pulumi-vault 7.6.0a1764657486__py3-none-any.whl

pulumi_vault/transit/secret_cache_config.py

@@ -0,0 +1,302 @@
+# coding=utf-8
+# *** WARNING: this file was generated by pulumi-language-python. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import builtins as _builtins
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from .. import _utilities
+
+__all__ = ['SecretCacheConfigArgs', 'SecretCacheConfig']
+
+@pulumi.input_type
+class SecretCacheConfigArgs:
+    def __init__(__self__, *,
+                 backend: pulumi.Input[_builtins.str],
+                 size: pulumi.Input[_builtins.int],
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None):
+        """
+        The set of arguments for constructing a SecretCacheConfig resource.
+        :param pulumi.Input[_builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
+        :param pulumi.Input[_builtins.int] size: The number of cache entries. 0 means unlimited.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        """
+        pulumi.set(__self__, "backend", backend)
+        pulumi.set(__self__, "size", size)
+        if namespace is not None:
+            pulumi.set(__self__, "namespace", namespace)
+
+    @_builtins.property
+    @pulumi.getter
+    def backend(self) -> pulumi.Input[_builtins.str]:
+        """
+        The path the transit secret backend is mounted at, with no leading or trailing `/`s.
+        """
+        return pulumi.get(self, "backend")
+
+    @backend.setter
+    def backend(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "backend", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def size(self) -> pulumi.Input[_builtins.int]:
+        """
+        The number of cache entries. 0 means unlimited.
+        """
+        return pulumi.get(self, "size")
+
+    @size.setter
+    def size(self, value: pulumi.Input[_builtins.int]):
+        pulumi.set(self, "size", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "namespace")
+
+    @namespace.setter
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "namespace", value)
+
+
+@pulumi.input_type
+class _SecretCacheConfigState:
+    def __init__(__self__, *,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 size: Optional[pulumi.Input[_builtins.int]] = None):
+        """
+        Input properties used for looking up and filtering SecretCacheConfig resources.
+        :param pulumi.Input[_builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        :param pulumi.Input[_builtins.int] size: The number of cache entries. 0 means unlimited.
+        """
+        if backend is not None:
+            pulumi.set(__self__, "backend", backend)
+        if namespace is not None:
+            pulumi.set(__self__, "namespace", namespace)
+        if size is not None:
+            pulumi.set(__self__, "size", size)
+
+    @_builtins.property
+    @pulumi.getter
+    def backend(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The path the transit secret backend is mounted at, with no leading or trailing `/`s.
+        """
+        return pulumi.get(self, "backend")
+
+    @backend.setter
+    def backend(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "backend", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "namespace")
+
+    @namespace.setter
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "namespace", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def size(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        The number of cache entries. 0 means unlimited.
+        """
+        return pulumi.get(self, "size")
+
+    @size.setter
+    def size(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "size", value)
+
+
+@pulumi.type_token("vault:transit/secretCacheConfig:SecretCacheConfig")
+class SecretCacheConfig(pulumi.CustomResource):
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 size: Optional[pulumi.Input[_builtins.int]] = None,
+                 __props__=None):
+        """
+        Configure the cache for the Transit Secret Backend in Vault.
+
+        ## Example Usage
+
+        ```python
+        import pulumi
+        import pulumi_vault as vault
+
+        transit = vault.Mount("transit",
+            path="transit",
+            type="transit",
+            description="Example description",
+            default_lease_ttl_seconds=3600,
+            max_lease_ttl_seconds=86400)
+        cfg = vault.transit.SecretCacheConfig("cfg",
+            backend=transit.path,
+            size=500)
+        ```
+
+        :param str resource_name: The name of the resource.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[_builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        :param pulumi.Input[_builtins.int] size: The number of cache entries. 0 means unlimited.
+        """
+        ...
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 args: SecretCacheConfigArgs,
+                 opts: Optional[pulumi.ResourceOptions] = None):
+        """
+        Configure the cache for the Transit Secret Backend in Vault.
