pulumi-vault 7.6.0a1764657486__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1399 -0
- pulumi_vault/_inputs.py +2701 -0
- pulumi_vault/_utilities.py +331 -0
- pulumi_vault/ad/__init__.py +12 -0
- pulumi_vault/ad/get_access_credentials.py +177 -0
- pulumi_vault/ad/secret_backend.py +1916 -0
- pulumi_vault/ad/secret_library.py +546 -0
- pulumi_vault/ad/secret_role.py +499 -0
- pulumi_vault/alicloud/__init__.py +9 -0
- pulumi_vault/alicloud/auth_backend_role.py +866 -0
- pulumi_vault/approle/__init__.py +12 -0
- pulumi_vault/approle/auth_backend_login.py +571 -0
- pulumi_vault/approle/auth_backend_role.py +1082 -0
- pulumi_vault/approle/auth_backend_role_secret_id.py +796 -0
- pulumi_vault/approle/get_auth_backend_role_id.py +169 -0
- pulumi_vault/audit.py +499 -0
- pulumi_vault/audit_request_header.py +277 -0
- pulumi_vault/auth_backend.py +565 -0
- pulumi_vault/aws/__init__.py +22 -0
- pulumi_vault/aws/auth_backend_cert.py +420 -0
- pulumi_vault/aws/auth_backend_client.py +1259 -0
- pulumi_vault/aws/auth_backend_config_identity.py +494 -0
- pulumi_vault/aws/auth_backend_identity_whitelist.py +380 -0
- pulumi_vault/aws/auth_backend_login.py +1046 -0
- pulumi_vault/aws/auth_backend_role.py +1961 -0
- pulumi_vault/aws/auth_backend_role_tag.py +638 -0
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +366 -0
- pulumi_vault/aws/auth_backend_sts_role.py +414 -0
- pulumi_vault/aws/get_access_credentials.py +369 -0
- pulumi_vault/aws/get_static_access_credentials.py +137 -0
- pulumi_vault/aws/secret_backend.py +2018 -0
- pulumi_vault/aws/secret_backend_role.py +1188 -0
- pulumi_vault/aws/secret_backend_static_role.py +639 -0
- pulumi_vault/azure/__init__.py +15 -0
- pulumi_vault/azure/_inputs.py +108 -0
- pulumi_vault/azure/auth_backend_config.py +1096 -0
- pulumi_vault/azure/auth_backend_role.py +1176 -0
- pulumi_vault/azure/backend.py +1793 -0
- pulumi_vault/azure/backend_role.py +883 -0
- pulumi_vault/azure/get_access_credentials.py +400 -0
- pulumi_vault/azure/outputs.py +107 -0
- pulumi_vault/cert_auth_backend_role.py +1539 -0
- pulumi_vault/config/__init__.py +9 -0
- pulumi_vault/config/__init__.pyi +164 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +1225 -0
- pulumi_vault/config/ui_custom_message.py +530 -0
- pulumi_vault/config/vars.py +230 -0
- pulumi_vault/consul/__init__.py +10 -0
- pulumi_vault/consul/secret_backend.py +1517 -0
- pulumi_vault/consul/secret_backend_role.py +847 -0
- pulumi_vault/database/__init__.py +14 -0
- pulumi_vault/database/_inputs.py +11907 -0
- pulumi_vault/database/outputs.py +8496 -0
- pulumi_vault/database/secret_backend_connection.py +1676 -0
- pulumi_vault/database/secret_backend_role.py +840 -0
- pulumi_vault/database/secret_backend_static_role.py +881 -0
- pulumi_vault/database/secrets_mount.py +2160 -0
- pulumi_vault/egp_policy.py +399 -0
- pulumi_vault/gcp/__init__.py +17 -0
- pulumi_vault/gcp/_inputs.py +441 -0
- pulumi_vault/gcp/auth_backend.py +1486 -0
- pulumi_vault/gcp/auth_backend_role.py +1235 -0
- pulumi_vault/gcp/get_auth_backend_role.py +514 -0
- pulumi_vault/gcp/outputs.py +302 -0
- pulumi_vault/gcp/secret_backend.py +1807 -0
- pulumi_vault/gcp/secret_impersonated_account.py +484 -0
- pulumi_vault/gcp/secret_roleset.py +554 -0
- pulumi_vault/gcp/secret_static_account.py +557 -0
- pulumi_vault/generic/__init__.py +11 -0
- pulumi_vault/generic/endpoint.py +786 -0
- pulumi_vault/generic/get_secret.py +306 -0
- pulumi_vault/generic/secret.py +486 -0
- pulumi_vault/get_auth_backend.py +226 -0
- pulumi_vault/get_auth_backends.py +170 -0
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +202 -0
- pulumi_vault/get_nomad_access_token.py +210 -0
- pulumi_vault/get_policy_document.py +160 -0
- pulumi_vault/get_raft_autopilot_state.py +267 -0
- pulumi_vault/github/__init__.py +13 -0
- pulumi_vault/github/_inputs.py +225 -0
- pulumi_vault/github/auth_backend.py +1194 -0
