pulumi-vault 7.6.0a1764657486__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1399 -0
- pulumi_vault/_inputs.py +2701 -0
- pulumi_vault/_utilities.py +331 -0
- pulumi_vault/ad/__init__.py +12 -0
- pulumi_vault/ad/get_access_credentials.py +177 -0
- pulumi_vault/ad/secret_backend.py +1916 -0
- pulumi_vault/ad/secret_library.py +546 -0
- pulumi_vault/ad/secret_role.py +499 -0
- pulumi_vault/alicloud/__init__.py +9 -0
- pulumi_vault/alicloud/auth_backend_role.py +866 -0
- pulumi_vault/approle/__init__.py +12 -0
- pulumi_vault/approle/auth_backend_login.py +571 -0
- pulumi_vault/approle/auth_backend_role.py +1082 -0
- pulumi_vault/approle/auth_backend_role_secret_id.py +796 -0
- pulumi_vault/approle/get_auth_backend_role_id.py +169 -0
- pulumi_vault/audit.py +499 -0
- pulumi_vault/audit_request_header.py +277 -0
- pulumi_vault/auth_backend.py +565 -0
- pulumi_vault/aws/__init__.py +22 -0
- pulumi_vault/aws/auth_backend_cert.py +420 -0
- pulumi_vault/aws/auth_backend_client.py +1259 -0
- pulumi_vault/aws/auth_backend_config_identity.py +494 -0
- pulumi_vault/aws/auth_backend_identity_whitelist.py +380 -0
- pulumi_vault/aws/auth_backend_login.py +1046 -0
- pulumi_vault/aws/auth_backend_role.py +1961 -0
- pulumi_vault/aws/auth_backend_role_tag.py +638 -0
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +366 -0
- pulumi_vault/aws/auth_backend_sts_role.py +414 -0
- pulumi_vault/aws/get_access_credentials.py +369 -0
- pulumi_vault/aws/get_static_access_credentials.py +137 -0
- pulumi_vault/aws/secret_backend.py +2018 -0
- pulumi_vault/aws/secret_backend_role.py +1188 -0
- pulumi_vault/aws/secret_backend_static_role.py +639 -0
- pulumi_vault/azure/__init__.py +15 -0
- pulumi_vault/azure/_inputs.py +108 -0
- pulumi_vault/azure/auth_backend_config.py +1096 -0
- pulumi_vault/azure/auth_backend_role.py +1176 -0
- pulumi_vault/azure/backend.py +1793 -0
- pulumi_vault/azure/backend_role.py +883 -0
- pulumi_vault/azure/get_access_credentials.py +400 -0
- pulumi_vault/azure/outputs.py +107 -0
- pulumi_vault/cert_auth_backend_role.py +1539 -0
- pulumi_vault/config/__init__.py +9 -0
- pulumi_vault/config/__init__.pyi +164 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +1225 -0
- pulumi_vault/config/ui_custom_message.py +530 -0
- pulumi_vault/config/vars.py +230 -0
- pulumi_vault/consul/__init__.py +10 -0
- pulumi_vault/consul/secret_backend.py +1517 -0
- pulumi_vault/consul/secret_backend_role.py +847 -0
- pulumi_vault/database/__init__.py +14 -0
- pulumi_vault/database/_inputs.py +11907 -0
- pulumi_vault/database/outputs.py +8496 -0
- pulumi_vault/database/secret_backend_connection.py +1676 -0
- pulumi_vault/database/secret_backend_role.py +840 -0
- pulumi_vault/database/secret_backend_static_role.py +881 -0
- pulumi_vault/database/secrets_mount.py +2160 -0
- pulumi_vault/egp_policy.py +399 -0
- pulumi_vault/gcp/__init__.py +17 -0
- pulumi_vault/gcp/_inputs.py +441 -0
- pulumi_vault/gcp/auth_backend.py +1486 -0
- pulumi_vault/gcp/auth_backend_role.py +1235 -0
- pulumi_vault/gcp/get_auth_backend_role.py +514 -0
- pulumi_vault/gcp/outputs.py +302 -0
- pulumi_vault/gcp/secret_backend.py +1807 -0
- pulumi_vault/gcp/secret_impersonated_account.py +484 -0
- pulumi_vault/gcp/secret_roleset.py +554 -0
- pulumi_vault/gcp/secret_static_account.py +557 -0
- pulumi_vault/generic/__init__.py +11 -0
- pulumi_vault/generic/endpoint.py +786 -0
- pulumi_vault/generic/get_secret.py +306 -0
- pulumi_vault/generic/secret.py +486 -0
- pulumi_vault/get_auth_backend.py +226 -0
- pulumi_vault/get_auth_backends.py +170 -0
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +202 -0
- pulumi_vault/get_nomad_access_token.py +210 -0
- pulumi_vault/get_policy_document.py +160 -0
- pulumi_vault/get_raft_autopilot_state.py +267 -0
- pulumi_vault/github/__init__.py +13 -0
- pulumi_vault/github/_inputs.py +225 -0
- pulumi_vault/github/auth_backend.py +1194 -0
- pulumi_vault/github/outputs.py +174 -0
- pulumi_vault/github/team.py +380 -0
- pulumi_vault/github/user.py +380 -0
- pulumi_vault/identity/__init__.py +35 -0
- pulumi_vault/identity/entity.py +447 -0
- pulumi_vault/identity/entity_alias.py +398 -0
- pulumi_vault/identity/entity_policies.py +455 -0
- pulumi_vault/identity/get_entity.py +384 -0
- pulumi_vault/identity/get_group.py +467 -0
- pulumi_vault/identity/get_oidc_client_creds.py +175 -0
- pulumi_vault/identity/get_oidc_openid_config.py +334 -0
- pulumi_vault/identity/get_oidc_public_keys.py +179 -0
- pulumi_vault/identity/group.py +805 -0
- pulumi_vault/identity/group_alias.py +386 -0
- pulumi_vault/identity/group_member_entity_ids.py +444 -0
- pulumi_vault/identity/group_member_group_ids.py +467 -0
- pulumi_vault/identity/group_policies.py +471 -0
- pulumi_vault/identity/mfa_duo.py +674 -0
- pulumi_vault/identity/mfa_login_enforcement.py +566 -0
- pulumi_vault/identity/mfa_okta.py +626 -0
- pulumi_vault/identity/mfa_pingid.py +616 -0
- pulumi_vault/identity/mfa_totp.py +758 -0
- pulumi_vault/identity/oidc.py +268 -0
- pulumi_vault/identity/oidc_assignment.py +375 -0
- pulumi_vault/identity/oidc_client.py +667 -0
- pulumi_vault/identity/oidc_key.py +474 -0
- pulumi_vault/identity/oidc_key_allowed_client_id.py +298 -0
- pulumi_vault/identity/oidc_provider.py +550 -0
- pulumi_vault/identity/oidc_role.py +543 -0
- pulumi_vault/identity/oidc_scope.py +355 -0
- pulumi_vault/identity/outputs.py +137 -0
- pulumi_vault/jwt/__init__.py +12 -0
- pulumi_vault/jwt/_inputs.py +225 -0
- pulumi_vault/jwt/auth_backend.py +1347 -0
- pulumi_vault/jwt/auth_backend_role.py +1847 -0
- pulumi_vault/jwt/outputs.py +174 -0
- pulumi_vault/kmip/__init__.py +11 -0
- pulumi_vault/kmip/secret_backend.py +1591 -0
- pulumi_vault/kmip/secret_role.py +1194 -0
- pulumi_vault/kmip/secret_scope.py +372 -0
- pulumi_vault/kubernetes/__init__.py +15 -0
- pulumi_vault/kubernetes/auth_backend_config.py +654 -0
- pulumi_vault/kubernetes/auth_backend_role.py +1031 -0
- pulumi_vault/kubernetes/get_auth_backend_config.py +280 -0
- pulumi_vault/kubernetes/get_auth_backend_role.py +470 -0
- pulumi_vault/kubernetes/get_service_account_token.py +344 -0
- pulumi_vault/kubernetes/secret_backend.py +1341 -0
- pulumi_vault/kubernetes/secret_backend_role.py +1140 -0
- pulumi_vault/kv/__init__.py +18 -0
- pulumi_vault/kv/_inputs.py +124 -0
- pulumi_vault/kv/get_secret.py +240 -0
- pulumi_vault/kv/get_secret_subkeys_v2.py +275 -0
- pulumi_vault/kv/get_secret_v2.py +315 -0
- pulumi_vault/kv/get_secrets_list.py +186 -0
- pulumi_vault/kv/get_secrets_list_v2.py +243 -0
- pulumi_vault/kv/outputs.py +102 -0
- pulumi_vault/kv/secret.py +397 -0
- pulumi_vault/kv/secret_backend_v2.py +455 -0
- pulumi_vault/kv/secret_v2.py +970 -0
- pulumi_vault/ldap/__init__.py +19 -0
- pulumi_vault/ldap/_inputs.py +225 -0
- pulumi_vault/ldap/auth_backend.py +2520 -0
- pulumi_vault/ldap/auth_backend_group.py +386 -0
- pulumi_vault/ldap/auth_backend_user.py +439 -0
- pulumi_vault/ldap/get_dynamic_credentials.py +181 -0
- pulumi_vault/ldap/get_static_credentials.py +192 -0
- pulumi_vault/ldap/outputs.py +174 -0
- pulumi_vault/ldap/secret_backend.py +2207 -0
- pulumi_vault/ldap/secret_backend_dynamic_role.py +767 -0
- pulumi_vault/ldap/secret_backend_library_set.py +552 -0
- pulumi_vault/ldap/secret_backend_static_role.py +541 -0
- pulumi_vault/managed/__init__.py +11 -0
- pulumi_vault/managed/_inputs.py +944 -0
- pulumi_vault/managed/keys.py +398 -0
- pulumi_vault/managed/outputs.py +667 -0
- pulumi_vault/mfa_duo.py +589 -0
- pulumi_vault/mfa_okta.py +623 -0
- pulumi_vault/mfa_pingid.py +670 -0
- pulumi_vault/mfa_totp.py +620 -0
- pulumi_vault/mongodbatlas/__init__.py +10 -0
- pulumi_vault/mongodbatlas/secret_backend.py +388 -0
- pulumi_vault/mongodbatlas/secret_role.py +726 -0
- pulumi_vault/mount.py +1262 -0
- pulumi_vault/namespace.py +452 -0
- pulumi_vault/nomad_secret_backend.py +1559 -0
- pulumi_vault/nomad_secret_role.py +489 -0
- pulumi_vault/oci_auth_backend.py +676 -0
- pulumi_vault/oci_auth_backend_role.py +852 -0
- pulumi_vault/okta/__init__.py +13 -0
- pulumi_vault/okta/_inputs.py +320 -0
- pulumi_vault/okta/auth_backend.py +1231 -0
- pulumi_vault/okta/auth_backend_group.py +369 -0
- pulumi_vault/okta/auth_backend_user.py +416 -0
- pulumi_vault/okta/outputs.py +244 -0
- pulumi_vault/outputs.py +502 -0
- pulumi_vault/pkisecret/__init__.py +38 -0
- pulumi_vault/pkisecret/_inputs.py +270 -0
- pulumi_vault/pkisecret/backend_acme_eab.py +550 -0
- pulumi_vault/pkisecret/backend_config_acme.py +690 -0
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1370 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +370 -0
- pulumi_vault/pkisecret/backend_config_cmpv2.py +693 -0
- pulumi_vault/pkisecret/backend_config_est.py +756 -0
- pulumi_vault/pkisecret/backend_config_scep.py +738 -0
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +226 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_config_scep.py +271 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +395 -0
- pulumi_vault/pkisecret/get_backend_issuers.py +192 -0
- pulumi_vault/pkisecret/get_backend_key.py +211 -0
- pulumi_vault/pkisecret/get_backend_keys.py +192 -0
- pulumi_vault/pkisecret/outputs.py +270 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +1315 -0
- pulumi_vault/pkisecret/secret_backend_config_ca.py +386 -0
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +392 -0
- pulumi_vault/pkisecret/secret_backend_config_urls.py +462 -0
- pulumi_vault/pkisecret/secret_backend_crl_config.py +846 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +1629 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +444 -0
- pulumi_vault/pkisecret/secret_backend_issuer.py +1089 -0
- pulumi_vault/pkisecret/secret_backend_key.py +613 -0
- pulumi_vault/pkisecret/secret_backend_role.py +2694 -0
- pulumi_vault/pkisecret/secret_backend_root_cert.py +2134 -0
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +2031 -0
- pulumi_vault/pkisecret/secret_backend_sign.py +1194 -0
- pulumi_vault/plugin.py +596 -0
- pulumi_vault/plugin_pinned_version.py +299 -0
- pulumi_vault/policy.py +279 -0
- pulumi_vault/provider.py +781 -0
- pulumi_vault/pulumi-plugin.json +5 -0
- pulumi_vault/py.typed +0 -0
- pulumi_vault/quota_lease_count.py +504 -0
- pulumi_vault/quota_rate_limit.py +751 -0
- pulumi_vault/rabbitmq/__init__.py +12 -0
- pulumi_vault/rabbitmq/_inputs.py +235 -0
- pulumi_vault/rabbitmq/outputs.py +144 -0
- pulumi_vault/rabbitmq/secret_backend.py +1437 -0
- pulumi_vault/rabbitmq/secret_backend_role.py +496 -0
- pulumi_vault/raft_autopilot.py +609 -0
- pulumi_vault/raft_snapshot_agent_config.py +1591 -0
- pulumi_vault/rgp_policy.py +349 -0
- pulumi_vault/saml/__init__.py +12 -0
- pulumi_vault/saml/_inputs.py +225 -0
- pulumi_vault/saml/auth_backend.py +811 -0
- pulumi_vault/saml/auth_backend_role.py +1068 -0
- pulumi_vault/saml/outputs.py +174 -0
- pulumi_vault/scep_auth_backend_role.py +908 -0
- pulumi_vault/secrets/__init__.py +18 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +450 -0
- pulumi_vault/secrets/sync_aws_destination.py +780 -0
- pulumi_vault/secrets/sync_azure_destination.py +736 -0
- pulumi_vault/secrets/sync_config.py +303 -0
- pulumi_vault/secrets/sync_gcp_destination.py +572 -0
- pulumi_vault/secrets/sync_gh_destination.py +688 -0
- pulumi_vault/secrets/sync_github_apps.py +376 -0
- pulumi_vault/secrets/sync_vercel_destination.py +603 -0
