pulumi-vault 7.2.0a1752907825__py3-none-any.whl → 7.2.0a1753398491__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1 -1
- pulumi_vault/_inputs.py +672 -673
- pulumi_vault/ad/__init__.py +1 -1
- pulumi_vault/ad/get_access_credentials.py +27 -28
- pulumi_vault/ad/secret_backend.py +579 -580
- pulumi_vault/ad/secret_library.py +120 -121
- pulumi_vault/ad/secret_role.py +104 -105
- pulumi_vault/alicloud/__init__.py +1 -1
- pulumi_vault/alicloud/auth_backend_role.py +222 -223
- pulumi_vault/approle/__init__.py +1 -1
- pulumi_vault/approle/auth_backend_login.py +138 -139
- pulumi_vault/approle/auth_backend_role.py +292 -293
- pulumi_vault/approle/auth_backend_role_secret_id.py +202 -203
- pulumi_vault/approle/get_auth_backend_role_id.py +23 -24
- pulumi_vault/audit.py +103 -104
- pulumi_vault/audit_request_header.py +52 -53
- pulumi_vault/auth_backend.py +132 -133
- pulumi_vault/aws/__init__.py +1 -1
- pulumi_vault/aws/auth_backend_cert.py +86 -87
- pulumi_vault/aws/auth_backend_client.py +307 -308
- pulumi_vault/aws/auth_backend_config_identity.py +103 -104
- pulumi_vault/aws/auth_backend_identity_whitelist.py +69 -70
- pulumi_vault/aws/auth_backend_login.py +258 -259
- pulumi_vault/aws/auth_backend_role.py +486 -487
- pulumi_vault/aws/auth_backend_role_tag.py +155 -156
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +69 -70
- pulumi_vault/aws/auth_backend_sts_role.py +86 -87
- pulumi_vault/aws/get_access_credentials.py +59 -60
- pulumi_vault/aws/get_static_access_credentials.py +19 -20
- pulumi_vault/aws/secret_backend.py +409 -410
- pulumi_vault/aws/secret_backend_role.py +256 -257
- pulumi_vault/aws/secret_backend_static_role.py +137 -138
- pulumi_vault/azure/__init__.py +1 -1
- pulumi_vault/azure/_inputs.py +26 -27
- pulumi_vault/azure/auth_backend_config.py +222 -223
- pulumi_vault/azure/auth_backend_role.py +307 -308
- pulumi_vault/azure/backend.py +273 -274
- pulumi_vault/azure/backend_role.py +194 -195
- pulumi_vault/azure/get_access_credentials.py +75 -76
- pulumi_vault/azure/outputs.py +16 -17
- pulumi_vault/cert_auth_backend_role.py +443 -444
- pulumi_vault/config/__init__.py +1 -1
- pulumi_vault/config/__init__.pyi +1 -2
- pulumi_vault/config/_inputs.py +13 -14
- pulumi_vault/config/outputs.py +380 -381
- pulumi_vault/config/ui_custom_message.py +140 -141
- pulumi_vault/config/vars.py +31 -32
- pulumi_vault/consul/__init__.py +1 -1
- pulumi_vault/consul/secret_backend.py +239 -240
- pulumi_vault/consul/secret_backend_role.py +222 -223
- pulumi_vault/database/__init__.py +1 -1
- pulumi_vault/database/_inputs.py +3167 -3168
- pulumi_vault/database/outputs.py +2123 -2124
- pulumi_vault/database/secret_backend_connection.py +259 -260
- pulumi_vault/database/secret_backend_role.py +205 -206
- pulumi_vault/database/secret_backend_static_role.py +218 -219
- pulumi_vault/database/secrets_mount.py +379 -380
- pulumi_vault/egp_policy.py +86 -87
- pulumi_vault/gcp/__init__.py +1 -1
- pulumi_vault/gcp/_inputs.py +98 -99
- pulumi_vault/gcp/auth_backend.py +322 -323
- pulumi_vault/gcp/auth_backend_role.py +347 -348
- pulumi_vault/gcp/get_auth_backend_role.py +91 -92
- pulumi_vault/gcp/outputs.py +66 -67
- pulumi_vault/gcp/secret_backend.py +299 -300
- pulumi_vault/gcp/secret_impersonated_account.py +112 -113
- pulumi_vault/gcp/secret_roleset.py +115 -116
- pulumi_vault/gcp/secret_static_account.py +115 -116
- pulumi_vault/generic/__init__.py +1 -1
- pulumi_vault/generic/endpoint.py +138 -139
- pulumi_vault/generic/get_secret.py +39 -40
- pulumi_vault/generic/secret.py +95 -96
- pulumi_vault/get_auth_backend.py +29 -30
- pulumi_vault/get_auth_backends.py +19 -20
- pulumi_vault/get_namespace.py +21 -22
- pulumi_vault/get_namespaces.py +19 -20
- pulumi_vault/get_nomad_access_token.py +25 -26
- pulumi_vault/get_policy_document.py +10 -11
- pulumi_vault/get_raft_autopilot_state.py +31 -32
- pulumi_vault/github/__init__.py +1 -1
- pulumi_vault/github/_inputs.py +50 -51
- pulumi_vault/github/auth_backend.py +285 -286
- pulumi_vault/github/outputs.py +34 -35
- pulumi_vault/github/team.py +69 -70
- pulumi_vault/github/user.py +69 -70
- pulumi_vault/identity/__init__.py +1 -1
- pulumi_vault/identity/entity.py +103 -104
- pulumi_vault/identity/entity_alias.py +86 -87
- pulumi_vault/identity/entity_policies.py +78 -79
- pulumi_vault/identity/get_entity.py +62 -63
- pulumi_vault/identity/get_group.py +75 -76
- pulumi_vault/identity/get_oidc_client_creds.py +19 -20
- pulumi_vault/identity/get_oidc_openid_config.py +39 -40
- pulumi_vault/identity/get_oidc_public_keys.py +17 -18
- pulumi_vault/identity/group.py +171 -172
- pulumi_vault/identity/group_alias.py +69 -70
- pulumi_vault/identity/group_member_entity_ids.py +69 -70
- pulumi_vault/identity/group_member_group_ids.py +69 -70
- pulumi_vault/identity/group_policies.py +78 -79
- pulumi_vault/identity/mfa_duo.py +183 -184
- pulumi_vault/identity/mfa_login_enforcement.py +147 -148
- pulumi_vault/identity/mfa_okta.py +166 -167
- pulumi_vault/identity/mfa_pingid.py +160 -161
- pulumi_vault/identity/mfa_totp.py +217 -218
- pulumi_vault/identity/oidc.py +35 -36
- pulumi_vault/identity/oidc_assignment.py +69 -70
- pulumi_vault/identity/oidc_client.py +155 -156
- pulumi_vault/identity/oidc_key.py +103 -104
- pulumi_vault/identity/oidc_key_allowed_client_id.py +52 -53
- pulumi_vault/identity/oidc_provider.py +112 -113
- pulumi_vault/identity/oidc_role.py +103 -104
- pulumi_vault/identity/oidc_scope.py +69 -70
- pulumi_vault/identity/outputs.py +42 -43
- pulumi_vault/jwt/__init__.py +1 -1
- pulumi_vault/jwt/_inputs.py +50 -51
- pulumi_vault/jwt/auth_backend.py +353 -354
- pulumi_vault/jwt/auth_backend_role.py +494 -495
- pulumi_vault/jwt/outputs.py +34 -35
- pulumi_vault/kmip/__init__.py +1 -1
- pulumi_vault/kmip/secret_backend.py +222 -223
- pulumi_vault/kmip/secret_role.py +358 -359
- pulumi_vault/kmip/secret_scope.py +69 -70
- pulumi_vault/kubernetes/__init__.py +1 -1
- pulumi_vault/kubernetes/auth_backend_config.py +171 -172
- pulumi_vault/kubernetes/auth_backend_role.py +273 -274
- pulumi_vault/kubernetes/get_auth_backend_config.py +57 -58
- pulumi_vault/kubernetes/get_auth_backend_role.py +87 -88
- pulumi_vault/kubernetes/get_service_account_token.py +51 -52
- pulumi_vault/kubernetes/secret_backend.py +384 -385
- pulumi_vault/kubernetes/secret_backend_role.py +239 -240
- pulumi_vault/kv/__init__.py +1 -1
- pulumi_vault/kv/_inputs.py +25 -26
- pulumi_vault/kv/get_secret.py +25 -26
- pulumi_vault/kv/get_secret_subkeys_v2.py +39 -40
- pulumi_vault/kv/get_secret_v2.py +41 -42
- pulumi_vault/kv/get_secrets_list.py +17 -18
- pulumi_vault/kv/get_secrets_list_v2.py +25 -26
- pulumi_vault/kv/outputs.py +17 -18
- pulumi_vault/kv/secret.py +61 -62
- pulumi_vault/kv/secret_backend_v2.py +86 -87
- pulumi_vault/kv/secret_v2.py +184 -185
- pulumi_vault/ldap/__init__.py +1 -1
- pulumi_vault/ldap/auth_backend.py +716 -717
- pulumi_vault/ldap/auth_backend_group.py +69 -70
- pulumi_vault/ldap/auth_backend_user.py +86 -87
- pulumi_vault/ldap/get_dynamic_credentials.py +27 -28
- pulumi_vault/ldap/get_static_credentials.py +29 -30
- pulumi_vault/ldap/secret_backend.py +673 -674
- pulumi_vault/ldap/secret_backend_dynamic_role.py +154 -155
- pulumi_vault/ldap/secret_backend_library_set.py +120 -121
- pulumi_vault/ldap/secret_backend_static_role.py +120 -121
- pulumi_vault/managed/__init__.py +1 -1
- pulumi_vault/managed/_inputs.py +274 -275
- pulumi_vault/managed/keys.py +27 -28
- pulumi_vault/managed/outputs.py +184 -185
- pulumi_vault/mfa_duo.py +137 -138
- pulumi_vault/mfa_okta.py +137 -138
- pulumi_vault/mfa_pingid.py +149 -150
- pulumi_vault/mfa_totp.py +154 -155
- pulumi_vault/mongodbatlas/__init__.py +1 -1
- pulumi_vault/mongodbatlas/secret_backend.py +78 -79
- pulumi_vault/mongodbatlas/secret_role.py +188 -189
- pulumi_vault/mount.py +333 -334
- pulumi_vault/namespace.py +78 -79
- pulumi_vault/nomad_secret_backend.py +256 -257
- pulumi_vault/nomad_secret_role.py +103 -104
- pulumi_vault/okta/__init__.py +1 -1
- pulumi_vault/okta/_inputs.py +31 -32
- pulumi_vault/okta/auth_backend.py +305 -306
- pulumi_vault/okta/auth_backend_group.py +69 -70
- pulumi_vault/okta/auth_backend_user.py +86 -87
- pulumi_vault/okta/outputs.py +21 -22
- pulumi_vault/outputs.py +81 -82
- pulumi_vault/pkisecret/__init__.py +1 -1
- pulumi_vault/pkisecret/_inputs.py +55 -56
- pulumi_vault/pkisecret/backend_acme_eab.py +116 -117
- pulumi_vault/pkisecret/backend_config_acme.py +175 -176
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +394 -395
- pulumi_vault/pkisecret/backend_config_cluster.py +71 -72
- pulumi_vault/pkisecret/backend_config_cmpv2.py +132 -133
- pulumi_vault/pkisecret/backend_config_est.py +149 -150
- pulumi_vault/pkisecret/backend_config_scep.py +137 -138
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +37 -38
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +32 -33
- pulumi_vault/pkisecret/get_backend_config_est.py +30 -31
- pulumi_vault/pkisecret/get_backend_config_scep.py +29 -30
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -64
- pulumi_vault/pkisecret/get_backend_issuers.py +23 -24
- pulumi_vault/pkisecret/get_backend_key.py +29 -30
- pulumi_vault/pkisecret/get_backend_keys.py +23 -24
- pulumi_vault/pkisecret/outputs.py +61 -62
- pulumi_vault/pkisecret/secret_backend_cert.py +415 -416
- pulumi_vault/pkisecret/secret_backend_config_ca.py +54 -55
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +75 -76
- pulumi_vault/pkisecret/secret_backend_config_urls.py +105 -106
- pulumi_vault/pkisecret/secret_backend_crl_config.py +241 -242
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +515 -516
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +78 -79
- pulumi_vault/pkisecret/secret_backend_issuer.py +286 -287
- pulumi_vault/pkisecret/secret_backend_key.py +146 -147
- pulumi_vault/pkisecret/secret_backend_role.py +873 -874
- pulumi_vault/pkisecret/secret_backend_root_cert.py +677 -678
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +660 -661
- pulumi_vault/pkisecret/secret_backend_sign.py +346 -347
- pulumi_vault/plugin.py +154 -155
- pulumi_vault/plugin_pinned_version.py +52 -53
- pulumi_vault/policy.py +52 -53
- pulumi_vault/provider.py +160 -161
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +103 -104
- pulumi_vault/quota_rate_limit.py +171 -172
- pulumi_vault/rabbitmq/__init__.py +1 -1
- pulumi_vault/rabbitmq/_inputs.py +50 -51
- pulumi_vault/rabbitmq/outputs.py +34 -35
- pulumi_vault/rabbitmq/secret_backend.py +207 -208
- pulumi_vault/rabbitmq/secret_backend_role.py +79 -80
- pulumi_vault/raft_autopilot.py +137 -138
- pulumi_vault/raft_snapshot_agent_config.py +477 -478
- pulumi_vault/rgp_policy.py +69 -70
- pulumi_vault/saml/__init__.py +1 -1
- pulumi_vault/saml/auth_backend.py +188 -189
- pulumi_vault/saml/auth_backend_role.py +290 -291
- pulumi_vault/scep_auth_backend_role.py +252 -253
- pulumi_vault/secrets/__init__.py +1 -1
- pulumi_vault/secrets/_inputs.py +19 -20
- pulumi_vault/secrets/outputs.py +13 -14
- pulumi_vault/secrets/sync_association.py +88 -89
- pulumi_vault/secrets/sync_aws_destination.py +180 -181
- pulumi_vault/secrets/sync_azure_destination.py +180 -181
- pulumi_vault/secrets/sync_config.py +52 -53
- pulumi_vault/secrets/sync_gcp_destination.py +129 -130
- pulumi_vault/secrets/sync_gh_destination.py +163 -164
- pulumi_vault/secrets/sync_github_apps.py +78 -79
- pulumi_vault/secrets/sync_vercel_destination.py +146 -147
- pulumi_vault/ssh/__init__.py +1 -1
- pulumi_vault/ssh/_inputs.py +13 -14
- pulumi_vault/ssh/get_secret_backend_sign.py +65 -66
- pulumi_vault/ssh/outputs.py +9 -10
- pulumi_vault/ssh/secret_backend_ca.py +120 -121
- pulumi_vault/ssh/secret_backend_role.py +446 -447
- pulumi_vault/terraformcloud/__init__.py +1 -1
- pulumi_vault/terraformcloud/secret_backend.py +138 -139
- pulumi_vault/terraformcloud/secret_creds.py +93 -94
- pulumi_vault/terraformcloud/secret_role.py +117 -118
- pulumi_vault/token.py +301 -302
- pulumi_vault/tokenauth/__init__.py +1 -1
- pulumi_vault/tokenauth/auth_backend_role.py +324 -325
- pulumi_vault/transform/__init__.py +1 -1
- pulumi_vault/transform/alphabet.py +69 -70
- pulumi_vault/transform/get_decode.py +57 -58
- pulumi_vault/transform/get_encode.py +57 -58
- pulumi_vault/transform/role.py +69 -70
- pulumi_vault/transform/template.py +137 -138
- pulumi_vault/transform/transformation.py +171 -172
- pulumi_vault/transit/__init__.py +1 -1
- pulumi_vault/transit/get_cmac.py +47 -48
- pulumi_vault/transit/get_decrypt.py +25 -26
- pulumi_vault/transit/get_encrypt.py +29 -30
- pulumi_vault/transit/get_sign.py +71 -72
- pulumi_vault/transit/get_verify.py +83 -84
- pulumi_vault/transit/secret_backend_key.py +336 -337
- pulumi_vault/transit/secret_cache_config.py +52 -53
- {pulumi_vault-7.2.0a1752907825.dist-info → pulumi_vault-7.2.0a1753398491.dist-info}/METADATA +1 -1
- pulumi_vault-7.2.0a1753398491.dist-info/RECORD +268 -0
- pulumi_vault-7.2.0a1752907825.dist-info/RECORD +0 -268
- {pulumi_vault-7.2.0a1752907825.dist-info → pulumi_vault-7.2.0a1753398491.dist-info}/WHEEL +0 -0
- {pulumi_vault-7.2.0a1752907825.dist-info → pulumi_vault-7.2.0a1753398491.dist-info}/top_level.txt +0 -0
|
@@ -2,8 +2,7 @@
|
|
|
2
2
|
# *** WARNING: this file was generated by pulumi-language-python. ***
|
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
|
4
4
|
|
|
5
|
-
import builtins
|
|
6
|
-
import copy
|
|
5
|
+
import builtins as _builtins
|
|
7
6
|
import warnings
|
|
8
7
|
import sys
|
|
9
8
|
import pulumi
|
|
@@ -20,100 +19,100 @@ __all__ = ['SecretBackendArgs', 'SecretBackend']
|
|
|
20
19
|
@pulumi.input_type
|
|
21
20
|
class SecretBackendArgs:
|
|
22
21
|
def __init__(__self__, *,
|
|
23
|
-
binddn: pulumi.Input[
|
|
24
|
-
bindpass: pulumi.Input[
|
|
25
|
-
anonymous_group_search: Optional[pulumi.Input[
|
|
26
|
-
backend: Optional[pulumi.Input[
|
|
27
|
-
case_sensitive_names: Optional[pulumi.Input[
|
|
28
|
-
certificate: Optional[pulumi.Input[
|
|
29
|
-
client_tls_cert: Optional[pulumi.Input[
|
|
30
|
-
client_tls_key: Optional[pulumi.Input[
|
|
31
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[
|
|
32
|
-
deny_null_bind: Optional[pulumi.Input[
|
|
33
|
-
description: Optional[pulumi.Input[
|
|
34
|
-
disable_remount: Optional[pulumi.Input[
|
|
35
|
-
discoverdn: Optional[pulumi.Input[
|
|
36
|
-
groupattr: Optional[pulumi.Input[
|
|
37
|
-
groupdn: Optional[pulumi.Input[
|
|
38
|
-
groupfilter: Optional[pulumi.Input[
|
|
39
|
-
insecure_tls: Optional[pulumi.Input[
|
|
40
|
-
last_rotation_tolerance: Optional[pulumi.Input[
|
|
41
|
-
local: Optional[pulumi.Input[
|
|
42
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[
|
|
43
|
-
max_ttl: Optional[pulumi.Input[
|
|
44
|
-
namespace: Optional[pulumi.Input[
|
|
45
|
-
password_policy: Optional[pulumi.Input[
|
|
46
|
-
request_timeout: Optional[pulumi.Input[
|
|
47
|
-
starttls: Optional[pulumi.Input[
|
|
48
|
-
tls_max_version: Optional[pulumi.Input[
|
|
49
|
-
tls_min_version: Optional[pulumi.Input[
|
|
50
|
-
ttl: Optional[pulumi.Input[
|
|
51
|
-
upndomain: Optional[pulumi.Input[
|
|
52
|
-
url: Optional[pulumi.Input[
|
|
53
|
-
use_pre111_group_cn_behavior: Optional[pulumi.Input[
|
|
54
|
-
use_token_groups: Optional[pulumi.Input[
|
|
55
|
-
userattr: Optional[pulumi.Input[
|
|
56
|
-
userdn: Optional[pulumi.Input[
|
|
22
|
+
binddn: pulumi.Input[_builtins.str],
|
|
23
|
+
bindpass: pulumi.Input[_builtins.str],
|
|
24
|
+
anonymous_group_search: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
25
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
26
|
+
case_sensitive_names: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
27
|
+
certificate: Optional[pulumi.Input[_builtins.str]] = None,
|
|
28
|
+
client_tls_cert: Optional[pulumi.Input[_builtins.str]] = None,
|
|
29
|
+
client_tls_key: Optional[pulumi.Input[_builtins.str]] = None,
|
|
30
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
|
|
31
|
+
deny_null_bind: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
32
|
+
description: Optional[pulumi.Input[_builtins.str]] = None,
|
|
33
|
+
disable_remount: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
34
|
+
discoverdn: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
35
|
+
groupattr: Optional[pulumi.Input[_builtins.str]] = None,
|
|
36
|
+
groupdn: Optional[pulumi.Input[_builtins.str]] = None,
|
|
37
|
+
groupfilter: Optional[pulumi.Input[_builtins.str]] = None,
|
|
38
|
+
insecure_tls: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
39
|
+
last_rotation_tolerance: Optional[pulumi.Input[_builtins.int]] = None,
|
|
40
|
+
local: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
41
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
|
|
42
|
+
max_ttl: Optional[pulumi.Input[_builtins.int]] = None,
|
|
43
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
44
|
+
password_policy: Optional[pulumi.Input[_builtins.str]] = None,
|
|
45
|
+
request_timeout: Optional[pulumi.Input[_builtins.int]] = None,
|
|
46
|
+
starttls: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
47
|
+
tls_max_version: Optional[pulumi.Input[_builtins.str]] = None,
|
|
48
|
+
tls_min_version: Optional[pulumi.Input[_builtins.str]] = None,
|
|
49
|
+
ttl: Optional[pulumi.Input[_builtins.int]] = None,
|
|
50
|
+
upndomain: Optional[pulumi.Input[_builtins.str]] = None,
|
|
51
|
+
url: Optional[pulumi.Input[_builtins.str]] = None,
|
|
52
|
+
use_pre111_group_cn_behavior: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
53
|
+
use_token_groups: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
54
|
+
userattr: Optional[pulumi.Input[_builtins.str]] = None,
|
|
55
|
+
userdn: Optional[pulumi.Input[_builtins.str]] = None):
|
|
57
56
|
"""
|
|
58
57
|
The set of arguments for constructing a SecretBackend resource.