- pulumi_vault/github/outputs.py +174 -0
- pulumi_vault/github/team.py +380 -0
- pulumi_vault/github/user.py +380 -0
- pulumi_vault/identity/__init__.py +35 -0
- pulumi_vault/identity/entity.py +447 -0
- pulumi_vault/identity/entity_alias.py +398 -0
- pulumi_vault/identity/entity_policies.py +455 -0
- pulumi_vault/identity/get_entity.py +384 -0
- pulumi_vault/identity/get_group.py +467 -0
- pulumi_vault/identity/get_oidc_client_creds.py +175 -0
- pulumi_vault/identity/get_oidc_openid_config.py +334 -0
- pulumi_vault/identity/get_oidc_public_keys.py +179 -0
- pulumi_vault/identity/group.py +805 -0
- pulumi_vault/identity/group_alias.py +386 -0
- pulumi_vault/identity/group_member_entity_ids.py +444 -0
- pulumi_vault/identity/group_member_group_ids.py +467 -0
- pulumi_vault/identity/group_policies.py +471 -0
- pulumi_vault/identity/mfa_duo.py +674 -0
- pulumi_vault/identity/mfa_login_enforcement.py +566 -0
- pulumi_vault/identity/mfa_okta.py +626 -0
- pulumi_vault/identity/mfa_pingid.py +616 -0
- pulumi_vault/identity/mfa_totp.py +758 -0
- pulumi_vault/identity/oidc.py +268 -0
- pulumi_vault/identity/oidc_assignment.py +375 -0
- pulumi_vault/identity/oidc_client.py +667 -0
- pulumi_vault/identity/oidc_key.py +474 -0
- pulumi_vault/identity/oidc_key_allowed_client_id.py +298 -0
- pulumi_vault/identity/oidc_provider.py +550 -0
- pulumi_vault/identity/oidc_role.py +543 -0
- pulumi_vault/identity/oidc_scope.py +355 -0
- pulumi_vault/identity/outputs.py +137 -0
- pulumi_vault/jwt/__init__.py +12 -0
- pulumi_vault/jwt/_inputs.py +225 -0
- pulumi_vault/jwt/auth_backend.py +1347 -0
- pulumi_vault/jwt/auth_backend_role.py +1847 -0
- pulumi_vault/jwt/outputs.py +174 -0
- pulumi_vault/kmip/__init__.py +11 -0
- pulumi_vault/kmip/secret_backend.py +1591 -0
- pulumi_vault/kmip/secret_role.py +1194 -0
- pulumi_vault/kmip/secret_scope.py +372 -0
- pulumi_vault/kubernetes/__init__.py +15 -0
- pulumi_vault/kubernetes/auth_backend_config.py +654 -0
- pulumi_vault/kubernetes/auth_backend_role.py +1031 -0
- pulumi_vault/kubernetes/get_auth_backend_config.py +280 -0
- pulumi_vault/kubernetes/get_auth_backend_role.py +470 -0
- pulumi_vault/kubernetes/get_service_account_token.py +344 -0
- pulumi_vault/kubernetes/secret_backend.py +1341 -0
- pulumi_vault/kubernetes/secret_backend_role.py +1140 -0
- pulumi_vault/kv/__init__.py +18 -0
- pulumi_vault/kv/_inputs.py +124 -0
- pulumi_vault/kv/get_secret.py +240 -0
- pulumi_vault/kv/get_secret_subkeys_v2.py +275 -0
- pulumi_vault/kv/get_secret_v2.py +315 -0
- pulumi_vault/kv/get_secrets_list.py +186 -0
- pulumi_vault/kv/get_secrets_list_v2.py +243 -0
- pulumi_vault/kv/outputs.py +102 -0
- pulumi_vault/kv/secret.py +397 -0
- pulumi_vault/kv/secret_backend_v2.py +455 -0
- pulumi_vault/kv/secret_v2.py +970 -0
- pulumi_vault/ldap/__init__.py +19 -0
- pulumi_vault/ldap/_inputs.py +225 -0
- pulumi_vault/ldap/auth_backend.py +2520 -0
- pulumi_vault/ldap/auth_backend_group.py +386 -0
- pulumi_vault/ldap/auth_backend_user.py +439 -0
- pulumi_vault/ldap/get_dynamic_credentials.py +181 -0
- pulumi_vault/ldap/get_static_credentials.py +192 -0
- pulumi_vault/ldap/outputs.py +174 -0
- pulumi_vault/ldap/secret_backend.py +2207 -0
- pulumi_vault/ldap/secret_backend_dynamic_role.py +767 -0
- pulumi_vault/ldap/secret_backend_library_set.py +552 -0
- pulumi_vault/ldap/secret_backend_static_role.py +541 -0
- pulumi_vault/managed/__init__.py +11 -0
- pulumi_vault/managed/_inputs.py +944 -0
- pulumi_vault/managed/keys.py +398 -0
- pulumi_vault/managed/outputs.py +667 -0
- pulumi_vault/mfa_duo.py +589 -0
- pulumi_vault/mfa_okta.py +623 -0
- pulumi_vault/mfa_pingid.py +670 -0
- pulumi_vault/mfa_totp.py +620 -0
- pulumi_vault/mongodbatlas/__init__.py +10 -0
- pulumi_vault/mongodbatlas/secret_backend.py +388 -0
- pulumi_vault/mongodbatlas/secret_role.py +726 -0
- pulumi_vault/mount.py +1262 -0
- pulumi_vault/namespace.py +452 -0
