pulumi-vault 7.6.0a1764657486__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1399 -0
- pulumi_vault/_inputs.py +2701 -0
- pulumi_vault/_utilities.py +331 -0
- pulumi_vault/ad/__init__.py +12 -0
- pulumi_vault/ad/get_access_credentials.py +177 -0
- pulumi_vault/ad/secret_backend.py +1916 -0
- pulumi_vault/ad/secret_library.py +546 -0
- pulumi_vault/ad/secret_role.py +499 -0
- pulumi_vault/alicloud/__init__.py +9 -0
- pulumi_vault/alicloud/auth_backend_role.py +866 -0
- pulumi_vault/approle/__init__.py +12 -0
- pulumi_vault/approle/auth_backend_login.py +571 -0
- pulumi_vault/approle/auth_backend_role.py +1082 -0
- pulumi_vault/approle/auth_backend_role_secret_id.py +796 -0
- pulumi_vault/approle/get_auth_backend_role_id.py +169 -0
- pulumi_vault/audit.py +499 -0
- pulumi_vault/audit_request_header.py +277 -0
- pulumi_vault/auth_backend.py +565 -0
- pulumi_vault/aws/__init__.py +22 -0
- pulumi_vault/aws/auth_backend_cert.py +420 -0
- pulumi_vault/aws/auth_backend_client.py +1259 -0
- pulumi_vault/aws/auth_backend_config_identity.py +494 -0
- pulumi_vault/aws/auth_backend_identity_whitelist.py +380 -0
- pulumi_vault/aws/auth_backend_login.py +1046 -0
- pulumi_vault/aws/auth_backend_role.py +1961 -0
- pulumi_vault/aws/auth_backend_role_tag.py +638 -0
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +366 -0
- pulumi_vault/aws/auth_backend_sts_role.py +414 -0
- pulumi_vault/aws/get_access_credentials.py +369 -0
- pulumi_vault/aws/get_static_access_credentials.py +137 -0
- pulumi_vault/aws/secret_backend.py +2018 -0
- pulumi_vault/aws/secret_backend_role.py +1188 -0
- pulumi_vault/aws/secret_backend_static_role.py +639 -0
- pulumi_vault/azure/__init__.py +15 -0
- pulumi_vault/azure/_inputs.py +108 -0
- pulumi_vault/azure/auth_backend_config.py +1096 -0
- pulumi_vault/azure/auth_backend_role.py +1176 -0
- pulumi_vault/azure/backend.py +1793 -0
- pulumi_vault/azure/backend_role.py +883 -0
- pulumi_vault/azure/get_access_credentials.py +400 -0
- pulumi_vault/azure/outputs.py +107 -0
- pulumi_vault/cert_auth_backend_role.py +1539 -0
- pulumi_vault/config/__init__.py +9 -0
- pulumi_vault/config/__init__.pyi +164 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +1225 -0
- pulumi_vault/config/ui_custom_message.py +530 -0
- pulumi_vault/config/vars.py +230 -0
- pulumi_vault/consul/__init__.py +10 -0
- pulumi_vault/consul/secret_backend.py +1517 -0
- pulumi_vault/consul/secret_backend_role.py +847 -0
- pulumi_vault/database/__init__.py +14 -0
- pulumi_vault/database/_inputs.py +11907 -0
- pulumi_vault/database/outputs.py +8496 -0
- pulumi_vault/database/secret_backend_connection.py +1676 -0
- pulumi_vault/database/secret_backend_role.py +840 -0
- pulumi_vault/database/secret_backend_static_role.py +881 -0
- pulumi_vault/database/secrets_mount.py +2160 -0
- pulumi_vault/egp_policy.py +399 -0
- pulumi_vault/gcp/__init__.py +17 -0
- pulumi_vault/gcp/_inputs.py +441 -0
- pulumi_vault/gcp/auth_backend.py +1486 -0
- pulumi_vault/gcp/auth_backend_role.py +1235 -0
- pulumi_vault/gcp/get_auth_backend_role.py +514 -0
- pulumi_vault/gcp/outputs.py +302 -0
- pulumi_vault/gcp/secret_backend.py +1807 -0
- pulumi_vault/gcp/secret_impersonated_account.py +484 -0
- pulumi_vault/gcp/secret_roleset.py +554 -0
- pulumi_vault/gcp/secret_static_account.py +557 -0
- pulumi_vault/generic/__init__.py +11 -0
- pulumi_vault/generic/endpoint.py +786 -0
- pulumi_vault/generic/get_secret.py +306 -0
- pulumi_vault/generic/secret.py +486 -0
- pulumi_vault/get_auth_backend.py +226 -0
