pulumi-vault 7.2.0a1755297899__py3-none-any.whl → 7.2.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +18 -0
- pulumi_vault/_inputs.py +201 -0
- pulumi_vault/aws/secret_backend.py +627 -49
- pulumi_vault/azure/backend.py +788 -15
- pulumi_vault/consul/secret_backend.py +660 -28
- pulumi_vault/database/secrets_mount.py +47 -0
- pulumi_vault/gcp/secret_backend.py +599 -56
- pulumi_vault/jwt/auth_backend.py +47 -0
- pulumi_vault/kmip/secret_backend.py +787 -7
- pulumi_vault/kubernetes/secret_backend.py +47 -0
- pulumi_vault/ldap/secret_backend.py +75 -35
- pulumi_vault/mount.py +47 -0
- pulumi_vault/nomad_secret_backend.py +660 -21
- pulumi_vault/oci_auth_backend.py +683 -0
- pulumi_vault/oci_auth_backend_role.py +798 -0
- pulumi_vault/outputs.py +153 -0
- pulumi_vault/pkisecret/backend_config_scep.py +68 -21
- pulumi_vault/pkisecret/get_backend_config_scep.py +21 -1
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/rabbitmq/secret_backend.py +707 -35
- pulumi_vault/ssh/secret_backend_ca.py +101 -7
- pulumi_vault/terraformcloud/secret_backend.py +707 -28
- pulumi_vault/transit/secret_backend_key.py +49 -21
- {pulumi_vault-7.2.0a1755297899.dist-info → pulumi_vault-7.2.1.dist-info}/METADATA +1 -1
- {pulumi_vault-7.2.0a1755297899.dist-info → pulumi_vault-7.2.1.dist-info}/RECORD +27 -25
- {pulumi_vault-7.2.0a1755297899.dist-info → pulumi_vault-7.2.1.dist-info}/WHEEL +0 -0
- {pulumi_vault-7.2.0a1755297899.dist-info → pulumi_vault-7.2.1.dist-info}/top_level.txt +0 -0
pulumi_vault/jwt/auth_backend.py
CHANGED
|
@@ -26,6 +26,7 @@ class AuthBackendArgs:
|
|
|
26
26
|
description: Optional[pulumi.Input[_builtins.str]] = None,
|
|
27
27
|
disable_remount: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
28
28
|
jwks_ca_pem: Optional[pulumi.Input[_builtins.str]] = None,
|
|
29
|
+
jwks_pairs: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]] = None,
|
|
29
30
|
jwks_url: Optional[pulumi.Input[_builtins.str]] = None,
|
|
30
31
|
jwt_supported_algs: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
31
32
|
jwt_validation_pubkeys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
@@ -50,6 +51,7 @@ class AuthBackendArgs:
|
|
|
50
51
|
:param pulumi.Input[_builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
|
51
52
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
|
52
53
|
:param pulumi.Input[_builtins.str] jwks_ca_pem: The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
|
|
54
|
+
:param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]] jwks_pairs: List of JWKS URL and optional CA certificate pairs. Cannot be used with `jwks_url` or `jwks_ca_pem`. Requires Vault 1.16+.
|
|
53
55
|
:param pulumi.Input[_builtins.str] jwks_url: JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys".
|
|
54
56
|
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] jwt_supported_algs: A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
|
|
55
57
|
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] jwt_validation_pubkeys: A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidc_discovery_url`
|
|
@@ -83,6 +85,8 @@ class AuthBackendArgs:
|
|
|
83
85
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
|
84
86
|
if jwks_ca_pem is not None:
|
|
85
87
|
pulumi.set(__self__, "jwks_ca_pem", jwks_ca_pem)
|
|
88
|
+
if jwks_pairs is not None:
|
|
89
|
+
pulumi.set(__self__, "jwks_pairs", jwks_pairs)
|
|
86
90
|
if jwks_url is not None:
|
|
87
91
|
pulumi.set(__self__, "jwks_url", jwks_url)
|
|
88
92
|
if jwt_supported_algs is not None:
|
|
@@ -177,6 +181,18 @@ class AuthBackendArgs:
|
|
|
177
181
|
def jwks_ca_pem(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
178
182
|
pulumi.set(self, "jwks_ca_pem", value)
|
|
179
183
|
|
|
184
|
+
@_builtins.property
|
|
185
|
+
@pulumi.getter(name="jwksPairs")
|
|
186
|
+
def jwks_pairs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]]:
|
|
187
|
+
"""
|
|
188
|
+
List of JWKS URL and optional CA certificate pairs. Cannot be used with `jwks_url` or `jwks_ca_pem`. Requires Vault 1.16+.