- pulumi_vault/ssh/__init__.py +13 -0
- pulumi_vault/ssh/_inputs.py +76 -0
- pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
- pulumi_vault/ssh/outputs.py +51 -0
- pulumi_vault/ssh/secret_backend_ca.py +588 -0
- pulumi_vault/ssh/secret_backend_role.py +1493 -0
- pulumi_vault/terraformcloud/__init__.py +11 -0
- pulumi_vault/terraformcloud/secret_backend.py +1321 -0
- pulumi_vault/terraformcloud/secret_creds.py +445 -0
- pulumi_vault/terraformcloud/secret_role.py +563 -0
- pulumi_vault/token.py +1026 -0
- pulumi_vault/tokenauth/__init__.py +9 -0
- pulumi_vault/tokenauth/auth_backend_role.py +1135 -0
- pulumi_vault/transform/__init__.py +14 -0
- pulumi_vault/transform/alphabet.py +348 -0
- pulumi_vault/transform/get_decode.py +287 -0
- pulumi_vault/transform/get_encode.py +291 -0
- pulumi_vault/transform/role.py +350 -0
- pulumi_vault/transform/template.py +592 -0
- pulumi_vault/transform/transformation.py +608 -0
- pulumi_vault/transit/__init__.py +15 -0
- pulumi_vault/transit/get_cmac.py +256 -0
- pulumi_vault/transit/get_decrypt.py +181 -0
- pulumi_vault/transit/get_encrypt.py +174 -0
- pulumi_vault/transit/get_sign.py +328 -0
- pulumi_vault/transit/get_verify.py +373 -0
- pulumi_vault/transit/secret_backend_key.py +1202 -0
- pulumi_vault/transit/secret_cache_config.py +302 -0
- pulumi_vault-7.6.0a1764657486.dist-info/METADATA +92 -0
- pulumi_vault-7.6.0a1764657486.dist-info/RECORD +274 -0
- pulumi_vault-7.6.0a1764657486.dist-info/WHEEL +5 -0
- pulumi_vault-7.6.0a1764657486.dist-info/top_level.txt +1 -0
|
@@ -0,0 +1,1493 @@
|
|
|
1
|
+
# coding=utf-8
|
|
2
|
+
# *** WARNING: this file was generated by pulumi-language-python. ***
|
|
3
|
+
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
|
4
|
+
|
|
5
|
+
import builtins as _builtins
|
|
6
|
+
import warnings
|
|
7
|
+
import sys
|
|
8
|
+
import pulumi
|
|
9
|
+
import pulumi.runtime
|
|
10
|
+
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
|
11
|
+
if sys.version_info >= (3, 11):
|
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
|
13
|
+
else:
|
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
|
15
|
+
from .. import _utilities
|
|
16
|
+
from . import outputs
|
|
17
|
+
from ._inputs import *
|
|
18
|
+
|
|
19
|
+
__all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
|
|
20
|
+
|
|
21
|
+
@pulumi.input_type
|
|
22
|
+
class SecretBackendRoleArgs:
|
|
23
|
+
def __init__(__self__, *,
|
|
24
|
+
backend: pulumi.Input[_builtins.str],
|
|
25
|
+
key_type: pulumi.Input[_builtins.str],
|
|
26
|
+
algorithm_signer: Optional[pulumi.Input[_builtins.str]] = None,
|
|
27
|
+
allow_bare_domains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
28
|
+
allow_empty_principals: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
29
|
+
allow_host_certificates: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
30
|
+
allow_subdomains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
31
|
+
allow_user_certificates: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
32
|
+
allow_user_key_ids: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
33
|
+
allowed_critical_options: Optional[pulumi.Input[_builtins.str]] = None,
|
|
34
|
+
allowed_domains: Optional[pulumi.Input[_builtins.str]] = None,
|
|
35
|
+
allowed_domains_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
36
|
+
allowed_extensions: Optional[pulumi.Input[_builtins.str]] = None,
|
|
37
|
+
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]] = None,
|
|
38
|
+
allowed_users: Optional[pulumi.Input[_builtins.str]] = None,
|
|
39
|
+
allowed_users_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
40
|
+
cidr_list: Optional[pulumi.Input[_builtins.str]] = None,
|
|
41
|
+
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
|
|
42
|
+
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
|
|
43
|
+
default_user: Optional[pulumi.Input[_builtins.str]] = None,
|
|
44
|
+
default_user_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
45
|
+
key_id_format: Optional[pulumi.Input[_builtins.str]] = None,
|
|
46
|
+
max_ttl: Optional[pulumi.Input[_builtins.str]] = None,
|
|
47
|
+
name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
48
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
49
|
+
not_before_duration: Optional[pulumi.Input[_builtins.str]] = None,
|
|
50
|
+
ttl: Optional[pulumi.Input[_builtins.str]] = None):
|
|
51
|
+
"""
|
|
52
|
+
The set of arguments for constructing a SecretBackendRole resource.
|
|
53
|
+
:param pulumi.Input[_builtins.str] backend: The path where the SSH secret backend is mounted.
|
|
54
|
+
:param pulumi.Input[_builtins.str] key_type: Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
|
|
55
|
+
:param pulumi.Input[_builtins.str] algorithm_signer: When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
|
|
56
|
+
:param pulumi.Input[_builtins.bool] allow_bare_domains: Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
|
|
57
|
+
:param pulumi.Input[_builtins.bool] allow_empty_principals: Allow signing certificates with no
|
|
58
|
+
valid principals (e.g. any valid principal). For backwards compatibility
|
|
59
|
+
only. The default of false is highly recommended.
|
|
60
|
+
:param pulumi.Input[_builtins.bool] allow_host_certificates: Specifies if certificates are allowed to be signed for use as a 'host'.
|
|
61
|
+
:param pulumi.Input[_builtins.bool] allow_subdomains: Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
|
|
62
|
+
:param pulumi.Input[_builtins.bool] allow_user_certificates: Specifies if certificates are allowed to be signed for use as a 'user'.
|
|
63
|
+
:param pulumi.Input[_builtins.bool] allow_user_key_ids: Specifies if users can override the key ID for a signed certificate with the `key_id` field.
|
|
64
|
+
:param pulumi.Input[_builtins.str] allowed_critical_options: Specifies a comma-separated list of critical options that certificates can have when signed.
|
|
65
|
+
:param pulumi.Input[_builtins.str] allowed_domains: The list of domains for which a client can request a host certificate.
|
|
66
|
+
:param pulumi.Input[_builtins.bool] allowed_domains_template: Specifies if `allowed_domains` can be declared using
|
|
67
|
+
identity template policies. Non-templated domains are also permitted.
|
|
68
|
+
:param pulumi.Input[_builtins.str] allowed_extensions: Specifies a comma-separated list of extensions that certificates can have when signed.
|
|
69
|
+
:param pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]] allowed_user_key_configs: Set of configuration blocks to define allowed
|
|
70
|
+
user key configuration, like key type and their lengths. Can be specified multiple times.
|
|
71
|
+
*See Configuration-Options for more info*
|
|
72
|
+
:param pulumi.Input[_builtins.str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
|
73
|
+
:param pulumi.Input[_builtins.bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
|
74
|
+
:param pulumi.Input[_builtins.str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
|
|
75
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
|
|
76
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
|
|
77
|
+
:param pulumi.Input[_builtins.str] default_user: Specifies the default username for which a credential will be generated.
|
|
78
|
+
:param pulumi.Input[_builtins.bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
|
79
|
+
:param pulumi.Input[_builtins.str] key_id_format: Specifies a custom format for the key id of a signed certificate.
|
|
80
|
+
:param pulumi.Input[_builtins.str] max_ttl: Specifies the maximum Time To Live value.
|
|
81
|
+
:param pulumi.Input[_builtins.str] name: Specifies the name of the role to create.
|
|
82
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
83
|
+
The value should not contain leading or trailing forward slashes.
|
|
84
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
85
|
+
*Available only for Vault Enterprise*.
|
|
86
|
+
:param pulumi.Input[_builtins.str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
|
87
|
+
:param pulumi.Input[_builtins.str] ttl: Specifies the Time To Live value.
|
|
88
|
+
"""
|
|
89
|
+
pulumi.set(__self__, "backend", backend)
|
|
90
|
+
pulumi.set(__self__, "key_type", key_type)
|
|
91
|
+
if algorithm_signer is not None:
|
|
92
|
+
pulumi.set(__self__, "algorithm_signer", algorithm_signer)
|
|
93
|
+
if allow_bare_domains is not None:
|
|
94
|
+
pulumi.set(__self__, "allow_bare_domains", allow_bare_domains)
|
|
95
|
+
if allow_empty_principals is not None:
|
|
96
|
+
pulumi.set(__self__, "allow_empty_principals", allow_empty_principals)
|
|
97
|
+
if allow_host_certificates is not None:
|
|
98
|
+
pulumi.set(__self__, "allow_host_certificates", allow_host_certificates)
|
|
99
|
+
if allow_subdomains is not None:
|
|
100
|
+
pulumi.set(__self__, "allow_subdomains", allow_subdomains)
|
|
101
|
+
if allow_user_certificates is not None:
|
|
102
|
+
pulumi.set(__self__, "allow_user_certificates", allow_user_certificates)
|
|
103
|
+
if allow_user_key_ids is not None:
|
|
104
|
+
pulumi.set(__self__, "allow_user_key_ids", allow_user_key_ids)
|
|
105
|
+
if allowed_critical_options is not None:
|
|
106
|
+
pulumi.set(__self__, "allowed_critical_options", allowed_critical_options)
|
|
107
|
+
if allowed_domains is not None:
|
|
108
|
+
pulumi.set(__self__, "allowed_domains", allowed_domains)
|
|
109
|
+
if allowed_domains_template is not None:
|
|
110
|
+
pulumi.set(__self__, "allowed_domains_template", allowed_domains_template)
|
|
111
|
+
if allowed_extensions is not None:
|
|
112
|
+
pulumi.set(__self__, "allowed_extensions", allowed_extensions)
|
|
113
|
+
if allowed_user_key_configs is not None:
|
|
114
|
+
pulumi.set(__self__, "allowed_user_key_configs", allowed_user_key_configs)
|
|
115
|
+
if allowed_users is not None:
|
|
116
|
+
pulumi.set(__self__, "allowed_users", allowed_users)
|
|
117
|
+
if allowed_users_template is not None:
|
|
118
|
+
pulumi.set(__self__, "allowed_users_template", allowed_users_template)
|
|
119
|
+
if cidr_list is not None:
|
|
120
|
+
pulumi.set(__self__, "cidr_list", cidr_list)
|
|
121
|
+
if default_critical_options is not None:
|
|
122
|
+
pulumi.set(__self__, "default_critical_options", default_critical_options)
|
|
123
|
+
if default_extensions is not None:
|
|
124
|
+
pulumi.set(__self__, "default_extensions", default_extensions)
|
|
125
|
+
if default_user is not None:
|
|
126
|
+
pulumi.set(__self__, "default_user", default_user)
|
|
127
|
+
if default_user_template is not None:
|
|
128
|
+
pulumi.set(__self__, "default_user_template", default_user_template)
|
|
129
|
+
if key_id_format is not None:
|
|
130
|
+
pulumi.set(__self__, "key_id_format", key_id_format)
|
|
131
|
+
if max_ttl is not None:
|
|
132
|
+
pulumi.set(__self__, "max_ttl", max_ttl)
|
|
133
|
+
if name is not None:
|
|
134
|
+
pulumi.set(__self__, "name", name)
|
|
135
|
+
if namespace is not None:
|
|
136
|
+
pulumi.set(__self__, "namespace", namespace)
|
|
137
|
+
if not_before_duration is not None:
|
|
138
|
+
pulumi.set(__self__, "not_before_duration", not_before_duration)
|
|
139
|
+
if ttl is not None:
|
|
140
|
+
pulumi.set(__self__, "ttl", ttl)
|
|
141
|
+
|
|
142
|
+
@_builtins.property
|
|
143
|
+
@pulumi.getter
|
|
144
|
+
def backend(self) -> pulumi.Input[_builtins.str]:
|
|
145
|
+
"""
|
|
146
|
+
The path where the SSH secret backend is mounted.