- pulumi_vault/get_auth_backends.py +170 -0
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +202 -0
- pulumi_vault/get_nomad_access_token.py +210 -0
- pulumi_vault/get_policy_document.py +160 -0
- pulumi_vault/get_raft_autopilot_state.py +267 -0
- pulumi_vault/github/__init__.py +13 -0
- pulumi_vault/github/_inputs.py +225 -0
- pulumi_vault/github/auth_backend.py +1194 -0
- pulumi_vault/github/outputs.py +174 -0
- pulumi_vault/github/team.py +380 -0
- pulumi_vault/github/user.py +380 -0
- pulumi_vault/identity/__init__.py +35 -0
- pulumi_vault/identity/entity.py +447 -0
- pulumi_vault/identity/entity_alias.py +398 -0
- pulumi_vault/identity/entity_policies.py +455 -0
- pulumi_vault/identity/get_entity.py +384 -0
- pulumi_vault/identity/get_group.py +467 -0
- pulumi_vault/identity/get_oidc_client_creds.py +175 -0
- pulumi_vault/identity/get_oidc_openid_config.py +334 -0
- pulumi_vault/identity/get_oidc_public_keys.py +179 -0
- pulumi_vault/identity/group.py +805 -0
- pulumi_vault/identity/group_alias.py +386 -0
- pulumi_vault/identity/group_member_entity_ids.py +444 -0
- pulumi_vault/identity/group_member_group_ids.py +467 -0
- pulumi_vault/identity/group_policies.py +471 -0
- pulumi_vault/identity/mfa_duo.py +674 -0
- pulumi_vault/identity/mfa_login_enforcement.py +566 -0
- pulumi_vault/identity/mfa_okta.py +626 -0
- pulumi_vault/identity/mfa_pingid.py +616 -0
- pulumi_vault/identity/mfa_totp.py +758 -0
- pulumi_vault/identity/oidc.py +268 -0
- pulumi_vault/identity/oidc_assignment.py +375 -0
- pulumi_vault/identity/oidc_client.py +667 -0
- pulumi_vault/identity/oidc_key.py +474 -0
- pulumi_vault/identity/oidc_key_allowed_client_id.py +298 -0
- pulumi_vault/identity/oidc_provider.py +550 -0
- pulumi_vault/identity/oidc_role.py +543 -0
- pulumi_vault/identity/oidc_scope.py +355 -0
- pulumi_vault/identity/outputs.py +137 -0
- pulumi_vault/jwt/__init__.py +12 -0
- pulumi_vault/jwt/_inputs.py +225 -0
- pulumi_vault/jwt/auth_backend.py +1347 -0
- pulumi_vault/jwt/auth_backend_role.py +1847 -0
- pulumi_vault/jwt/outputs.py +174 -0
- pulumi_vault/kmip/__init__.py +11 -0
- pulumi_vault/kmip/secret_backend.py +1591 -0
- pulumi_vault/kmip/secret_role.py +1194 -0
- pulumi_vault/kmip/secret_scope.py +372 -0
- pulumi_vault/kubernetes/__init__.py +15 -0
- pulumi_vault/kubernetes/auth_backend_config.py +654 -0
- pulumi_vault/kubernetes/auth_backend_role.py +1031 -0
- pulumi_vault/kubernetes/get_auth_backend_config.py +280 -0
- pulumi_vault/kubernetes/get_auth_backend_role.py +470 -0
- pulumi_vault/kubernetes/get_service_account_token.py +344 -0
- pulumi_vault/kubernetes/secret_backend.py +1341 -0
- pulumi_vault/kubernetes/secret_backend_role.py +1140 -0
- pulumi_vault/kv/__init__.py +18 -0
- pulumi_vault/kv/_inputs.py +124 -0
- pulumi_vault/kv/get_secret.py +240 -0
- pulumi_vault/kv/get_secret_subkeys_v2.py +275 -0
- pulumi_vault/kv/get_secret_v2.py +315 -0
- pulumi_vault/kv/get_secrets_list.py +186 -0
- pulumi_vault/kv/get_secrets_list_v2.py +243 -0
- pulumi_vault/kv/outputs.py +102 -0
- pulumi_vault/kv/secret.py +397 -0
- pulumi_vault/kv/secret_backend_v2.py +455 -0
- pulumi_vault/kv/secret_v2.py +970 -0
- pulumi_vault/ldap/__init__.py +19 -0
- pulumi_vault/ldap/_inputs.py +225 -0
- pulumi_vault/ldap/auth_backend.py +2520 -0
- pulumi_vault/ldap/auth_backend_group.py +386 -0
- pulumi_vault/ldap/auth_backend_user.py +439 -0
- pulumi_vault/ldap/get_dynamic_credentials.py +181 -0
- pulumi_vault/ldap/get_static_credentials.py +192 -0
- pulumi_vault/ldap/outputs.py +174 -0