|
|
59
|
-
:param pulumi.Input[
|
|
60
|
-
:param pulumi.Input[
|
|
61
|
-
:param pulumi.Input[
|
|
58
|
+
:param pulumi.Input[_builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
|
|
59
|
+
:param pulumi.Input[_builtins.str] bindpass: Password to use along with binddn when performing user search.
|
|
60
|
+
:param pulumi.Input[_builtins.bool] anonymous_group_search: Use anonymous binds when performing LDAP group searches
|
|
62
61
|
(if true the initial credentials will still be used for the initial connection test).
|
|
63
|
-
:param pulumi.Input[
|
|
62
|
+
:param pulumi.Input[_builtins.str] backend: The unique path this backend should be mounted at. Must
|
|
64
63
|
not begin or end with a `/`. Defaults to `ad`.
|
|
65
|
-
:param pulumi.Input[
|
|
64
|
+
:param pulumi.Input[_builtins.bool] case_sensitive_names: If set, user and group names assigned to policies within the
|
|
66
65
|
backend will be case sensitive. Otherwise, names will be normalized to lower case.
|
|
67
|
-
:param pulumi.Input[
|
|
66
|
+
:param pulumi.Input[_builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
|
68
67
|
x509 PEM encoded.
|
|
69
|
-
:param pulumi.Input[
|
|
70
|
-
:param pulumi.Input[
|
|
71
|
-
:param pulumi.Input[
|
|
72
|
-
:param pulumi.Input[
|
|
68
|
+
:param pulumi.Input[_builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
|
69
|
+
:param pulumi.Input[_builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
|
70
|
+
:param pulumi.Input[_builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
|
71
|
+
:param pulumi.Input[_builtins.bool] deny_null_bind: Denies an unauthenticated LDAP bind request if the user's password is empty;
|
|
73
72
|
defaults to true.
|
|
74
|
-
:param pulumi.Input[
|
|
75
|
-
:param pulumi.Input[
|
|
73
|
+
:param pulumi.Input[_builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
|
|
74
|
+
:param pulumi.Input[_builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
|
76
75
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
|
77
|
-
:param pulumi.Input[
|
|
78
|
-
:param pulumi.Input[
|
|
76
|
+
:param pulumi.Input[_builtins.bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
|
|
77
|
+
:param pulumi.Input[_builtins.str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
|
|
79
78
|
user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
|
|
80
|
-
:param pulumi.Input[
|
|
81
|
-
:param pulumi.Input[
|
|
79
|
+
:param pulumi.Input[_builtins.str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
|
|
80
|
+
:param pulumi.Input[_builtins.str] groupfilter: Go template for querying group membership of user (optional) The template can access
|
|
82
81
|
the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
|
|
83
|
-
:param pulumi.Input[
|
|
82
|
+
:param pulumi.Input[_builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
|
84
83
|
Defaults to `false`.
|
|
85
|
-
:param pulumi.Input[
|
|
84
|
+
:param pulumi.Input[_builtins.int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
|
|
86
85
|
shows a later rotation, it should be considered out-of-band
|
|
87
|
-
:param pulumi.Input[
|
|
86
|
+
:param pulumi.Input[_builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
|
88
87
|
replication.Tolerance duration to use when checking the last rotation time.
|
|
89
|
-
:param pulumi.Input[
|
|
90
|
-
:param pulumi.Input[
|
|
91
|
-
:param pulumi.Input[
|
|
88
|
+
:param pulumi.Input[_builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
|
89
|
+
:param pulumi.Input[_builtins.int] max_ttl: In seconds, the maximum password time-to-live.
|
|
90
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
92
91
|
The value should not contain leading or trailing forward slashes.
|
|
93
92
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
94
93
|
*Available only for Vault Enterprise*.
|
|
95
|
-
:param pulumi.Input[
|
|
96
|
-
:param pulumi.Input[
|
|
94
|
+
:param pulumi.Input[_builtins.str] password_policy: Name of the password policy to use to generate passwords.
|
|
95
|
+
:param pulumi.Input[_builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
|
97
96
|
before returning back an error.
|
|
98
|
-
:param pulumi.Input[
|
|
99
|
-
:param pulumi.Input[
|
|
97
|
+
:param pulumi.Input[_builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
|
98
|
+
:param pulumi.Input[_builtins.str] tls_max_version: Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
|
|
100
99
|
`tls12` or `tls13`. Defaults to `tls12`.
|
|
101
|
-
:param pulumi.Input[
|
|
100
|
+
:param pulumi.Input[_builtins.str] tls_min_version: Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
|
|
102
101
|
`tls12` or `tls13`. Defaults to `tls12`.
|
|
103
|
-
:param pulumi.Input[
|
|
104
|
-
:param pulumi.Input[
|
|
105
|
-
:param pulumi.Input[
|
|
102
|
+
:param pulumi.Input[_builtins.int] ttl: In seconds, the default password time-to-live.
|
|
103
|
+
:param pulumi.Input[_builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
|
104
|
+
:param pulumi.Input[_builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
|
106
105
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
|
107
|
-
:param pulumi.Input[
|
|
106
|
+
:param pulumi.Input[_builtins.bool] use_pre111_group_cn_behavior: In Vault 1.1.1 a fix for handling group CN values of
|
|
108
107
|
different cases unfortunately introduced a regression that could cause previously defined groups
|
|
109
108
|
to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
|
|
110
109
|
matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
|
|
111
110
|
compatibility. It is enabled by default if the config is upgraded but disabled by default on
|
|
112
111
|
new configurations.
|
|
113
|
-
:param pulumi.Input[
|
|
112
|
+
:param pulumi.Input[_builtins.bool] use_token_groups: If true, use the Active Directory tokenGroups constructed attribute of the
|
|
114
113
|
user to find the group memberships. This will find all security groups including nested ones.
|
|
115
|
-
:param pulumi.Input[
|
|
116
|
-
:param pulumi.Input[
|
|
114
|
+
:param pulumi.Input[_builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
|
|
115
|
+
:param pulumi.Input[_builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
|
117
116
|
"""
|
|
118
117
|
pulumi.set(__self__, "binddn", binddn)
|
|
119
118
|
pulumi.set(__self__, "bindpass", bindpass)
|
|
@@ -182,33 +181,33 @@ class SecretBackendArgs:
|
|
|
182
181
|
if userdn is not None:
|
|
183
182
|
pulumi.set(__self__, "userdn", userdn)
|
|
184
183
|
|
|
185
|
-
@property
|
|
184
|
+
@_builtins.property
|
|
186
185
|
@pulumi.getter
|
|
187
|
-
def binddn(self) -> pulumi.Input[
|
|
186
|
+
def binddn(self) -> pulumi.Input[_builtins.str]:
|
|
188
187
|
"""
|
|
189
188
|
Distinguished name of object to bind when performing user and group search.
|
|
190
189
|
"""
|
|
191
190
|
return pulumi.get(self, "binddn")
|
|
192
191
|
|
|
193
192
|
@binddn.setter
|
|
194
|
-
def binddn(self, value: pulumi.Input[
|
|
193
|
+
def binddn(self, value: pulumi.Input[_builtins.str]):
|
|
195
194
|
pulumi.set(self, "binddn", value)
|
|
196
195
|
|
|
197
|
-
@property
|
|
196
|
+
@_builtins.property
|
|
198
197
|
@pulumi.getter
|
|
199
|
-
def bindpass(self) -> pulumi.Input[
|
|
198
|
+
def bindpass(self) -> pulumi.Input[_builtins.str]:
|
|
200
199
|
"""
|
|
201
200
|
Password to use along with binddn when performing user search.
|
|
202
201
|
"""
|
|
203
202
|
return pulumi.get(self, "bindpass")
|
|
204
203
|
|
|
205
204
|
@bindpass.setter
|
|
206
|
-
def bindpass(self, value: pulumi.Input[
|
|
205
|
+
def bindpass(self, value: pulumi.Input[_builtins.str]):
|
|
207
206
|
pulumi.set(self, "bindpass", value)
|
|
208
207
|
|
|
209
|
-
@property
|
|
208
|
+
@_builtins.property
|
|
210
209
|
@pulumi.getter(name="anonymousGroupSearch")
|
|
211
|
-
def anonymous_group_search(self) -> Optional[pulumi.Input[
|
|
210
|
+
def anonymous_group_search(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
212
211
|
"""
|
|
213
212
|
Use anonymous binds when performing LDAP group searches
|
|
214
213
|
(if true the initial credentials will still be used for the initial connection test).
|
|
@@ -216,12 +215,12 @@ class SecretBackendArgs:
|
|
|
216
215
|
return pulumi.get(self, "anonymous_group_search")
|
|
217
216
|
|
|
218
217
|
@anonymous_group_search.setter
|
|
219
|
-
def anonymous_group_search(self, value: Optional[pulumi.Input[
|
|
218
|
+
def anonymous_group_search(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
220
219
|
pulumi.set(self, "anonymous_group_search", value)
|
|
221
220
|
|
|
222
|
-
@property
|
|
221
|
+
@_builtins.property
|
|
223
222
|
@pulumi.getter
|
|
224
|
-
def backend(self) -> Optional[pulumi.Input[
|
|
223
|
+
def backend(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
225
224
|
"""
|
|
226
225
|
The unique path this backend should be mounted at. Must
|
|
227
226
|
not begin or end with a `/`. Defaults to `ad`.
|
|
@@ -229,12 +228,12 @@ class SecretBackendArgs:
|
|
|
229
228
|
return pulumi.get(self, "backend")
|
|
230
229
|
|
|
231
230
|
@backend.setter
|
|
232
|
-
def backend(self, value: Optional[pulumi.Input[
|
|
231
|
+
def backend(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
233
232
|
pulumi.set(self, "backend", value)
|
|
234
233
|
|
|
235
|
-
@property
|
|
234
|
+
@_builtins.property
|
|
236
235
|
@pulumi.getter(name="caseSensitiveNames")
|
|
237
|
-
def case_sensitive_names(self) -> Optional[pulumi.Input[
|
|
236
|
+
def case_sensitive_names(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
238
237
|
"""
|
|
239
238
|
If set, user and group names assigned to policies within the
|
|
240
239
|
backend will be case sensitive. Otherwise, names will be normalized to lower case.
|
|
@@ -242,12 +241,12 @@ class SecretBackendArgs:
|
|
|
242
241
|
return pulumi.get(self, "case_sensitive_names")
|
|
243
242
|
|
|
244
243
|
@case_sensitive_names.setter
|
|
245
|
-
def case_sensitive_names(self, value: Optional[pulumi.Input[
|
|
244
|
+
def case_sensitive_names(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
246
245
|
pulumi.set(self, "case_sensitive_names", value)
|
|
247
246
|
|
|
248
|
-
@property
|
|
247
|
+
@_builtins.property
|
|
249
248
|
@pulumi.getter
|
|
250
|
-
def certificate(self) -> Optional[pulumi.Input[
|
|
249
|
+
def certificate(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
251
250
|
"""
|
|
252
251
|
CA certificate to use when verifying LDAP server certificate, must be
|
|
253
252
|
x509 PEM encoded.
|
|
@@ -255,48 +254,48 @@ class SecretBackendArgs:
|
|
|
255
254
|
return pulumi.get(self, "certificate")
|
|
256
255
|
|
|
257
256
|
@certificate.setter
|
|
258
|
-
def certificate(self, value: Optional[pulumi.Input[
|
|
257
|
+
def certificate(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
259
258
|
pulumi.set(self, "certificate", value)
|
|
260
259
|
|
|
261
|
-
@property
|
|
260
|
+
@_builtins.property
|
|
262
261
|
@pulumi.getter(name="clientTlsCert")
|
|
263
|
-
def client_tls_cert(self) -> Optional[pulumi.Input[
|
|
262
|
+
def client_tls_cert(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
264
263
|
"""
|
|
265
264
|
Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
|
266
265
|
"""
|
|
267
266
|
return pulumi.get(self, "client_tls_cert")
|
|
268
267
|
|
|
269
268
|
@client_tls_cert.setter
|
|
270
|
-
def client_tls_cert(self, value: Optional[pulumi.Input[
|
|
269
|
+
def client_tls_cert(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
271
270
|
pulumi.set(self, "client_tls_cert", value)
|
|
272
271
|
|
|
273
|
-
@property
|
|
272
|
+
@_builtins.property
|
|
274
273
|
@pulumi.getter(name="clientTlsKey")
|
|
275
|
-
def client_tls_key(self) -> Optional[pulumi.Input[
|
|
274
|
+
def client_tls_key(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
276
275
|
"""
|
|
277
276
|
Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
|
278
277
|
"""
|
|
279
278
|
return pulumi.get(self, "client_tls_key")
|
|
280
279
|
|
|
281
280
|
@client_tls_key.setter
|
|
282
|
-
def client_tls_key(self, value: Optional[pulumi.Input[
|
|
281
|
+
def client_tls_key(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
283
282
|
pulumi.set(self, "client_tls_key", value)
|
|
284
283
|
|
|
285
|
-
@property
|
|
284
|
+
@_builtins.property
|
|
286
285
|
@pulumi.getter(name="defaultLeaseTtlSeconds")
|
|
287
|
-
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[
|
|
286
|
+
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[_builtins.int]]:
|
|
288
287
|
"""
|
|
289
288
|
Default lease duration for secrets in seconds.