- pulumi_vault/nomad_secret_backend.py +1559 -0
- pulumi_vault/nomad_secret_role.py +489 -0
- pulumi_vault/oci_auth_backend.py +676 -0
- pulumi_vault/oci_auth_backend_role.py +852 -0
- pulumi_vault/okta/__init__.py +13 -0
- pulumi_vault/okta/_inputs.py +320 -0
- pulumi_vault/okta/auth_backend.py +1231 -0
- pulumi_vault/okta/auth_backend_group.py +369 -0
- pulumi_vault/okta/auth_backend_user.py +416 -0
- pulumi_vault/okta/outputs.py +244 -0
- pulumi_vault/outputs.py +502 -0
- pulumi_vault/pkisecret/__init__.py +38 -0
- pulumi_vault/pkisecret/_inputs.py +270 -0
- pulumi_vault/pkisecret/backend_acme_eab.py +550 -0
- pulumi_vault/pkisecret/backend_config_acme.py +690 -0
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1370 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +370 -0
- pulumi_vault/pkisecret/backend_config_cmpv2.py +693 -0
- pulumi_vault/pkisecret/backend_config_est.py +756 -0
- pulumi_vault/pkisecret/backend_config_scep.py +738 -0
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +226 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_config_scep.py +271 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +395 -0
- pulumi_vault/pkisecret/get_backend_issuers.py +192 -0
- pulumi_vault/pkisecret/get_backend_key.py +211 -0
- pulumi_vault/pkisecret/get_backend_keys.py +192 -0
- pulumi_vault/pkisecret/outputs.py +270 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +1315 -0
- pulumi_vault/pkisecret/secret_backend_config_ca.py +386 -0
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +392 -0
- pulumi_vault/pkisecret/secret_backend_config_urls.py +462 -0
- pulumi_vault/pkisecret/secret_backend_crl_config.py +846 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +1629 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +444 -0
- pulumi_vault/pkisecret/secret_backend_issuer.py +1089 -0
- pulumi_vault/pkisecret/secret_backend_key.py +613 -0
- pulumi_vault/pkisecret/secret_backend_role.py +2694 -0
- pulumi_vault/pkisecret/secret_backend_root_cert.py +2134 -0
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +2031 -0
- pulumi_vault/pkisecret/secret_backend_sign.py +1194 -0
- pulumi_vault/plugin.py +596 -0
- pulumi_vault/plugin_pinned_version.py +299 -0
- pulumi_vault/policy.py +279 -0
- pulumi_vault/provider.py +781 -0
- pulumi_vault/pulumi-plugin.json +5 -0
- pulumi_vault/py.typed +0 -0
- pulumi_vault/quota_lease_count.py +504 -0
- pulumi_vault/quota_rate_limit.py +751 -0
- pulumi_vault/rabbitmq/__init__.py +12 -0
- pulumi_vault/rabbitmq/_inputs.py +235 -0
- pulumi_vault/rabbitmq/outputs.py +144 -0
- pulumi_vault/rabbitmq/secret_backend.py +1437 -0
- pulumi_vault/rabbitmq/secret_backend_role.py +496 -0
- pulumi_vault/raft_autopilot.py +609 -0
- pulumi_vault/raft_snapshot_agent_config.py +1591 -0
- pulumi_vault/rgp_policy.py +349 -0
- pulumi_vault/saml/__init__.py +12 -0
- pulumi_vault/saml/_inputs.py +225 -0
- pulumi_vault/saml/auth_backend.py +811 -0
- pulumi_vault/saml/auth_backend_role.py +1068 -0
- pulumi_vault/saml/outputs.py +174 -0
- pulumi_vault/scep_auth_backend_role.py +908 -0
- pulumi_vault/secrets/__init__.py +18 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +450 -0
- pulumi_vault/secrets/sync_aws_destination.py +780 -0
- pulumi_vault/secrets/sync_azure_destination.py +736 -0
- pulumi_vault/secrets/sync_config.py +303 -0
- pulumi_vault/secrets/sync_gcp_destination.py +572 -0
- pulumi_vault/secrets/sync_gh_destination.py +688 -0
- pulumi_vault/secrets/sync_github_apps.py +376 -0
- pulumi_vault/secrets/sync_vercel_destination.py +603 -0
- pulumi_vault/ssh/__init__.py +13 -0
- pulumi_vault/ssh/_inputs.py +76 -0
- pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
- pulumi_vault/ssh/outputs.py +51 -0
- pulumi_vault/ssh/secret_backend_ca.py +588 -0
- pulumi_vault/ssh/secret_backend_role.py +1493 -0
- pulumi_vault/terraformcloud/__init__.py +11 -0