+
+        ## Example Usage
+
+        ```python
+        import pulumi
+        import pulumi_vault as vault
+
+        transit = vault.Mount("transit",
+            path="transit",
+            type="transit",
+            description="Example description",
+            default_lease_ttl_seconds=3600,
+            max_lease_ttl_seconds=86400)
+        cfg = vault.transit.SecretCacheConfig("cfg",
+            backend=transit.path,
+            size=500)
+        ```
+
+        :param str resource_name: The name of the resource.
+        :param SecretCacheConfigArgs args: The arguments to use to populate this resource's properties.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        ...
+    def __init__(__self__, resource_name: str, *args, **kwargs):
+        resource_args, opts = _utilities.get_resource_args_opts(SecretCacheConfigArgs, pulumi.ResourceOptions, *args, **kwargs)
+        if resource_args is not None:
+            __self__._internal_init(resource_name, opts, **resource_args.__dict__)
+        else:
+            __self__._internal_init(resource_name, *args, **kwargs)
+
+    def _internal_init(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 size: Optional[pulumi.Input[_builtins.int]] = None,
+                 __props__=None):
+        opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
+        if not isinstance(opts, pulumi.ResourceOptions):
+            raise TypeError('Expected resource options to be a ResourceOptions instance')
+        if opts.id is None:
+            if __props__ is not None:
+                raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
+            __props__ = SecretCacheConfigArgs.__new__(SecretCacheConfigArgs)
+
+            if backend is None and not opts.urn:
+                raise TypeError("Missing required property 'backend'")
+            __props__.__dict__["backend"] = backend
+            __props__.__dict__["namespace"] = namespace
+            if size is None and not opts.urn:
+                raise TypeError("Missing required property 'size'")
+            __props__.__dict__["size"] = size
+        super(SecretCacheConfig, __self__).__init__(
+            'vault:transit/secretCacheConfig:SecretCacheConfig',
+            resource_name,
+            __props__,
+            opts)
+
+    @staticmethod
+    def get(resource_name: str,
+            id: pulumi.Input[str],
+            opts: Optional[pulumi.ResourceOptions] = None,
+            backend: Optional[pulumi.Input[_builtins.str]] = None,
+            namespace: Optional[pulumi.Input[_builtins.str]] = None,
+            size: Optional[pulumi.Input[_builtins.int]] = None) -> 'SecretCacheConfig':
+        """
+        Get an existing SecretCacheConfig resource's state with the given name, id, and optional extra
+        properties used to qualify the lookup.
+
+        :param str resource_name: The unique name of the resulting resource.
+        :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[_builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        :param pulumi.Input[_builtins.int] size: The number of cache entries. 0 means unlimited.
+        """
+        opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
+
+        __props__ = _SecretCacheConfigState.__new__(_SecretCacheConfigState)
+
+        __props__.__dict__["backend"] = backend
+        __props__.__dict__["namespace"] = namespace
+        __props__.__dict__["size"] = size
+        return SecretCacheConfig(resource_name, opts=opts, __props__=__props__)
+
+    @_builtins.property
+    @pulumi.getter
+    def backend(self) -> pulumi.Output[_builtins.str]:
+        """
+        The path the transit secret backend is mounted at, with no leading or trailing `/`s.
+        """
+        return pulumi.get(self, "backend")
+
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "namespace")
+
+    @_builtins.property
+    @pulumi.getter
+    def size(self) -> pulumi.Output[_builtins.int]:
+        """
+        The number of cache entries. 0 means unlimited.
+        """
+        return pulumi.get(self, "size")
+

pulumi_vault-7.6.0a1764657486.dist-info/METADATA

@@ -0,0 +1,92 @@
+Metadata-Version: 2.4
+Name: pulumi_vault
+Version: 7.6.0a1764657486
+Summary: A Pulumi package for creating and managing HashiCorp Vault cloud resources.
+License: Apache-2.0
+Project-URL: Homepage, https://pulumi.io
+Project-URL: Repository, https://github.com/pulumi/pulumi-vault
+Keywords: pulumi,vault
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+Requires-Dist: parver>=0.2.1
+Requires-Dist: pulumi<4.0.0,>=3.165.0
+Requires-Dist: semver>=2.8.1
+Requires-Dist: typing-extensions<5,>=4.11; python_version < "3.11"
+
+[![Build Status](https://travis-ci.com/pulumi/pulumi-vault.svg?token=eHg7Zp5zdDDJfTjY8ejq&branch=master)](https://travis-ci.com/pulumi/pulumi-vault)
+
+# Hashicorp Vault Resource Provider
+
+The Vault resource provider for Pulumi lets you manage Vault resources in your cloud programs. To use
+this package, please [install the Pulumi CLI first](https://pulumi.io/).