|
|
189
|
+
"""
|
|
190
|
+
return pulumi.get(self, "jwks_pairs")
|
|
191
|
+
|
|
192
|
+
@jwks_pairs.setter
|
|
193
|
+
def jwks_pairs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]]):
|
|
194
|
+
pulumi.set(self, "jwks_pairs", value)
|
|
195
|
+
|
|
180
196
|
@_builtins.property
|
|
181
197
|
@pulumi.getter(name="jwksUrl")
|
|
182
198
|
def jwks_url(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
@@ -383,6 +399,7 @@ class _AuthBackendState:
|
|
|
383
399
|
description: Optional[pulumi.Input[_builtins.str]] = None,
|
|
384
400
|
disable_remount: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
385
401
|
jwks_ca_pem: Optional[pulumi.Input[_builtins.str]] = None,
|
|
402
|
+
jwks_pairs: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]] = None,
|
|
386
403
|
jwks_url: Optional[pulumi.Input[_builtins.str]] = None,
|
|
387
404
|
jwt_supported_algs: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
388
405
|
jwt_validation_pubkeys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
@@ -408,6 +425,7 @@ class _AuthBackendState:
|
|
|
408
425
|
:param pulumi.Input[_builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
|
409
426
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
|
410
427
|
:param pulumi.Input[_builtins.str] jwks_ca_pem: The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
|
|
428
|
+
:param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]] jwks_pairs: List of JWKS URL and optional CA certificate pairs. Cannot be used with `jwks_url` or `jwks_ca_pem`. Requires Vault 1.16+.
|
|
411
429
|
:param pulumi.Input[_builtins.str] jwks_url: JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys".
|
|
412
430
|
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] jwt_supported_algs: A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
|
|
413
431
|
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] jwt_validation_pubkeys: A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidc_discovery_url`
|
|
@@ -443,6 +461,8 @@ class _AuthBackendState:
|
|
|
443
461
|
pulumi.set(__self__, "disable_remount", disable_remount)
|
|
444
462
|
if jwks_ca_pem is not None:
|
|
445
463
|
pulumi.set(__self__, "jwks_ca_pem", jwks_ca_pem)
|
|
464
|
+
if jwks_pairs is not None:
|
|
465
|
+
pulumi.set(__self__, "jwks_pairs", jwks_pairs)
|
|
446
466
|
if jwks_url is not None:
|
|
447
467
|
pulumi.set(__self__, "jwks_url", jwks_url)
|
|
448
468
|
if jwt_supported_algs is not None:
|
|
@@ -549,6 +569,18 @@ class _AuthBackendState:
|
|
|
549
569
|
def jwks_ca_pem(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
550
570
|
pulumi.set(self, "jwks_ca_pem", value)
|
|
551
571
|
|
|
572
|
+
@_builtins.property
|
|
573
|
+
@pulumi.getter(name="jwksPairs")
|
|
574
|
+
def jwks_pairs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]]:
|
|
575
|
+
"""
|
|
576
|
+
List of JWKS URL and optional CA certificate pairs. Cannot be used with `jwks_url` or `jwks_ca_pem`. Requires Vault 1.16+.
|
|
577
|
+
"""
|
|
578
|
+
return pulumi.get(self, "jwks_pairs")
|
|
579
|
+
|
|
580
|
+
@jwks_pairs.setter
|
|
581
|
+
def jwks_pairs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]]):
|
|
582
|
+
pulumi.set(self, "jwks_pairs", value)
|
|
583
|
+
|
|
552
584
|
@_builtins.property
|
|
553
585
|
@pulumi.getter(name="jwksUrl")
|
|
554
586
|
def jwks_url(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
@@ -757,6 +789,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
|
757
789
|
description: Optional[pulumi.Input[_builtins.str]] = None,
|
|
758
790
|
disable_remount: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
759
791
|
jwks_ca_pem: Optional[pulumi.Input[_builtins.str]] = None,
|
|
792
|
+
jwks_pairs: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]] = None,
|
|
760
793
|
jwks_url: Optional[pulumi.Input[_builtins.str]] = None,
|
|
761
794
|
jwt_supported_algs: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
762
795
|
jwt_validation_pubkeys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
@@ -852,6 +885,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
|
852
885
|
:param pulumi.Input[_builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
|
853
886
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
|
854
887
|
:param pulumi.Input[_builtins.str] jwks_ca_pem: The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
|
|
888
|
+
:param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]] jwks_pairs: List of JWKS URL and optional CA certificate pairs. Cannot be used with `jwks_url` or `jwks_ca_pem`. Requires Vault 1.16+.