|
|
147
|
+
"""
|
|
148
|
+
return pulumi.get(self, "backend")
|
|
149
|
+
|
|
150
|
+
@backend.setter
|
|
151
|
+
def backend(self, value: pulumi.Input[_builtins.str]):
|
|
152
|
+
pulumi.set(self, "backend", value)
|
|
153
|
+
|
|
154
|
+
@_builtins.property
|
|
155
|
+
@pulumi.getter(name="keyType")
|
|
156
|
+
def key_type(self) -> pulumi.Input[_builtins.str]:
|
|
157
|
+
"""
|
|
158
|
+
Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
|
|
159
|
+
"""
|
|
160
|
+
return pulumi.get(self, "key_type")
|
|
161
|
+
|
|
162
|
+
@key_type.setter
|
|
163
|
+
def key_type(self, value: pulumi.Input[_builtins.str]):
|
|
164
|
+
pulumi.set(self, "key_type", value)
|
|
165
|
+
|
|
166
|
+
@_builtins.property
|
|
167
|
+
@pulumi.getter(name="algorithmSigner")
|
|
168
|
+
def algorithm_signer(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
169
|
+
"""
|
|
170
|
+
When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
|
|
171
|
+
"""
|
|
172
|
+
return pulumi.get(self, "algorithm_signer")
|
|
173
|
+
|
|
174
|
+
@algorithm_signer.setter
|
|
175
|
+
def algorithm_signer(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
176
|
+
pulumi.set(self, "algorithm_signer", value)
|
|
177
|
+
|
|
178
|
+
@_builtins.property
|
|
179
|
+
@pulumi.getter(name="allowBareDomains")
|
|
180
|
+
def allow_bare_domains(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
181
|
+
"""
|
|
182
|
+
Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
|
|
183
|
+
"""
|
|
184
|
+
return pulumi.get(self, "allow_bare_domains")
|
|
185
|
+
|
|
186
|
+
@allow_bare_domains.setter
|
|
187
|
+
def allow_bare_domains(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
188
|
+
pulumi.set(self, "allow_bare_domains", value)
|
|
189
|
+
|
|
190
|
+
@_builtins.property
|
|
191
|
+
@pulumi.getter(name="allowEmptyPrincipals")
|
|
192
|
+
def allow_empty_principals(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
193
|
+
"""
|
|
194
|
+
Allow signing certificates with no
|
|
195
|
+
valid principals (e.g. any valid principal). For backwards compatibility
|
|
196
|
+
only. The default of false is highly recommended.
|
|
197
|
+
"""
|
|
198
|
+
return pulumi.get(self, "allow_empty_principals")
|
|
199
|
+
|
|
200
|
+
@allow_empty_principals.setter
|
|
201
|
+
def allow_empty_principals(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
202
|
+
pulumi.set(self, "allow_empty_principals", value)
|
|
203
|
+
|
|
204
|
+
@_builtins.property
|
|
205
|
+
@pulumi.getter(name="allowHostCertificates")
|
|
206
|
+
def allow_host_certificates(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
207
|
+
"""
|
|
208
|
+
Specifies if certificates are allowed to be signed for use as a 'host'.
|
|
209
|
+
"""
|
|
210
|
+
return pulumi.get(self, "allow_host_certificates")
|
|
211
|
+
|
|
212
|
+
@allow_host_certificates.setter
|
|
213
|
+
def allow_host_certificates(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
214
|
+
pulumi.set(self, "allow_host_certificates", value)
|
|
215
|
+
|
|
216
|
+
@_builtins.property
|
|
217
|
+
@pulumi.getter(name="allowSubdomains")
|
|
218
|
+
def allow_subdomains(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
219
|
+
"""
|
|
220
|
+
Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
|
|
221
|
+
"""
|
|
222
|
+
return pulumi.get(self, "allow_subdomains")
|
|
223
|
+
|
|
224
|
+
@allow_subdomains.setter
|
|
225
|
+
def allow_subdomains(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
226
|
+
pulumi.set(self, "allow_subdomains", value)
|
|
227
|
+
|
|
228
|
+
@_builtins.property
|
|
229
|
+
@pulumi.getter(name="allowUserCertificates")
|
|
230
|
+
def allow_user_certificates(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
231
|
+
"""
|
|
232
|
+
Specifies if certificates are allowed to be signed for use as a 'user'.
|
|
233
|
+
"""
|
|
234
|
+
return pulumi.get(self, "allow_user_certificates")
|
|
235
|
+
|
|
236
|
+
@allow_user_certificates.setter
|
|
237
|
+
def allow_user_certificates(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
238
|
+
pulumi.set(self, "allow_user_certificates", value)
|
|
239
|
+
|
|
240
|
+
@_builtins.property
|
|
241
|
+
@pulumi.getter(name="allowUserKeyIds")
|
|
242
|
+
def allow_user_key_ids(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
243
|
+
"""
|
|
244
|
+
Specifies if users can override the key ID for a signed certificate with the `key_id` field.
|
|
245
|
+
"""
|
|
246
|
+
return pulumi.get(self, "allow_user_key_ids")
|
|
247
|
+
|
|
248
|
+
@allow_user_key_ids.setter
|
|
249
|
+
def allow_user_key_ids(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
250
|
+
pulumi.set(self, "allow_user_key_ids", value)
|
|
251
|
+
|
|
252
|
+
@_builtins.property
|
|
253
|
+
@pulumi.getter(name="allowedCriticalOptions")
|
|
254
|
+
def allowed_critical_options(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
255
|
+
"""
|
|
256
|
+
Specifies a comma-separated list of critical options that certificates can have when signed.
|
|
257
|
+
"""
|
|
258
|
+
return pulumi.get(self, "allowed_critical_options")
|
|
259
|
+
|
|
260
|
+
@allowed_critical_options.setter
|
|
261
|
+
def allowed_critical_options(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
262
|
+
pulumi.set(self, "allowed_critical_options", value)
|
|
263
|
+
|
|
264
|
+
@_builtins.property
|
|
265
|
+
@pulumi.getter(name="allowedDomains")
|
|
266
|
+
def allowed_domains(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
267
|
+
"""
|
|
268
|
+
The list of domains for which a client can request a host certificate.
|
|
269
|
+
"""
|
|
270
|
+
return pulumi.get(self, "allowed_domains")
|
|
271
|
+
|
|
272
|
+
@allowed_domains.setter
|
|
273
|
+
def allowed_domains(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
274
|
+
pulumi.set(self, "allowed_domains", value)
|
|
275
|
+
|
|
276
|
+
@_builtins.property
|
|
277
|
+
@pulumi.getter(name="allowedDomainsTemplate")
|
|
278
|
+
def allowed_domains_template(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
279
|
+
"""
|
|
280
|
+
Specifies if `allowed_domains` can be declared using
|
|
281
|
+
identity template policies. Non-templated domains are also permitted.
|
|
282
|
+
"""
|
|
283
|
+
return pulumi.get(self, "allowed_domains_template")
|
|
284
|
+
|
|
285
|
+
@allowed_domains_template.setter
|
|
286
|
+
def allowed_domains_template(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
287
|
+
pulumi.set(self, "allowed_domains_template", value)
|
|
288
|
+
|
|
289
|
+
@_builtins.property
|
|
290
|
+
@pulumi.getter(name="allowedExtensions")
|
|
291
|
+
def allowed_extensions(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
292
|
+
"""
|
|
293
|
+
Specifies a comma-separated list of extensions that certificates can have when signed.
|
|
294
|
+
"""
|
|
295
|
+
return pulumi.get(self, "allowed_extensions")
|
|
296
|
+
|
|
297
|
+
@allowed_extensions.setter
|
|
298
|
+
def allowed_extensions(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
299
|
+
pulumi.set(self, "allowed_extensions", value)
|
|
300
|
+
|
|
301
|
+
@_builtins.property
|
|
302
|
+
@pulumi.getter(name="allowedUserKeyConfigs")
|
|
303
|
+
def allowed_user_key_configs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]]:
|
|
304
|
+
"""
|
|
305
|
+
Set of configuration blocks to define allowed
|
|
306
|
+
user key configuration, like key type and their lengths. Can be specified multiple times.
|
|
307
|
+
*See Configuration-Options for more info*
|
|
308
|
+
"""
|
|
309
|
+
return pulumi.get(self, "allowed_user_key_configs")
|
|
310
|
+
|
|
311
|
+
@allowed_user_key_configs.setter
|
|
312
|
+
def allowed_user_key_configs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]]):
|
|
313
|
+
pulumi.set(self, "allowed_user_key_configs", value)
|
|
314
|
+
|
|
315
|
+
@_builtins.property
|
|
316
|
+
@pulumi.getter(name="allowedUsers")
|
|
317
|
+
def allowed_users(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
318
|
+
"""
|
|
319
|
+
Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
|
320
|
+
"""
|
|
321
|
+
return pulumi.get(self, "allowed_users")
|
|
322
|
+
|
|
323
|
+
@allowed_users.setter
|
|
324
|
+
def allowed_users(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
325
|
+
pulumi.set(self, "allowed_users", value)
|
|
326
|
+
|
|
327
|
+
@_builtins.property
|
|
328
|
+
@pulumi.getter(name="allowedUsersTemplate")
|
|
329
|
+
def allowed_users_template(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
330
|
+
"""
|
|
331
|
+
Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
|
332
|
+
"""
|
|
333
|
+
return pulumi.get(self, "allowed_users_template")
|
|
334
|
+
|
|
335
|
+
@allowed_users_template.setter
|
|
336
|
+
def allowed_users_template(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
337
|
+
pulumi.set(self, "allowed_users_template", value)
|
|
338
|
+
|
|
339
|
+
@_builtins.property
|
|
340
|
+
@pulumi.getter(name="cidrList")
|
|
341
|
+
def cidr_list(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
342
|
+
"""
|
|
343
|
+
The comma-separated string of CIDR blocks for which this role is applicable.
|
|
344
|
+
"""
|
|
345
|
+
return pulumi.get(self, "cidr_list")
|
|
346
|
+
|
|
347
|
+
@cidr_list.setter
|
|
348
|
+
def cidr_list(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
349
|
+
pulumi.set(self, "cidr_list", value)
|
|
350
|
+
|
|
351
|
+
@_builtins.property
|
|
352
|
+
@pulumi.getter(name="defaultCriticalOptions")
|
|
353
|
+
def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
|
|
354
|
+
"""
|
|
355
|
+
Specifies a map of critical options that certificates have when signed.
|
|
356
|
+
"""
|
|
357
|
+
return pulumi.get(self, "default_critical_options")
|
|
358
|
+
|
|
359
|
+
@default_critical_options.setter
|
|
360
|
+
def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
|
|
361
|
+
pulumi.set(self, "default_critical_options", value)
|
|
362
|
+
|
|
363
|
+
@_builtins.property
|
|
364
|
+
@pulumi.getter(name="defaultExtensions")
|
|
365
|
+
def default_extensions(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
|
|
366
|
+
"""
|
|
367
|
+
Specifies a map of extensions that certificates have when signed.
|
|
368
|
+
"""
|
|
369
|
+
return pulumi.get(self, "default_extensions")
|
|
370
|
+
|
|
371
|
+
@default_extensions.setter
|
|
372
|
+
def default_extensions(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
|
|
373
|
+
pulumi.set(self, "default_extensions", value)
|
|
374
|
+
|
|
375
|
+
@_builtins.property
|
|
376
|
+
@pulumi.getter(name="defaultUser")
|
|
377
|
+
def default_user(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
378
|
+
"""
|
|
379
|
+
Specifies the default username for which a credential will be generated.