- pulumi_vault/ldap/secret_backend.py +2207 -0
- pulumi_vault/ldap/secret_backend_dynamic_role.py +767 -0
- pulumi_vault/ldap/secret_backend_library_set.py +552 -0
- pulumi_vault/ldap/secret_backend_static_role.py +541 -0
- pulumi_vault/managed/__init__.py +11 -0
- pulumi_vault/managed/_inputs.py +944 -0
- pulumi_vault/managed/keys.py +398 -0
- pulumi_vault/managed/outputs.py +667 -0
- pulumi_vault/mfa_duo.py +589 -0
- pulumi_vault/mfa_okta.py +623 -0
- pulumi_vault/mfa_pingid.py +670 -0
- pulumi_vault/mfa_totp.py +620 -0
- pulumi_vault/mongodbatlas/__init__.py +10 -0
- pulumi_vault/mongodbatlas/secret_backend.py +388 -0
- pulumi_vault/mongodbatlas/secret_role.py +726 -0
- pulumi_vault/mount.py +1262 -0
- pulumi_vault/namespace.py +452 -0
- pulumi_vault/nomad_secret_backend.py +1559 -0
- pulumi_vault/nomad_secret_role.py +489 -0
- pulumi_vault/oci_auth_backend.py +676 -0
- pulumi_vault/oci_auth_backend_role.py +852 -0
- pulumi_vault/okta/__init__.py +13 -0
- pulumi_vault/okta/_inputs.py +320 -0
- pulumi_vault/okta/auth_backend.py +1231 -0
- pulumi_vault/okta/auth_backend_group.py +369 -0
- pulumi_vault/okta/auth_backend_user.py +416 -0
- pulumi_vault/okta/outputs.py +244 -0
- pulumi_vault/outputs.py +502 -0
- pulumi_vault/pkisecret/__init__.py +38 -0
- pulumi_vault/pkisecret/_inputs.py +270 -0
- pulumi_vault/pkisecret/backend_acme_eab.py +550 -0
- pulumi_vault/pkisecret/backend_config_acme.py +690 -0
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1370 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +370 -0
- pulumi_vault/pkisecret/backend_config_cmpv2.py +693 -0
- pulumi_vault/pkisecret/backend_config_est.py +756 -0
- pulumi_vault/pkisecret/backend_config_scep.py +738 -0
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +226 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_config_scep.py +271 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +395 -0
- pulumi_vault/pkisecret/get_backend_issuers.py +192 -0
- pulumi_vault/pkisecret/get_backend_key.py +211 -0
- pulumi_vault/pkisecret/get_backend_keys.py +192 -0
- pulumi_vault/pkisecret/outputs.py +270 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +1315 -0
- pulumi_vault/pkisecret/secret_backend_config_ca.py +386 -0
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +392 -0
- pulumi_vault/pkisecret/secret_backend_config_urls.py +462 -0
- pulumi_vault/pkisecret/secret_backend_crl_config.py +846 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +1629 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +444 -0
- pulumi_vault/pkisecret/secret_backend_issuer.py +1089 -0
- pulumi_vault/pkisecret/secret_backend_key.py +613 -0
- pulumi_vault/pkisecret/secret_backend_role.py +2694 -0
- pulumi_vault/pkisecret/secret_backend_root_cert.py +2134 -0
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +2031 -0
- pulumi_vault/pkisecret/secret_backend_sign.py +1194 -0
- pulumi_vault/plugin.py +596 -0
- pulumi_vault/plugin_pinned_version.py +299 -0
- pulumi_vault/policy.py +279 -0
- pulumi_vault/provider.py +781 -0
- pulumi_vault/pulumi-plugin.json +5 -0
- pulumi_vault/py.typed +0 -0
- pulumi_vault/quota_lease_count.py +504 -0
- pulumi_vault/quota_rate_limit.py +751 -0
- pulumi_vault/rabbitmq/__init__.py +12 -0
- pulumi_vault/rabbitmq/_inputs.py +235 -0
- pulumi_vault/rabbitmq/outputs.py +144 -0
- pulumi_vault/rabbitmq/secret_backend.py +1437 -0
- pulumi_vault/rabbitmq/secret_backend_role.py +496 -0
- pulumi_vault/raft_autopilot.py +609 -0
- pulumi_vault/raft_snapshot_agent_config.py +1591 -0