- pulumi_vault/terraformcloud/secret_backend.py +1321 -0
- pulumi_vault/terraformcloud/secret_creds.py +445 -0
- pulumi_vault/terraformcloud/secret_role.py +563 -0
- pulumi_vault/token.py +1026 -0
- pulumi_vault/tokenauth/__init__.py +9 -0
- pulumi_vault/tokenauth/auth_backend_role.py +1135 -0
- pulumi_vault/transform/__init__.py +14 -0
- pulumi_vault/transform/alphabet.py +348 -0
- pulumi_vault/transform/get_decode.py +287 -0
- pulumi_vault/transform/get_encode.py +291 -0
- pulumi_vault/transform/role.py +350 -0
- pulumi_vault/transform/template.py +592 -0
- pulumi_vault/transform/transformation.py +608 -0
- pulumi_vault/transit/__init__.py +15 -0
- pulumi_vault/transit/get_cmac.py +256 -0
- pulumi_vault/transit/get_decrypt.py +181 -0
- pulumi_vault/transit/get_encrypt.py +174 -0
- pulumi_vault/transit/get_sign.py +328 -0
- pulumi_vault/transit/get_verify.py +373 -0
- pulumi_vault/transit/secret_backend_key.py +1202 -0
- pulumi_vault/transit/secret_cache_config.py +302 -0
- pulumi_vault-7.6.0a1764657486.dist-info/METADATA +92 -0
- pulumi_vault-7.6.0a1764657486.dist-info/RECORD +274 -0
- pulumi_vault-7.6.0a1764657486.dist-info/WHEEL +5 -0
- pulumi_vault-7.6.0a1764657486.dist-info/top_level.txt +1 -0
|
@@ -0,0 +1,414 @@
|
|
|
1
|
+
# coding=utf-8
|
|
2
|
+
# *** WARNING: this file was generated by pulumi-language-python. ***
|
|
3
|
+
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
|
4
|
+
|
|
5
|
+
import builtins as _builtins
|
|
6
|
+
import warnings
|
|
7
|
+
import sys
|
|
8
|
+
import pulumi
|
|
9
|
+
import pulumi.runtime
|
|
10
|
+
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
|
11
|
+
if sys.version_info >= (3, 11):
|
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
|
13
|
+
else:
|
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
|
15
|
+
from .. import _utilities
|
|
16
|
+
|
|
17
|
+
__all__ = ['AuthBackendStsRoleArgs', 'AuthBackendStsRole']
|
|
18
|
+
|
|
19
|
+
@pulumi.input_type
|
|
20
|
+
class AuthBackendStsRoleArgs:
|
|
21
|
+
def __init__(__self__, *,
|
|
22
|
+
account_id: pulumi.Input[_builtins.str],
|
|
23
|
+
sts_role: pulumi.Input[_builtins.str],
|
|
24
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
25
|
+
external_id: Optional[pulumi.Input[_builtins.str]] = None,
|
|
26
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None):
|
|
27
|
+
"""
|
|
28
|
+
The set of arguments for constructing a AuthBackendStsRole resource.
|
|
29
|
+
:param pulumi.Input[_builtins.str] account_id: The AWS account ID to configure the STS role for.
|
|
30
|
+
:param pulumi.Input[_builtins.str] sts_role: The STS role to assume when verifying requests made
|
|
31
|
+
by EC2 instances in the account specified by `account_id`.
|
|
32
|
+
:param pulumi.Input[_builtins.str] backend: The path the AWS auth backend being configured was
|
|
33
|
+
mounted at. Defaults to `aws`.
|
|
34
|
+
:param pulumi.Input[_builtins.str] external_id: External ID expected by the STS role. The associated STS role must be configured to require the external ID. Requires Vault 1.17+.
|
|
35
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
36
|
+
The value should not contain leading or trailing forward slashes.
|
|
37
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
38
|
+
*Available only for Vault Enterprise*.
|
|
39
|
+
"""
|
|
40
|
+
pulumi.set(__self__, "account_id", account_id)
|
|
41
|
+
pulumi.set(__self__, "sts_role", sts_role)
|
|
42
|
+
if backend is not None:
|
|
43
|
+
pulumi.set(__self__, "backend", backend)
|
|
44
|
+
if external_id is not None:
|
|
45
|
+
pulumi.set(__self__, "external_id", external_id)
|
|
46
|
+
if namespace is not None:
|
|
47
|
+
pulumi.set(__self__, "namespace", namespace)
|
|
48
|
+
|
|
49
|
+
@_builtins.property
|
|
50
|
+
@pulumi.getter(name="accountId")
|
|
51
|
+
def account_id(self) -> pulumi.Input[_builtins.str]:
|
|
52
|
+
"""
|
|
53
|
+
The AWS account ID to configure the STS role for.