|
|
380
|
+
"""
|
|
381
|
+
return pulumi.get(self, "default_user")
|
|
382
|
+
|
|
383
|
+
@default_user.setter
|
|
384
|
+
def default_user(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
385
|
+
pulumi.set(self, "default_user", value)
|
|
386
|
+
|
|
387
|
+
@_builtins.property
|
|
388
|
+
@pulumi.getter(name="defaultUserTemplate")
|
|
389
|
+
def default_user_template(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
390
|
+
"""
|
|
391
|
+
If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
|
392
|
+
"""
|
|
393
|
+
return pulumi.get(self, "default_user_template")
|
|
394
|
+
|
|
395
|
+
@default_user_template.setter
|
|
396
|
+
def default_user_template(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
397
|
+
pulumi.set(self, "default_user_template", value)
|
|
398
|
+
|
|
399
|
+
@_builtins.property
|
|
400
|
+
@pulumi.getter(name="keyIdFormat")
|
|
401
|
+
def key_id_format(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
402
|
+
"""
|
|
403
|
+
Specifies a custom format for the key id of a signed certificate.
|
|
404
|
+
"""
|
|
405
|
+
return pulumi.get(self, "key_id_format")
|
|
406
|
+
|
|
407
|
+
@key_id_format.setter
|
|
408
|
+
def key_id_format(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
409
|
+
pulumi.set(self, "key_id_format", value)
|
|
410
|
+
|
|
411
|
+
@_builtins.property
|
|
412
|
+
@pulumi.getter(name="maxTtl")
|
|
413
|
+
def max_ttl(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
414
|
+
"""
|
|
415
|
+
Specifies the maximum Time To Live value.
|
|
416
|
+
"""
|
|
417
|
+
return pulumi.get(self, "max_ttl")
|
|
418
|
+
|
|
419
|
+
@max_ttl.setter
|
|
420
|
+
def max_ttl(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
421
|
+
pulumi.set(self, "max_ttl", value)
|
|
422
|
+
|
|
423
|
+
@_builtins.property
|
|
424
|
+
@pulumi.getter
|
|
425
|
+
def name(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
426
|
+
"""
|
|
427
|
+
Specifies the name of the role to create.
|
|
428
|
+
"""
|
|
429
|
+
return pulumi.get(self, "name")
|
|
430
|
+
|
|
431
|
+
@name.setter
|
|
432
|
+
def name(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
433
|
+
pulumi.set(self, "name", value)
|
|
434
|
+
|
|
435
|
+
@_builtins.property
|
|
436
|
+
@pulumi.getter
|
|
437
|
+
def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
438
|
+
"""
|
|
439
|
+
The namespace to provision the resource in.
|
|
440
|
+
The value should not contain leading or trailing forward slashes.
|
|
441
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
442
|
+
*Available only for Vault Enterprise*.
|
|
443
|
+
"""
|
|
444
|
+
return pulumi.get(self, "namespace")
|
|
445
|
+
|
|
446
|
+
@namespace.setter
|
|
447
|
+
def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
448
|
+
pulumi.set(self, "namespace", value)
|
|
449
|
+
|
|
450
|
+
@_builtins.property
|
|
451
|
+
@pulumi.getter(name="notBeforeDuration")
|
|
452
|
+
def not_before_duration(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
453
|
+
"""
|
|
454
|
+
Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
|
455
|
+
"""
|
|
456
|
+
return pulumi.get(self, "not_before_duration")
|
|
457
|
+
|
|
458
|
+
@not_before_duration.setter
|
|
459
|
+
def not_before_duration(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
460
|
+
pulumi.set(self, "not_before_duration", value)
|
|
461
|
+
|
|
462
|
+
@_builtins.property
|
|
463
|
+
@pulumi.getter
|
|
464
|
+
def ttl(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
465
|
+
"""
|
|
466
|
+
Specifies the Time To Live value.
|
|
467
|
+
"""
|
|
468
|
+
return pulumi.get(self, "ttl")
|
|
469
|
+
|
|
470
|
+
@ttl.setter
|
|
471
|
+
def ttl(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
472
|
+
pulumi.set(self, "ttl", value)
|
|
473
|
+
|
|
474
|
+
|
|
475
|
+
@pulumi.input_type
|
|
476
|
+
class _SecretBackendRoleState:
|
|
477
|
+
def __init__(__self__, *,
|
|
478
|
+
algorithm_signer: Optional[pulumi.Input[_builtins.str]] = None,
|
|
479
|
+
allow_bare_domains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
480
|
+
allow_empty_principals: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
481
|
+
allow_host_certificates: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
482
|
+
allow_subdomains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
483
|
+
allow_user_certificates: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
484
|
+
allow_user_key_ids: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
485
|
+
allowed_critical_options: Optional[pulumi.Input[_builtins.str]] = None,
|
|
486
|
+
allowed_domains: Optional[pulumi.Input[_builtins.str]] = None,
|
|
487
|
+
allowed_domains_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
488
|
+
allowed_extensions: Optional[pulumi.Input[_builtins.str]] = None,
|
|
489
|
+
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]] = None,
|
|
490
|
+
allowed_users: Optional[pulumi.Input[_builtins.str]] = None,
|
|
491
|
+
allowed_users_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
492
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
493
|
+
cidr_list: Optional[pulumi.Input[_builtins.str]] = None,
|
|
494
|
+
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
|
|
495
|
+
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
|
|
496
|
+
default_user: Optional[pulumi.Input[_builtins.str]] = None,
|
|
497
|
+
default_user_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
498
|
+
key_id_format: Optional[pulumi.Input[_builtins.str]] = None,
|
|
499
|
+
key_type: Optional[pulumi.Input[_builtins.str]] = None,
|
|
500
|
+
max_ttl: Optional[pulumi.Input[_builtins.str]] = None,
|
|
501
|
+
name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
502
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
503
|
+
not_before_duration: Optional[pulumi.Input[_builtins.str]] = None,
|
|
504
|
+
ttl: Optional[pulumi.Input[_builtins.str]] = None):
|
|
505
|
+
"""
|
|
506
|
+
Input properties used for looking up and filtering SecretBackendRole resources.
|
|
507
|
+
:param pulumi.Input[_builtins.str] algorithm_signer: When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
|
|
508
|
+
:param pulumi.Input[_builtins.bool] allow_bare_domains: Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
|
|
509
|
+
:param pulumi.Input[_builtins.bool] allow_empty_principals: Allow signing certificates with no
|
|
510
|
+
valid principals (e.g. any valid principal). For backwards compatibility
|
|
511
|
+
only. The default of false is highly recommended.
|
|
512
|
+
:param pulumi.Input[_builtins.bool] allow_host_certificates: Specifies if certificates are allowed to be signed for use as a 'host'.
|
|
513
|
+
:param pulumi.Input[_builtins.bool] allow_subdomains: Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
|
|
514
|
+
:param pulumi.Input[_builtins.bool] allow_user_certificates: Specifies if certificates are allowed to be signed for use as a 'user'.
|
|
515
|
+
:param pulumi.Input[_builtins.bool] allow_user_key_ids: Specifies if users can override the key ID for a signed certificate with the `key_id` field.
|
|
516
|
+
:param pulumi.Input[_builtins.str] allowed_critical_options: Specifies a comma-separated list of critical options that certificates can have when signed.
|
|
517
|
+
:param pulumi.Input[_builtins.str] allowed_domains: The list of domains for which a client can request a host certificate.
|
|
518
|
+
:param pulumi.Input[_builtins.bool] allowed_domains_template: Specifies if `allowed_domains` can be declared using
|
|
519
|
+
identity template policies. Non-templated domains are also permitted.
|
|
520
|
+
:param pulumi.Input[_builtins.str] allowed_extensions: Specifies a comma-separated list of extensions that certificates can have when signed.
|
|
521
|
+
:param pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]] allowed_user_key_configs: Set of configuration blocks to define allowed
|
|
522
|
+
user key configuration, like key type and their lengths. Can be specified multiple times.
|
|
523
|
+
*See Configuration-Options for more info*
|
|
524
|
+
:param pulumi.Input[_builtins.str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
|
525
|
+
:param pulumi.Input[_builtins.bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
|
526
|
+
:param pulumi.Input[_builtins.str] backend: The path where the SSH secret backend is mounted.
|
|
527
|
+
:param pulumi.Input[_builtins.str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
|
|
528
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
|
|
529
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
|
|
530
|
+
:param pulumi.Input[_builtins.str] default_user: Specifies the default username for which a credential will be generated.
|
|
531
|
+
:param pulumi.Input[_builtins.bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
|
532
|
+
:param pulumi.Input[_builtins.str] key_id_format: Specifies a custom format for the key id of a signed certificate.
|
|
533
|
+
:param pulumi.Input[_builtins.str] key_type: Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
|
|
534
|
+
:param pulumi.Input[_builtins.str] max_ttl: Specifies the maximum Time To Live value.
|
|
535
|
+
:param pulumi.Input[_builtins.str] name: Specifies the name of the role to create.
|
|
536
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
537
|
+
The value should not contain leading or trailing forward slashes.
|
|
538
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
539
|
+
*Available only for Vault Enterprise*.
|
|
540
|
+
:param pulumi.Input[_builtins.str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
|
541
|
+
:param pulumi.Input[_builtins.str] ttl: Specifies the Time To Live value.
|
|
542
|
+
"""
|
|
543
|
+
if algorithm_signer is not None:
|
|
544
|
+
pulumi.set(__self__, "algorithm_signer", algorithm_signer)
|
|
545
|
+
if allow_bare_domains is not None:
|
|
546
|
+
pulumi.set(__self__, "allow_bare_domains", allow_bare_domains)
|
|
547
|
+
if allow_empty_principals is not None:
|
|
548
|
+
pulumi.set(__self__, "allow_empty_principals", allow_empty_principals)
|
|
549
|
+
if allow_host_certificates is not None:
|
|
550
|
+
pulumi.set(__self__, "allow_host_certificates", allow_host_certificates)
|
|
551
|
+
if allow_subdomains is not None:
|
|
552
|
+
pulumi.set(__self__, "allow_subdomains", allow_subdomains)
|
|
553
|
+
if allow_user_certificates is not None:
|
|
554
|
+
pulumi.set(__self__, "allow_user_certificates", allow_user_certificates)
|
|
555
|
+
if allow_user_key_ids is not None:
|
|
556
|
+
pulumi.set(__self__, "allow_user_key_ids", allow_user_key_ids)
|
|
557
|
+
if allowed_critical_options is not None:
|
|
558
|
+
pulumi.set(__self__, "allowed_critical_options", allowed_critical_options)
|
|
559
|
+
if allowed_domains is not None:
|
|
560
|
+
pulumi.set(__self__, "allowed_domains", allowed_domains)
|
|
561
|
+
if allowed_domains_template is not None:
|
|
562
|
+
pulumi.set(__self__, "allowed_domains_template", allowed_domains_template)
|
|
563
|
+
if allowed_extensions is not None:
|
|
564
|
+
pulumi.set(__self__, "allowed_extensions", allowed_extensions)
|
|
565
|
+
if allowed_user_key_configs is not None:
|
|
566
|
+
pulumi.set(__self__, "allowed_user_key_configs", allowed_user_key_configs)
|
|
567
|
+
if allowed_users is not None:
|
|
568
|
+
pulumi.set(__self__, "allowed_users", allowed_users)
|
|
569
|
+
if allowed_users_template is not None:
|
|
570
|
+
pulumi.set(__self__, "allowed_users_template", allowed_users_template)
|
|
571
|
+
if backend is not None:
|
|
572
|
+
pulumi.set(__self__, "backend", backend)
|
|
573
|
+
if cidr_list is not None:
|
|
574
|
+
pulumi.set(__self__, "cidr_list", cidr_list)
|
|
575
|
+
if default_critical_options is not None:
|
|
576
|
+
pulumi.set(__self__, "default_critical_options", default_critical_options)
|
|
577
|
+
if default_extensions is not None:
|
|
578
|
+
pulumi.set(__self__, "default_extensions", default_extensions)
|
|
579
|
+
if default_user is not None:
|
|
580
|
+
pulumi.set(__self__, "default_user", default_user)
|
|
581
|
+
if default_user_template is not None:
|
|
582
|
+
pulumi.set(__self__, "default_user_template", default_user_template)
|
|
583
|
+
if key_id_format is not None:
|
|
584
|
+
pulumi.set(__self__, "key_id_format", key_id_format)
|
|
585
|
+
if key_type is not None:
|
|
586
|
+
pulumi.set(__self__, "key_type", key_type)
|
|
587
|
+
if max_ttl is not None:
|
|
588
|
+
pulumi.set(__self__, "max_ttl", max_ttl)
|
|
589
|
+
if name is not None:
|
|
590
|
+
pulumi.set(__self__, "name", name)
|
|
591
|
+
if namespace is not None:
|
|
592
|
+
pulumi.set(__self__, "namespace", namespace)
|
|
593
|
+
if not_before_duration is not None:
|
|
594
|
+
pulumi.set(__self__, "not_before_duration", not_before_duration)
|
|
595
|
+
if ttl is not None:
|
|
596
|
+
pulumi.set(__self__, "ttl", ttl)
|
|
597
|
+
|
|
598
|
+
@_builtins.property
|
|
599
|
+
@pulumi.getter(name="algorithmSigner")
|
|
600
|
+
def algorithm_signer(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
601
|
+
"""
|
|
602
|
+
When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
|
|
603
|
+
"""
|
|
604
|
+
return pulumi.get(self, "algorithm_signer")
|
|
605
|
+
|
|
606
|
+
@algorithm_signer.setter
|
|
607
|
+
def algorithm_signer(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
608
|
+
pulumi.set(self, "algorithm_signer", value)
|
|
609
|
+
|
|
610
|
+
@_builtins.property
|
|
611
|
+
@pulumi.getter(name="allowBareDomains")
|
|
612
|
+
def allow_bare_domains(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
613
|
+
"""
|
|
614
|
+
Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
|
|
615
|
+
"""
|
|
616
|
+
return pulumi.get(self, "allow_bare_domains")
|
|
617
|
+
|
|
618
|
+
@allow_bare_domains.setter
|
|
619
|
+
def allow_bare_domains(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
620
|
+
pulumi.set(self, "allow_bare_domains", value)
|
|
621
|
+
|
|
622
|
+
@_builtins.property
|
|
623
|
+
@pulumi.getter(name="allowEmptyPrincipals")
|
|
624
|
+
def allow_empty_principals(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
625
|
+
"""
|
|
626
|
+
Allow signing certificates with no
|
|
627
|
+
valid principals (e.g. any valid principal). For backwards compatibility
|
|
628
|
+
only. The default of false is highly recommended.