- pulumi_vault/rgp_policy.py +349 -0
- pulumi_vault/saml/__init__.py +12 -0
- pulumi_vault/saml/_inputs.py +225 -0
- pulumi_vault/saml/auth_backend.py +811 -0
- pulumi_vault/saml/auth_backend_role.py +1068 -0
- pulumi_vault/saml/outputs.py +174 -0
- pulumi_vault/scep_auth_backend_role.py +908 -0
- pulumi_vault/secrets/__init__.py +18 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +450 -0
- pulumi_vault/secrets/sync_aws_destination.py +780 -0
- pulumi_vault/secrets/sync_azure_destination.py +736 -0
- pulumi_vault/secrets/sync_config.py +303 -0
- pulumi_vault/secrets/sync_gcp_destination.py +572 -0
- pulumi_vault/secrets/sync_gh_destination.py +688 -0
- pulumi_vault/secrets/sync_github_apps.py +376 -0
- pulumi_vault/secrets/sync_vercel_destination.py +603 -0
- pulumi_vault/ssh/__init__.py +13 -0
- pulumi_vault/ssh/_inputs.py +76 -0
- pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
- pulumi_vault/ssh/outputs.py +51 -0
- pulumi_vault/ssh/secret_backend_ca.py +588 -0
- pulumi_vault/ssh/secret_backend_role.py +1493 -0
- pulumi_vault/terraformcloud/__init__.py +11 -0
- pulumi_vault/terraformcloud/secret_backend.py +1321 -0
- pulumi_vault/terraformcloud/secret_creds.py +445 -0
- pulumi_vault/terraformcloud/secret_role.py +563 -0
- pulumi_vault/token.py +1026 -0
- pulumi_vault/tokenauth/__init__.py +9 -0
- pulumi_vault/tokenauth/auth_backend_role.py +1135 -0
- pulumi_vault/transform/__init__.py +14 -0
- pulumi_vault/transform/alphabet.py +348 -0
- pulumi_vault/transform/get_decode.py +287 -0
- pulumi_vault/transform/get_encode.py +291 -0
- pulumi_vault/transform/role.py +350 -0
- pulumi_vault/transform/template.py +592 -0
- pulumi_vault/transform/transformation.py +608 -0
- pulumi_vault/transit/__init__.py +15 -0
- pulumi_vault/transit/get_cmac.py +256 -0
- pulumi_vault/transit/get_decrypt.py +181 -0
- pulumi_vault/transit/get_encrypt.py +174 -0
- pulumi_vault/transit/get_sign.py +328 -0
- pulumi_vault/transit/get_verify.py +373 -0
- pulumi_vault/transit/secret_backend_key.py +1202 -0
- pulumi_vault/transit/secret_cache_config.py +302 -0
- pulumi_vault-7.6.0a1764657486.dist-info/METADATA +92 -0
- pulumi_vault-7.6.0a1764657486.dist-info/RECORD +274 -0
- pulumi_vault-7.6.0a1764657486.dist-info/WHEEL +5 -0
- pulumi_vault-7.6.0a1764657486.dist-info/top_level.txt +1 -0
|
@@ -0,0 +1,543 @@
|
|
|
1
|
+
# coding=utf-8
|
|
2
|
+
# *** WARNING: this file was generated by pulumi-language-python. ***
|
|
3
|
+
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
|
4
|
+
|
|
5
|
+
import builtins as _builtins
|
|
6
|
+
import warnings
|
|
7
|
+
import sys
|
|
8
|
+
import pulumi
|
|
9
|
+
import pulumi.runtime
|
|
10
|
+
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
|
11
|
+
if sys.version_info >= (3, 11):
|
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
|
13
|
+
else:
|
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
|
15
|
+
from .. import _utilities
|
|
16
|
+
|
|
17
|
+
__all__ = ['OidcRoleArgs', 'OidcRole']
|
|
18
|
+
|
|
19
|
+
@pulumi.input_type
|
|
20
|
+
class OidcRoleArgs:
|
|
21
|
+
def __init__(__self__, *,
|
|
22
|
+
key: pulumi.Input[_builtins.str],
|
|
23
|
+
client_id: Optional[pulumi.Input[_builtins.str]] = None,
|
|
24
|
+
name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
25
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
26
|
+
template: Optional[pulumi.Input[_builtins.str]] = None,
|
|
27
|
+
ttl: Optional[pulumi.Input[_builtins.int]] = None):
|
|
28
|
+
"""
|
|
29
|
+
The set of arguments for constructing a OidcRole resource.