|
|
54
|
+
"""
|
|
55
|
+
return pulumi.get(self, "account_id")
|
|
56
|
+
|
|
57
|
+
@account_id.setter
|
|
58
|
+
def account_id(self, value: pulumi.Input[_builtins.str]):
|
|
59
|
+
pulumi.set(self, "account_id", value)
|
|
60
|
+
|
|
61
|
+
@_builtins.property
|
|
62
|
+
@pulumi.getter(name="stsRole")
|
|
63
|
+
def sts_role(self) -> pulumi.Input[_builtins.str]:
|
|
64
|
+
"""
|
|
65
|
+
The STS role to assume when verifying requests made
|
|
66
|
+
by EC2 instances in the account specified by `account_id`.
|
|
67
|
+
"""
|
|
68
|
+
return pulumi.get(self, "sts_role")
|
|
69
|
+
|
|
70
|
+
@sts_role.setter
|
|
71
|
+
def sts_role(self, value: pulumi.Input[_builtins.str]):
|
|
72
|
+
pulumi.set(self, "sts_role", value)
|
|
73
|
+
|
|
74
|
+
@_builtins.property
|
|
75
|
+
@pulumi.getter
|
|
76
|
+
def backend(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
77
|
+
"""
|
|
78
|
+
The path the AWS auth backend being configured was
|
|
79
|
+
mounted at. Defaults to `aws`.
|
|
80
|
+
"""
|
|
81
|
+
return pulumi.get(self, "backend")
|
|
82
|
+
|
|
83
|
+
@backend.setter
|
|
84
|
+
def backend(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
85
|
+
pulumi.set(self, "backend", value)
|
|
86
|
+
|
|
87
|
+
@_builtins.property
|
|
88
|
+
@pulumi.getter(name="externalId")
|
|
89
|
+
def external_id(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
90
|
+
"""
|
|
91
|
+
External ID expected by the STS role. The associated STS role must be configured to require the external ID. Requires Vault 1.17+.
|
|
92
|
+
"""
|
|
93
|
+
return pulumi.get(self, "external_id")
|
|
94
|
+
|
|
95
|
+
@external_id.setter
|
|
96
|
+
def external_id(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
97
|
+
pulumi.set(self, "external_id", value)
|
|
98
|
+
|
|
99
|
+
@_builtins.property
|
|
100
|
+
@pulumi.getter
|
|
101
|
+
def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
102
|
+
"""
|
|
103
|
+
The namespace to provision the resource in.
|
|
104
|
+
The value should not contain leading or trailing forward slashes.
|
|
105
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
106
|
+
*Available only for Vault Enterprise*.
|
|
107
|
+
"""
|
|
108
|
+
return pulumi.get(self, "namespace")
|
|
109
|
+
|
|
110
|
+
@namespace.setter
|
|
111
|
+
def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
112
|
+
pulumi.set(self, "namespace", value)
|
|
113
|
+
|
|
114
|
+
|
|
115
|
+
@pulumi.input_type
|
|
116
|
+
class _AuthBackendStsRoleState:
|
|
117
|
+
def __init__(__self__, *,
|
|
118
|
+
account_id: Optional[pulumi.Input[_builtins.str]] = None,
|
|
119
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
120
|
+
external_id: Optional[pulumi.Input[_builtins.str]] = None,
|
|
121
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
122
|
+
sts_role: Optional[pulumi.Input[_builtins.str]] = None):
|
|
123
|
+
"""
|
|
124
|
+
Input properties used for looking up and filtering AuthBackendStsRole resources.
|
|
125
|
+
:param pulumi.Input[_builtins.str] account_id: The AWS account ID to configure the STS role for.
|
|
126
|
+
:param pulumi.Input[_builtins.str] backend: The path the AWS auth backend being configured was
|
|
127
|
+
mounted at. Defaults to `aws`.
|
|
128
|
+
:param pulumi.Input[_builtins.str] external_id: External ID expected by the STS role. The associated STS role must be configured to require the external ID. Requires Vault 1.17+.
|
|
129
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
130
|
+
The value should not contain leading or trailing forward slashes.
|
|
131
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
132
|
+
*Available only for Vault Enterprise*.
|
|
133
|
+
:param pulumi.Input[_builtins.str] sts_role: The STS role to assume when verifying requests made
|
|
134
|
+
by EC2 instances in the account specified by `account_id`.
|
|
135
|
+
"""
|
|
136
|
+
if account_id is not None:
|
|
137
|
+
pulumi.set(__self__, "account_id", account_id)
|
|
138
|
+
if backend is not None:
|
|
139
|
+
pulumi.set(__self__, "backend", backend)
|
|
140
|
+
if external_id is not None:
|
|
141
|
+
pulumi.set(__self__, "external_id", external_id)
|
|
142
|
+
if namespace is not None:
|
|
143
|
+
pulumi.set(__self__, "namespace", namespace)
|
|
144
|
+
if sts_role is not None:
|
|
145
|
+
pulumi.set(__self__, "sts_role", sts_role)
|
|
146
|
+
|
|
147
|
+
@_builtins.property
|
|
148
|
+
@pulumi.getter(name="accountId")
|
|
149
|
+
def account_id(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
150
|
+
"""
|
|
151
|
+
The AWS account ID to configure the STS role for.