|
|
290
289
|
"""
|
|
291
290
|
return pulumi.get(self, "default_lease_ttl_seconds")
|
|
292
291
|
|
|
293
292
|
@default_lease_ttl_seconds.setter
|
|
294
|
-
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[
|
|
293
|
+
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[_builtins.int]]):
|
|
295
294
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
|
296
295
|
|
|
297
|
-
@property
|
|
296
|
+
@_builtins.property
|
|
298
297
|
@pulumi.getter(name="denyNullBind")
|
|
299
|
-
def deny_null_bind(self) -> Optional[pulumi.Input[
|
|
298
|
+
def deny_null_bind(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
300
299
|
"""
|
|
301
300
|
Denies an unauthenticated LDAP bind request if the user's password is empty;
|
|
302
301
|
defaults to true.
|
|
@@ -304,24 +303,24 @@ class SecretBackendArgs:
|
|
|
304
303
|
return pulumi.get(self, "deny_null_bind")
|
|
305
304
|
|
|
306
305
|
@deny_null_bind.setter
|
|
307
|
-
def deny_null_bind(self, value: Optional[pulumi.Input[
|
|
306
|
+
def deny_null_bind(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
308
307
|
pulumi.set(self, "deny_null_bind", value)
|
|
309
308
|
|
|
310
|
-
@property
|
|
309
|
+
@_builtins.property
|
|
311
310
|
@pulumi.getter
|
|
312
|
-
def description(self) -> Optional[pulumi.Input[
|
|
311
|
+
def description(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
313
312
|
"""
|
|
314
313
|
Human-friendly description of the mount for the Active Directory backend.
|
|
315
314
|
"""
|
|
316
315
|
return pulumi.get(self, "description")
|
|
317
316
|
|
|
318
317
|
@description.setter
|
|
319
|
-
def description(self, value: Optional[pulumi.Input[
|
|
318
|
+
def description(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
320
319
|
pulumi.set(self, "description", value)
|
|
321
320
|
|
|
322
|
-
@property
|
|
321
|
+
@_builtins.property
|
|
323
322
|
@pulumi.getter(name="disableRemount")
|
|
324
|
-
def disable_remount(self) -> Optional[pulumi.Input[
|
|
323
|
+
def disable_remount(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
325
324
|
"""
|
|
326
325
|
If set, opts out of mount migration on path updates.
|
|
327
326
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
|
@@ -329,24 +328,24 @@ class SecretBackendArgs:
|
|
|
329
328
|
return pulumi.get(self, "disable_remount")
|
|
330
329
|
|
|
331
330
|
@disable_remount.setter
|
|
332
|
-
def disable_remount(self, value: Optional[pulumi.Input[
|
|
331
|
+
def disable_remount(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
333
332
|
pulumi.set(self, "disable_remount", value)
|
|
334
333
|
|
|
335
|
-
@property
|
|
334
|
+
@_builtins.property
|
|
336
335
|
@pulumi.getter
|
|
337
|
-
def discoverdn(self) -> Optional[pulumi.Input[
|
|
336
|
+
def discoverdn(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
338
337
|
"""
|
|
339
338
|
Use anonymous bind to discover the bind Distinguished Name of a user.
|
|
340
339
|
"""
|
|
341
340
|
return pulumi.get(self, "discoverdn")
|
|
342
341
|
|
|
343
342
|
@discoverdn.setter
|
|
344
|
-
def discoverdn(self, value: Optional[pulumi.Input[
|
|
343
|
+
def discoverdn(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
345
344
|
pulumi.set(self, "discoverdn", value)
|
|
346
345
|
|
|
347
|
-
@property
|
|
346
|
+
@_builtins.property
|
|
348
347
|
@pulumi.getter
|
|
349
|
-
def groupattr(self) -> Optional[pulumi.Input[
|
|
348
|
+
def groupattr(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
350
349
|
"""
|
|
351
350
|
LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
|
|
352
351
|
user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
|
|
@@ -354,24 +353,24 @@ class SecretBackendArgs:
|
|
|
354
353
|
return pulumi.get(self, "groupattr")
|
|
355
354
|
|
|
356
355
|
@groupattr.setter
|
|
357
|
-
def groupattr(self, value: Optional[pulumi.Input[
|
|
356
|
+
def groupattr(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
358
357
|
pulumi.set(self, "groupattr", value)
|
|
359
358
|
|
|
360
|
-
@property
|
|
359
|
+
@_builtins.property
|
|
361
360
|
@pulumi.getter
|
|
362
|
-
def groupdn(self) -> Optional[pulumi.Input[
|
|
361
|
+
def groupdn(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
363
362
|
"""
|
|
364
363
|
LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
|
|
365
364
|
"""
|
|
366
365
|
return pulumi.get(self, "groupdn")
|
|
367
366
|
|
|
368
367
|
@groupdn.setter
|
|
369
|
-
def groupdn(self, value: Optional[pulumi.Input[
|
|
368
|
+
def groupdn(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
370
369
|
pulumi.set(self, "groupdn", value)
|
|
371
370
|
|
|
372
|
-
@property
|
|
371
|
+
@_builtins.property
|
|
373
372
|
@pulumi.getter
|
|
374
|
-
def groupfilter(self) -> Optional[pulumi.Input[
|
|
373
|
+
def groupfilter(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
375
374
|
"""
|
|
376
375
|
Go template for querying group membership of user (optional) The template can access
|
|
377
376
|
the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
|
|
@@ -379,12 +378,12 @@ class SecretBackendArgs:
|
|
|
379
378
|
return pulumi.get(self, "groupfilter")
|
|
380
379
|
|
|
381
380
|
@groupfilter.setter
|
|
382
|
-
def groupfilter(self, value: Optional[pulumi.Input[
|
|
381
|
+
def groupfilter(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
383
382
|
pulumi.set(self, "groupfilter", value)
|
|
384
383
|
|
|
385
|
-
@property
|
|
384
|
+
@_builtins.property
|
|
386
385
|
@pulumi.getter(name="insecureTls")
|
|
387
|
-
def insecure_tls(self) -> Optional[pulumi.Input[
|
|
386
|
+
def insecure_tls(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
388
387
|
"""
|
|
389
388
|
Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
|
390
389
|
Defaults to `false`.
|
|
@@ -392,12 +391,12 @@ class SecretBackendArgs:
|
|
|
392
391
|
return pulumi.get(self, "insecure_tls")
|
|
393
392
|
|
|
394
393
|
@insecure_tls.setter
|
|
395
|
-
def insecure_tls(self, value: Optional[pulumi.Input[
|
|
394
|
+
def insecure_tls(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
396
395
|
pulumi.set(self, "insecure_tls", value)
|
|
397
396
|
|
|
398
|
-
@property
|
|
397
|
+
@_builtins.property
|
|
399
398
|
@pulumi.getter(name="lastRotationTolerance")
|
|
400
|
-
def last_rotation_tolerance(self) -> Optional[pulumi.Input[
|
|
399
|
+
def last_rotation_tolerance(self) -> Optional[pulumi.Input[_builtins.int]]:
|
|
401
400
|
"""
|
|
402
401
|
The number of seconds after a Vault rotation where, if Active Directory
|
|
403
402
|
shows a later rotation, it should be considered out-of-band
|
|
@@ -405,12 +404,12 @@ class SecretBackendArgs:
|
|
|
405
404
|
return pulumi.get(self, "last_rotation_tolerance")
|
|
406
405
|
|
|
407
406
|
@last_rotation_tolerance.setter
|
|
408
|
-
def last_rotation_tolerance(self, value: Optional[pulumi.Input[
|
|
407
|
+
def last_rotation_tolerance(self, value: Optional[pulumi.Input[_builtins.int]]):
|
|
409
408
|
pulumi.set(self, "last_rotation_tolerance", value)
|
|
410
409
|
|
|
411
|
-
@property
|
|
410
|
+
@_builtins.property
|
|
412
411
|
@pulumi.getter
|
|
413
|
-
def local(self) -> Optional[pulumi.Input[
|
|
412
|
+
def local(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
414
413
|
"""
|
|
415
414
|
Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
|
416
415
|
replication.Tolerance duration to use when checking the last rotation time.
|
|
@@ -418,36 +417,36 @@ class SecretBackendArgs:
|
|
|
418
417
|
return pulumi.get(self, "local")
|
|
419
418
|
|
|
420
419
|
@local.setter
|
|
421
|
-
def local(self, value: Optional[pulumi.Input[
|
|
420
|
+
def local(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
422
421
|
pulumi.set(self, "local", value)
|
|
423
422
|
|
|
424
|
-
@property
|
|
423
|
+
@_builtins.property
|
|
425
424
|
@pulumi.getter(name="maxLeaseTtlSeconds")
|
|
426
|
-
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[
|
|
425
|
+
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[_builtins.int]]:
|
|
427
426
|
"""
|
|
428
427
|
Maximum possible lease duration for secrets in seconds.
|
|
429
428
|
"""
|
|
430
429
|
return pulumi.get(self, "max_lease_ttl_seconds")
|
|
431
430
|
|
|
432
431
|
@max_lease_ttl_seconds.setter
|
|
433
|
-
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[
|
|
432
|
+
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[_builtins.int]]):
|
|
434
433
|
pulumi.set(self, "max_lease_ttl_seconds", value)
|
|
435
434
|
|
|
436
|
-
@property
|
|
435
|
+
@_builtins.property
|
|
437
436
|
@pulumi.getter(name="maxTtl")
|
|
438
|
-
def max_ttl(self) -> Optional[pulumi.Input[
|
|
437
|
+
def max_ttl(self) -> Optional[pulumi.Input[_builtins.int]]:
|
|
439
438
|
"""
|
|
440
439
|
In seconds, the maximum password time-to-live.
|
|
441
440
|
"""
|
|
442
441
|
return pulumi.get(self, "max_ttl")
|
|
443
442
|
|
|
444
443
|
@max_ttl.setter
|
|
445
|
-
def max_ttl(self, value: Optional[pulumi.Input[
|
|
444
|
+
def max_ttl(self, value: Optional[pulumi.Input[_builtins.int]]):
|
|
446
445
|
pulumi.set(self, "max_ttl", value)
|
|
447
446
|
|
|
448
|
-
@property
|
|
447
|
+
@_builtins.property
|
|
449
448
|
@pulumi.getter
|
|
450
|
-
def namespace(self) -> Optional[pulumi.Input[
|
|
449
|
+
def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
451
450
|
"""
|
|
452
451
|
The namespace to provision the resource in.
|
|
453
452
|
The value should not contain leading or trailing forward slashes.
|
|
@@ -457,24 +456,24 @@ class SecretBackendArgs:
|
|
|
457
456
|
return pulumi.get(self, "namespace")
|
|
458
457
|
|
|
459
458
|
@namespace.setter
|
|
460
|
-
def namespace(self, value: Optional[pulumi.Input[
|
|
459
|
+
def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
461
460
|
pulumi.set(self, "namespace", value)
|
|
462
461
|
|
|
463
|
-
@property
|
|
462
|
+
@_builtins.property
|
|
464
463
|
@pulumi.getter(name="passwordPolicy")
|
|
465
|
-
def password_policy(self) -> Optional[pulumi.Input[
|
|
464
|
+
def password_policy(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
466
465
|
"""
|
|
467
466
|
Name of the password policy to use to generate passwords.
|
|
468
467
|
"""
|
|
469
468
|
return pulumi.get(self, "password_policy")
|
|
470
469
|
|
|
471
470
|
@password_policy.setter
|
|
472
|
-
def password_policy(self, value: Optional[pulumi.Input[
|
|
471
|
+
def password_policy(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
473
472
|
pulumi.set(self, "password_policy", value)
|
|
474
473
|
|
|
475
|
-
@property
|
|
474
|
+
@_builtins.property
|
|
476
475
|
@pulumi.getter(name="requestTimeout")
|
|
477
|
-
def request_timeout(self) -> Optional[pulumi.Input[
|
|
476
|
+
def request_timeout(self) -> Optional[pulumi.Input[_builtins.int]]:
|
|
478
477
|
"""
|
|
479
478
|
Timeout, in seconds, for the connection when making requests against the server
|
|
480
479
|
before returning back an error.
|
|
@@ -482,24 +481,24 @@ class SecretBackendArgs:
|
|
|
482
481
|
return pulumi.get(self, "request_timeout")
|
|
483
482
|
|
|
484
483
|
@request_timeout.setter
|
|
485
|
-
def request_timeout(self, value: Optional[pulumi.Input[
|
|
484
|
+
def request_timeout(self, value: Optional[pulumi.Input[_builtins.int]]):
|
|
486
485
|
pulumi.set(self, "request_timeout", value)
|
|
487
486
|
|
|
488
|
-
@property
|
|
487
|
+
@_builtins.property
|
|
489
488
|
@pulumi.getter
|
|
490
|
-
def starttls(self) -> Optional[pulumi.Input[
|
|
489
|
+
def starttls(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
491
490
|
"""
|
|
492
491
|
Issue a StartTLS command after establishing unencrypted connection.
|
|
493
492
|
"""
|
|
494
493
|
return pulumi.get(self, "starttls")
|
|
495
494
|
|
|
496
495
|
@starttls.setter
|
|
497
|
-
def starttls(self, value: Optional[pulumi.Input[
|
|
496
|
+
def starttls(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
498
497
|
pulumi.set(self, "starttls", value)
|
|
499
498
|
|
|
500
|
-
@property
|
|
499
|
+
@_builtins.property
|
|
501
500
|
@pulumi.getter(name="tlsMaxVersion")
|
|
502
|
-
def tls_max_version(self) -> Optional[pulumi.Input[
|
|
501
|
+
def tls_max_version(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
503
502
|
"""
|
|
504
503
|
Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
|
|
505
504
|
`tls12` or `tls13`. Defaults to `tls12`.
|
|
@@ -507,12 +506,12 @@ class SecretBackendArgs:
|
|
|
507
506
|
return pulumi.get(self, "tls_max_version")
|
|
508
507
|
|
|
509
508
|
@tls_max_version.setter
|
|
510
|
-
def tls_max_version(self, value: Optional[pulumi.Input[
|
|
509
|
+
def tls_max_version(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
511
510
|
pulumi.set(self, "tls_max_version", value)
|
|
512
511
|
|
|
513
|
-
@property
|
|
512
|
+
@_builtins.property
|
|
514
513
|
@pulumi.getter(name="tlsMinVersion")
|
|
515
|
-
def tls_min_version(self) -> Optional[pulumi.Input[
|
|
514
|
+
def tls_min_version(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
516
515
|
"""
|
|
517
516
|
Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
|
|
518
517
|
`tls12` or `tls13`. Defaults to `tls12`.
|
|
@@ -520,36 +519,36 @@ class SecretBackendArgs:
|
|
|
520
519
|
return pulumi.get(self, "tls_min_version")
|
|
521
520
|
|
|
522
521
|
@tls_min_version.setter
|
|
523
|
-
def tls_min_version(self, value: Optional[pulumi.Input[
|
|
522
|
+
def tls_min_version(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
524
523
|
pulumi.set(self, "tls_min_version", value)
|
|
525
524
|
|
|
526
|
-
@property
|
|
525
|
+
@_builtins.property
|
|
527
526
|
@pulumi.getter
|
|
528
|
-
def ttl(self) -> Optional[pulumi.Input[
|
|
527
|
+
def ttl(self) -> Optional[pulumi.Input[_builtins.int]]:
|
|
529
528
|
"""
|
|
530
529
|
In seconds, the default password time-to-live.
|
|
531
530
|
"""
|
|
532
531
|
return pulumi.get(self, "ttl")
|
|
533
532
|
|
|
534
533
|
@ttl.setter
|
|
535
|
-
def ttl(self, value: Optional[pulumi.Input[
|
|
534
|
+
def ttl(self, value: Optional[pulumi.Input[_builtins.int]]):
|
|
536
535
|
pulumi.set(self, "ttl", value)
|
|
537
536
|
|
|
538
|
-
@property
|
|
537
|
+
@_builtins.property
|
|
539
538
|
@pulumi.getter
|
|
540
|
-
def upndomain(self) -> Optional[pulumi.Input[
|
|
539
|
+
def upndomain(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
541
540
|
"""
|
|
542
541
|
Enables userPrincipalDomain login with [username]@UPNDomain.
|
|
543
542
|
"""
|
|
544
543
|
return pulumi.get(self, "upndomain")
|
|
545
544
|
|
|
546
545
|
@upndomain.setter
|
|
547
|
-
def upndomain(self, value: Optional[pulumi.Input[
|
|
546
|
+
def upndomain(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
548
547
|
pulumi.set(self, "upndomain", value)
|
|
549
548
|
|
|
550
|
-
@property
|
|
549
|
+
@_builtins.property
|
|
551
550
|
@pulumi.getter
|
|
552
|
-
def url(self) -> Optional[pulumi.Input[
|
|
551
|
+
def url(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
553
552
|
"""
|
|
554
553
|
LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
|
555
554
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
|
@@ -557,12 +556,12 @@ class SecretBackendArgs:
|
|
|
557
556
|
return pulumi.get(self, "url")
|
|
558
557
|
|
|
559
558
|
@url.setter
|
|
560
|
-
def url(self, value: Optional[pulumi.Input[
|
|
559
|
+
def url(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
561
560
|
pulumi.set(self, "url", value)
|
|
562
561
|
|
|
563
|
-
@property
|
|
562
|
+
@_builtins.property
|
|
564
563
|
@pulumi.getter(name="usePre111GroupCnBehavior")
|
|
565
|
-
def use_pre111_group_cn_behavior(self) -> Optional[pulumi.Input[
|
|
564
|
+
def use_pre111_group_cn_behavior(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
566
565
|
"""
|
|
567
566
|
In Vault 1.1.1 a fix for handling group CN values of
|
|
568
567
|
different cases unfortunately introduced a regression that could cause previously defined groups
|
|
@@ -574,12 +573,12 @@ class SecretBackendArgs:
|
|
|
574
573
|
return pulumi.get(self, "use_pre111_group_cn_behavior")
|
|
575
574
|
|
|
576
575
|
@use_pre111_group_cn_behavior.setter
|
|
577
|
-
def use_pre111_group_cn_behavior(self, value: Optional[pulumi.Input[
|
|
576
|
+
def use_pre111_group_cn_behavior(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
578
577
|
pulumi.set(self, "use_pre111_group_cn_behavior", value)
|
|
579
578
|
|
|
580
|
-
@property
|
|
579
|
+
@_builtins.property
|
|
581
580
|
@pulumi.getter(name="useTokenGroups")
|
|
582
|
-
def use_token_groups(self) -> Optional[pulumi.Input[
|
|
581
|
+
def use_token_groups(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
583
582
|
"""
|
|
584
583
|
If true, use the Active Directory tokenGroups constructed attribute of the
|
|
585
584
|
user to find the group memberships. This will find all security groups including nested ones.