|
|
30
|
+
:param pulumi.Input[_builtins.str] key: A configured named key, the key must already exist
|
|
31
|
+
before tokens can be issued.
|
|
32
|
+
:param pulumi.Input[_builtins.str] client_id: The value that will be included in the `aud` field of all the OIDC identity
|
|
33
|
+
tokens issued by this role
|
|
34
|
+
:param pulumi.Input[_builtins.str] name: Name of the OIDC Role to create.
|
|
35
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
36
|
+
The value should not contain leading or trailing forward slashes.
|
|
37
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
38
|
+
*Available only for Vault Enterprise*.
|
|
39
|
+
:param pulumi.Input[_builtins.str] template: The template string to use for generating tokens. This may be in
|
|
40
|
+
string-ified JSON or base64 format. See the
|
|
41
|
+
[documentation](https://www.vaultproject.io/docs/secrets/identity/index.html#token-contents-and-templates)
|
|
42
|
+
for the template format.
|
|
43
|
+
:param pulumi.Input[_builtins.int] ttl: TTL of the tokens generated against the role in number of seconds.
|
|
44
|
+
"""
|
|
45
|
+
pulumi.set(__self__, "key", key)
|
|
46
|
+
if client_id is not None:
|
|
47
|
+
pulumi.set(__self__, "client_id", client_id)
|
|
48
|
+
if name is not None:
|
|
49
|
+
pulumi.set(__self__, "name", name)
|
|
50
|
+
if namespace is not None:
|
|
51
|
+
pulumi.set(__self__, "namespace", namespace)
|
|
52
|
+
if template is not None:
|
|
53
|
+
pulumi.set(__self__, "template", template)
|
|
54
|
+
if ttl is not None:
|
|
55
|
+
pulumi.set(__self__, "ttl", ttl)
|
|
56
|
+
|
|
57
|
+
@_builtins.property
|
|
58
|
+
@pulumi.getter
|
|
59
|
+
def key(self) -> pulumi.Input[_builtins.str]:
|
|
60
|
+
"""
|
|
61
|
+
A configured named key, the key must already exist
|
|
62
|
+
before tokens can be issued.
|
|
63
|
+
"""
|
|
64
|
+
return pulumi.get(self, "key")
|
|
65
|
+
|
|
66
|
+
@key.setter
|
|
67
|
+
def key(self, value: pulumi.Input[_builtins.str]):
|
|
68
|
+
pulumi.set(self, "key", value)
|
|
69
|
+
|
|
70
|
+
@_builtins.property
|
|
71
|
+
@pulumi.getter(name="clientId")
|
|
72
|
+
def client_id(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
73
|
+
"""
|
|
74
|
+
The value that will be included in the `aud` field of all the OIDC identity
|
|
75
|
+
tokens issued by this role
|
|
76
|
+
"""
|
|
77
|
+
return pulumi.get(self, "client_id")
|
|
78
|
+
|
|
79
|
+
@client_id.setter
|
|
80
|
+
def client_id(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
81
|
+
pulumi.set(self, "client_id", value)
|
|
82
|
+
|
|
83
|
+
@_builtins.property
|
|
84
|
+
@pulumi.getter
|
|
85
|
+
def name(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
86
|
+
"""
|
|
87
|
+
Name of the OIDC Role to create.
|
|
88
|
+
"""
|
|
89
|
+
return pulumi.get(self, "name")
|
|
90
|
+
|
|
91
|
+
@name.setter
|
|
92
|
+
def name(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
93
|
+
pulumi.set(self, "name", value)
|
|
94
|
+
|
|
95
|
+
@_builtins.property
|
|
96
|
+
@pulumi.getter
|
|
97
|
+
def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
98
|
+
"""
|
|
99
|
+
The namespace to provision the resource in.
|
|
100
|
+
The value should not contain leading or trailing forward slashes.
|
|
101
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
102
|
+
*Available only for Vault Enterprise*.
|
|
103
|
+
"""
|
|
104
|
+
return pulumi.get(self, "namespace")
|
|
105
|
+
|
|
106
|
+
@namespace.setter
|
|
107
|
+
def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
108
|
+
pulumi.set(self, "namespace", value)
|
|
109
|
+
|
|
110
|
+
@_builtins.property
|
|
111
|
+
@pulumi.getter
|
|
112
|
+
def template(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
113
|
+
"""
|
|
114
|
+
The template string to use for generating tokens. This may be in
|
|
115
|
+
string-ified JSON or base64 format. See the
|
|
116
|
+
[documentation](https://www.vaultproject.io/docs/secrets/identity/index.html#token-contents-and-templates)
|
|
117
|
+
for the template format.
