.
|
740
741
|
Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
|
741
742
|
Kubernetes token will be created when credentials are requested.
|
742
|
-
:param pulumi.Input[int] token_default_ttl: The default TTL for generated Kubernetes tokens in seconds.
|
743
|
-
:param pulumi.Input[int] token_max_ttl: The maximum TTL for generated Kubernetes tokens in seconds.
|
743
|
+
:param pulumi.Input[builtins.int] token_default_ttl: The default TTL for generated Kubernetes tokens in seconds.
|
744
|
+
:param pulumi.Input[builtins.int] token_max_ttl: The maximum TTL for generated Kubernetes tokens in seconds.
|
744
745
|
"""
|
745
746
|
...
|
746
747
|
@overload
|
@@ -874,20 +875,20 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
874
875
|
def _internal_init(__self__,
|
875
876
|
resource_name: str,
|
876
877
|
opts: Optional[pulumi.ResourceOptions] = None,
|
877
|
-
allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
|
878
|
-
allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
879
|
-
backend: Optional[pulumi.Input[str]] = None,
|
880
|
-
extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
881
|
-
extra_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
882
|
-
generated_role_rules: Optional[pulumi.Input[str]] = None,
|
883
|
-
kubernetes_role_name: Optional[pulumi.Input[str]] = None,
|
884
|
-
kubernetes_role_type: Optional[pulumi.Input[str]] = None,
|
885
|
-
name: Optional[pulumi.Input[str]] = None,
|
886
|
-
name_template: Optional[pulumi.Input[str]] = None,
|
887
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
888
|
-
service_account_name: Optional[pulumi.Input[str]] = None,
|
889
|
-
token_default_ttl: Optional[pulumi.Input[int]] = None,
|
890
|
-
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
878
|
+
allowed_kubernetes_namespace_selector: Optional[pulumi.Input[builtins.str]] = None,
|
879
|
+
allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
880
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
881
|
+
extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
882
|
+
extra_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
883
|
+
generated_role_rules: Optional[pulumi.Input[builtins.str]] = None,
|
884
|
+
kubernetes_role_name: Optional[pulumi.Input[builtins.str]] = None,
|
885
|
+
kubernetes_role_type: Optional[pulumi.Input[builtins.str]] = None,
|
886
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
887
|
+
name_template: Optional[pulumi.Input[builtins.str]] = None,
|
888
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
889
|
+
service_account_name: Optional[pulumi.Input[builtins.str]] = None,
|
890
|
+
token_default_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
891
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
891
892
|
__props__=None):
|
892
893
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
893
894
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -923,20 +924,20 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
923
924
|
def get(resource_name: str,
|
924
925
|
id: pulumi.Input[str],
|
925
926
|
opts: Optional[pulumi.ResourceOptions] = None,
|
926
|
-
allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
|
927
|
-
allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
928
|
-
backend: Optional[pulumi.Input[str]] = None,
|
929
|
-
extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
930
|
-
extra_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
931
|
-
generated_role_rules: Optional[pulumi.Input[str]] = None,
|
932
|
-
kubernetes_role_name: Optional[pulumi.Input[str]] = None,
|
933
|
-
kubernetes_role_type: Optional[pulumi.Input[str]] = None,
|
934
|
-
name: Optional[pulumi.Input[str]] = None,
|
935
|
-
name_template: Optional[pulumi.Input[str]] = None,
|
936
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
937
|
-
service_account_name: Optional[pulumi.Input[str]] = None,
|
938
|
-
token_default_ttl: Optional[pulumi.Input[int]] = None,
|
939
|
-
token_max_ttl: Optional[pulumi.Input[int]] = None) -> 'SecretBackendRole':
|
927
|
+
allowed_kubernetes_namespace_selector: Optional[pulumi.Input[builtins.str]] = None,
|
928
|
+
allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
929
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
930
|
+
extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
931
|
+
extra_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
932
|
+
generated_role_rules: Optional[pulumi.Input[builtins.str]] = None,
|
933
|
+
kubernetes_role_name: Optional[pulumi.Input[builtins.str]] = None,
|
934
|
+
kubernetes_role_type: Optional[pulumi.Input[builtins.str]] = None,
|
935
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
936
|
+
name_template: Optional[pulumi.Input[builtins.str]] = None,
|
937
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
938
|
+
service_account_name: Optional[pulumi.Input[builtins.str]] = None,
|
939
|
+
token_default_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
940
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None) -> 'SecretBackendRole':
|
940
941
|
"""
|
941
942
|
Get an existing SecretBackendRole resource's state with the given name, id, and optional extra
|
942
943
|
properties used to qualify the lookup.
|
@@ -944,43 +945,43 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
944
945
|
:param str resource_name: The unique name of the resulting resource.
|
945
946
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
946
947
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
947
|
-
:param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
|
948
|
+
:param pulumi.Input[builtins.str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
|
948
949
|
in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
|
949
950
|
of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
|
950
951
|
If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
|
951
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
|
952
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
|
952
953
|
can generate credentials for. If set to `*` all namespaces are allowed. If set with
|
953
954
|
`allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
|
954
|
-
:param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
|
955
|
+
:param pulumi.Input[builtins.str] backend: The path of the Kubernetes Secrets Engine backend mount to create
|
955
956
|
the role in.