|
|
@@ -587,131 +586,131 @@ class SecretBackendArgs:
|
|
|
587
586
|
return pulumi.get(self, "use_token_groups")
|
|
588
587
|
|
|
589
588
|
@use_token_groups.setter
|
|
590
|
-
def use_token_groups(self, value: Optional[pulumi.Input[
|
|
589
|
+
def use_token_groups(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
591
590
|
pulumi.set(self, "use_token_groups", value)
|
|
592
591
|
|
|
593
|
-
@property
|
|
592
|
+
@_builtins.property
|
|
594
593
|
@pulumi.getter
|
|
595
|
-
def userattr(self) -> Optional[pulumi.Input[
|
|
594
|
+
def userattr(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
596
595
|
"""
|
|
597
596
|
Attribute used when searching users. Defaults to `cn`.
|
|
598
597
|
"""
|
|
599
598
|
return pulumi.get(self, "userattr")
|
|
600
599
|
|
|
601
600
|
@userattr.setter
|
|
602
|
-
def userattr(self, value: Optional[pulumi.Input[
|
|
601
|
+
def userattr(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
603
602
|
pulumi.set(self, "userattr", value)
|
|
604
603
|
|
|
605
|
-
@property
|
|
604
|
+
@_builtins.property
|
|
606
605
|
@pulumi.getter
|
|
607
|
-
def userdn(self) -> Optional[pulumi.Input[
|
|
606
|
+
def userdn(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
608
607
|
"""
|
|
609
608
|
LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
|
610
609
|
"""
|
|
611
610
|
return pulumi.get(self, "userdn")
|
|
612
611
|
|
|
613
612
|
@userdn.setter
|
|
614
|
-
def userdn(self, value: Optional[pulumi.Input[
|
|
613
|
+
def userdn(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
615
614
|
pulumi.set(self, "userdn", value)
|
|
616
615
|
|
|
617
616
|
|
|
618
617
|
@pulumi.input_type
|
|
619
618
|
class _SecretBackendState:
|
|
620
619
|
def __init__(__self__, *,
|
|
621
|
-
anonymous_group_search: Optional[pulumi.Input[
|
|
622
|
-
backend: Optional[pulumi.Input[
|
|
623
|
-
binddn: Optional[pulumi.Input[
|
|
624
|
-
bindpass: Optional[pulumi.Input[
|
|
625
|
-
case_sensitive_names: Optional[pulumi.Input[
|
|
626
|
-
certificate: Optional[pulumi.Input[
|
|
627
|
-
client_tls_cert: Optional[pulumi.Input[
|
|
628
|
-
client_tls_key: Optional[pulumi.Input[
|
|
629
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[
|
|
630
|
-
deny_null_bind: Optional[pulumi.Input[
|
|
631
|
-
description: Optional[pulumi.Input[
|
|
632
|
-
disable_remount: Optional[pulumi.Input[
|
|
633
|
-
discoverdn: Optional[pulumi.Input[
|
|
634
|
-
groupattr: Optional[pulumi.Input[
|
|
635
|
-
groupdn: Optional[pulumi.Input[
|
|
636
|
-
groupfilter: Optional[pulumi.Input[
|
|
637
|
-
insecure_tls: Optional[pulumi.Input[
|
|
638
|
-
last_rotation_tolerance: Optional[pulumi.Input[
|
|
639
|
-
local: Optional[pulumi.Input[
|
|
640
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[
|
|
641
|
-
max_ttl: Optional[pulumi.Input[
|
|
642
|
-
namespace: Optional[pulumi.Input[
|
|
643
|
-
password_policy: Optional[pulumi.Input[
|
|
644
|
-
request_timeout: Optional[pulumi.Input[
|
|
645
|
-
starttls: Optional[pulumi.Input[
|
|
646
|
-
tls_max_version: Optional[pulumi.Input[
|
|
647
|
-
tls_min_version: Optional[pulumi.Input[
|
|
648
|
-
ttl: Optional[pulumi.Input[
|
|
649
|
-
upndomain: Optional[pulumi.Input[
|
|
650
|
-
url: Optional[pulumi.Input[
|
|
651
|
-
use_pre111_group_cn_behavior: Optional[pulumi.Input[
|
|
652
|
-
use_token_groups: Optional[pulumi.Input[
|
|
653
|
-
userattr: Optional[pulumi.Input[
|
|
654
|
-
userdn: Optional[pulumi.Input[
|
|
620
|
+
anonymous_group_search: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
621
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
622
|
+
binddn: Optional[pulumi.Input[_builtins.str]] = None,
|
|
623
|
+
bindpass: Optional[pulumi.Input[_builtins.str]] = None,
|
|
624
|
+
case_sensitive_names: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
625
|
+
certificate: Optional[pulumi.Input[_builtins.str]] = None,
|
|
626
|
+
client_tls_cert: Optional[pulumi.Input[_builtins.str]] = None,
|
|
627
|
+
client_tls_key: Optional[pulumi.Input[_builtins.str]] = None,
|
|
628
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
|
|
629
|
+
deny_null_bind: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
630
|
+
description: Optional[pulumi.Input[_builtins.str]] = None,
|
|
631
|
+
disable_remount: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
632
|
+
discoverdn: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
633
|
+
groupattr: Optional[pulumi.Input[_builtins.str]] = None,
|
|
634
|
+
groupdn: Optional[pulumi.Input[_builtins.str]] = None,
|
|
635
|
+
groupfilter: Optional[pulumi.Input[_builtins.str]] = None,
|
|
636
|
+
insecure_tls: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
637
|
+
last_rotation_tolerance: Optional[pulumi.Input[_builtins.int]] = None,
|
|
638
|
+
local: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
639
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
|
|
640
|
+
max_ttl: Optional[pulumi.Input[_builtins.int]] = None,
|
|
641
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
642
|
+
password_policy: Optional[pulumi.Input[_builtins.str]] = None,
|
|
643
|
+
request_timeout: Optional[pulumi.Input[_builtins.int]] = None,
|
|
644
|
+
starttls: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
645
|
+
tls_max_version: Optional[pulumi.Input[_builtins.str]] = None,
|
|
646
|
+
tls_min_version: Optional[pulumi.Input[_builtins.str]] = None,
|
|
647
|
+
ttl: Optional[pulumi.Input[_builtins.int]] = None,
|
|
648
|
+
upndomain: Optional[pulumi.Input[_builtins.str]] = None,
|
|
649
|
+
url: Optional[pulumi.Input[_builtins.str]] = None,
|
|
650
|
+
use_pre111_group_cn_behavior: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
651
|
+
use_token_groups: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
652
|
+
userattr: Optional[pulumi.Input[_builtins.str]] = None,
|
|
653
|
+
userdn: Optional[pulumi.Input[_builtins.str]] = None):
|
|
655
654
|
"""
|
|
656
655
|
Input properties used for looking up and filtering SecretBackend resources.
|
|
657
|
-
:param pulumi.Input[
|
|
656
|
+
:param pulumi.Input[_builtins.bool] anonymous_group_search: Use anonymous binds when performing LDAP group searches
|
|
658
657
|
(if true the initial credentials will still be used for the initial connection test).
|
|
659
|
-
:param pulumi.Input[
|
|
658
|
+
:param pulumi.Input[_builtins.str] backend: The unique path this backend should be mounted at. Must
|
|
660
659
|
not begin or end with a `/`. Defaults to `ad`.
|
|
661
|
-
:param pulumi.Input[
|
|
662
|
-
:param pulumi.Input[
|
|
663
|
-
:param pulumi.Input[
|
|
660
|
+
:param pulumi.Input[_builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
|
|
661
|
+
:param pulumi.Input[_builtins.str] bindpass: Password to use along with binddn when performing user search.
|
|
662
|
+
:param pulumi.Input[_builtins.bool] case_sensitive_names: If set, user and group names assigned to policies within the
|
|
664
663
|
backend will be case sensitive. Otherwise, names will be normalized to lower case.
|
|
665
|
-
:param pulumi.Input[
|
|
664
|
+
:param pulumi.Input[_builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
|
666
665
|
x509 PEM encoded.
|
|
667
|
-
:param pulumi.Input[
|
|
668
|
-
:param pulumi.Input[
|
|
669
|
-
:param pulumi.Input[
|
|
670
|
-
:param pulumi.Input[
|
|
666
|
+
:param pulumi.Input[_builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
|
667
|
+
:param pulumi.Input[_builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
|
668
|
+
:param pulumi.Input[_builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
|
669
|
+
:param pulumi.Input[_builtins.bool] deny_null_bind: Denies an unauthenticated LDAP bind request if the user's password is empty;
|
|
671
670
|
defaults to true.
|
|
672
|
-
:param pulumi.Input[
|
|
673
|
-
:param pulumi.Input[
|
|
671
|
+
:param pulumi.Input[_builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
|
|
672
|
+
:param pulumi.Input[_builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
|
674
673
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
|
675
|
-
:param pulumi.Input[
|
|
676
|
-
:param pulumi.Input[
|
|
674
|
+
:param pulumi.Input[_builtins.bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
|
|
675
|
+
:param pulumi.Input[_builtins.str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
|
|
677
676
|
user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
|
|
678
|
-
:param pulumi.Input[
|
|
679
|
-
:param pulumi.Input[
|
|
677
|
+
:param pulumi.Input[_builtins.str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
|
|
678
|
+
:param pulumi.Input[_builtins.str] groupfilter: Go template for querying group membership of user (optional) The template can access
|
|
680
679
|
the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
|
|
681
|
-
:param pulumi.Input[
|
|
680
|
+
:param pulumi.Input[_builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
|
682
681
|
Defaults to `false`.
|
|
683
|
-
:param pulumi.Input[
|
|
682
|
+
:param pulumi.Input[_builtins.int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
|
|
684
683
|
shows a later rotation, it should be considered out-of-band
|
|
685
|
-
:param pulumi.Input[
|
|
684
|
+
:param pulumi.Input[_builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
|
686
685
|
replication.Tolerance duration to use when checking the last rotation time.
|
|
687
|
-
:param pulumi.Input[
|
|
688
|
-
:param pulumi.Input[
|
|
689
|
-
:param pulumi.Input[
|
|
686
|
+
:param pulumi.Input[_builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
|
687
|
+
:param pulumi.Input[_builtins.int] max_ttl: In seconds, the maximum password time-to-live.
|
|
688
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
690
689
|
The value should not contain leading or trailing forward slashes.
|
|
691
690
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
692
691
|
*Available only for Vault Enterprise*.
|
|
693
|
-
:param pulumi.Input[
|
|
694
|
-
:param pulumi.Input[
|
|
692
|
+
:param pulumi.Input[_builtins.str] password_policy: Name of the password policy to use to generate passwords.
|
|
693
|
+
:param pulumi.Input[_builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
|
695
694
|
before returning back an error.
|
|
696
|
-
:param pulumi.Input[
|
|
697
|
-
:param pulumi.Input[
|
|
695
|
+
:param pulumi.Input[_builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
|
696
|
+
:param pulumi.Input[_builtins.str] tls_max_version: Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
|
|
698
697
|
`tls12` or `tls13`. Defaults to `tls12`.
|
|
699
|
-
:param pulumi.Input[
|
|
698
|
+
:param pulumi.Input[_builtins.str] tls_min_version: Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
|
|
700
699
|
`tls12` or `tls13`. Defaults to `tls12`.
|
|
701
|
-
:param pulumi.Input[
|
|
702
|
-
:param pulumi.Input[
|
|
703
|
-
:param pulumi.Input[
|
|
700
|
+
:param pulumi.Input[_builtins.int] ttl: In seconds, the default password time-to-live.
|
|
701
|
+
:param pulumi.Input[_builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
|
702
|
+
:param pulumi.Input[_builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
|
704
703
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
|
705
|
-
:param pulumi.Input[
|
|
704
|
+
:param pulumi.Input[_builtins.bool] use_pre111_group_cn_behavior: In Vault 1.1.1 a fix for handling group CN values of
|
|
706
705
|
different cases unfortunately introduced a regression that could cause previously defined groups
|
|
707
706
|
to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
|
|
708
707
|
matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
|
|
709
708
|
compatibility. It is enabled by default if the config is upgraded but disabled by default on
|
|
710
709
|
new configurations.
|
|
711
|
-
:param pulumi.Input[
|
|
710
|
+
:param pulumi.Input[_builtins.bool] use_token_groups: If true, use the Active Directory tokenGroups constructed attribute of the
|
|
712
711
|
user to find the group memberships. This will find all security groups including nested ones.
|
|
713
|
-
:param pulumi.Input[
|
|
714
|
-
:param pulumi.Input[
|
|
712
|
+
:param pulumi.Input[_builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
|
|
713
|
+
:param pulumi.Input[_builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
|
715
714
|
"""
|
|
716
715
|
if anonymous_group_search is not None:
|
|
717
716
|
pulumi.set(__self__, "anonymous_group_search", anonymous_group_search)
|
|
@@ -782,9 +781,9 @@ class _SecretBackendState:
|
|
|
782
781
|
if userdn is not None:
|
|
783
782
|
pulumi.set(__self__, "userdn", userdn)
|
|
784
783
|
|
|
785
|
-
@property
|
|
784
|
+
@_builtins.property
|
|
786
785
|
@pulumi.getter(name="anonymousGroupSearch")
|
|
787
|
-
def anonymous_group_search(self) -> Optional[pulumi.Input[
|
|
786
|
+
def anonymous_group_search(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
788
787
|
"""
|
|
789
788
|
Use anonymous binds when performing LDAP group searches
|
|
790
789
|
(if true the initial credentials will still be used for the initial connection test).
|
|
@@ -792,12 +791,12 @@ class _SecretBackendState:
|
|
|
792
791
|
return pulumi.get(self, "anonymous_group_search")
|
|
793
792
|
|
|
794
793
|
@anonymous_group_search.setter
|
|
795
|
-
def anonymous_group_search(self, value: Optional[pulumi.Input[
|
|
794
|
+
def anonymous_group_search(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
796
795
|
pulumi.set(self, "anonymous_group_search", value)
|
|
797
796
|
|
|
798
|
-
@property
|
|
797
|
+
@_builtins.property
|
|
799
798
|
@pulumi.getter
|
|
800
|
-
def backend(self) -> Optional[pulumi.Input[
|
|
799
|
+
def backend(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
801
800
|
"""
|
|
802
801
|
The unique path this backend should be mounted at. Must
|
|
803
802
|
not begin or end with a `/`. Defaults to `ad`.
|
|
@@ -805,36 +804,36 @@ class _SecretBackendState:
|
|
|
805
804
|
return pulumi.get(self, "backend")
|
|
806
805
|
|
|
807
806
|
@backend.setter
|
|
808
|
-
def backend(self, value: Optional[pulumi.Input[
|
|
807
|
+
def backend(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
809
808
|
pulumi.set(self, "backend", value)
|
|
810
809
|
|
|
811
|
-
@property
|
|
810
|
+
@_builtins.property
|
|
812
811
|
@pulumi.getter
|
|
813
|
-
def binddn(self) -> Optional[pulumi.Input[
|
|
812
|
+
def binddn(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
814
813
|
"""
|
|
815
814
|
Distinguished name of object to bind when performing user and group search.
|
|
816
815
|
"""
|
|
817
816
|
return pulumi.get(self, "binddn")
|
|
818
817
|
|
|
819
818
|
@binddn.setter
|
|
820
|
-
def binddn(self, value: Optional[pulumi.Input[
|
|
819
|
+
def binddn(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
821
820
|
pulumi.set(self, "binddn", value)
|
|
822
821
|
|
|
823
|
-
@property
|
|
822
|
+
@_builtins.property
|
|
824
823
|
@pulumi.getter
|
|
825
|
-
def bindpass(self) -> Optional[pulumi.Input[
|
|
824
|
+
def bindpass(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
826
825
|
"""
|
|
827
826
|
Password to use along with binddn when performing user search.
|
|
828
827
|
"""
|
|
829
828
|
return pulumi.get(self, "bindpass")
|
|
830
829
|
|
|
831
830
|
@bindpass.setter
|
|
832
|
-
def bindpass(self, value: Optional[pulumi.Input[
|
|
831
|
+
def bindpass(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
833
832
|
pulumi.set(self, "bindpass", value)
|
|
834
833
|
|
|
835
|
-
@property
|
|
834
|
+
@_builtins.property
|
|
836
835
|
@pulumi.getter(name="caseSensitiveNames")
|
|
837
|
-
def case_sensitive_names(self) -> Optional[pulumi.Input[
|
|
836
|
+
def case_sensitive_names(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
838
837
|
"""
|
|
839
838
|
If set, user and group names assigned to policies within the
|
|
840
839
|
backend will be case sensitive. Otherwise, names will be normalized to lower case.