|
|
629
|
+
"""
|
|
630
|
+
return pulumi.get(self, "allow_empty_principals")
|
|
631
|
+
|
|
632
|
+
@allow_empty_principals.setter
|
|
633
|
+
def allow_empty_principals(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
634
|
+
pulumi.set(self, "allow_empty_principals", value)
|
|
635
|
+
|
|
636
|
+
@_builtins.property
|
|
637
|
+
@pulumi.getter(name="allowHostCertificates")
|
|
638
|
+
def allow_host_certificates(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
639
|
+
"""
|
|
640
|
+
Specifies if certificates are allowed to be signed for use as a 'host'.
|
|
641
|
+
"""
|
|
642
|
+
return pulumi.get(self, "allow_host_certificates")
|
|
643
|
+
|
|
644
|
+
@allow_host_certificates.setter
|
|
645
|
+
def allow_host_certificates(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
646
|
+
pulumi.set(self, "allow_host_certificates", value)
|
|
647
|
+
|
|
648
|
+
@_builtins.property
|
|
649
|
+
@pulumi.getter(name="allowSubdomains")
|
|
650
|
+
def allow_subdomains(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
651
|
+
"""
|
|
652
|
+
Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
|
|
653
|
+
"""
|
|
654
|
+
return pulumi.get(self, "allow_subdomains")
|
|
655
|
+
|
|
656
|
+
@allow_subdomains.setter
|
|
657
|
+
def allow_subdomains(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
658
|
+
pulumi.set(self, "allow_subdomains", value)
|
|
659
|
+
|
|
660
|
+
@_builtins.property
|
|
661
|
+
@pulumi.getter(name="allowUserCertificates")
|
|
662
|
+
def allow_user_certificates(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
663
|
+
"""
|
|
664
|
+
Specifies if certificates are allowed to be signed for use as a 'user'.
|
|
665
|
+
"""
|
|
666
|
+
return pulumi.get(self, "allow_user_certificates")
|
|
667
|
+
|
|
668
|
+
@allow_user_certificates.setter
|
|
669
|
+
def allow_user_certificates(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
670
|
+
pulumi.set(self, "allow_user_certificates", value)
|
|
671
|
+
|
|
672
|
+
@_builtins.property
|
|
673
|
+
@pulumi.getter(name="allowUserKeyIds")
|
|
674
|
+
def allow_user_key_ids(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
675
|
+
"""
|
|
676
|
+
Specifies if users can override the key ID for a signed certificate with the `key_id` field.
|
|
677
|
+
"""
|
|
678
|
+
return pulumi.get(self, "allow_user_key_ids")
|
|
679
|
+
|
|
680
|
+
@allow_user_key_ids.setter
|
|
681
|
+
def allow_user_key_ids(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
682
|
+
pulumi.set(self, "allow_user_key_ids", value)
|
|
683
|
+
|
|
684
|
+
@_builtins.property
|
|
685
|
+
@pulumi.getter(name="allowedCriticalOptions")
|
|
686
|
+
def allowed_critical_options(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
687
|
+
"""
|
|
688
|
+
Specifies a comma-separated list of critical options that certificates can have when signed.
|
|
689
|
+
"""
|
|
690
|
+
return pulumi.get(self, "allowed_critical_options")
|
|
691
|
+
|
|
692
|
+
@allowed_critical_options.setter
|
|
693
|
+
def allowed_critical_options(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
694
|
+
pulumi.set(self, "allowed_critical_options", value)
|
|
695
|
+
|
|
696
|
+
@_builtins.property
|
|
697
|
+
@pulumi.getter(name="allowedDomains")
|
|
698
|
+
def allowed_domains(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
699
|
+
"""
|
|
700
|
+
The list of domains for which a client can request a host certificate.
|
|
701
|
+
"""
|
|
702
|
+
return pulumi.get(self, "allowed_domains")
|
|
703
|
+
|
|
704
|
+
@allowed_domains.setter
|
|
705
|
+
def allowed_domains(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
706
|
+
pulumi.set(self, "allowed_domains", value)
|
|
707
|
+
|
|
708
|
+
@_builtins.property
|
|
709
|
+
@pulumi.getter(name="allowedDomainsTemplate")
|
|
710
|
+
def allowed_domains_template(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
711
|
+
"""
|
|
712
|
+
Specifies if `allowed_domains` can be declared using
|
|
713
|
+
identity template policies. Non-templated domains are also permitted.
|
|
714
|
+
"""
|
|
715
|
+
return pulumi.get(self, "allowed_domains_template")
|
|
716
|
+
|
|
717
|
+
@allowed_domains_template.setter
|
|
718
|
+
def allowed_domains_template(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
719
|
+
pulumi.set(self, "allowed_domains_template", value)
|
|
720
|
+
|
|
721
|
+
@_builtins.property
|
|
722
|
+
@pulumi.getter(name="allowedExtensions")
|
|
723
|
+
def allowed_extensions(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
724
|
+
"""
|
|
725
|
+
Specifies a comma-separated list of extensions that certificates can have when signed.
|
|
726
|
+
"""
|
|
727
|
+
return pulumi.get(self, "allowed_extensions")
|
|
728
|
+
|
|
729
|
+
@allowed_extensions.setter
|
|
730
|
+
def allowed_extensions(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
731
|
+
pulumi.set(self, "allowed_extensions", value)
|
|
732
|
+
|
|
733
|
+
@_builtins.property
|
|
734
|
+
@pulumi.getter(name="allowedUserKeyConfigs")
|
|
735
|
+
def allowed_user_key_configs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]]:
|
|
736
|
+
"""
|
|
737
|
+
Set of configuration blocks to define allowed
|
|
738
|
+
user key configuration, like key type and their lengths. Can be specified multiple times.
|
|
739
|
+
*See Configuration-Options for more info*
|
|
740
|
+
"""
|
|
741
|
+
return pulumi.get(self, "allowed_user_key_configs")
|
|
742
|
+
|
|
743
|
+
@allowed_user_key_configs.setter
|
|
744
|
+
def allowed_user_key_configs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]]):
|
|
745
|
+
pulumi.set(self, "allowed_user_key_configs", value)
|
|
746
|
+
|
|
747
|
+
@_builtins.property
|
|
748
|
+
@pulumi.getter(name="allowedUsers")
|
|
749
|
+
def allowed_users(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
750
|
+
"""
|
|
751
|
+
Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
|
752
|
+
"""
|
|
753
|
+
return pulumi.get(self, "allowed_users")
|
|
754
|
+
|
|
755
|
+
@allowed_users.setter
|
|
756
|
+
def allowed_users(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
757
|
+
pulumi.set(self, "allowed_users", value)
|
|
758
|
+
|
|
759
|
+
@_builtins.property
|
|
760
|
+
@pulumi.getter(name="allowedUsersTemplate")
|
|
761
|
+
def allowed_users_template(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
762
|
+
"""
|
|
763
|
+
Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
|
764
|
+
"""
|
|
765
|
+
return pulumi.get(self, "allowed_users_template")
|
|
766
|
+
|
|
767
|
+
@allowed_users_template.setter
|
|
768
|
+
def allowed_users_template(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
769
|
+
pulumi.set(self, "allowed_users_template", value)
|
|
770
|
+
|
|
771
|
+
@_builtins.property
|
|
772
|
+
@pulumi.getter
|
|
773
|
+
def backend(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
774
|
+
"""
|
|
775
|
+
The path where the SSH secret backend is mounted.
|
|
776
|
+
"""
|
|
777
|
+
return pulumi.get(self, "backend")
|
|
778
|
+
|
|
779
|
+
@backend.setter
|
|
780
|
+
def backend(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
781
|
+
pulumi.set(self, "backend", value)
|
|
782
|
+
|
|
783
|
+
@_builtins.property
|
|
784
|
+
@pulumi.getter(name="cidrList")
|
|
785
|
+
def cidr_list(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
786
|
+
"""
|
|
787
|
+
The comma-separated string of CIDR blocks for which this role is applicable.
|
|
788
|
+
"""
|
|
789
|
+
return pulumi.get(self, "cidr_list")
|
|
790
|
+
|
|
791
|
+
@cidr_list.setter
|
|
792
|
+
def cidr_list(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
793
|
+
pulumi.set(self, "cidr_list", value)
|
|
794
|
+
|
|
795
|
+
@_builtins.property
|
|
796
|
+
@pulumi.getter(name="defaultCriticalOptions")
|
|
797
|
+
def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
|
|
798
|
+
"""
|
|
799
|
+
Specifies a map of critical options that certificates have when signed.
|
|
800
|
+
"""
|
|
801
|
+
return pulumi.get(self, "default_critical_options")
|
|
802
|
+
|
|
803
|
+
@default_critical_options.setter
|
|
804
|
+
def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
|
|
805
|
+
pulumi.set(self, "default_critical_options", value)
|
|
806
|
+
|
|
807
|
+
@_builtins.property
|
|
808
|
+
@pulumi.getter(name="defaultExtensions")
|
|
809
|
+
def default_extensions(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
|
|
810
|
+
"""
|
|
811
|
+
Specifies a map of extensions that certificates have when signed.
|
|
812
|
+
"""
|
|
813
|
+
return pulumi.get(self, "default_extensions")
|
|
814
|
+
|
|
815
|
+
@default_extensions.setter
|
|
816
|
+
def default_extensions(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
|
|
817
|
+
pulumi.set(self, "default_extensions", value)
|
|
818
|
+
|
|
819
|
+
@_builtins.property
|
|
820
|
+
@pulumi.getter(name="defaultUser")
|
|
821
|
+
def default_user(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
822
|
+
"""
|
|
823
|
+
Specifies the default username for which a credential will be generated.
|
|
824
|
+
"""
|
|
825
|
+
return pulumi.get(self, "default_user")
|
|
826
|
+
|
|
827
|
+
@default_user.setter
|
|
828
|
+
def default_user(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
829
|
+
pulumi.set(self, "default_user", value)
|
|
830
|
+
|
|
831
|
+
@_builtins.property
|
|
832
|
+
@pulumi.getter(name="defaultUserTemplate")
|
|
833
|
+
def default_user_template(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
834
|
+
"""
|
|
835
|
+
If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
|
836
|
+
"""
|
|
837
|
+
return pulumi.get(self, "default_user_template")
|
|
838
|
+
|
|
839
|
+
@default_user_template.setter
|
|
840
|
+
def default_user_template(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
841
|
+
pulumi.set(self, "default_user_template", value)
|
|
842
|
+
|
|
843
|
+
@_builtins.property
|
|
844
|
+
@pulumi.getter(name="keyIdFormat")
|
|
845
|
+
def key_id_format(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
846
|
+
"""
|
|
847
|
+
Specifies a custom format for the key id of a signed certificate.