|
|
152
|
+
"""
|
|
153
|
+
return pulumi.get(self, "account_id")
|
|
154
|
+
|
|
155
|
+
@account_id.setter
|
|
156
|
+
def account_id(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
157
|
+
pulumi.set(self, "account_id", value)
|
|
158
|
+
|
|
159
|
+
@_builtins.property
|
|
160
|
+
@pulumi.getter
|
|
161
|
+
def backend(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
162
|
+
"""
|
|
163
|
+
The path the AWS auth backend being configured was
|
|
164
|
+
mounted at. Defaults to `aws`.
|
|
165
|
+
"""
|
|
166
|
+
return pulumi.get(self, "backend")
|
|
167
|
+
|
|
168
|
+
@backend.setter
|
|
169
|
+
def backend(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
170
|
+
pulumi.set(self, "backend", value)
|
|
171
|
+
|
|
172
|
+
@_builtins.property
|
|
173
|
+
@pulumi.getter(name="externalId")
|
|
174
|
+
def external_id(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
175
|
+
"""
|
|
176
|
+
External ID expected by the STS role. The associated STS role must be configured to require the external ID. Requires Vault 1.17+.
|
|
177
|
+
"""
|
|
178
|
+
return pulumi.get(self, "external_id")
|
|
179
|
+
|
|
180
|
+
@external_id.setter
|
|
181
|
+
def external_id(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
182
|
+
pulumi.set(self, "external_id", value)
|
|
183
|
+
|
|
184
|
+
@_builtins.property
|
|
185
|
+
@pulumi.getter
|
|
186
|
+
def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
187
|
+
"""
|
|
188
|
+
The namespace to provision the resource in.
|
|
189
|
+
The value should not contain leading or trailing forward slashes.
|
|
190
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
191
|
+
*Available only for Vault Enterprise*.
|
|
192
|
+
"""
|
|
193
|
+
return pulumi.get(self, "namespace")
|
|
194
|
+
|
|
195
|
+
@namespace.setter
|
|
196
|
+
def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
197
|
+
pulumi.set(self, "namespace", value)
|
|
198
|
+
|
|
199
|
+
@_builtins.property
|
|
200
|
+
@pulumi.getter(name="stsRole")
|
|
201
|
+
def sts_role(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
202
|
+
"""
|
|
203
|
+
The STS role to assume when verifying requests made
|
|
204
|
+
by EC2 instances in the account specified by `account_id`.
|
|
205
|
+
"""
|
|
206
|
+
return pulumi.get(self, "sts_role")
|
|
207
|
+
|
|
208
|
+
@sts_role.setter
|
|
209
|
+
def sts_role(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
210
|
+
pulumi.set(self, "sts_role", value)
|
|
211
|
+
|
|
212
|
+
|
|
213
|
+
@pulumi.type_token("vault:aws/authBackendStsRole:AuthBackendStsRole")
|
|
214
|
+
class AuthBackendStsRole(pulumi.CustomResource):
|
|
215
|
+
@overload
|
|
216
|
+
def __init__(__self__,
|
|
217
|
+
resource_name: str,
|
|
218
|
+
opts: Optional[pulumi.ResourceOptions] = None,
|
|
219
|
+
account_id: Optional[pulumi.Input[_builtins.str]] = None,
|
|
220
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
221
|
+
external_id: Optional[pulumi.Input[_builtins.str]] = None,
|
|
222
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
223
|
+
sts_role: Optional[pulumi.Input[_builtins.str]] = None,
|
|
224
|
+
__props__=None):
|
|
225
|
+
"""
|
|
226
|
+
## Example Usage
|
|
227
|
+
|
|
228
|
+
```python
|
|
229
|
+
import pulumi
|
|
230
|
+
import pulumi_vault as vault
|
|
231
|
+
|
|
232
|
+
aws = vault.AuthBackend("aws", type="aws")
|
|
233
|
+
role = vault.aws.AuthBackendStsRole("role",
|
|
234
|
+
backend=aws.path,
|
|
235
|
+
account_id="1234567890",
|
|
236
|
+
sts_role="arn:aws:iam::1234567890:role/my-role")
|
|
237
|
+
```
|
|
238
|
+
|
|
239
|
+
## Import
|
|
240
|
+
|
|
241
|
+
AWS auth backend STS roles can be imported using `auth/`, the `backend` path, `/config/sts/`, and the `account_id` e.g.
|
|
242
|
+
|
|
243
|
+
```sh
|
|
244
|
+
$ pulumi import vault:aws/authBackendStsRole:AuthBackendStsRole example auth/aws/config/sts/1234567890
|
|
245
|
+
```
|
|
246
|
+
|
|
247
|
+
:param str resource_name: The name of the resource.
|
|
248
|
+
:param pulumi.ResourceOptions opts: Options for the resource.