|
|
@@ -842,12 +841,12 @@ class _SecretBackendState:
|
|
|
842
841
|
return pulumi.get(self, "case_sensitive_names")
|
|
843
842
|
|
|
844
843
|
@case_sensitive_names.setter
|
|
845
|
-
def case_sensitive_names(self, value: Optional[pulumi.Input[
|
|
844
|
+
def case_sensitive_names(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
846
845
|
pulumi.set(self, "case_sensitive_names", value)
|
|
847
846
|
|
|
848
|
-
@property
|
|
847
|
+
@_builtins.property
|
|
849
848
|
@pulumi.getter
|
|
850
|
-
def certificate(self) -> Optional[pulumi.Input[
|
|
849
|
+
def certificate(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
851
850
|
"""
|
|
852
851
|
CA certificate to use when verifying LDAP server certificate, must be
|
|
853
852
|
x509 PEM encoded.
|
|
@@ -855,48 +854,48 @@ class _SecretBackendState:
|
|
|
855
854
|
return pulumi.get(self, "certificate")
|
|
856
855
|
|
|
857
856
|
@certificate.setter
|
|
858
|
-
def certificate(self, value: Optional[pulumi.Input[
|
|
857
|
+
def certificate(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
859
858
|
pulumi.set(self, "certificate", value)
|
|
860
859
|
|
|
861
|
-
@property
|
|
860
|
+
@_builtins.property
|
|
862
861
|
@pulumi.getter(name="clientTlsCert")
|
|
863
|
-
def client_tls_cert(self) -> Optional[pulumi.Input[
|
|
862
|
+
def client_tls_cert(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
864
863
|
"""
|
|
865
864
|
Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
|
866
865
|
"""
|
|
867
866
|
return pulumi.get(self, "client_tls_cert")
|
|
868
867
|
|
|
869
868
|
@client_tls_cert.setter
|
|
870
|
-
def client_tls_cert(self, value: Optional[pulumi.Input[
|
|
869
|
+
def client_tls_cert(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
871
870
|
pulumi.set(self, "client_tls_cert", value)
|
|
872
871
|
|
|
873
|
-
@property
|
|
872
|
+
@_builtins.property
|
|
874
873
|
@pulumi.getter(name="clientTlsKey")
|
|
875
|
-
def client_tls_key(self) -> Optional[pulumi.Input[
|
|
874
|
+
def client_tls_key(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
876
875
|
"""
|
|
877
876
|
Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
|
878
877
|
"""
|
|
879
878
|
return pulumi.get(self, "client_tls_key")
|
|
880
879
|
|
|
881
880
|
@client_tls_key.setter
|
|
882
|
-
def client_tls_key(self, value: Optional[pulumi.Input[
|
|
881
|
+
def client_tls_key(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
883
882
|
pulumi.set(self, "client_tls_key", value)
|
|
884
883
|
|
|
885
|
-
@property
|
|
884
|
+
@_builtins.property
|
|
886
885
|
@pulumi.getter(name="defaultLeaseTtlSeconds")
|
|
887
|
-
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[
|
|
886
|
+
def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[_builtins.int]]:
|
|
888
887
|
"""
|
|
889
888
|
Default lease duration for secrets in seconds.
|
|
890
889
|
"""
|
|
891
890
|
return pulumi.get(self, "default_lease_ttl_seconds")
|
|
892
891
|
|
|
893
892
|
@default_lease_ttl_seconds.setter
|
|
894
|
-
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[
|
|
893
|
+
def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[_builtins.int]]):
|
|
895
894
|
pulumi.set(self, "default_lease_ttl_seconds", value)
|
|
896
895
|
|
|
897
|
-
@property
|
|
896
|
+
@_builtins.property
|
|
898
897
|
@pulumi.getter(name="denyNullBind")
|
|
899
|
-
def deny_null_bind(self) -> Optional[pulumi.Input[
|
|
898
|
+
def deny_null_bind(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
900
899
|
"""
|
|
901
900
|
Denies an unauthenticated LDAP bind request if the user's password is empty;
|
|
902
901
|
defaults to true.
|
|
@@ -904,24 +903,24 @@ class _SecretBackendState:
|
|
|
904
903
|
return pulumi.get(self, "deny_null_bind")
|
|
905
904
|
|
|
906
905
|
@deny_null_bind.setter
|
|
907
|
-
def deny_null_bind(self, value: Optional[pulumi.Input[
|
|
906
|
+
def deny_null_bind(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
908
907
|
pulumi.set(self, "deny_null_bind", value)
|
|
909
908
|
|
|
910
|
-
@property
|
|
909
|
+
@_builtins.property
|
|
911
910
|
@pulumi.getter
|
|
912
|
-
def description(self) -> Optional[pulumi.Input[
|
|
911
|
+
def description(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
913
912
|
"""
|
|
914
913
|
Human-friendly description of the mount for the Active Directory backend.
|
|
915
914
|
"""
|
|
916
915
|
return pulumi.get(self, "description")
|
|
917
916
|
|
|
918
917
|
@description.setter
|
|
919
|
-
def description(self, value: Optional[pulumi.Input[
|
|
918
|
+
def description(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
920
919
|
pulumi.set(self, "description", value)
|
|
921
920
|
|
|
922
|
-
@property
|
|
921
|
+
@_builtins.property
|
|
923
922
|
@pulumi.getter(name="disableRemount")
|
|
924
|
-
def disable_remount(self) -> Optional[pulumi.Input[
|
|
923
|
+
def disable_remount(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
925
924
|
"""
|
|
926
925
|
If set, opts out of mount migration on path updates.
|
|
927
926
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
|
@@ -929,24 +928,24 @@ class _SecretBackendState:
|
|
|
929
928
|
return pulumi.get(self, "disable_remount")
|
|
930
929
|
|
|
931
930
|
@disable_remount.setter
|
|
932
|
-
def disable_remount(self, value: Optional[pulumi.Input[
|
|
931
|
+
def disable_remount(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
933
932
|
pulumi.set(self, "disable_remount", value)
|
|
934
933
|
|
|
935
|
-
@property
|
|
934
|
+
@_builtins.property
|
|
936
935
|
@pulumi.getter
|
|
937
|
-
def discoverdn(self) -> Optional[pulumi.Input[
|
|
936
|
+
def discoverdn(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
938
937
|
"""
|
|
939
938
|
Use anonymous bind to discover the bind Distinguished Name of a user.
|
|
940
939
|
"""
|
|
941
940
|
return pulumi.get(self, "discoverdn")
|
|
942
941
|
|
|
943
942
|
@discoverdn.setter
|
|
944
|
-
def discoverdn(self, value: Optional[pulumi.Input[
|
|
943
|
+
def discoverdn(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
945
944
|
pulumi.set(self, "discoverdn", value)
|
|
946
945
|
|
|
947
|
-
@property
|
|
946
|
+
@_builtins.property
|
|
948
947
|
@pulumi.getter
|
|
949
|
-
def groupattr(self) -> Optional[pulumi.Input[
|
|
948
|
+
def groupattr(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
950
949
|
"""
|
|
951
950
|
LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
|
|
952
951
|
user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
|
|
@@ -954,24 +953,24 @@ class _SecretBackendState:
|
|
|
954
953
|
return pulumi.get(self, "groupattr")
|
|
955
954
|
|
|
956
955
|
@groupattr.setter
|
|
957
|
-
def groupattr(self, value: Optional[pulumi.Input[
|
|
956
|
+
def groupattr(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
958
957
|
pulumi.set(self, "groupattr", value)
|
|
959
958
|
|
|
960
|
-
@property
|
|
959
|
+
@_builtins.property
|
|
961
960
|
@pulumi.getter
|
|
962
|
-
def groupdn(self) -> Optional[pulumi.Input[
|
|
961
|
+
def groupdn(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
963
962
|
"""
|
|
964
963
|
LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
|
|
965
964
|
"""
|
|
966
965
|
return pulumi.get(self, "groupdn")
|
|
967
966
|
|
|
968
967
|
@groupdn.setter
|
|
969
|
-
def groupdn(self, value: Optional[pulumi.Input[
|
|
968
|
+
def groupdn(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
970
969
|
pulumi.set(self, "groupdn", value)
|
|
971
970
|
|
|
972
|
-
@property
|
|
971
|
+
@_builtins.property
|
|
973
972
|
@pulumi.getter
|
|
974
|
-
def groupfilter(self) -> Optional[pulumi.Input[
|
|
973
|
+
def groupfilter(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
975
974
|
"""
|
|
976
975
|
Go template for querying group membership of user (optional) The template can access
|
|
977
976
|
the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
|
|
@@ -979,12 +978,12 @@ class _SecretBackendState:
|
|
|
979
978
|
return pulumi.get(self, "groupfilter")
|
|
980
979
|
|
|
981
980
|
@groupfilter.setter
|
|
982
|
-
def groupfilter(self, value: Optional[pulumi.Input[
|
|
981
|
+
def groupfilter(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
983
982
|
pulumi.set(self, "groupfilter", value)
|
|
984
983
|
|
|
985
|
-
@property
|
|
984
|
+
@_builtins.property
|
|
986
985
|
@pulumi.getter(name="insecureTls")
|
|
987
|
-
def insecure_tls(self) -> Optional[pulumi.Input[
|
|
986
|
+
def insecure_tls(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
988
987
|
"""
|
|
989
988
|
Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
|
990
989
|
Defaults to `false`.
|
|
@@ -992,12 +991,12 @@ class _SecretBackendState:
|
|
|
992
991
|
return pulumi.get(self, "insecure_tls")
|
|
993
992
|
|
|
994
993
|
@insecure_tls.setter
|
|
995
|
-
def insecure_tls(self, value: Optional[pulumi.Input[
|
|
994
|
+
def insecure_tls(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
996
995
|
pulumi.set(self, "insecure_tls", value)
|
|
997
996
|
|
|
998
|
-
@property
|
|
997
|
+
@_builtins.property
|
|
999
998
|
@pulumi.getter(name="lastRotationTolerance")
|
|
1000
|
-
def last_rotation_tolerance(self) -> Optional[pulumi.Input[
|
|
999
|
+
def last_rotation_tolerance(self) -> Optional[pulumi.Input[_builtins.int]]:
|
|
1001
1000
|
"""
|
|
1002
1001
|
The number of seconds after a Vault rotation where, if Active Directory
|
|
1003
1002
|
shows a later rotation, it should be considered out-of-band
|
|
@@ -1005,12 +1004,12 @@ class _SecretBackendState:
|
|
|
1005
1004
|
return pulumi.get(self, "last_rotation_tolerance")
|
|
1006
1005
|
|
|
1007
1006
|
@last_rotation_tolerance.setter
|
|
1008
|
-
def last_rotation_tolerance(self, value: Optional[pulumi.Input[
|
|
1007
|
+
def last_rotation_tolerance(self, value: Optional[pulumi.Input[_builtins.int]]):
|
|
1009
1008
|
pulumi.set(self, "last_rotation_tolerance", value)
|
|
1010
1009
|
|
|
1011
|
-
@property
|
|
1010
|
+
@_builtins.property
|
|
1012
1011
|
@pulumi.getter
|
|
1013
|
-
def local(self) -> Optional[pulumi.Input[
|
|
1012
|
+
def local(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1014
1013
|
"""
|
|
1015
1014
|
Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
|
1016
1015
|
replication.Tolerance duration to use when checking the last rotation time.
|
|
@@ -1018,36 +1017,36 @@ class _SecretBackendState:
|
|
|
1018
1017
|
return pulumi.get(self, "local")
|
|
1019
1018
|
|
|
1020
1019
|
@local.setter
|
|
1021
|
-
def local(self, value: Optional[pulumi.Input[
|
|
1020
|
+
def local(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1022
1021
|
pulumi.set(self, "local", value)
|
|
1023
1022
|
|
|
1024
|
-
@property
|
|
1023
|
+
@_builtins.property
|
|
1025
1024
|
@pulumi.getter(name="maxLeaseTtlSeconds")
|
|
1026
|
-
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[
|
|
1025
|
+
def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[_builtins.int]]:
|
|
1027
1026
|
"""
|
|
1028
1027
|
Maximum possible lease duration for secrets in seconds.
|
|
1029
1028
|
"""
|
|
1030
1029
|
return pulumi.get(self, "max_lease_ttl_seconds")
|
|
1031
1030
|
|
|
1032
1031
|
@max_lease_ttl_seconds.setter
|
|
1033
|
-
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[
|
|
1032
|
+
def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[_builtins.int]]):
|
|
1034
1033
|
pulumi.set(self, "max_lease_ttl_seconds", value)
|
|
1035
1034
|
|
|
1036
|
-
@property
|
|
1035
|
+
@_builtins.property
|
|
1037
1036
|
@pulumi.getter(name="maxTtl")
|
|
1038
|
-
def max_ttl(self) -> Optional[pulumi.Input[
|
|
1037
|
+
def max_ttl(self) -> Optional[pulumi.Input[_builtins.int]]:
|
|
1039
1038
|
"""
|
|
1040
1039
|
In seconds, the maximum password time-to-live.
|
|
1041
1040
|
"""
|
|
1042
1041
|
return pulumi.get(self, "max_ttl")
|
|
1043
1042
|
|
|
1044
1043
|
@max_ttl.setter
|
|
1045
|
-
def max_ttl(self, value: Optional[pulumi.Input[
|
|
1044
|
+
def max_ttl(self, value: Optional[pulumi.Input[_builtins.int]]):
|
|
1046
1045
|
pulumi.set(self, "max_ttl", value)
|
|
1047
1046
|
|
|
1048
|
-
@property
|
|
1047
|
+
@_builtins.property
|
|
1049
1048
|
@pulumi.getter
|
|
1050
|
-
def namespace(self) -> Optional[pulumi.Input[
|
|
1049
|
+
def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
1051
1050
|
"""
|
|
1052
1051
|
The namespace to provision the resource in.
|
|
1053
1052
|
The value should not contain leading or trailing forward slashes.
|
|
@@ -1057,24 +1056,24 @@ class _SecretBackendState:
|
|
|
1057
1056
|
return pulumi.get(self, "namespace")
|
|
1058
1057
|
|
|
1059
1058
|
@namespace.setter
|
|
1060
|
-
def namespace(self, value: Optional[pulumi.Input[
|
|
1059
|
+
def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
1061
1060
|
pulumi.set(self, "namespace", value)
|
|
1062
1061
|
|
|
1063
|
-
@property
|
|
1062
|
+
@_builtins.property
|
|
1064
1063
|
@pulumi.getter(name="passwordPolicy")
|
|
1065
|
-
def password_policy(self) -> Optional[pulumi.Input[
|
|
1064
|
+
def password_policy(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
1066
1065
|
"""
|
|
1067
1066
|
Name of the password policy to use to generate passwords.
|
|
1068
1067
|
"""
|
|
1069
1068
|
return pulumi.get(self, "password_policy")
|
|
1070
1069
|
|
|
1071
1070
|
@password_policy.setter
|
|
1072
|
-
def password_policy(self, value: Optional[pulumi.Input[
|
|
1071
|
+
def password_policy(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
1073
1072
|
pulumi.set(self, "password_policy", value)
|
|
1074
1073
|
|
|
1075
|
-
@property
|
|
1074
|
+
@_builtins.property
|
|
1076
1075
|
@pulumi.getter(name="requestTimeout")
|
|
1077
|
-
def request_timeout(self) -> Optional[pulumi.Input[
|
|
1076
|
+
def request_timeout(self) -> Optional[pulumi.Input[_builtins.int]]:
|
|
1078
1077
|
"""
|
|
1079
1078
|
Timeout, in seconds, for the connection when making requests against the server
|
|
1080
1079
|
before returning back an error.
|
|
@@ -1082,24 +1081,24 @@ class _SecretBackendState:
|
|
|
1082
1081
|
return pulumi.get(self, "request_timeout")
|
|
1083
1082
|
|
|
1084
1083
|
@request_timeout.setter
|
|
1085
|
-
def request_timeout(self, value: Optional[pulumi.Input[
|
|
1084
|
+
def request_timeout(self, value: Optional[pulumi.Input[_builtins.int]]):
|
|
1086
1085
|
pulumi.set(self, "request_timeout", value)
|
|
1087
1086
|
|
|
1088
|
-
@property
|
|
1087
|
+
@_builtins.property
|
|
1089
1088
|
@pulumi.getter
|
|
1090
|
-
def starttls(self) -> Optional[pulumi.Input[
|
|
1089
|
+
def starttls(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1091
1090
|
"""
|
|
1092
1091
|
Issue a StartTLS command after establishing unencrypted connection.
|
|
1093
1092
|
"""
|
|
1094
1093
|
return pulumi.get(self, "starttls")
|
|
1095
1094
|
|
|
1096
1095
|
@starttls.setter
|
|
1097
|
-
def starttls(self, value: Optional[pulumi.Input[
|
|
1096
|
+
def starttls(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1098
1097
|
pulumi.set(self, "starttls", value)
|
|
1099
1098
|
|
|
1100
|
-
@property
|
|
1099
|
+
@_builtins.property
|
|
1101
1100
|
@pulumi.getter(name="tlsMaxVersion")
|
|
1102
|
-
def tls_max_version(self) -> Optional[pulumi.Input[
|
|
1101
|
+
def tls_max_version(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
1103
1102
|
"""
|
|
1104
1103
|
Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
|
|
1105
1104
|
`tls12` or `tls13`. Defaults to `tls12`.