|
|
848
|
+
"""
|
|
849
|
+
return pulumi.get(self, "key_id_format")
|
|
850
|
+
|
|
851
|
+
@key_id_format.setter
|
|
852
|
+
def key_id_format(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
853
|
+
pulumi.set(self, "key_id_format", value)
|
|
854
|
+
|
|
855
|
+
@_builtins.property
|
|
856
|
+
@pulumi.getter(name="keyType")
|
|
857
|
+
def key_type(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
858
|
+
"""
|
|
859
|
+
Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
|
|
860
|
+
"""
|
|
861
|
+
return pulumi.get(self, "key_type")
|
|
862
|
+
|
|
863
|
+
@key_type.setter
|
|
864
|
+
def key_type(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
865
|
+
pulumi.set(self, "key_type", value)
|
|
866
|
+
|
|
867
|
+
@_builtins.property
|
|
868
|
+
@pulumi.getter(name="maxTtl")
|
|
869
|
+
def max_ttl(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
870
|
+
"""
|
|
871
|
+
Specifies the maximum Time To Live value.
|
|
872
|
+
"""
|
|
873
|
+
return pulumi.get(self, "max_ttl")
|
|
874
|
+
|
|
875
|
+
@max_ttl.setter
|
|
876
|
+
def max_ttl(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
877
|
+
pulumi.set(self, "max_ttl", value)
|
|
878
|
+
|
|
879
|
+
@_builtins.property
|
|
880
|
+
@pulumi.getter
|
|
881
|
+
def name(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
882
|
+
"""
|
|
883
|
+
Specifies the name of the role to create.
|
|
884
|
+
"""
|
|
885
|
+
return pulumi.get(self, "name")
|
|
886
|
+
|
|
887
|
+
@name.setter
|
|
888
|
+
def name(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
889
|
+
pulumi.set(self, "name", value)
|
|
890
|
+
|
|
891
|
+
@_builtins.property
|
|
892
|
+
@pulumi.getter
|
|
893
|
+
def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
894
|
+
"""
|
|
895
|
+
The namespace to provision the resource in.
|
|
896
|
+
The value should not contain leading or trailing forward slashes.
|
|
897
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
898
|
+
*Available only for Vault Enterprise*.
|
|
899
|
+
"""
|
|
900
|
+
return pulumi.get(self, "namespace")
|
|
901
|
+
|
|
902
|
+
@namespace.setter
|
|
903
|
+
def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
904
|
+
pulumi.set(self, "namespace", value)
|
|
905
|
+
|
|
906
|
+
@_builtins.property
|
|
907
|
+
@pulumi.getter(name="notBeforeDuration")
|
|
908
|
+
def not_before_duration(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
909
|
+
"""
|
|
910
|
+
Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
|
911
|
+
"""
|
|
912
|
+
return pulumi.get(self, "not_before_duration")
|
|
913
|
+
|
|
914
|
+
@not_before_duration.setter
|
|
915
|
+
def not_before_duration(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
916
|
+
pulumi.set(self, "not_before_duration", value)
|
|
917
|
+
|
|
918
|
+
@_builtins.property
|
|
919
|
+
@pulumi.getter
|
|
920
|
+
def ttl(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
921
|
+
"""
|
|
922
|
+
Specifies the Time To Live value.
|
|
923
|
+
"""
|
|
924
|
+
return pulumi.get(self, "ttl")
|
|
925
|
+
|
|
926
|
+
@ttl.setter
|
|
927
|
+
def ttl(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
928
|
+
pulumi.set(self, "ttl", value)
|
|
929
|
+
|
|
930
|
+
|
|
931
|
+
@pulumi.type_token("vault:ssh/secretBackendRole:SecretBackendRole")
|
|
932
|
+
class SecretBackendRole(pulumi.CustomResource):
|
|
933
|
+
@overload
|
|
934
|
+
def __init__(__self__,
|
|
935
|
+
resource_name: str,
|
|
936
|
+
opts: Optional[pulumi.ResourceOptions] = None,
|
|
937
|
+
algorithm_signer: Optional[pulumi.Input[_builtins.str]] = None,
|
|
938
|
+
allow_bare_domains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
939
|
+
allow_empty_principals: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
940
|
+
allow_host_certificates: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
941
|
+
allow_subdomains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
942
|
+
allow_user_certificates: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
943
|
+
allow_user_key_ids: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
944
|
+
allowed_critical_options: Optional[pulumi.Input[_builtins.str]] = None,
|
|
945
|
+
allowed_domains: Optional[pulumi.Input[_builtins.str]] = None,
|
|
946
|
+
allowed_domains_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
947
|
+
allowed_extensions: Optional[pulumi.Input[_builtins.str]] = None,
|
|
948
|
+
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]]] = None,
|
|
949
|
+
allowed_users: Optional[pulumi.Input[_builtins.str]] = None,
|
|
950
|
+
allowed_users_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
951
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
952
|
+
cidr_list: Optional[pulumi.Input[_builtins.str]] = None,
|
|
953
|
+
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
|
|
954
|
+
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
|
|
955
|
+
default_user: Optional[pulumi.Input[_builtins.str]] = None,
|
|
956
|
+
default_user_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
957
|
+
key_id_format: Optional[pulumi.Input[_builtins.str]] = None,
|
|
958
|
+
key_type: Optional[pulumi.Input[_builtins.str]] = None,
|
|
959
|
+
max_ttl: Optional[pulumi.Input[_builtins.str]] = None,
|
|
960
|
+
name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
961
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
962
|
+
not_before_duration: Optional[pulumi.Input[_builtins.str]] = None,
|
|
963
|
+
ttl: Optional[pulumi.Input[_builtins.str]] = None,
|
|
964
|
+
__props__=None):
|
|
965
|
+
"""
|
|
966
|
+
Provides a resource to manage roles in an SSH secret backend
|
|
967
|
+
[SSH secret backend within Vault](https://www.vaultproject.io/docs/secrets/ssh/index.html).
|
|
968
|
+
|
|
969
|
+
## Example Usage
|
|
970
|
+
|
|
971
|
+
```python
|
|
972
|
+
import pulumi
|
|
973
|
+
import pulumi_vault as vault
|
|
974
|
+
|
|
975
|
+
example = vault.Mount("example", type="ssh")
|
|
976
|
+
foo = vault.ssh.SecretBackendRole("foo",
|
|
977
|
+
name="my-role",
|
|
978
|
+
backend=example.path,
|
|
979
|
+
key_type="ca",
|
|
980
|
+
allow_user_certificates=True)
|
|
981
|
+
bar = vault.ssh.SecretBackendRole("bar",
|
|
982
|
+
name="otp-role",
|
|
983
|
+
backend=example.path,
|
|
984
|
+
key_type="otp",
|
|
985
|
+
default_user="default",
|
|
986
|
+
allowed_users="default,baz",
|
|
987
|
+
cidr_list="0.0.0.0/0")
|
|
988
|
+
```
|
|
989
|
+
|
|
990
|
+
## Import
|
|
991
|
+
|
|
992
|
+
SSH secret backend roles can be imported using the `path`, e.g.
|
|
993
|
+
|
|
994
|
+
```sh
|
|
995
|
+
$ pulumi import vault:ssh/secretBackendRole:SecretBackendRole foo ssh/roles/my-role
|
|
996
|
+
```
|
|
997
|
+
|
|
998
|
+
:param str resource_name: The name of the resource.
|
|
999
|
+
:param pulumi.ResourceOptions opts: Options for the resource.
|
|
1000
|
+
:param pulumi.Input[_builtins.str] algorithm_signer: When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
|
|
1001
|
+
:param pulumi.Input[_builtins.bool] allow_bare_domains: Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
|
|
1002
|
+
:param pulumi.Input[_builtins.bool] allow_empty_principals: Allow signing certificates with no
|
|
1003
|
+
valid principals (e.g. any valid principal). For backwards compatibility
|
|
1004
|
+
only. The default of false is highly recommended.
|
|
1005
|
+
:param pulumi.Input[_builtins.bool] allow_host_certificates: Specifies if certificates are allowed to be signed for use as a 'host'.
|
|
1006
|
+
:param pulumi.Input[_builtins.bool] allow_subdomains: Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
|
|
1007
|
+
:param pulumi.Input[_builtins.bool] allow_user_certificates: Specifies if certificates are allowed to be signed for use as a 'user'.
|
|
1008
|
+
:param pulumi.Input[_builtins.bool] allow_user_key_ids: Specifies if users can override the key ID for a signed certificate with the `key_id` field.
|
|
1009
|
+
:param pulumi.Input[_builtins.str] allowed_critical_options: Specifies a comma-separated list of critical options that certificates can have when signed.
|
|
1010
|
+
:param pulumi.Input[_builtins.str] allowed_domains: The list of domains for which a client can request a host certificate.
|
|
1011
|
+
:param pulumi.Input[_builtins.bool] allowed_domains_template: Specifies if `allowed_domains` can be declared using
|
|
1012
|
+
identity template policies. Non-templated domains are also permitted.
|
|
1013
|
+
:param pulumi.Input[_builtins.str] allowed_extensions: Specifies a comma-separated list of extensions that certificates can have when signed.
|
|
1014
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]] allowed_user_key_configs: Set of configuration blocks to define allowed
|
|
1015
|
+
user key configuration, like key type and their lengths. Can be specified multiple times.
|
|
1016
|
+
*See Configuration-Options for more info*
|
|
1017
|
+
:param pulumi.Input[_builtins.str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
|
1018
|
+
:param pulumi.Input[_builtins.bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
|
1019
|
+
:param pulumi.Input[_builtins.str] backend: The path where the SSH secret backend is mounted.
|
|
1020
|
+
:param pulumi.Input[_builtins.str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
|
|
1021
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
|
|
1022
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
|
|
1023
|
+
:param pulumi.Input[_builtins.str] default_user: Specifies the default username for which a credential will be generated.
|
|
1024
|
+
:param pulumi.Input[_builtins.bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
|
1025
|
+
:param pulumi.Input[_builtins.str] key_id_format: Specifies a custom format for the key id of a signed certificate.
|
|
1026
|
+
:param pulumi.Input[_builtins.str] key_type: Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
|
|
1027
|
+
:param pulumi.Input[_builtins.str] max_ttl: Specifies the maximum Time To Live value.
|
|
1028
|
+
:param pulumi.Input[_builtins.str] name: Specifies the name of the role to create.
|
|
1029
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
1030
|
+
The value should not contain leading or trailing forward slashes.
|
|
1031
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
1032
|
+
*Available only for Vault Enterprise*.
|
|
1033
|
+
:param pulumi.Input[_builtins.str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
|
1034
|
+
:param pulumi.Input[_builtins.str] ttl: Specifies the Time To Live value.
|
|
1035
|
+
"""
|
|
1036
|
+
...
|
|
1037
|
+
@overload
|
|
1038
|
+
def __init__(__self__,
|
|
1039
|
+
resource_name: str,
|
|
1040
|
+
args: SecretBackendRoleArgs,
|
|
1041
|
+
opts: Optional[pulumi.ResourceOptions] = None):
|
|
1042
|
+
"""
|
|
1043
|
+
Provides a resource to manage roles in an SSH secret backend
|
|
1044
|
+
[SSH secret backend within Vault](https://www.vaultproject.io/docs/secrets/ssh/index.html).
|
|
1045
|
+
|
|
1046
|
+
## Example Usage
|
|
1047
|
+
|
|
1048
|
+
```python
|
|
1049
|
+
import pulumi
|
|
1050
|
+
import pulumi_vault as vault
|
|
1051
|
+
|
|
1052
|
+
example = vault.Mount("example", type="ssh")
|
|
1053
|
+
foo = vault.ssh.SecretBackendRole("foo",
|
|
1054
|
+
name="my-role",
|
|
1055
|
+
backend=example.path,
|
|
1056
|
+
key_type="ca",
|
|
1057
|
+
allow_user_certificates=True)
|
|
1058
|
+
bar = vault.ssh.SecretBackendRole("bar",
|
|
1059
|
+
name="otp-role",
|
|
1060
|
+
backend=example.path,
|
|
1061
|
+
key_type="otp",
|
|
1062
|
+
default_user="default",
|
|
1063
|
+
allowed_users="default,baz",
|
|
1064
|
+
cidr_list="0.0.0.0/0")
|
|
1065
|
+
```
|
|
1066
|
+
|
|
1067
|
+
## Import
|
|
1068
|
+
|
|
1069
|
+
SSH secret backend roles can be imported using the `path`, e.g.