+
+## Installing
+
+This package is available in many languages in the standard packaging formats.
+
+### Node.js (Java/TypeScript)
+
+To use from JavaScript or TypeScript in Node.js, install using either `npm`:
+
+    $ npm install @pulumi/vault
+
+or `yarn`:
+
+    $ yarn add @pulumi/vault
+
+### Python
+
+To use from Python, install using `pip`:
+
+    $ pip install pulumi_vault
+
+### Go
+
+To use from Go, use `go get` to grab the latest version of the library
+
+    $ go get github.com/pulumi/pulumi-vault/sdk/v6
+
+### .NET
+
+To use from .NET, install using `dotnet add package`:
+
+    $ dotnet add package Pulumi.Vault
+
+## Configuration
+
+The following configuration points are available:
+
+- `vault:address` - (Required) Origin URL of the Vault server. This is a URL with a scheme, a hostname and a port but with no path.
+  May be set via the `VAULT_ADDR` environment variable.
+- `vault:token` - (Required) Vault token that will be used by the provider to authenticate. May be set via the `VAULT_TOKEN`
+  environment variable. If none is otherwise supplied, the provider will attempt to read it from ~/.vault-token (where the vault
+  command stores its current token). The provider will issue itself a new token that is a child of the one given, with a short TTL
+  to limit the exposure of any requested secrets. Note that the given token must have the update capability on the `auth/token/create`
+  path in Vault in order to create child tokens.
+- `vault:tokenName` - (Optional) Token name to use for creating the Vault child token. May be set via the `VAULT_TOKEN_NAME`
+  environment variable. 
+- `vault:ca_cert_file` - (Optional) Path to a file on local disk that will be used to validate the certificate presented by
+  the Vault server. May be set via the `VAULT_CACERT` environment variable.
+- `vault:ca_cert_dir` - (Optional) Path to a directory on local disk that contains one or more certificate files that will
+  be used to validate the certificate presented by the Vault server. May be set via the `VAULT_CAPATH` environment variable.
+- `vault:client_auth` - (Optional) A configuration block, described below, that provides credentials used by the provider
+  to authenticate with the Vault server. At present there is little reason to set this, because the provider does not 
+  support the TLS certificate authentication mechanism.
+    - `vault:cert_file` - (Required) Path to a file on local disk that contains the PEM-encoded certificate to present to the server.
+    - `vault:key_file` - (Required) Path to a file on local disk that contains the PEM-encoded private key for which the 
+    authentication certificate was issued.
+- `vault:skip_tls_verify` - (Optional) Set this to true to disable verification of the Vault server's TLS certificate. This
+  is strongly discouraged except in prototype or development environments, since it exposes the possibility that the provider
+  can be tricked into writing secrets to a server controlled by an intruder. May be set via the `VAULT_SKIP_VERIFY` environment variable.
+- `vault:max_lease_ttl_seconds` - (Optional) Used as the duration for the intermediate Vault token the provider issues itself,
+  which in turn limits the duration of secret leases issued by Vault. Defaults to `20` minutes and may be set via the 
+  `TERRAFORM_VAULT_MAX_TTL` environment variable. See the section above on Using Vault credentials in the provider configuration
+  for the implications of this setting.
+- `vault:max_retries` - (Optional) Used as the maximum number of retries when a 5xx error code is encountered. Defaults to `2`
+  retries and may be set via the VAULT_MAX_RETRIES environment variable.
+- `vault:namespace` - (Optional) Set the namespace to use. May be set via the `VAULT_NAMESPACE` environment variable. Available
+  only for Vault Enterprise.
+
+## Reference
+
+For further information, please visit [the Vault provider docs](https://www.pulumi.com/docs/intro/cloud-providers/vault) or for detailed reference documentation, please visit [the API docs](https://www.pulumi.com/docs/reference/pkg/vault).