|
|
@@ -1107,12 +1106,12 @@ class _SecretBackendState:
|
|
|
1107
1106
|
return pulumi.get(self, "tls_max_version")
|
|
1108
1107
|
|
|
1109
1108
|
@tls_max_version.setter
|
|
1110
|
-
def tls_max_version(self, value: Optional[pulumi.Input[
|
|
1109
|
+
def tls_max_version(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
1111
1110
|
pulumi.set(self, "tls_max_version", value)
|
|
1112
1111
|
|
|
1113
|
-
@property
|
|
1112
|
+
@_builtins.property
|
|
1114
1113
|
@pulumi.getter(name="tlsMinVersion")
|
|
1115
|
-
def tls_min_version(self) -> Optional[pulumi.Input[
|
|
1114
|
+
def tls_min_version(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
1116
1115
|
"""
|
|
1117
1116
|
Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
|
|
1118
1117
|
`tls12` or `tls13`. Defaults to `tls12`.
|
|
@@ -1120,36 +1119,36 @@ class _SecretBackendState:
|
|
|
1120
1119
|
return pulumi.get(self, "tls_min_version")
|
|
1121
1120
|
|
|
1122
1121
|
@tls_min_version.setter
|
|
1123
|
-
def tls_min_version(self, value: Optional[pulumi.Input[
|
|
1122
|
+
def tls_min_version(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
1124
1123
|
pulumi.set(self, "tls_min_version", value)
|
|
1125
1124
|
|
|
1126
|
-
@property
|
|
1125
|
+
@_builtins.property
|
|
1127
1126
|
@pulumi.getter
|
|
1128
|
-
def ttl(self) -> Optional[pulumi.Input[
|
|
1127
|
+
def ttl(self) -> Optional[pulumi.Input[_builtins.int]]:
|
|
1129
1128
|
"""
|
|
1130
1129
|
In seconds, the default password time-to-live.
|
|
1131
1130
|
"""
|
|
1132
1131
|
return pulumi.get(self, "ttl")
|
|
1133
1132
|
|
|
1134
1133
|
@ttl.setter
|
|
1135
|
-
def ttl(self, value: Optional[pulumi.Input[
|
|
1134
|
+
def ttl(self, value: Optional[pulumi.Input[_builtins.int]]):
|
|
1136
1135
|
pulumi.set(self, "ttl", value)
|
|
1137
1136
|
|
|
1138
|
-
@property
|
|
1137
|
+
@_builtins.property
|
|
1139
1138
|
@pulumi.getter
|
|
1140
|
-
def upndomain(self) -> Optional[pulumi.Input[
|
|
1139
|
+
def upndomain(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
1141
1140
|
"""
|
|
1142
1141
|
Enables userPrincipalDomain login with [username]@UPNDomain.
|
|
1143
1142
|
"""
|
|
1144
1143
|
return pulumi.get(self, "upndomain")
|
|
1145
1144
|
|
|
1146
1145
|
@upndomain.setter
|
|
1147
|
-
def upndomain(self, value: Optional[pulumi.Input[
|
|
1146
|
+
def upndomain(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
1148
1147
|
pulumi.set(self, "upndomain", value)
|
|
1149
1148
|
|
|
1150
|
-
@property
|
|
1149
|
+
@_builtins.property
|
|
1151
1150
|
@pulumi.getter
|
|
1152
|
-
def url(self) -> Optional[pulumi.Input[
|
|
1151
|
+
def url(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
1153
1152
|
"""
|
|
1154
1153
|
LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
|
1155
1154
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
|
@@ -1157,12 +1156,12 @@ class _SecretBackendState:
|
|
|
1157
1156
|
return pulumi.get(self, "url")
|
|
1158
1157
|
|
|
1159
1158
|
@url.setter
|
|
1160
|
-
def url(self, value: Optional[pulumi.Input[
|
|
1159
|
+
def url(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
1161
1160
|
pulumi.set(self, "url", value)
|
|
1162
1161
|
|
|
1163
|
-
@property
|
|
1162
|
+
@_builtins.property
|
|
1164
1163
|
@pulumi.getter(name="usePre111GroupCnBehavior")
|
|
1165
|
-
def use_pre111_group_cn_behavior(self) -> Optional[pulumi.Input[
|
|
1164
|
+
def use_pre111_group_cn_behavior(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1166
1165
|
"""
|
|
1167
1166
|
In Vault 1.1.1 a fix for handling group CN values of
|
|
1168
1167
|
different cases unfortunately introduced a regression that could cause previously defined groups
|
|
@@ -1174,12 +1173,12 @@ class _SecretBackendState:
|
|
|
1174
1173
|
return pulumi.get(self, "use_pre111_group_cn_behavior")
|
|
1175
1174
|
|
|
1176
1175
|
@use_pre111_group_cn_behavior.setter
|
|
1177
|
-
def use_pre111_group_cn_behavior(self, value: Optional[pulumi.Input[
|
|
1176
|
+
def use_pre111_group_cn_behavior(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1178
1177
|
pulumi.set(self, "use_pre111_group_cn_behavior", value)
|
|
1179
1178
|
|
|
1180
|
-
@property
|
|
1179
|
+
@_builtins.property
|
|
1181
1180
|
@pulumi.getter(name="useTokenGroups")
|
|
1182
|
-
def use_token_groups(self) -> Optional[pulumi.Input[
|
|
1181
|
+
def use_token_groups(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1183
1182
|
"""
|
|
1184
1183
|
If true, use the Active Directory tokenGroups constructed attribute of the
|
|
1185
1184
|
user to find the group memberships. This will find all security groups including nested ones.
|
|
@@ -1187,31 +1186,31 @@ class _SecretBackendState:
|
|
|
1187
1186
|
return pulumi.get(self, "use_token_groups")
|
|
1188
1187
|
|
|
1189
1188
|
@use_token_groups.setter
|
|
1190
|
-
def use_token_groups(self, value: Optional[pulumi.Input[
|
|
1189
|
+
def use_token_groups(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1191
1190
|
pulumi.set(self, "use_token_groups", value)
|
|
1192
1191
|
|
|
1193
|
-
@property
|
|
1192
|
+
@_builtins.property
|
|
1194
1193
|
@pulumi.getter
|
|
1195
|
-
def userattr(self) -> Optional[pulumi.Input[
|
|
1194
|
+
def userattr(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
1196
1195
|
"""
|
|
1197
1196
|
Attribute used when searching users. Defaults to `cn`.
|
|
1198
1197
|
"""
|
|
1199
1198
|
return pulumi.get(self, "userattr")
|
|
1200
1199
|
|
|
1201
1200
|
@userattr.setter
|
|
1202
|
-
def userattr(self, value: Optional[pulumi.Input[
|
|
1201
|
+
def userattr(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
1203
1202
|
pulumi.set(self, "userattr", value)
|
|
1204
1203
|
|
|
1205
|
-
@property
|
|
1204
|
+
@_builtins.property
|
|
1206
1205
|
@pulumi.getter
|
|
1207
|
-
def userdn(self) -> Optional[pulumi.Input[
|
|
1206
|
+
def userdn(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
1208
1207
|
"""
|
|
1209
1208
|
LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
|
1210
1209
|
"""
|
|
1211
1210
|
return pulumi.get(self, "userdn")
|
|
1212
1211
|
|
|
1213
1212
|
@userdn.setter
|
|
1214
|
-
def userdn(self, value: Optional[pulumi.Input[
|
|
1213
|
+
def userdn(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
1215
1214
|
pulumi.set(self, "userdn", value)
|
|
1216
1215
|
|
|
1217
1216
|
|
|
@@ -1221,40 +1220,40 @@ class SecretBackend(pulumi.CustomResource):
|
|
|
1221
1220
|
def __init__(__self__,
|
|
1222
1221
|
resource_name: str,
|
|
1223
1222
|
opts: Optional[pulumi.ResourceOptions] = None,
|
|
1224
|
-
anonymous_group_search: Optional[pulumi.Input[
|
|
1225
|
-
backend: Optional[pulumi.Input[
|
|
1226
|
-
binddn: Optional[pulumi.Input[
|
|
1227
|
-
bindpass: Optional[pulumi.Input[
|
|
1228
|
-
case_sensitive_names: Optional[pulumi.Input[
|
|
1229
|
-
certificate: Optional[pulumi.Input[
|
|
1230
|
-
client_tls_cert: Optional[pulumi.Input[
|
|
1231
|
-
client_tls_key: Optional[pulumi.Input[
|
|
1232
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[
|
|
1233
|
-
deny_null_bind: Optional[pulumi.Input[
|
|
1234
|
-
description: Optional[pulumi.Input[
|
|
1235
|
-
disable_remount: Optional[pulumi.Input[
|
|
1236
|
-
discoverdn: Optional[pulumi.Input[
|
|
1237
|
-
groupattr: Optional[pulumi.Input[
|
|
1238
|
-
groupdn: Optional[pulumi.Input[
|
|
1239
|
-
groupfilter: Optional[pulumi.Input[
|
|
1240
|
-
insecure_tls: Optional[pulumi.Input[
|
|
1241
|
-
last_rotation_tolerance: Optional[pulumi.Input[
|
|
1242
|
-
local: Optional[pulumi.Input[
|
|
1243
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[
|
|
1244
|
-
max_ttl: Optional[pulumi.Input[
|
|
1245
|
-
namespace: Optional[pulumi.Input[
|
|
1246
|
-
password_policy: Optional[pulumi.Input[
|
|
1247
|
-
request_timeout: Optional[pulumi.Input[
|
|
1248
|
-
starttls: Optional[pulumi.Input[
|
|
1249
|
-
tls_max_version: Optional[pulumi.Input[
|
|
1250
|
-
tls_min_version: Optional[pulumi.Input[
|
|
1251
|
-
ttl: Optional[pulumi.Input[
|
|
1252
|
-
upndomain: Optional[pulumi.Input[
|
|
1253
|
-
url: Optional[pulumi.Input[
|
|
1254
|
-
use_pre111_group_cn_behavior: Optional[pulumi.Input[
|
|
1255
|
-
use_token_groups: Optional[pulumi.Input[
|
|
1256
|
-
userattr: Optional[pulumi.Input[
|
|
1257
|
-
userdn: Optional[pulumi.Input[
|
|
1223
|
+
anonymous_group_search: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1224
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1225
|
+
binddn: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1226
|
+
bindpass: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1227
|
+
case_sensitive_names: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1228
|
+
certificate: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1229
|
+
client_tls_cert: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1230
|
+
client_tls_key: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1231
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
|
|
1232
|
+
deny_null_bind: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1233
|
+
description: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1234
|
+
disable_remount: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1235
|
+
discoverdn: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1236
|
+
groupattr: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1237
|
+
groupdn: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1238
|
+
groupfilter: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1239
|
+
insecure_tls: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1240
|
+
last_rotation_tolerance: Optional[pulumi.Input[_builtins.int]] = None,
|
|
1241
|
+
local: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1242
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
|
|
1243
|
+
max_ttl: Optional[pulumi.Input[_builtins.int]] = None,
|
|
1244
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1245
|
+
password_policy: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1246
|
+
request_timeout: Optional[pulumi.Input[_builtins.int]] = None,
|
|
1247
|
+
starttls: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1248
|
+
tls_max_version: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1249
|
+
tls_min_version: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1250
|
+
ttl: Optional[pulumi.Input[_builtins.int]] = None,
|
|
1251
|
+
upndomain: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1252
|
+
url: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1253
|
+
use_pre111_group_cn_behavior: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1254
|
+
use_token_groups: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1255
|
+
userattr: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1256
|
+
userdn: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1258
1257
|
__props__=None):
|
|
1259
1258
|
"""
|
|
1260
1259
|
## Example Usage
|
|
@@ -1282,64 +1281,64 @@ class SecretBackend(pulumi.CustomResource):
|
|
|
1282
1281
|
|
|
1283
1282
|
:param str resource_name: The name of the resource.
|
|
1284
1283
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
|
1285
|
-
:param pulumi.Input[
|
|
1284
|
+
:param pulumi.Input[_builtins.bool] anonymous_group_search: Use anonymous binds when performing LDAP group searches
|
|
1286
1285
|
(if true the initial credentials will still be used for the initial connection test).
|
|
1287
|
-
:param pulumi.Input[
|
|
1286
|
+
:param pulumi.Input[_builtins.str] backend: The unique path this backend should be mounted at. Must
|
|
1288
1287
|
not begin or end with a `/`. Defaults to `ad`.
|
|
1289
|
-
:param pulumi.Input[
|
|
1290
|
-
:param pulumi.Input[
|
|
1291
|
-
:param pulumi.Input[
|
|
1288
|
+
:param pulumi.Input[_builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
|
|
1289
|
+
:param pulumi.Input[_builtins.str] bindpass: Password to use along with binddn when performing user search.
|
|
1290
|
+
:param pulumi.Input[_builtins.bool] case_sensitive_names: If set, user and group names assigned to policies within the
|
|
1292
1291
|
backend will be case sensitive. Otherwise, names will be normalized to lower case.
|
|
1293
|
-
:param pulumi.Input[
|
|
1292
|
+
:param pulumi.Input[_builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
|
1294
1293
|
x509 PEM encoded.
|
|
1295
|
-
:param pulumi.Input[
|
|
1296
|
-
:param pulumi.Input[
|
|
1297
|
-
:param pulumi.Input[
|
|
1298
|
-
:param pulumi.Input[
|
|
1294
|
+
:param pulumi.Input[_builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
|
1295
|
+
:param pulumi.Input[_builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
|
1296
|
+
:param pulumi.Input[_builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
|
1297
|
+
:param pulumi.Input[_builtins.bool] deny_null_bind: Denies an unauthenticated LDAP bind request if the user's password is empty;
|
|
1299
1298
|
defaults to true.
|
|
1300
|
-
:param pulumi.Input[
|
|
1301
|
-
:param pulumi.Input[
|
|
1299
|
+
:param pulumi.Input[_builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
|
|
1300
|
+
:param pulumi.Input[_builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
|
1302
1301
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
|
1303
|
-
:param pulumi.Input[
|
|
1304
|
-
:param pulumi.Input[
|
|
1302
|
+
:param pulumi.Input[_builtins.bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
|
|
1303
|
+
:param pulumi.Input[_builtins.str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
|
|
1305
1304
|
user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
|
|
1306
|
-
:param pulumi.Input[
|
|
1307
|
-
:param pulumi.Input[
|
|
1305
|
+
:param pulumi.Input[_builtins.str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
|
|
1306
|
+
:param pulumi.Input[_builtins.str] groupfilter: Go template for querying group membership of user (optional) The template can access
|
|
1308
1307
|
the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
|
|
1309
|
-
:param pulumi.Input[
|
|
1308
|
+
:param pulumi.Input[_builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
|
1310
1309
|
Defaults to `false`.
|
|
1311
|
-
:param pulumi.Input[
|
|
1310
|
+
:param pulumi.Input[_builtins.int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
|
|
1312
1311
|
shows a later rotation, it should be considered out-of-band
|
|
1313
|
-
:param pulumi.Input[
|
|
1312
|
+
:param pulumi.Input[_builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
|
1314
1313
|
replication.Tolerance duration to use when checking the last rotation time.
|
|
1315
|
-
:param pulumi.Input[
|
|
1316
|
-
:param pulumi.Input[
|
|
1317
|
-
:param pulumi.Input[
|
|
1314
|
+
:param pulumi.Input[_builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
|
1315
|
+
:param pulumi.Input[_builtins.int] max_ttl: In seconds, the maximum password time-to-live.
|
|
1316
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
1318
1317
|
The value should not contain leading or trailing forward slashes.
|
|
1319
1318
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
1320
1319
|
*Available only for Vault Enterprise*.
|
|
1321
|
-
:param pulumi.Input[
|
|
1322
|
-
:param pulumi.Input[
|
|
1320
|
+
:param pulumi.Input[_builtins.str] password_policy: Name of the password policy to use to generate passwords.
|
|
1321
|
+
:param pulumi.Input[_builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
|
1323
1322
|
before returning back an error.
|
|
1324
|
-
:param pulumi.Input[
|
|
1325
|
-
:param pulumi.Input[
|
|
1323
|
+
:param pulumi.Input[_builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
|
1324
|
+
:param pulumi.Input[_builtins.str] tls_max_version: Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
|
|
1326
1325
|
`tls12` or `tls13`. Defaults to `tls12`.
|
|
1327
|
-
:param pulumi.Input[
|
|
1326
|
+
:param pulumi.Input[_builtins.str] tls_min_version: Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
|
|
1328
1327
|
`tls12` or `tls13`. Defaults to `tls12`.
|
|
1329
|
-
:param pulumi.Input[
|
|
1330
|
-
:param pulumi.Input[
|
|
1331
|
-
:param pulumi.Input[
|
|
1328
|
+
:param pulumi.Input[_builtins.int] ttl: In seconds, the default password time-to-live.
|
|
1329
|
+
:param pulumi.Input[_builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
|
1330
|
+
:param pulumi.Input[_builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
|
1332
1331
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
|
1333
|
-
:param pulumi.Input[
|
|
1332
|
+
:param pulumi.Input[_builtins.bool] use_pre111_group_cn_behavior: In Vault 1.1.1 a fix for handling group CN values of
|
|
1334
1333
|
different cases unfortunately introduced a regression that could cause previously defined groups
|
|
1335
1334
|
to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
|
|
1336
1335
|
matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
|
|
1337
1336
|
compatibility. It is enabled by default if the config is upgraded but disabled by default on
|
|
1338
1337
|
new configurations.
|
|
1339
|
-
:param pulumi.Input[
|
|
1338
|
+
:param pulumi.Input[_builtins.bool] use_token_groups: If true, use the Active Directory tokenGroups constructed attribute of the
|
|
1340
1339
|
user to find the group memberships. This will find all security groups including nested ones.
|
|
1341
|
-
:param pulumi.Input[
|
|
1342
|
-
:param pulumi.Input[
|
|
1340
|
+
:param pulumi.Input[_builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
|
|
1341
|
+
:param pulumi.Input[_builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
|
1343
1342
|
"""
|
|
1344
1343
|
...