|
956
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated
|
957
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] extra_annotations: Additional annotations to apply to all generated
|
957
958
|
Kubernetes objects.
|
958
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_labels: Additional labels to apply to all generated Kubernetes
|
959
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] extra_labels: Additional labels to apply to all generated Kubernetes
|
959
960
|
objects.
|
960
961
|
|
961
962
|
This resource also directly accepts all Mount fields.
|
962
|
-
:param pulumi.Input[str] generated_role_rules: The Role or ClusterRole rules to use when generating
|
963
|
+
:param pulumi.Input[builtins.str] generated_role_rules: The Role or ClusterRole rules to use when generating
|
963
964
|
a role. Accepts either JSON or YAML formatted rules. Mutually exclusive with `service_account_name`
|
964
965
|
and `kubernetes_role_name`. If set, the entire chain of Kubernetes objects will be generated
|
965
966
|
when credentials are requested.
|
966
|
-
:param pulumi.Input[str] kubernetes_role_name: The pre-existing Role or ClusterRole to bind a
|
967
|
+
:param pulumi.Input[builtins.str] kubernetes_role_name: The pre-existing Role or ClusterRole to bind a
|
967
968
|
generated service account to. Mutually exclusive with `service_account_name` and
|
968
969
|
`generated_role_rules`. If set, Kubernetes token, service account, and role
|
969
970
|
binding objects will be created when credentials are requested.
|
970
|
-
:param pulumi.Input[str] kubernetes_role_type: Specifies whether the Kubernetes role is a Role or
|
971
|
+
:param pulumi.Input[builtins.str] kubernetes_role_type: Specifies whether the Kubernetes role is a Role or
|
971
972
|
ClusterRole.
|
972
|
-
:param pulumi.Input[str] name: The name of the role.
|
973
|
-
:param pulumi.Input[str] name_template: The name template to use when generating service accounts,
|
973
|
+
:param pulumi.Input[builtins.str] name: The name of the role.
|
974
|
+
:param pulumi.Input[builtins.str] name_template: The name template to use when generating service accounts,
|
974
975
|
roles and role bindings. If unset, a default template is used.
|
975
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
976
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
976
977
|
The value should not contain leading or trailing forward slashes.
|
977
978
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
978
979
|
*Available only for Vault Enterprise*.
|
979
|
-
:param pulumi.Input[str] service_account_name: The pre-existing service account to generate tokens for.
|
980
|
+
:param pulumi.Input[builtins.str] service_account_name: The pre-existing service account to generate tokens for.
|
980
981
|
Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
|
981
982
|
Kubernetes token will be created when credentials are requested.
|
982
|
-
:param pulumi.Input[int] token_default_ttl: The default TTL for generated Kubernetes tokens in seconds.
|
983
|
-
:param pulumi.Input[int] token_max_ttl: The maximum TTL for generated Kubernetes tokens in seconds.
|
983
|
+
:param pulumi.Input[builtins.int] token_default_ttl: The default TTL for generated Kubernetes tokens in seconds.
|
984
|
+
:param pulumi.Input[builtins.int] token_max_ttl: The maximum TTL for generated Kubernetes tokens in seconds.
|
984
985
|
"""
|
985
986
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
986
987
|
|
@@ -1004,7 +1005,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1004
1005
|
|
1005
1006
|
@property
|
1006
1007
|
@pulumi.getter(name="allowedKubernetesNamespaceSelector")
|
1007
|
-
def allowed_kubernetes_namespace_selector(self) -> pulumi.Output[Optional[str]]:
|
1008
|
+
def allowed_kubernetes_namespace_selector(self) -> pulumi.Output[Optional[builtins.str]]:
|
1008
1009
|
"""
|
1009
1010
|
A label selector for Kubernetes namespaces
|
1010
1011
|
in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
|
@@ -1015,7 +1016,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1015
1016
|
|
1016
1017
|
@property
|
1017
1018
|
@pulumi.getter(name="allowedKubernetesNamespaces")
|
1018
|
-
def allowed_kubernetes_namespaces(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1019
|
+
def allowed_kubernetes_namespaces(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1019
1020
|
"""
|
1020
1021
|
The list of Kubernetes namespaces this role
|
1021
1022
|
can generate credentials for. If set to `*` all namespaces are allowed. If set with
|
@@ -1025,7 +1026,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1025
1026
|
|
1026
1027
|
@property
|
1027
1028
|
@pulumi.getter
|
1028
|
-
def backend(self) -> pulumi.Output[str]:
|
1029
|
+
def backend(self) -> pulumi.Output[builtins.str]:
|
1029
1030
|
"""
|
1030
1031
|
The path of the Kubernetes Secrets Engine backend mount to create
|
1031
1032
|
the role in.