|
|
118
|
+
"""
|
|
119
|
+
return pulumi.get(self, "template")
|
|
120
|
+
|
|
121
|
+
@template.setter
|
|
122
|
+
def template(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
123
|
+
pulumi.set(self, "template", value)
|
|
124
|
+
|
|
125
|
+
@_builtins.property
|
|
126
|
+
@pulumi.getter
|
|
127
|
+
def ttl(self) -> Optional[pulumi.Input[_builtins.int]]:
|
|
128
|
+
"""
|
|
129
|
+
TTL of the tokens generated against the role in number of seconds.
|
|
130
|
+
"""
|
|
131
|
+
return pulumi.get(self, "ttl")
|
|
132
|
+
|
|
133
|
+
@ttl.setter
|
|
134
|
+
def ttl(self, value: Optional[pulumi.Input[_builtins.int]]):
|
|
135
|
+
pulumi.set(self, "ttl", value)
|
|
136
|
+
|
|
137
|
+
|
|
138
|
+
@pulumi.input_type
|
|
139
|
+
class _OidcRoleState:
|
|
140
|
+
def __init__(__self__, *,
|
|
141
|
+
client_id: Optional[pulumi.Input[_builtins.str]] = None,
|
|
142
|
+
key: Optional[pulumi.Input[_builtins.str]] = None,
|
|
143
|
+
name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
144
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
145
|
+
template: Optional[pulumi.Input[_builtins.str]] = None,
|
|
146
|
+
ttl: Optional[pulumi.Input[_builtins.int]] = None):
|
|
147
|
+
"""
|
|
148
|
+
Input properties used for looking up and filtering OidcRole resources.
|
|
149
|
+
:param pulumi.Input[_builtins.str] client_id: The value that will be included in the `aud` field of all the OIDC identity
|
|
150
|
+
tokens issued by this role
|
|
151
|
+
:param pulumi.Input[_builtins.str] key: A configured named key, the key must already exist
|
|
152
|
+
before tokens can be issued.
|
|
153
|
+
:param pulumi.Input[_builtins.str] name: Name of the OIDC Role to create.
|
|
154
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
155
|
+
The value should not contain leading or trailing forward slashes.
|
|
156
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
157
|
+
*Available only for Vault Enterprise*.
|
|
158
|
+
:param pulumi.Input[_builtins.str] template: The template string to use for generating tokens. This may be in
|
|
159
|
+
string-ified JSON or base64 format. See the
|
|
160
|
+
[documentation](https://www.vaultproject.io/docs/secrets/identity/index.html#token-contents-and-templates)
|
|
161
|
+
for the template format.
|
|
162
|
+
:param pulumi.Input[_builtins.int] ttl: TTL of the tokens generated against the role in number of seconds.
|
|
163
|
+
"""
|
|
164
|
+
if client_id is not None:
|
|
165
|
+
pulumi.set(__self__, "client_id", client_id)
|
|
166
|
+
if key is not None:
|
|
167
|
+
pulumi.set(__self__, "key", key)
|
|
168
|
+
if name is not None:
|
|
169
|
+
pulumi.set(__self__, "name", name)
|
|
170
|
+
if namespace is not None:
|
|
171
|
+
pulumi.set(__self__, "namespace", namespace)
|
|
172
|
+
if template is not None:
|
|
173
|
+
pulumi.set(__self__, "template", template)
|
|
174
|
+
if ttl is not None:
|
|
175
|
+
pulumi.set(__self__, "ttl", ttl)
|
|
176
|
+
|
|
177
|
+
@_builtins.property
|
|
178
|
+
@pulumi.getter(name="clientId")
|
|
179
|
+
def client_id(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
180
|
+
"""
|
|
181
|
+
The value that will be included in the `aud` field of all the OIDC identity
|
|
182
|
+
tokens issued by this role
|
|
183
|
+
"""
|
|
184
|
+
return pulumi.get(self, "client_id")
|
|
185
|
+
|
|
186
|
+
@client_id.setter
|
|
187
|
+
def client_id(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
188
|
+
pulumi.set(self, "client_id", value)
|
|
189
|
+
|
|
190
|
+
@_builtins.property
|
|
191
|
+
@pulumi.getter
|
|
192
|
+
def key(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
193
|
+
"""
|
|
194
|
+
A configured named key, the key must already exist
|
|
195
|
+
before tokens can be issued.