|
|
1345
1344
|
@overload
|
|
@@ -1386,40 +1385,40 @@ class SecretBackend(pulumi.CustomResource):
|
|
|
1386
1385
|
def _internal_init(__self__,
|
|
1387
1386
|
resource_name: str,
|
|
1388
1387
|
opts: Optional[pulumi.ResourceOptions] = None,
|
|
1389
|
-
anonymous_group_search: Optional[pulumi.Input[
|
|
1390
|
-
backend: Optional[pulumi.Input[
|
|
1391
|
-
binddn: Optional[pulumi.Input[
|
|
1392
|
-
bindpass: Optional[pulumi.Input[
|
|
1393
|
-
case_sensitive_names: Optional[pulumi.Input[
|
|
1394
|
-
certificate: Optional[pulumi.Input[
|
|
1395
|
-
client_tls_cert: Optional[pulumi.Input[
|
|
1396
|
-
client_tls_key: Optional[pulumi.Input[
|
|
1397
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[
|
|
1398
|
-
deny_null_bind: Optional[pulumi.Input[
|
|
1399
|
-
description: Optional[pulumi.Input[
|
|
1400
|
-
disable_remount: Optional[pulumi.Input[
|
|
1401
|
-
discoverdn: Optional[pulumi.Input[
|
|
1402
|
-
groupattr: Optional[pulumi.Input[
|
|
1403
|
-
groupdn: Optional[pulumi.Input[
|
|
1404
|
-
groupfilter: Optional[pulumi.Input[
|
|
1405
|
-
insecure_tls: Optional[pulumi.Input[
|
|
1406
|
-
last_rotation_tolerance: Optional[pulumi.Input[
|
|
1407
|
-
local: Optional[pulumi.Input[
|
|
1408
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[
|
|
1409
|
-
max_ttl: Optional[pulumi.Input[
|
|
1410
|
-
namespace: Optional[pulumi.Input[
|
|
1411
|
-
password_policy: Optional[pulumi.Input[
|
|
1412
|
-
request_timeout: Optional[pulumi.Input[
|
|
1413
|
-
starttls: Optional[pulumi.Input[
|
|
1414
|
-
tls_max_version: Optional[pulumi.Input[
|
|
1415
|
-
tls_min_version: Optional[pulumi.Input[
|
|
1416
|
-
ttl: Optional[pulumi.Input[
|
|
1417
|
-
upndomain: Optional[pulumi.Input[
|
|
1418
|
-
url: Optional[pulumi.Input[
|
|
1419
|
-
use_pre111_group_cn_behavior: Optional[pulumi.Input[
|
|
1420
|
-
use_token_groups: Optional[pulumi.Input[
|
|
1421
|
-
userattr: Optional[pulumi.Input[
|
|
1422
|
-
userdn: Optional[pulumi.Input[
|
|
1388
|
+
anonymous_group_search: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1389
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1390
|
+
binddn: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1391
|
+
bindpass: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1392
|
+
case_sensitive_names: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1393
|
+
certificate: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1394
|
+
client_tls_cert: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1395
|
+
client_tls_key: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1396
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
|
|
1397
|
+
deny_null_bind: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1398
|
+
description: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1399
|
+
disable_remount: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1400
|
+
discoverdn: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1401
|
+
groupattr: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1402
|
+
groupdn: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1403
|
+
groupfilter: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1404
|
+
insecure_tls: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1405
|
+
last_rotation_tolerance: Optional[pulumi.Input[_builtins.int]] = None,
|
|
1406
|
+
local: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1407
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
|
|
1408
|
+
max_ttl: Optional[pulumi.Input[_builtins.int]] = None,
|
|
1409
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1410
|
+
password_policy: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1411
|
+
request_timeout: Optional[pulumi.Input[_builtins.int]] = None,
|
|
1412
|
+
starttls: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1413
|
+
tls_max_version: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1414
|
+
tls_min_version: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1415
|
+
ttl: Optional[pulumi.Input[_builtins.int]] = None,
|
|
1416
|
+
upndomain: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1417
|
+
url: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1418
|
+
use_pre111_group_cn_behavior: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1419
|
+
use_token_groups: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1420
|
+
userattr: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1421
|
+
userdn: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1423
1422
|
__props__=None):
|
|
1424
1423
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
|
1425
1424
|
if not isinstance(opts, pulumi.ResourceOptions):
|
|
@@ -1479,40 +1478,40 @@ class SecretBackend(pulumi.CustomResource):
|
|
|
1479
1478
|
def get(resource_name: str,
|
|
1480
1479
|
id: pulumi.Input[str],
|
|
1481
1480
|
opts: Optional[pulumi.ResourceOptions] = None,
|
|
1482
|
-
anonymous_group_search: Optional[pulumi.Input[
|
|
1483
|
-
backend: Optional[pulumi.Input[
|
|
1484
|
-
binddn: Optional[pulumi.Input[
|
|
1485
|
-
bindpass: Optional[pulumi.Input[
|
|
1486
|
-
case_sensitive_names: Optional[pulumi.Input[
|
|
1487
|
-
certificate: Optional[pulumi.Input[
|
|
1488
|
-
client_tls_cert: Optional[pulumi.Input[
|
|
1489
|
-
client_tls_key: Optional[pulumi.Input[
|
|
1490
|
-
default_lease_ttl_seconds: Optional[pulumi.Input[
|
|
1491
|
-
deny_null_bind: Optional[pulumi.Input[
|
|
1492
|
-
description: Optional[pulumi.Input[
|
|
1493
|
-
disable_remount: Optional[pulumi.Input[
|
|
1494
|
-
discoverdn: Optional[pulumi.Input[
|
|
1495
|
-
groupattr: Optional[pulumi.Input[
|
|
1496
|
-
groupdn: Optional[pulumi.Input[
|
|
1497
|
-
groupfilter: Optional[pulumi.Input[
|
|
1498
|
-
insecure_tls: Optional[pulumi.Input[
|
|
1499
|
-
last_rotation_tolerance: Optional[pulumi.Input[
|
|
1500
|
-
local: Optional[pulumi.Input[
|
|
1501
|
-
max_lease_ttl_seconds: Optional[pulumi.Input[
|
|
1502
|
-
max_ttl: Optional[pulumi.Input[
|
|
1503
|
-
namespace: Optional[pulumi.Input[
|
|
1504
|
-
password_policy: Optional[pulumi.Input[
|
|
1505
|
-
request_timeout: Optional[pulumi.Input[
|
|
1506
|
-
starttls: Optional[pulumi.Input[
|
|
1507
|
-
tls_max_version: Optional[pulumi.Input[
|
|
1508
|
-
tls_min_version: Optional[pulumi.Input[
|
|
1509
|
-
ttl: Optional[pulumi.Input[
|
|
1510
|
-
upndomain: Optional[pulumi.Input[
|
|
1511
|
-
url: Optional[pulumi.Input[
|
|
1512
|
-
use_pre111_group_cn_behavior: Optional[pulumi.Input[
|
|
1513
|
-
use_token_groups: Optional[pulumi.Input[
|
|
1514
|
-
userattr: Optional[pulumi.Input[
|
|
1515
|
-
userdn: Optional[pulumi.Input[
|
|
1481
|
+
anonymous_group_search: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1482
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1483
|
+
binddn: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1484
|
+
bindpass: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1485
|
+
case_sensitive_names: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1486
|
+
certificate: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1487
|
+
client_tls_cert: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1488
|
+
client_tls_key: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1489
|
+
default_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
|
|
1490
|
+
deny_null_bind: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1491
|
+
description: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1492
|
+
disable_remount: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1493
|
+
discoverdn: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1494
|
+
groupattr: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1495
|
+
groupdn: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1496
|
+
groupfilter: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1497
|
+
insecure_tls: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1498
|
+
last_rotation_tolerance: Optional[pulumi.Input[_builtins.int]] = None,
|
|
1499
|
+
local: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1500
|
+
max_lease_ttl_seconds: Optional[pulumi.Input[_builtins.int]] = None,
|
|
1501
|
+
max_ttl: Optional[pulumi.Input[_builtins.int]] = None,
|
|
1502
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1503
|
+
password_policy: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1504
|
+
request_timeout: Optional[pulumi.Input[_builtins.int]] = None,
|
|
1505
|
+
starttls: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1506
|
+
tls_max_version: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1507
|
+
tls_min_version: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1508
|
+
ttl: Optional[pulumi.Input[_builtins.int]] = None,
|
|
1509
|
+
upndomain: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1510
|
+
url: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1511
|
+
use_pre111_group_cn_behavior: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1512
|
+
use_token_groups: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1513
|
+
userattr: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1514
|
+
userdn: Optional[pulumi.Input[_builtins.str]] = None) -> 'SecretBackend':
|
|
1516
1515
|
"""
|
|
1517
1516
|
Get an existing SecretBackend resource's state with the given name, id, and optional extra
|
|
1518
1517
|
properties used to qualify the lookup.
|
|
@@ -1520,64 +1519,64 @@ class SecretBackend(pulumi.CustomResource):
|
|
|
1520
1519
|
:param str resource_name: The unique name of the resulting resource.
|
|
1521
1520
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
|
1522
1521
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
|
1523
|
-
:param pulumi.Input[
|
|
1522
|
+
:param pulumi.Input[_builtins.bool] anonymous_group_search: Use anonymous binds when performing LDAP group searches
|
|
1524
1523
|
(if true the initial credentials will still be used for the initial connection test).
|
|
1525
|
-
:param pulumi.Input[
|
|
1524
|
+
:param pulumi.Input[_builtins.str] backend: The unique path this backend should be mounted at. Must
|
|
1526
1525
|
not begin or end with a `/`. Defaults to `ad`.
|
|
1527
|
-
:param pulumi.Input[
|
|
1528
|
-
:param pulumi.Input[
|
|
1529
|
-
:param pulumi.Input[
|
|
1526
|
+
:param pulumi.Input[_builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
|
|
1527
|
+
:param pulumi.Input[_builtins.str] bindpass: Password to use along with binddn when performing user search.
|
|
1528
|
+
:param pulumi.Input[_builtins.bool] case_sensitive_names: If set, user and group names assigned to policies within the
|
|
1530
1529
|
backend will be case sensitive. Otherwise, names will be normalized to lower case.
|
|
1531
|
-
:param pulumi.Input[
|
|
1530
|
+
:param pulumi.Input[_builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
|
|
1532
1531
|
x509 PEM encoded.
|
|
1533
|
-
:param pulumi.Input[
|
|
1534
|
-
:param pulumi.Input[
|
|
1535
|
-
:param pulumi.Input[
|
|
1536
|
-
:param pulumi.Input[
|
|
1532
|
+
:param pulumi.Input[_builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
|
1533
|
+
:param pulumi.Input[_builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
|
1534
|
+
:param pulumi.Input[_builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
|
|
1535
|
+
:param pulumi.Input[_builtins.bool] deny_null_bind: Denies an unauthenticated LDAP bind request if the user's password is empty;
|
|
1537
1536
|
defaults to true.
|
|
1538
|
-
:param pulumi.Input[
|
|
1539
|
-
:param pulumi.Input[
|
|
1537
|
+
:param pulumi.Input[_builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
|
|
1538
|
+
:param pulumi.Input[_builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
|
1540
1539
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
|
1541
|
-
:param pulumi.Input[
|
|
1542
|
-
:param pulumi.Input[
|
|
1540
|
+
:param pulumi.Input[_builtins.bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
|
|
1541
|
+
:param pulumi.Input[_builtins.str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
|
|
1543
1542
|
user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
|
|
1544
|
-
:param pulumi.Input[
|
|
1545
|
-
:param pulumi.Input[
|
|
1543
|
+
:param pulumi.Input[_builtins.str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
|
|
1544
|
+
:param pulumi.Input[_builtins.str] groupfilter: Go template for querying group membership of user (optional) The template can access
|
|
1546
1545
|
the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
|
|
1547
|
-
:param pulumi.Input[
|
|
1546
|
+
:param pulumi.Input[_builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
|
1548
1547
|
Defaults to `false`.
|
|
1549
|
-
:param pulumi.Input[
|
|
1548
|
+
:param pulumi.Input[_builtins.int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
|
|
1550
1549
|
shows a later rotation, it should be considered out-of-band
|
|
1551
|
-
:param pulumi.Input[
|
|
1550
|
+
:param pulumi.Input[_builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
|
1552
1551
|
replication.Tolerance duration to use when checking the last rotation time.
|
|
1553
|
-
:param pulumi.Input[
|
|
1554
|
-
:param pulumi.Input[
|
|
1555
|
-
:param pulumi.Input[
|
|
1552
|
+
:param pulumi.Input[_builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
|
|
1553
|
+
:param pulumi.Input[_builtins.int] max_ttl: In seconds, the maximum password time-to-live.
|
|
1554
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
1556
1555
|
The value should not contain leading or trailing forward slashes.
|
|
1557
1556
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
1558
1557
|
*Available only for Vault Enterprise*.
|
|
1559
|
-
:param pulumi.Input[
|
|
1560
|
-
:param pulumi.Input[
|
|
1558
|
+
:param pulumi.Input[_builtins.str] password_policy: Name of the password policy to use to generate passwords.
|
|
1559
|
+
:param pulumi.Input[_builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
|
|
1561
1560
|
before returning back an error.
|
|
1562
|
-
:param pulumi.Input[
|
|
1563
|
-
:param pulumi.Input[
|
|
1561
|
+
:param pulumi.Input[_builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
|
|
1562
|
+
:param pulumi.Input[_builtins.str] tls_max_version: Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
|
|
1564
1563
|
`tls12` or `tls13`. Defaults to `tls12`.
|
|
1565
|
-
:param pulumi.Input[
|
|
1564
|
+
:param pulumi.Input[_builtins.str] tls_min_version: Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
|
|
1566
1565
|
`tls12` or `tls13`. Defaults to `tls12`.
|
|
1567
|
-
:param pulumi.Input[
|
|
1568
|
-
:param pulumi.Input[
|
|
1569
|
-
:param pulumi.Input[
|
|
1566
|
+
:param pulumi.Input[_builtins.int] ttl: In seconds, the default password time-to-live.
|
|
1567
|
+
:param pulumi.Input[_builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
|
|
1568
|
+
:param pulumi.Input[_builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
|
1570
1569
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
|
1571
|
-
:param pulumi.Input[
|
|
1570
|
+
:param pulumi.Input[_builtins.bool] use_pre111_group_cn_behavior: In Vault 1.1.1 a fix for handling group CN values of
|
|
1572
1571
|
different cases unfortunately introduced a regression that could cause previously defined groups
|
|
1573
1572
|
to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
|
|
1574
1573
|
matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
|
|
1575
1574
|
compatibility. It is enabled by default if the config is upgraded but disabled by default on
|
|
1576
1575
|
new configurations.
|
|
1577
|
-
:param pulumi.Input[
|
|
1576
|
+
:param pulumi.Input[_builtins.bool] use_token_groups: If true, use the Active Directory tokenGroups constructed attribute of the
|
|
1578
1577
|
user to find the group memberships. This will find all security groups including nested ones.
|
|
1579
|
-
:param pulumi.Input[
|
|
1580
|
-
:param pulumi.Input[
|
|
1578
|
+
:param pulumi.Input[_builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
|
|
1579
|
+
:param pulumi.Input[_builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
|
1581
1580
|
"""
|
|
1582
1581
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
|
1583
1582
|
|
|
@@ -1619,188 +1618,188 @@ class SecretBackend(pulumi.CustomResource):
|
|
|
1619
1618
|
__props__.__dict__["userdn"] = userdn
|
|
1620
1619
|
return SecretBackend(resource_name, opts=opts, __props__=__props__)
|
|
1621
1620
|
|
|
1622
|
-
@property
|
|
1621
|
+
@_builtins.property
|
|
1623
1622
|
@pulumi.getter(name="anonymousGroupSearch")
|
|
1624
|
-
def anonymous_group_search(self) -> pulumi.Output[Optional[
|
|
1623
|
+
def anonymous_group_search(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
1625
1624
|
"""
|
|
1626
1625
|
Use anonymous binds when performing LDAP group searches
|
|
1627
1626
|
(if true the initial credentials will still be used for the initial connection test).
|
|
1628
1627
|
"""
|
|
1629
1628
|
return pulumi.get(self, "anonymous_group_search")
|
|
1630
1629
|
|
|
1631
|
-
@property
|
|
1630
|
+
@_builtins.property
|
|
1632
1631
|
@pulumi.getter
|
|
1633
|
-
def backend(self) -> pulumi.Output[Optional[
|
|
1632
|
+
def backend(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1634
1633
|
"""
|
|
1635
1634
|
The unique path this backend should be mounted at. Must
|
|
1636
1635
|
not begin or end with a `/`. Defaults to `ad`.
|
|
1637
1636
|
"""
|
|
1638
1637
|
return pulumi.get(self, "backend")
|
|
1639
1638
|
|
|
1640
|
-
@property
|
|
1639
|
+
@_builtins.property
|
|
1641
1640
|
@pulumi.getter
|
|
1642
|
-
def binddn(self) -> pulumi.Output[
|
|
1641
|
+
def binddn(self) -> pulumi.Output[_builtins.str]:
|
|
1643
1642
|
"""
|
|
1644
1643
|
Distinguished name of object to bind when performing user and group search.
|
|
1645
1644
|
"""
|
|
1646
1645
|
return pulumi.get(self, "binddn")
|
|
1647
1646
|
|
|
1648
|
-
@property
|
|
1647
|
+
@_builtins.property
|
|
1649
1648
|
@pulumi.getter
|
|
1650
|
-
def bindpass(self) -> pulumi.Output[
|
|
1649
|
+
def bindpass(self) -> pulumi.Output[_builtins.str]:
|
|
1651
1650
|
"""
|
|
1652
1651
|
Password to use along with binddn when performing user search.