|
|
1070
|
+
|
|
1071
|
+
```sh
|
|
1072
|
+
$ pulumi import vault:ssh/secretBackendRole:SecretBackendRole foo ssh/roles/my-role
|
|
1073
|
+
```
|
|
1074
|
+
|
|
1075
|
+
:param str resource_name: The name of the resource.
|
|
1076
|
+
:param SecretBackendRoleArgs args: The arguments to use to populate this resource's properties.
|
|
1077
|
+
:param pulumi.ResourceOptions opts: Options for the resource.
|
|
1078
|
+
"""
|
|
1079
|
+
...
|
|
1080
|
+
def __init__(__self__, resource_name: str, *args, **kwargs):
|
|
1081
|
+
resource_args, opts = _utilities.get_resource_args_opts(SecretBackendRoleArgs, pulumi.ResourceOptions, *args, **kwargs)
|
|
1082
|
+
if resource_args is not None:
|
|
1083
|
+
__self__._internal_init(resource_name, opts, **resource_args.__dict__)
|
|
1084
|
+
else:
|
|
1085
|
+
__self__._internal_init(resource_name, *args, **kwargs)
|
|
1086
|
+
|
|
1087
|
+
def _internal_init(__self__,
|
|
1088
|
+
resource_name: str,
|
|
1089
|
+
opts: Optional[pulumi.ResourceOptions] = None,
|
|
1090
|
+
algorithm_signer: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1091
|
+
allow_bare_domains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1092
|
+
allow_empty_principals: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1093
|
+
allow_host_certificates: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1094
|
+
allow_subdomains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1095
|
+
allow_user_certificates: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1096
|
+
allow_user_key_ids: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1097
|
+
allowed_critical_options: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1098
|
+
allowed_domains: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1099
|
+
allowed_domains_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1100
|
+
allowed_extensions: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1101
|
+
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]]] = None,
|
|
1102
|
+
allowed_users: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1103
|
+
allowed_users_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1104
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1105
|
+
cidr_list: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1106
|
+
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
|
|
1107
|
+
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
|
|
1108
|
+
default_user: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1109
|
+
default_user_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1110
|
+
key_id_format: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1111
|
+
key_type: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1112
|
+
max_ttl: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1113
|
+
name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1114
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1115
|
+
not_before_duration: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1116
|
+
ttl: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1117
|
+
__props__=None):
|
|
1118
|
+
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
|
1119
|
+
if not isinstance(opts, pulumi.ResourceOptions):
|
|
1120
|
+
raise TypeError('Expected resource options to be a ResourceOptions instance')
|
|
1121
|
+
if opts.id is None:
|
|
1122
|
+
if __props__ is not None:
|
|
1123
|
+
raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
|
|
1124
|
+
__props__ = SecretBackendRoleArgs.__new__(SecretBackendRoleArgs)
|
|
1125
|
+
|
|
1126
|
+
__props__.__dict__["algorithm_signer"] = algorithm_signer
|
|
1127
|
+
__props__.__dict__["allow_bare_domains"] = allow_bare_domains
|
|
1128
|
+
__props__.__dict__["allow_empty_principals"] = allow_empty_principals
|
|
1129
|
+
__props__.__dict__["allow_host_certificates"] = allow_host_certificates
|
|
1130
|
+
__props__.__dict__["allow_subdomains"] = allow_subdomains
|
|
1131
|
+
__props__.__dict__["allow_user_certificates"] = allow_user_certificates
|
|
1132
|
+
__props__.__dict__["allow_user_key_ids"] = allow_user_key_ids
|
|
1133
|
+
__props__.__dict__["allowed_critical_options"] = allowed_critical_options
|
|
1134
|
+
__props__.__dict__["allowed_domains"] = allowed_domains
|
|
1135
|
+
__props__.__dict__["allowed_domains_template"] = allowed_domains_template
|
|
1136
|
+
__props__.__dict__["allowed_extensions"] = allowed_extensions
|
|
1137
|
+
__props__.__dict__["allowed_user_key_configs"] = allowed_user_key_configs
|
|
1138
|
+
__props__.__dict__["allowed_users"] = allowed_users
|
|
1139
|
+
__props__.__dict__["allowed_users_template"] = allowed_users_template
|
|
1140
|
+
if backend is None and not opts.urn:
|
|
1141
|
+
raise TypeError("Missing required property 'backend'")
|
|
1142
|
+
__props__.__dict__["backend"] = backend
|
|
1143
|
+
__props__.__dict__["cidr_list"] = cidr_list
|
|
1144
|
+
__props__.__dict__["default_critical_options"] = default_critical_options
|
|
1145
|
+
__props__.__dict__["default_extensions"] = default_extensions
|
|
1146
|
+
__props__.__dict__["default_user"] = default_user
|
|
1147
|
+
__props__.__dict__["default_user_template"] = default_user_template
|
|
1148
|
+
__props__.__dict__["key_id_format"] = key_id_format
|
|
1149
|
+
if key_type is None and not opts.urn:
|
|
1150
|
+
raise TypeError("Missing required property 'key_type'")
|
|
1151
|
+
__props__.__dict__["key_type"] = key_type
|
|
1152
|
+
__props__.__dict__["max_ttl"] = max_ttl
|
|
1153
|
+
__props__.__dict__["name"] = name
|
|
1154
|
+
__props__.__dict__["namespace"] = namespace
|
|
1155
|
+
__props__.__dict__["not_before_duration"] = not_before_duration
|
|
1156
|
+
__props__.__dict__["ttl"] = ttl
|
|
1157
|
+
super(SecretBackendRole, __self__).__init__(
|
|
1158
|
+
'vault:ssh/secretBackendRole:SecretBackendRole',
|
|
1159
|
+
resource_name,
|
|
1160
|
+
__props__,
|
|
1161
|
+
opts)
|
|
1162
|
+
|
|
1163
|
+
@staticmethod
|
|
1164
|
+
def get(resource_name: str,
|
|
1165
|
+
id: pulumi.Input[str],
|
|
1166
|
+
opts: Optional[pulumi.ResourceOptions] = None,
|
|
1167
|
+
algorithm_signer: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1168
|
+
allow_bare_domains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1169
|
+
allow_empty_principals: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1170
|
+
allow_host_certificates: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1171
|
+
allow_subdomains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1172
|
+
allow_user_certificates: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1173
|
+
allow_user_key_ids: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1174
|
+
allowed_critical_options: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1175
|
+
allowed_domains: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1176
|
+
allowed_domains_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1177
|
+
allowed_extensions: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1178
|
+
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]]] = None,
|
|
1179
|
+
allowed_users: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1180
|
+
allowed_users_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1181
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1182
|
+
cidr_list: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1183
|
+
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
|
|
1184
|
+
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
|
|
1185
|
+
default_user: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1186
|
+
default_user_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1187
|
+
key_id_format: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1188
|
+
key_type: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1189
|
+
max_ttl: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1190
|
+
name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1191
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1192
|
+
not_before_duration: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1193
|
+
ttl: Optional[pulumi.Input[_builtins.str]] = None) -> 'SecretBackendRole':
|
|
1194
|
+
"""
|
|
1195
|
+
Get an existing SecretBackendRole resource's state with the given name, id, and optional extra
|
|
1196
|
+
properties used to qualify the lookup.
|
|
1197
|
+
|
|
1198
|
+
:param str resource_name: The unique name of the resulting resource.
|
|
1199
|
+
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
|
1200
|
+
:param pulumi.ResourceOptions opts: Options for the resource.
|
|
1201
|
+
:param pulumi.Input[_builtins.str] algorithm_signer: When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
|
|
1202
|
+
:param pulumi.Input[_builtins.bool] allow_bare_domains: Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
|
|
1203
|
+
:param pulumi.Input[_builtins.bool] allow_empty_principals: Allow signing certificates with no
|
|
1204
|
+
valid principals (e.g. any valid principal). For backwards compatibility
|
|
1205
|
+
only. The default of false is highly recommended.
|
|
1206
|
+
:param pulumi.Input[_builtins.bool] allow_host_certificates: Specifies if certificates are allowed to be signed for use as a 'host'.
|
|
1207
|
+
:param pulumi.Input[_builtins.bool] allow_subdomains: Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
|
|
1208
|
+
:param pulumi.Input[_builtins.bool] allow_user_certificates: Specifies if certificates are allowed to be signed for use as a 'user'.
|
|
1209
|
+
:param pulumi.Input[_builtins.bool] allow_user_key_ids: Specifies if users can override the key ID for a signed certificate with the `key_id` field.
|
|
1210
|
+
:param pulumi.Input[_builtins.str] allowed_critical_options: Specifies a comma-separated list of critical options that certificates can have when signed.
|
|
1211
|
+
:param pulumi.Input[_builtins.str] allowed_domains: The list of domains for which a client can request a host certificate.
|
|
1212
|
+
:param pulumi.Input[_builtins.bool] allowed_domains_template: Specifies if `allowed_domains` can be declared using
|
|
1213
|
+
identity template policies. Non-templated domains are also permitted.
|
|
1214
|
+
:param pulumi.Input[_builtins.str] allowed_extensions: Specifies a comma-separated list of extensions that certificates can have when signed.
|
|
1215
|
+
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]] allowed_user_key_configs: Set of configuration blocks to define allowed
|
|
1216
|
+
user key configuration, like key type and their lengths. Can be specified multiple times.
|
|
1217
|
+
*See Configuration-Options for more info*
|
|
1218
|
+
:param pulumi.Input[_builtins.str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
|
1219
|
+
:param pulumi.Input[_builtins.bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
|
1220
|
+
:param pulumi.Input[_builtins.str] backend: The path where the SSH secret backend is mounted.
|
|
1221
|
+
:param pulumi.Input[_builtins.str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
|
|
1222
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
|
|
1223
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
|
|
1224
|
+
:param pulumi.Input[_builtins.str] default_user: Specifies the default username for which a credential will be generated.
|
|
1225
|
+
:param pulumi.Input[_builtins.bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
|
1226
|
+
:param pulumi.Input[_builtins.str] key_id_format: Specifies a custom format for the key id of a signed certificate.
|
|
1227
|
+
:param pulumi.Input[_builtins.str] key_type: Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
|
|
1228
|
+
:param pulumi.Input[_builtins.str] max_ttl: Specifies the maximum Time To Live value.
|
|
1229
|
+
:param pulumi.Input[_builtins.str] name: Specifies the name of the role to create.
|
|
1230
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
1231
|
+
The value should not contain leading or trailing forward slashes.
|
|
1232
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
1233
|
+
*Available only for Vault Enterprise*.
|
|
1234
|
+
:param pulumi.Input[_builtins.str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
|
1235
|
+
:param pulumi.Input[_builtins.str] ttl: Specifies the Time To Live value.