|
|
196
|
+
"""
|
|
197
|
+
return pulumi.get(self, "key")
|
|
198
|
+
|
|
199
|
+
@key.setter
|
|
200
|
+
def key(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
201
|
+
pulumi.set(self, "key", value)
|
|
202
|
+
|
|
203
|
+
@_builtins.property
|
|
204
|
+
@pulumi.getter
|
|
205
|
+
def name(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
206
|
+
"""
|
|
207
|
+
Name of the OIDC Role to create.
|
|
208
|
+
"""
|
|
209
|
+
return pulumi.get(self, "name")
|
|
210
|
+
|
|
211
|
+
@name.setter
|
|
212
|
+
def name(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
213
|
+
pulumi.set(self, "name", value)
|
|
214
|
+
|
|
215
|
+
@_builtins.property
|
|
216
|
+
@pulumi.getter
|
|
217
|
+
def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
218
|
+
"""
|
|
219
|
+
The namespace to provision the resource in.
|
|
220
|
+
The value should not contain leading or trailing forward slashes.
|
|
221
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
222
|
+
*Available only for Vault Enterprise*.
|
|
223
|
+
"""
|
|
224
|
+
return pulumi.get(self, "namespace")
|
|
225
|
+
|
|
226
|
+
@namespace.setter
|
|
227
|
+
def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
228
|
+
pulumi.set(self, "namespace", value)
|
|
229
|
+
|
|
230
|
+
@_builtins.property
|
|
231
|
+
@pulumi.getter
|
|
232
|
+
def template(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
233
|
+
"""
|
|
234
|
+
The template string to use for generating tokens. This may be in
|
|
235
|
+
string-ified JSON or base64 format. See the
|
|
236
|
+
[documentation](https://www.vaultproject.io/docs/secrets/identity/index.html#token-contents-and-templates)
|
|
237
|
+
for the template format.
|
|
238
|
+
"""
|
|
239
|
+
return pulumi.get(self, "template")
|
|
240
|
+
|
|
241
|
+
@template.setter
|
|
242
|
+
def template(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
243
|
+
pulumi.set(self, "template", value)
|
|
244
|
+
|
|
245
|
+
@_builtins.property
|
|
246
|
+
@pulumi.getter
|
|
247
|
+
def ttl(self) -> Optional[pulumi.Input[_builtins.int]]:
|
|
248
|
+
"""
|
|
249
|
+
TTL of the tokens generated against the role in number of seconds.
|
|
250
|
+
"""
|
|
251
|
+
return pulumi.get(self, "ttl")
|
|
252
|
+
|
|
253
|
+
@ttl.setter
|
|
254
|
+
def ttl(self, value: Optional[pulumi.Input[_builtins.int]]):
|
|
255
|
+
pulumi.set(self, "ttl", value)
|
|
256
|
+
|
|
257
|
+
|
|
258
|
+
@pulumi.type_token("vault:identity/oidcRole:OidcRole")
|
|
259
|
+
class OidcRole(pulumi.CustomResource):
|
|
260
|
+
@overload
|
|
261
|
+
def __init__(__self__,
|
|
262
|
+
resource_name: str,
|
|
263
|
+
opts: Optional[pulumi.ResourceOptions] = None,
|
|
264
|
+
client_id: Optional[pulumi.Input[_builtins.str]] = None,
|
|
265
|
+
key: Optional[pulumi.Input[_builtins.str]] = None,
|
|
266
|
+
name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
267
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
268
|
+
template: Optional[pulumi.Input[_builtins.str]] = None,
|
|
269
|
+
ttl: Optional[pulumi.Input[_builtins.int]] = None,
|
|
270
|
+
__props__=None):
|
|
271
|
+
"""
|
|
272
|
+
## Example Usage
|
|
273
|
+
|
|
274
|
+
You need to create a role with a named key.
|
|
275
|
+
At creation time, the key can be created independently of the role. However, the key must
|
|
276
|
+
exist before the role can be used to issue tokens. You must also configure the key with the
|
|
277
|
+
role's Client ID to allow the role to use the key.
|
|
278
|
+
|
|
279
|
+
```python
|
|
280
|
+
import pulumi
|
|
281
|
+
import pulumi_vault as vault
|
|
282
|
+
|
|
283
|
+
config = pulumi.Config()
|
|
284
|
+
# Name of the OIDC Key
|
|
285
|
+
key = config.get("key")
|
|
286
|
+
if key is None:
|
|
287
|
+
key = "key"
|
|
288
|
+
role = vault.identity.OidcRole("role",
|
|
289
|
+
name="role",
|
|
290
|
+
key=key)
|
|
291
|
+
key_oidc_key = vault.identity.OidcKey("key",
|
|
292
|
+
name=key,
|
|
293
|
+
algorithm="RS256",
|
|
294
|
+
allowed_client_ids=[role.client_id])
|
|
295
|
+
```
|
|
296
|
+
|
|
297
|
+
If you want to create the key first before creating the role, you can use a separate
|
|
298
|
+
resource to configure the allowed Client ID on
|
|
299
|
+
the key.