|
|
855
889
|
:param pulumi.Input[_builtins.str] jwks_url: JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys".
|
|
856
890
|
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] jwt_supported_algs: A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
|
|
857
891
|
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] jwt_validation_pubkeys: A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidc_discovery_url`
|
|
@@ -971,6 +1005,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
|
971
1005
|
description: Optional[pulumi.Input[_builtins.str]] = None,
|
|
972
1006
|
disable_remount: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
973
1007
|
jwks_ca_pem: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1008
|
+
jwks_pairs: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]] = None,
|
|
974
1009
|
jwks_url: Optional[pulumi.Input[_builtins.str]] = None,
|
|
975
1010
|
jwt_supported_algs: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
976
1011
|
jwt_validation_pubkeys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
@@ -1001,6 +1036,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
|
1001
1036
|
__props__.__dict__["description"] = description
|
|
1002
1037
|
__props__.__dict__["disable_remount"] = disable_remount
|
|
1003
1038
|
__props__.__dict__["jwks_ca_pem"] = jwks_ca_pem
|
|
1039
|
+
__props__.__dict__["jwks_pairs"] = jwks_pairs
|
|
1004
1040
|
__props__.__dict__["jwks_url"] = jwks_url
|
|
1005
1041
|
__props__.__dict__["jwt_supported_algs"] = jwt_supported_algs
|
|
1006
1042
|
__props__.__dict__["jwt_validation_pubkeys"] = jwt_validation_pubkeys
|
|
@@ -1036,6 +1072,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
|
1036
1072
|
description: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1037
1073
|
disable_remount: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1038
1074
|
jwks_ca_pem: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1075
|
+
jwks_pairs: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]] = None,
|
|
1039
1076
|
jwks_url: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1040
1077
|
jwt_supported_algs: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1041
1078
|
jwt_validation_pubkeys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
@@ -1066,6 +1103,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
|
1066
1103
|
:param pulumi.Input[_builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
|
|
1067
1104
|
See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
|
|
1068
1105
|
:param pulumi.Input[_builtins.str] jwks_ca_pem: The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
|
|
1106
|
+
:param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]] jwks_pairs: List of JWKS URL and optional CA certificate pairs. Cannot be used with `jwks_url` or `jwks_ca_pem`. Requires Vault 1.16+.
|
|
1069
1107
|
:param pulumi.Input[_builtins.str] jwks_url: JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys".
|
|
1070
1108
|
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] jwt_supported_algs: A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
|
|
1071
1109
|
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] jwt_validation_pubkeys: A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidc_discovery_url`
|
|
@@ -1099,6 +1137,7 @@ class AuthBackend(pulumi.CustomResource):
|
|
|
1099
1137
|
__props__.__dict__["description"] = description
|
|
1100
1138
|
__props__.__dict__["disable_remount"] = disable_remount
|
|
1101
1139
|
__props__.__dict__["jwks_ca_pem"] = jwks_ca_pem
|
|
1140
|
+
__props__.__dict__["jwks_pairs"] = jwks_pairs
|
|
1102
1141
|
__props__.__dict__["jwks_url"] = jwks_url
|
|
1103
1142
|
__props__.__dict__["jwt_supported_algs"] = jwt_supported_algs
|
|
1104
1143
|
__props__.__dict__["jwt_validation_pubkeys"] = jwt_validation_pubkeys
|
|
@@ -1166,6 +1205,14 @@ class AuthBackend(pulumi.CustomResource):
|
|
|
1166
1205
|
"""
|
|
1167
1206
|
return pulumi.get(self, "jwks_ca_pem")
|
|
1168
1207
|
|
|
1208
|
+
@_builtins.property
|
|
1209
|
+
@pulumi.getter(name="jwksPairs")
|
|
1210
|
+
def jwks_pairs(self) -> pulumi.Output[Optional[Sequence[Mapping[str, _builtins.str]]]]:
|
|
1211
|
+
"""
|
|
1212
|
+
List of JWKS URL and optional CA certificate pairs. Cannot be used with `jwks_url` or `jwks_ca_pem`. Requires Vault 1.16+.
|
|
1213
|
+
"""
|
|
1214
|
+
return pulumi.get(self, "jwks_pairs")
|
|
1215
|
+
|
|
1169
1216
|
@_builtins.property
|
|
1170
1217
|
@pulumi.getter(name="jwksUrl")
|
|
1171
1218
|
def jwks_url(self) -> pulumi.Output[Optional[_builtins.str]]:
|