|
|
1236
|
+
"""
|
|
1237
|
+
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
|
1238
|
+
|
|
1239
|
+
__props__ = _SecretBackendRoleState.__new__(_SecretBackendRoleState)
|
|
1240
|
+
|
|
1241
|
+
__props__.__dict__["algorithm_signer"] = algorithm_signer
|
|
1242
|
+
__props__.__dict__["allow_bare_domains"] = allow_bare_domains
|
|
1243
|
+
__props__.__dict__["allow_empty_principals"] = allow_empty_principals
|
|
1244
|
+
__props__.__dict__["allow_host_certificates"] = allow_host_certificates
|
|
1245
|
+
__props__.__dict__["allow_subdomains"] = allow_subdomains
|
|
1246
|
+
__props__.__dict__["allow_user_certificates"] = allow_user_certificates
|
|
1247
|
+
__props__.__dict__["allow_user_key_ids"] = allow_user_key_ids
|
|
1248
|
+
__props__.__dict__["allowed_critical_options"] = allowed_critical_options
|
|
1249
|
+
__props__.__dict__["allowed_domains"] = allowed_domains
|
|
1250
|
+
__props__.__dict__["allowed_domains_template"] = allowed_domains_template
|
|
1251
|
+
__props__.__dict__["allowed_extensions"] = allowed_extensions
|
|
1252
|
+
__props__.__dict__["allowed_user_key_configs"] = allowed_user_key_configs
|
|
1253
|
+
__props__.__dict__["allowed_users"] = allowed_users
|
|
1254
|
+
__props__.__dict__["allowed_users_template"] = allowed_users_template
|
|
1255
|
+
__props__.__dict__["backend"] = backend
|
|
1256
|
+
__props__.__dict__["cidr_list"] = cidr_list
|
|
1257
|
+
__props__.__dict__["default_critical_options"] = default_critical_options
|
|
1258
|
+
__props__.__dict__["default_extensions"] = default_extensions
|
|
1259
|
+
__props__.__dict__["default_user"] = default_user
|
|
1260
|
+
__props__.__dict__["default_user_template"] = default_user_template
|
|
1261
|
+
__props__.__dict__["key_id_format"] = key_id_format
|
|
1262
|
+
__props__.__dict__["key_type"] = key_type
|
|
1263
|
+
__props__.__dict__["max_ttl"] = max_ttl
|
|
1264
|
+
__props__.__dict__["name"] = name
|
|
1265
|
+
__props__.__dict__["namespace"] = namespace
|
|
1266
|
+
__props__.__dict__["not_before_duration"] = not_before_duration
|
|
1267
|
+
__props__.__dict__["ttl"] = ttl
|
|
1268
|
+
return SecretBackendRole(resource_name, opts=opts, __props__=__props__)
|
|
1269
|
+
|
|
1270
|
+
@_builtins.property
|
|
1271
|
+
@pulumi.getter(name="algorithmSigner")
|
|
1272
|
+
def algorithm_signer(self) -> pulumi.Output[_builtins.str]:
|
|
1273
|
+
"""
|
|
1274
|
+
When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
|
|
1275
|
+
"""
|
|
1276
|
+
return pulumi.get(self, "algorithm_signer")
|
|
1277
|
+
|
|
1278
|
+
@_builtins.property
|
|
1279
|
+
@pulumi.getter(name="allowBareDomains")
|
|
1280
|
+
def allow_bare_domains(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
1281
|
+
"""
|
|
1282
|
+
Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
|
|
1283
|
+
"""
|
|
1284
|
+
return pulumi.get(self, "allow_bare_domains")
|
|
1285
|
+
|
|
1286
|
+
@_builtins.property
|
|
1287
|
+
@pulumi.getter(name="allowEmptyPrincipals")
|
|
1288
|
+
def allow_empty_principals(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
1289
|
+
"""
|
|
1290
|
+
Allow signing certificates with no
|
|
1291
|
+
valid principals (e.g. any valid principal). For backwards compatibility
|
|
1292
|
+
only. The default of false is highly recommended.
|
|
1293
|
+
"""
|
|
1294
|
+
return pulumi.get(self, "allow_empty_principals")
|
|
1295
|
+
|
|
1296
|
+
@_builtins.property
|
|
1297
|
+
@pulumi.getter(name="allowHostCertificates")
|
|
1298
|
+
def allow_host_certificates(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
1299
|
+
"""
|
|
1300
|
+
Specifies if certificates are allowed to be signed for use as a 'host'.
|
|
1301
|
+
"""
|
|
1302
|
+
return pulumi.get(self, "allow_host_certificates")
|
|
1303
|
+
|
|
1304
|
+
@_builtins.property
|
|
1305
|
+
@pulumi.getter(name="allowSubdomains")
|
|
1306
|
+
def allow_subdomains(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
1307
|
+
"""
|
|
1308
|
+
Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
|
|
1309
|
+
"""
|
|
1310
|
+
return pulumi.get(self, "allow_subdomains")
|
|
1311
|
+
|
|
1312
|
+
@_builtins.property
|
|
1313
|
+
@pulumi.getter(name="allowUserCertificates")
|
|
1314
|
+
def allow_user_certificates(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
1315
|
+
"""
|
|
1316
|
+
Specifies if certificates are allowed to be signed for use as a 'user'.
|
|
1317
|
+
"""
|
|
1318
|
+
return pulumi.get(self, "allow_user_certificates")
|
|
1319
|
+
|
|
1320
|
+
@_builtins.property
|
|
1321
|
+
@pulumi.getter(name="allowUserKeyIds")
|
|
1322
|
+
def allow_user_key_ids(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
1323
|
+
"""
|
|
1324
|
+
Specifies if users can override the key ID for a signed certificate with the `key_id` field.
|
|
1325
|
+
"""
|
|
1326
|
+
return pulumi.get(self, "allow_user_key_ids")
|
|
1327
|
+
|
|
1328
|
+
@_builtins.property
|
|
1329
|
+
@pulumi.getter(name="allowedCriticalOptions")
|
|
1330
|
+
def allowed_critical_options(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1331
|
+
"""
|
|
1332
|
+
Specifies a comma-separated list of critical options that certificates can have when signed.
|
|
1333
|
+
"""
|
|
1334
|
+
return pulumi.get(self, "allowed_critical_options")
|
|
1335
|
+
|
|
1336
|
+
@_builtins.property
|
|
1337
|
+
@pulumi.getter(name="allowedDomains")
|
|
1338
|
+
def allowed_domains(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1339
|
+
"""
|
|
1340
|
+
The list of domains for which a client can request a host certificate.
|
|
1341
|
+
"""
|
|
1342
|
+
return pulumi.get(self, "allowed_domains")
|
|
1343
|
+
|
|
1344
|
+
@_builtins.property
|
|
1345
|
+
@pulumi.getter(name="allowedDomainsTemplate")
|
|
1346
|
+
def allowed_domains_template(self) -> pulumi.Output[_builtins.bool]:
|
|
1347
|
+
"""
|
|
1348
|
+
Specifies if `allowed_domains` can be declared using
|
|
1349
|
+
identity template policies. Non-templated domains are also permitted.
|
|
1350
|
+
"""
|
|
1351
|
+
return pulumi.get(self, "allowed_domains_template")
|
|
1352
|
+
|
|
1353
|
+
@_builtins.property
|
|
1354
|
+
@pulumi.getter(name="allowedExtensions")
|
|
1355
|
+
def allowed_extensions(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1356
|
+
"""
|
|
1357
|
+
Specifies a comma-separated list of extensions that certificates can have when signed.
|
|
1358
|
+
"""
|
|
1359
|
+
return pulumi.get(self, "allowed_extensions")
|
|
1360
|
+
|
|
1361
|
+
@_builtins.property
|
|
1362
|
+
@pulumi.getter(name="allowedUserKeyConfigs")
|
|
1363
|
+
def allowed_user_key_configs(self) -> pulumi.Output[Optional[Sequence['outputs.SecretBackendRoleAllowedUserKeyConfig']]]:
|
|
1364
|
+
"""
|
|
1365
|
+
Set of configuration blocks to define allowed
|
|
1366
|
+
user key configuration, like key type and their lengths. Can be specified multiple times.
|
|
1367
|
+
*See Configuration-Options for more info*
|
|
1368
|
+
"""
|
|
1369
|
+
return pulumi.get(self, "allowed_user_key_configs")
|
|
1370
|
+
|
|
1371
|
+
@_builtins.property
|
|
1372
|
+
@pulumi.getter(name="allowedUsers")
|
|
1373
|
+
def allowed_users(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1374
|
+
"""
|
|
1375
|
+
Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
|
1376
|
+
"""
|
|
1377
|
+
return pulumi.get(self, "allowed_users")
|
|
1378
|
+
|
|
1379
|
+
@_builtins.property
|
|
1380
|
+
@pulumi.getter(name="allowedUsersTemplate")
|
|
1381
|
+
def allowed_users_template(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
1382
|
+
"""
|
|
1383
|
+
Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
|
1384
|
+
"""
|
|
1385
|
+
return pulumi.get(self, "allowed_users_template")
|
|
1386
|
+
|
|
1387
|
+
@_builtins.property
|
|
1388
|
+
@pulumi.getter
|
|
1389
|
+
def backend(self) -> pulumi.Output[_builtins.str]:
|
|
1390
|
+
"""
|
|
1391
|
+
The path where the SSH secret backend is mounted.
|
|
1392
|
+
"""
|
|
1393
|
+
return pulumi.get(self, "backend")
|
|
1394
|
+
|
|
1395
|
+
@_builtins.property
|
|
1396
|
+
@pulumi.getter(name="cidrList")
|
|
1397
|
+
def cidr_list(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1398
|
+
"""
|
|
1399
|
+
The comma-separated string of CIDR blocks for which this role is applicable.
|
|
1400
|
+
"""
|
|
1401
|
+
return pulumi.get(self, "cidr_list")
|
|
1402
|
+
|
|
1403
|
+
@_builtins.property
|
|
1404
|
+
@pulumi.getter(name="defaultCriticalOptions")
|
|
1405
|
+
def default_critical_options(self) -> pulumi.Output[Optional[Mapping[str, _builtins.str]]]:
|
|
1406
|
+
"""
|
|
1407
|
+
Specifies a map of critical options that certificates have when signed.
|
|
1408
|
+
"""
|
|
1409
|
+
return pulumi.get(self, "default_critical_options")
|
|
1410
|
+
|
|
1411
|
+
@_builtins.property
|
|
1412
|
+
@pulumi.getter(name="defaultExtensions")
|
|
1413
|
+
def default_extensions(self) -> pulumi.Output[Optional[Mapping[str, _builtins.str]]]:
|
|
1414
|
+
"""
|
|
1415
|
+
Specifies a map of extensions that certificates have when signed.
|
|
1416
|
+
"""
|
|
1417
|
+
return pulumi.get(self, "default_extensions")
|
|
1418
|
+
|
|
1419
|
+
@_builtins.property
|
|
1420
|
+
@pulumi.getter(name="defaultUser")
|
|
1421
|
+
def default_user(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1422
|
+
"""
|
|
1423
|
+
Specifies the default username for which a credential will be generated.
|
|
1424
|
+
"""
|
|
1425
|
+
return pulumi.get(self, "default_user")
|
|
1426
|
+
|
|
1427
|
+
@_builtins.property
|
|
1428
|
+
@pulumi.getter(name="defaultUserTemplate")
|
|
1429
|
+
def default_user_template(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
1430
|
+
"""
|
|
1431
|
+
If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
|
1432
|
+
"""
|
|
1433
|
+
return pulumi.get(self, "default_user_template")
|
|
1434
|
+
|
|
1435
|
+
@_builtins.property
|
|
1436
|
+
@pulumi.getter(name="keyIdFormat")
|
|
1437
|
+
def key_id_format(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1438
|
+
"""
|
|
1439
|
+
Specifies a custom format for the key id of a signed certificate.
|
|
1440
|
+
"""
|
|
1441
|
+
return pulumi.get(self, "key_id_format")
|
|
1442
|
+
|
|
1443
|
+
@_builtins.property
|
|
1444
|
+
@pulumi.getter(name="keyType")
|
|
1445
|
+
def key_type(self) -> pulumi.Output[_builtins.str]:
|
|
1446
|
+
"""
|
|
1447
|
+
Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
|
|
1448
|
+
"""
|
|
1449
|
+
return pulumi.get(self, "key_type")
|
|
1450
|
+
|
|
1451
|
+
@_builtins.property
|
|
1452
|
+
@pulumi.getter(name="maxTtl")
|
|
1453
|
+
def max_ttl(self) -> pulumi.Output[_builtins.str]:
|
|
1454
|
+
"""
|
|
1455
|
+
Specifies the maximum Time To Live value.
|
|
1456
|
+
"""
|
|
1457
|
+
return pulumi.get(self, "max_ttl")
|
|
1458
|
+
|
|
1459
|
+
@_builtins.property
|
|
1460
|
+
@pulumi.getter
|
|
1461
|
+
def name(self) -> pulumi.Output[_builtins.str]:
|
|
1462
|
+
"""
|
|
1463
|
+
Specifies the name of the role to create.
|
|
1464
|
+
"""
|
|
1465
|
+
return pulumi.get(self, "name")
|
|
1466
|
+
|
|
1467
|
+
@_builtins.property
|
|
1468
|
+
@pulumi.getter
|
|
1469
|
+
def namespace(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1470
|
+
"""
|
|
1471
|
+
The namespace to provision the resource in.
|
|
1472
|
+
The value should not contain leading or trailing forward slashes.
|
|
1473
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
1474
|
+
*Available only for Vault Enterprise*.
|
|
1475
|
+
"""
|
|
1476
|
+
return pulumi.get(self, "namespace")
|
|
1477
|
+
|
|
1478
|
+
@_builtins.property
|
|
1479
|
+
@pulumi.getter(name="notBeforeDuration")
|
|
1480
|
+
def not_before_duration(self) -> pulumi.Output[_builtins.str]:
|
|
1481
|
+
"""
|
|
1482
|
+
Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
|
1483
|
+
"""
|
|
1484
|
+
return pulumi.get(self, "not_before_duration")
|
|
1485
|
+
|
|
1486
|
+
@_builtins.property
|
|
1487
|
+
@pulumi.getter
|
|
1488
|
+
def ttl(self) -> pulumi.Output[_builtins.str]:
|
|
1489
|
+
"""
|
|
1490
|
+
Specifies the Time To Live value.
|
|
1491
|
+
"""
|
|
1492
|
+
return pulumi.get(self, "ttl")
|
|
1493
|
+
|