|
|
1653
1652
|
"""
|
|
1654
1653
|
return pulumi.get(self, "bindpass")
|
|
1655
1654
|
|
|
1656
|
-
@property
|
|
1655
|
+
@_builtins.property
|
|
1657
1656
|
@pulumi.getter(name="caseSensitiveNames")
|
|
1658
|
-
def case_sensitive_names(self) -> pulumi.Output[Optional[
|
|
1657
|
+
def case_sensitive_names(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
1659
1658
|
"""
|
|
1660
1659
|
If set, user and group names assigned to policies within the
|
|
1661
1660
|
backend will be case sensitive. Otherwise, names will be normalized to lower case.
|
|
1662
1661
|
"""
|
|
1663
1662
|
return pulumi.get(self, "case_sensitive_names")
|
|
1664
1663
|
|
|
1665
|
-
@property
|
|
1664
|
+
@_builtins.property
|
|
1666
1665
|
@pulumi.getter
|
|
1667
|
-
def certificate(self) -> pulumi.Output[Optional[
|
|
1666
|
+
def certificate(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1668
1667
|
"""
|
|
1669
1668
|
CA certificate to use when verifying LDAP server certificate, must be
|
|
1670
1669
|
x509 PEM encoded.
|
|
1671
1670
|
"""
|
|
1672
1671
|
return pulumi.get(self, "certificate")
|
|
1673
1672
|
|
|
1674
|
-
@property
|
|
1673
|
+
@_builtins.property
|
|
1675
1674
|
@pulumi.getter(name="clientTlsCert")
|
|
1676
|
-
def client_tls_cert(self) -> pulumi.Output[Optional[
|
|
1675
|
+
def client_tls_cert(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1677
1676
|
"""
|
|
1678
1677
|
Client certificate to provide to the LDAP server, must be x509 PEM encoded.
|
|
1679
1678
|
"""
|
|
1680
1679
|
return pulumi.get(self, "client_tls_cert")
|
|
1681
1680
|
|
|
1682
|
-
@property
|
|
1681
|
+
@_builtins.property
|
|
1683
1682
|
@pulumi.getter(name="clientTlsKey")
|
|
1684
|
-
def client_tls_key(self) -> pulumi.Output[Optional[
|
|
1683
|
+
def client_tls_key(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1685
1684
|
"""
|
|
1686
1685
|
Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
|
|
1687
1686
|
"""
|
|
1688
1687
|
return pulumi.get(self, "client_tls_key")
|
|
1689
1688
|
|
|
1690
|
-
@property
|
|
1689
|
+
@_builtins.property
|
|
1691
1690
|
@pulumi.getter(name="defaultLeaseTtlSeconds")
|
|
1692
|
-
def default_lease_ttl_seconds(self) -> pulumi.Output[
|
|
1691
|
+
def default_lease_ttl_seconds(self) -> pulumi.Output[_builtins.int]:
|
|
1693
1692
|
"""
|
|
1694
1693
|
Default lease duration for secrets in seconds.
|
|
1695
1694
|
"""
|
|
1696
1695
|
return pulumi.get(self, "default_lease_ttl_seconds")
|
|
1697
1696
|
|
|
1698
|
-
@property
|
|
1697
|
+
@_builtins.property
|
|
1699
1698
|
@pulumi.getter(name="denyNullBind")
|
|
1700
|
-
def deny_null_bind(self) -> pulumi.Output[Optional[
|
|
1699
|
+
def deny_null_bind(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
1701
1700
|
"""
|
|
1702
1701
|
Denies an unauthenticated LDAP bind request if the user's password is empty;
|
|
1703
1702
|
defaults to true.
|
|
1704
1703
|
"""
|
|
1705
1704
|
return pulumi.get(self, "deny_null_bind")
|
|
1706
1705
|
|
|
1707
|
-
@property
|
|
1706
|
+
@_builtins.property
|
|
1708
1707
|
@pulumi.getter
|
|
1709
|
-
def description(self) -> pulumi.Output[Optional[
|
|
1708
|
+
def description(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1710
1709
|
"""
|
|
1711
1710
|
Human-friendly description of the mount for the Active Directory backend.
|
|
1712
1711
|
"""
|
|
1713
1712
|
return pulumi.get(self, "description")
|
|
1714
1713
|
|
|
1715
|
-
@property
|
|
1714
|
+
@_builtins.property
|
|
1716
1715
|
@pulumi.getter(name="disableRemount")
|
|
1717
|
-
def disable_remount(self) -> pulumi.Output[Optional[
|
|
1716
|
+
def disable_remount(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
1718
1717
|
"""
|
|
1719
1718
|
If set, opts out of mount migration on path updates.
|
|
1720
1719
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
|
1721
1720
|
"""
|
|
1722
1721
|
return pulumi.get(self, "disable_remount")
|
|
1723
1722
|
|
|
1724
|
-
@property
|
|
1723
|
+
@_builtins.property
|
|
1725
1724
|
@pulumi.getter
|
|
1726
|
-
def discoverdn(self) -> pulumi.Output[Optional[
|
|
1725
|
+
def discoverdn(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
1727
1726
|
"""
|
|
1728
1727
|
Use anonymous bind to discover the bind Distinguished Name of a user.
|
|
1729
1728
|
"""
|
|
1730
1729
|
return pulumi.get(self, "discoverdn")
|
|
1731
1730
|
|
|
1732
|
-
@property
|
|
1731
|
+
@_builtins.property
|
|
1733
1732
|
@pulumi.getter
|
|
1734
|
-
def groupattr(self) -> pulumi.Output[Optional[
|
|
1733
|
+
def groupattr(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1735
1734
|
"""
|
|
1736
1735
|
LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
|
|
1737
1736
|
user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
|
|
1738
1737
|
"""
|
|
1739
1738
|
return pulumi.get(self, "groupattr")
|
|
1740
1739
|
|
|
1741
|
-
@property
|
|
1740
|
+
@_builtins.property
|
|
1742
1741
|
@pulumi.getter
|
|
1743
|
-
def groupdn(self) -> pulumi.Output[Optional[
|
|
1742
|
+
def groupdn(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1744
1743
|
"""
|
|
1745
1744
|
LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
|
|
1746
1745
|
"""
|
|
1747
1746
|
return pulumi.get(self, "groupdn")
|
|
1748
1747
|
|
|
1749
|
-
@property
|
|
1748
|
+
@_builtins.property
|
|
1750
1749
|
@pulumi.getter
|
|
1751
|
-
def groupfilter(self) -> pulumi.Output[Optional[
|
|
1750
|
+
def groupfilter(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1752
1751
|
"""
|
|
1753
1752
|
Go template for querying group membership of user (optional) The template can access
|
|
1754
1753
|
the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
|
|
1755
1754
|
"""
|
|
1756
1755
|
return pulumi.get(self, "groupfilter")
|
|
1757
1756
|
|
|
1758
|
-
@property
|
|
1757
|
+
@_builtins.property
|
|
1759
1758
|
@pulumi.getter(name="insecureTls")
|
|
1760
|
-
def insecure_tls(self) -> pulumi.Output[Optional[
|
|
1759
|
+
def insecure_tls(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
1761
1760
|
"""
|
|
1762
1761
|
Skip LDAP server SSL Certificate verification. This is not recommended for production.
|
|
1763
1762
|
Defaults to `false`.
|
|
1764
1763
|
"""
|
|
1765
1764
|
return pulumi.get(self, "insecure_tls")
|
|
1766
1765
|
|
|
1767
|
-
@property
|
|
1766
|
+
@_builtins.property
|
|
1768
1767
|
@pulumi.getter(name="lastRotationTolerance")
|
|
1769
|
-
def last_rotation_tolerance(self) -> pulumi.Output[
|
|
1768
|
+
def last_rotation_tolerance(self) -> pulumi.Output[_builtins.int]:
|
|
1770
1769
|
"""
|
|
1771
1770
|
The number of seconds after a Vault rotation where, if Active Directory
|
|
1772
1771
|
shows a later rotation, it should be considered out-of-band
|
|
1773
1772
|
"""
|
|
1774
1773
|
return pulumi.get(self, "last_rotation_tolerance")
|
|
1775
1774
|
|
|
1776
|
-
@property
|
|
1775
|
+
@_builtins.property
|
|
1777
1776
|
@pulumi.getter
|
|
1778
|
-
def local(self) -> pulumi.Output[Optional[
|
|
1777
|
+
def local(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
1779
1778
|
"""
|
|
1780
1779
|
Mark the secrets engine as local-only. Local engines are not replicated or removed by
|
|
1781
1780
|
replication.Tolerance duration to use when checking the last rotation time.
|
|
1782
1781
|
"""
|
|
1783
1782
|
return pulumi.get(self, "local")
|
|
1784
1783
|
|
|
1785
|
-
@property
|
|
1784
|
+
@_builtins.property
|
|
1786
1785
|
@pulumi.getter(name="maxLeaseTtlSeconds")
|
|
1787
|
-
def max_lease_ttl_seconds(self) -> pulumi.Output[
|
|
1786
|
+
def max_lease_ttl_seconds(self) -> pulumi.Output[_builtins.int]:
|
|
1788
1787
|
"""
|
|
1789
1788
|
Maximum possible lease duration for secrets in seconds.
|
|
1790
1789
|
"""
|
|
1791
1790
|
return pulumi.get(self, "max_lease_ttl_seconds")
|
|
1792
1791
|
|
|
1793
|
-
@property
|
|
1792
|
+
@_builtins.property
|
|
1794
1793
|
@pulumi.getter(name="maxTtl")
|
|
1795
|
-
def max_ttl(self) -> pulumi.Output[
|
|
1794
|
+
def max_ttl(self) -> pulumi.Output[_builtins.int]:
|
|
1796
1795
|
"""
|
|
1797
1796
|
In seconds, the maximum password time-to-live.
|
|
1798
1797
|
"""
|
|
1799
1798
|
return pulumi.get(self, "max_ttl")
|
|
1800
1799
|
|
|
1801
|
-
@property
|
|
1800
|
+
@_builtins.property
|
|
1802
1801
|
@pulumi.getter
|
|
1803
|
-
def namespace(self) -> pulumi.Output[Optional[
|
|
1802
|
+
def namespace(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1804
1803
|
"""
|
|
1805
1804
|
The namespace to provision the resource in.
|
|
1806
1805
|
The value should not contain leading or trailing forward slashes.
|
|
@@ -1809,77 +1808,77 @@ class SecretBackend(pulumi.CustomResource):
|
|
|
1809
1808
|
"""
|
|
1810
1809
|
return pulumi.get(self, "namespace")
|
|
1811
1810
|
|
|
1812
|
-
@property
|
|
1811
|
+
@_builtins.property
|
|
1813
1812
|
@pulumi.getter(name="passwordPolicy")
|
|
1814
|
-
def password_policy(self) -> pulumi.Output[Optional[
|
|
1813
|
+
def password_policy(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1815
1814
|
"""
|
|
1816
1815
|
Name of the password policy to use to generate passwords.
|
|
1817
1816
|
"""
|
|
1818
1817
|
return pulumi.get(self, "password_policy")
|
|
1819
1818
|
|
|
1820
|
-
@property
|
|
1819
|
+
@_builtins.property
|
|
1821
1820
|
@pulumi.getter(name="requestTimeout")
|
|
1822
|
-
def request_timeout(self) -> pulumi.Output[Optional[
|
|
1821
|
+
def request_timeout(self) -> pulumi.Output[Optional[_builtins.int]]:
|
|
1823
1822
|
"""
|
|
1824
1823
|
Timeout, in seconds, for the connection when making requests against the server
|
|
1825
1824
|
before returning back an error.
|
|
1826
1825
|
"""
|
|
1827
1826
|
return pulumi.get(self, "request_timeout")
|
|
1828
1827
|
|
|
1829
|
-
@property
|
|
1828
|
+
@_builtins.property
|
|
1830
1829
|
@pulumi.getter
|
|
1831
|
-
def starttls(self) -> pulumi.Output[
|
|
1830
|
+
def starttls(self) -> pulumi.Output[_builtins.bool]:
|
|
1832
1831
|
"""
|
|
1833
1832
|
Issue a StartTLS command after establishing unencrypted connection.
|
|
1834
1833
|
"""
|
|
1835
1834
|
return pulumi.get(self, "starttls")
|
|
1836
1835
|
|
|
1837
|
-
@property
|
|
1836
|
+
@_builtins.property
|
|
1838
1837
|
@pulumi.getter(name="tlsMaxVersion")
|
|
1839
|
-
def tls_max_version(self) -> pulumi.Output[
|
|
1838
|
+
def tls_max_version(self) -> pulumi.Output[_builtins.str]:
|
|
1840
1839
|
"""
|
|
1841
1840
|
Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
|
|
1842
1841
|
`tls12` or `tls13`. Defaults to `tls12`.
|
|
1843
1842
|
"""
|
|
1844
1843
|
return pulumi.get(self, "tls_max_version")
|
|
1845
1844
|
|
|
1846
|
-
@property
|
|
1845
|
+
@_builtins.property
|
|
1847
1846
|
@pulumi.getter(name="tlsMinVersion")
|
|
1848
|
-
def tls_min_version(self) -> pulumi.Output[
|
|
1847
|
+
def tls_min_version(self) -> pulumi.Output[_builtins.str]:
|
|
1849
1848
|
"""
|
|
1850
1849
|
Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
|
|
1851
1850
|
`tls12` or `tls13`. Defaults to `tls12`.
|
|
1852
1851
|
"""
|
|
1853
1852
|
return pulumi.get(self, "tls_min_version")
|
|
1854
1853
|
|
|
1855
|
-
@property
|
|
1854
|
+
@_builtins.property
|
|
1856
1855
|
@pulumi.getter
|
|
1857
|
-
def ttl(self) -> pulumi.Output[
|
|
1856
|
+
def ttl(self) -> pulumi.Output[_builtins.int]:
|
|
1858
1857
|
"""
|
|
1859
1858
|
In seconds, the default password time-to-live.
|
|
1860
1859
|
"""
|
|
1861
1860
|
return pulumi.get(self, "ttl")
|
|
1862
1861
|
|
|
1863
|
-
@property
|
|
1862
|
+
@_builtins.property
|
|
1864
1863
|
@pulumi.getter
|
|
1865
|
-
def upndomain(self) -> pulumi.Output[
|
|
1864
|
+
def upndomain(self) -> pulumi.Output[_builtins.str]:
|
|
1866
1865
|
"""
|
|
1867
1866
|
Enables userPrincipalDomain login with [username]@UPNDomain.
|
|
1868
1867
|
"""
|
|
1869
1868
|
return pulumi.get(self, "upndomain")
|
|
1870
1869
|
|
|
1871
|
-
@property
|
|
1870
|
+
@_builtins.property
|
|
1872
1871
|
@pulumi.getter
|
|
1873
|
-
def url(self) -> pulumi.Output[Optional[
|
|
1872
|
+
def url(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1874
1873
|
"""
|
|
1875
1874
|
LDAP URL to connect to. Multiple URLs can be specified by concatenating
|
|
1876
1875
|
them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
|
|
1877
1876
|
"""
|
|
1878
1877
|
return pulumi.get(self, "url")
|
|
1879
1878
|
|
|
1880
|
-
@property
|
|
1879
|
+
@_builtins.property
|
|
1881
1880
|
@pulumi.getter(name="usePre111GroupCnBehavior")
|
|
1882
|
-
def use_pre111_group_cn_behavior(self) -> pulumi.Output[
|
|
1881
|
+
def use_pre111_group_cn_behavior(self) -> pulumi.Output[_builtins.bool]:
|
|
1883
1882
|
"""
|
|
1884
1883
|
In Vault 1.1.1 a fix for handling group CN values of
|
|
1885
1884
|
different cases unfortunately introduced a regression that could cause previously defined groups
|
|
@@ -1890,26 +1889,26 @@ class SecretBackend(pulumi.CustomResource):
|
|
|
1890
1889
|
"""
|
|
1891
1890
|
return pulumi.get(self, "use_pre111_group_cn_behavior")
|
|
1892
1891
|
|
|
1893
|
-
@property
|
|
1892
|
+
@_builtins.property
|
|
1894
1893
|
@pulumi.getter(name="useTokenGroups")
|
|
1895
|
-
def use_token_groups(self) -> pulumi.Output[Optional[
|
|
1894
|
+
def use_token_groups(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
1896
1895
|
"""
|
|
1897
1896
|
If true, use the Active Directory tokenGroups constructed attribute of the
|
|
1898
1897
|
user to find the group memberships. This will find all security groups including nested ones.
|
|
1899
1898
|
"""
|
|
1900
1899
|
return pulumi.get(self, "use_token_groups")
|
|
1901
1900
|
|
|
1902
|
-
@property
|
|
1901
|
+
@_builtins.property
|
|
1903
1902
|
@pulumi.getter
|
|
1904
|
-
def userattr(self) -> pulumi.Output[Optional[
|
|
1903
|
+
def userattr(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1905
1904
|
"""
|
|
1906
1905
|
Attribute used when searching users. Defaults to `cn`.
|
|
1907
1906
|
"""
|
|
1908
1907
|
return pulumi.get(self, "userattr")
|
|
1909
1908
|
|
|
1910
|
-
@property
|
|
1909
|
+
@_builtins.property
|
|
1911
1910
|
@pulumi.getter
|
|
1912
|
-
def userdn(self) -> pulumi.Output[Optional[
|
|
1911
|
+
def userdn(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1913
1912
|
"""
|
|
1914
1913
|
LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
|
|
1915
1914
|
"""
|