|
@@ -1034,7 +1035,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1034
1035
|
|
1035
1036
|
@property
|
1036
1037
|
@pulumi.getter(name="extraAnnotations")
|
1037
|
-
def extra_annotations(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
1038
|
+
def extra_annotations(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
|
1038
1039
|
"""
|
1039
1040
|
Additional annotations to apply to all generated
|
1040
1041
|
Kubernetes objects.
|
@@ -1043,7 +1044,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1043
1044
|
|
1044
1045
|
@property
|
1045
1046
|
@pulumi.getter(name="extraLabels")
|
1046
|
-
def extra_labels(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
1047
|
+
def extra_labels(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
|
1047
1048
|
"""
|
1048
1049
|
Additional labels to apply to all generated Kubernetes
|
1049
1050
|
objects.
|
@@ -1054,7 +1055,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1054
1055
|
|
1055
1056
|
@property
|
1056
1057
|
@pulumi.getter(name="generatedRoleRules")
|
1057
|
-
def generated_role_rules(self) -> pulumi.Output[Optional[str]]:
|
1058
|
+
def generated_role_rules(self) -> pulumi.Output[Optional[builtins.str]]:
|
1058
1059
|
"""
|
1059
1060
|
The Role or ClusterRole rules to use when generating
|
1060
1061
|
a role. Accepts either JSON or YAML formatted rules. Mutually exclusive with `service_account_name`
|
@@ -1065,7 +1066,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1065
1066
|
|
1066
1067
|
@property
|
1067
1068
|
@pulumi.getter(name="kubernetesRoleName")
|
1068
|
-
def kubernetes_role_name(self) -> pulumi.Output[Optional[str]]:
|
1069
|
+
def kubernetes_role_name(self) -> pulumi.Output[Optional[builtins.str]]:
|
1069
1070
|
"""
|
1070
1071
|
The pre-existing Role or ClusterRole to bind a
|
1071
1072
|
generated service account to. Mutually exclusive with `service_account_name` and
|
@@ -1076,7 +1077,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1076
1077
|
|
1077
1078
|
@property
|
1078
1079
|
@pulumi.getter(name="kubernetesRoleType")
|
1079
|
-
def kubernetes_role_type(self) -> pulumi.Output[Optional[str]]:
|
1080
|
+
def kubernetes_role_type(self) -> pulumi.Output[Optional[builtins.str]]:
|
1080
1081
|
"""
|
1081
1082
|
Specifies whether the Kubernetes role is a Role or
|
1082
1083
|
ClusterRole.
|
@@ -1085,7 +1086,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1085
1086
|
|
1086
1087
|
@property
|
1087
1088
|
@pulumi.getter
|
1088
|
-
def name(self) -> pulumi.Output[str]:
|
1089
|
+
def name(self) -> pulumi.Output[builtins.str]:
|
1089
1090
|
"""
|
1090
1091
|
The name of the role.
|
1091
1092
|
"""
|
@@ -1093,7 +1094,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1093
1094
|
|
1094
1095
|
@property
|
1095
1096
|
@pulumi.getter(name="nameTemplate")
|
1096
|
-
def name_template(self) -> pulumi.Output[Optional[str]]:
|
1097
|
+
def name_template(self) -> pulumi.Output[Optional[builtins.str]]:
|
1097
1098
|
"""
|
1098
1099
|
The name template to use when generating service accounts,
|
1099
1100
|
roles and role bindings. If unset, a default template is used.
|
@@ -1102,7 +1103,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1102
1103
|
|
1103
1104
|
@property
|
1104
1105
|
@pulumi.getter
|
1105
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
1106
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
1106
1107
|
"""
|
1107
1108
|
The namespace to provision the resource in.
|
1108
1109
|
The value should not contain leading or trailing forward slashes.
|
@@ -1113,7 +1114,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1113
1114
|
|
1114
1115
|
@property
|
1115
1116
|
@pulumi.getter(name="serviceAccountName")
|
1116
|
-
def service_account_name(self) -> pulumi.Output[Optional[str]]:
|
1117
|
+
def service_account_name(self) -> pulumi.Output[Optional[builtins.str]]:
|
1117
1118
|
"""
|
1118
1119
|
The pre-existing service account to generate tokens for.
|
1119
1120
|
Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
|
@@ -1123,7 +1124,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1123
1124
|
|
1124
1125
|
@property
|
1125
1126
|
@pulumi.getter(name="tokenDefaultTtl")
|
1126
|
-
def token_default_ttl(self) -> pulumi.Output[Optional[int]]:
|
1127
|
+
def token_default_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
|
1127
1128
|
"""
|
1128
1129
|
The default TTL for generated Kubernetes tokens in seconds.
|
1129
1130
|
"""
|
@@ -1131,7 +1132,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1131
1132
|
|
1132
1133
|
@property
|
1133
1134
|
@pulumi.getter(name="tokenMaxTtl")
|
1134
|
-
def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1135
|
+
def token_max_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
|
1135
1136
|
"""
|
1136
1137
|
The maximum TTL for generated Kubernetes tokens in seconds.
|
1137
1138
|
"""
|