|
|
249
|
+
:param pulumi.Input[_builtins.str] account_id: The AWS account ID to configure the STS role for.
|
|
250
|
+
:param pulumi.Input[_builtins.str] backend: The path the AWS auth backend being configured was
|
|
251
|
+
mounted at. Defaults to `aws`.
|
|
252
|
+
:param pulumi.Input[_builtins.str] external_id: External ID expected by the STS role. The associated STS role must be configured to require the external ID. Requires Vault 1.17+.
|
|
253
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
254
|
+
The value should not contain leading or trailing forward slashes.
|
|
255
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
256
|
+
*Available only for Vault Enterprise*.
|
|
257
|
+
:param pulumi.Input[_builtins.str] sts_role: The STS role to assume when verifying requests made
|
|
258
|
+
by EC2 instances in the account specified by `account_id`.
|
|
259
|
+
"""
|
|
260
|
+
...
|
|
261
|
+
@overload
|
|
262
|
+
def __init__(__self__,
|
|
263
|
+
resource_name: str,
|
|
264
|
+
args: AuthBackendStsRoleArgs,
|
|
265
|
+
opts: Optional[pulumi.ResourceOptions] = None):
|
|
266
|
+
"""
|
|
267
|
+
## Example Usage
|
|
268
|
+
|
|
269
|
+
```python
|
|
270
|
+
import pulumi
|
|
271
|
+
import pulumi_vault as vault
|
|
272
|
+
|
|
273
|
+
aws = vault.AuthBackend("aws", type="aws")
|
|
274
|
+
role = vault.aws.AuthBackendStsRole("role",
|
|
275
|
+
backend=aws.path,
|
|
276
|
+
account_id="1234567890",
|
|
277
|
+
sts_role="arn:aws:iam::1234567890:role/my-role")
|
|
278
|
+
```
|
|
279
|
+
|
|
280
|
+
## Import
|
|
281
|
+
|
|
282
|
+
AWS auth backend STS roles can be imported using `auth/`, the `backend` path, `/config/sts/`, and the `account_id` e.g.
|
|
283
|
+
|
|
284
|
+
```sh
|
|
285
|
+
$ pulumi import vault:aws/authBackendStsRole:AuthBackendStsRole example auth/aws/config/sts/1234567890
|
|
286
|
+
```
|
|
287
|
+
|
|
288
|
+
:param str resource_name: The name of the resource.
|
|
289
|
+
:param AuthBackendStsRoleArgs args: The arguments to use to populate this resource's properties.
|
|
290
|
+
:param pulumi.ResourceOptions opts: Options for the resource.
|
|
291
|
+
"""
|
|
292
|
+
...
|
|
293
|
+
def __init__(__self__, resource_name: str, *args, **kwargs):
|
|
294
|
+
resource_args, opts = _utilities.get_resource_args_opts(AuthBackendStsRoleArgs, pulumi.ResourceOptions, *args, **kwargs)
|
|
295
|
+
if resource_args is not None:
|
|
296
|
+
__self__._internal_init(resource_name, opts, **resource_args.__dict__)
|
|
297
|
+
else:
|
|
298
|
+
__self__._internal_init(resource_name, *args, **kwargs)
|
|
299
|
+
|
|
300
|
+
def _internal_init(__self__,
|
|
301
|
+
resource_name: str,
|
|
302
|
+
opts: Optional[pulumi.ResourceOptions] = None,
|
|
303
|
+
account_id: Optional[pulumi.Input[_builtins.str]] = None,
|
|
304
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
305
|
+
external_id: Optional[pulumi.Input[_builtins.str]] = None,
|
|
306
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
307
|
+
sts_role: Optional[pulumi.Input[_builtins.str]] = None,
|
|
308
|
+
__props__=None):
|
|
309
|
+
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
|
310
|
+
if not isinstance(opts, pulumi.ResourceOptions):
|
|
311
|
+
raise TypeError('Expected resource options to be a ResourceOptions instance')
|
|
312
|
+
if opts.id is None:
|
|
313
|
+
if __props__ is not None:
|
|
314
|
+
raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
|
|
315
|
+
__props__ = AuthBackendStsRoleArgs.__new__(AuthBackendStsRoleArgs)
|
|
316
|
+
|
|
317
|
+
if account_id is None and not opts.urn:
|
|
318
|
+
raise TypeError("Missing required property 'account_id'")
|
|
319
|
+
__props__.__dict__["account_id"] = account_id
|
|
320
|
+
__props__.__dict__["backend"] = backend
|
|
321
|
+
__props__.__dict__["external_id"] = external_id
|
|
322
|
+
__props__.__dict__["namespace"] = namespace
|
|
323
|
+
if sts_role is None and not opts.urn:
|
|
324
|
+
raise TypeError("Missing required property 'sts_role'")
|
|
325
|
+
__props__.__dict__["sts_role"] = sts_role
|
|
326
|
+
super(AuthBackendStsRole, __self__).__init__(
|
|
327
|
+
'vault:aws/authBackendStsRole:AuthBackendStsRole',
|
|
328
|
+
resource_name,
|
|
329
|
+
__props__,
|
|
330
|
+
opts)
|
|
331
|
+
|
|
332
|
+
@staticmethod
|
|
333
|
+
def get(resource_name: str,
|
|
334
|
+
id: pulumi.Input[str],
|
|
335
|
+
opts: Optional[pulumi.ResourceOptions] = None,
|
|
336
|
+
account_id: Optional[pulumi.Input[_builtins.str]] = None,
|
|
337
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
338
|
+
external_id: Optional[pulumi.Input[_builtins.str]] = None,
|
|
339
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
340
|
+
sts_role: Optional[pulumi.Input[_builtins.str]] = None) -> 'AuthBackendStsRole':
|
|
341
|
+
"""
|
|
342
|
+
Get an existing AuthBackendStsRole resource's state with the given name, id, and optional extra
|
|
343
|
+
properties used to qualify the lookup.
|
|
344
|
+
|
|
345
|
+
:param str resource_name: The unique name of the resulting resource.
|
|
346
|
+
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
|
347
|
+
:param pulumi.ResourceOptions opts: Options for the resource.
|
|
348
|
+
:param pulumi.Input[_builtins.str] account_id: The AWS account ID to configure the STS role for.
|
|
349
|
+
:param pulumi.Input[_builtins.str] backend: The path the AWS auth backend being configured was
|
|
350
|
+
mounted at. Defaults to `aws`.
|
|
351
|
+
:param pulumi.Input[_builtins.str] external_id: External ID expected by the STS role. The associated STS role must be configured to require the external ID. Requires Vault 1.17+.
|
|
352
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
353
|
+
The value should not contain leading or trailing forward slashes.
|
|
354
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
355
|
+
*Available only for Vault Enterprise*.
|
|
356
|
+
:param pulumi.Input[_builtins.str] sts_role: The STS role to assume when verifying requests made
|
|
357
|
+
by EC2 instances in the account specified by `account_id`.
|
|
358
|
+
"""
|
|
359
|
+
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
|
360
|
+
|
|
361
|
+
__props__ = _AuthBackendStsRoleState.__new__(_AuthBackendStsRoleState)
|
|
362
|
+
|
|
363
|
+
__props__.__dict__["account_id"] = account_id
|
|
364
|
+
__props__.__dict__["backend"] = backend
|
|
365
|
+
__props__.__dict__["external_id"] = external_id
|
|
366
|
+
__props__.__dict__["namespace"] = namespace
|
|
367
|
+
__props__.__dict__["sts_role"] = sts_role
|
|
368
|
+
return AuthBackendStsRole(resource_name, opts=opts, __props__=__props__)
|
|
369
|
+
|
|
370
|
+
@_builtins.property
|
|
371
|
+
@pulumi.getter(name="accountId")
|
|
372
|
+
def account_id(self) -> pulumi.Output[_builtins.str]:
|
|
373
|
+
"""
|
|
374
|
+
The AWS account ID to configure the STS role for.
|
|
375
|
+
"""
|
|
376
|
+
return pulumi.get(self, "account_id")
|
|
377
|
+
|
|
378
|
+
@_builtins.property
|
|
379
|
+
@pulumi.getter
|
|
380
|
+
def backend(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
381
|
+
"""
|
|
382
|
+
The path the AWS auth backend being configured was
|
|
383
|
+
mounted at. Defaults to `aws`.
|
|
384
|
+
"""
|
|
385
|
+
return pulumi.get(self, "backend")
|
|
386
|
+
|
|
387
|
+
@_builtins.property
|
|
388
|
+
@pulumi.getter(name="externalId")
|
|
389
|
+
def external_id(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
390
|
+
"""
|
|
391
|
+
External ID expected by the STS role. The associated STS role must be configured to require the external ID. Requires Vault 1.17+.
|
|
392
|
+
"""
|
|
393
|
+
return pulumi.get(self, "external_id")
|
|
394
|
+
|
|
395
|
+
@_builtins.property
|
|
396
|
+
@pulumi.getter
|
|
397
|
+
def namespace(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
398
|
+
"""
|
|
399
|
+
The namespace to provision the resource in.
|
|
400
|
+
The value should not contain leading or trailing forward slashes.
|
|
401
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
402
|
+
*Available only for Vault Enterprise*.
|
|
403
|
+
"""
|
|
404
|
+
return pulumi.get(self, "namespace")
|
|
405
|
+
|
|
406
|
+
@_builtins.property
|
|
407
|
+
@pulumi.getter(name="stsRole")
|
|
408
|
+
def sts_role(self) -> pulumi.Output[_builtins.str]:
|
|
409
|
+
"""
|
|
410
|
+
The STS role to assume when verifying requests made
|
|
411
|
+
by EC2 instances in the account specified by `account_id`.
|
|
412
|
+
"""
|
|
413
|
+
return pulumi.get(self, "sts_role")
|
|
414
|
+
|