|
|
300
|
+
|
|
301
|
+
```python
|
|
302
|
+
import pulumi
|
|
303
|
+
import pulumi_vault as vault
|
|
304
|
+
|
|
305
|
+
key = vault.identity.OidcKey("key",
|
|
306
|
+
name="key",
|
|
307
|
+
algorithm="RS256")
|
|
308
|
+
role = vault.identity.OidcRole("role",
|
|
309
|
+
name="role",
|
|
310
|
+
key=key.name)
|
|
311
|
+
role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
|
|
312
|
+
key_name=key.name,
|
|
313
|
+
allowed_client_id=role.client_id)
|
|
314
|
+
```
|
|
315
|
+
|
|
316
|
+
## Import
|
|
317
|
+
|
|
318
|
+
The key can be imported with the role name, for example:
|
|
319
|
+
|
|
320
|
+
```sh
|
|
321
|
+
$ pulumi import vault:identity/oidcRole:OidcRole role role
|
|
322
|
+
```
|
|
323
|
+
|
|
324
|
+
:param str resource_name: The name of the resource.
|
|
325
|
+
:param pulumi.ResourceOptions opts: Options for the resource.
|
|
326
|
+
:param pulumi.Input[_builtins.str] client_id: The value that will be included in the `aud` field of all the OIDC identity
|
|
327
|
+
tokens issued by this role
|
|
328
|
+
:param pulumi.Input[_builtins.str] key: A configured named key, the key must already exist
|
|
329
|
+
before tokens can be issued.
|
|
330
|
+
:param pulumi.Input[_builtins.str] name: Name of the OIDC Role to create.
|
|
331
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
332
|
+
The value should not contain leading or trailing forward slashes.
|
|
333
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
334
|
+
*Available only for Vault Enterprise*.
|
|
335
|
+
:param pulumi.Input[_builtins.str] template: The template string to use for generating tokens. This may be in
|
|
336
|
+
string-ified JSON or base64 format. See the
|
|
337
|
+
[documentation](https://www.vaultproject.io/docs/secrets/identity/index.html#token-contents-and-templates)
|
|
338
|
+
for the template format.
|
|
339
|
+
:param pulumi.Input[_builtins.int] ttl: TTL of the tokens generated against the role in number of seconds.
|
|
340
|
+
"""
|
|
341
|
+
...
|
|
342
|
+
@overload
|
|
343
|
+
def __init__(__self__,
|
|
344
|
+
resource_name: str,
|
|
345
|
+
args: OidcRoleArgs,
|
|
346
|
+
opts: Optional[pulumi.ResourceOptions] = None):
|
|
347
|
+
"""
|
|
348
|
+
## Example Usage
|
|
349
|
+
|
|
350
|
+
You need to create a role with a named key.
|
|
351
|
+
At creation time, the key can be created independently of the role. However, the key must
|
|
352
|
+
exist before the role can be used to issue tokens. You must also configure the key with the
|
|
353
|
+
role's Client ID to allow the role to use the key.
|
|
354
|
+
|
|
355
|
+
```python
|
|
356
|
+
import pulumi
|
|
357
|
+
import pulumi_vault as vault
|
|
358
|
+
|
|
359
|
+
config = pulumi.Config()
|
|
360
|
+
# Name of the OIDC Key
|
|
361
|
+
key = config.get("key")
|
|
362
|
+
if key is None:
|
|
363
|
+
key = "key"
|
|
364
|
+
role = vault.identity.OidcRole("role",
|
|
365
|
+
name="role",
|
|
366
|
+
key=key)
|
|
367
|
+
key_oidc_key = vault.identity.OidcKey("key",
|
|
368
|
+
name=key,
|
|
369
|
+
algorithm="RS256",
|
|
370
|
+
allowed_client_ids=[role.client_id])
|
|
371
|
+
```
|
|
372
|
+
|
|
373
|
+
If you want to create the key first before creating the role, you can use a separate
|
|
374
|
+
resource to configure the allowed Client ID on
|
|
375
|
+
the key.
|
|
376
|
+
|
|
377
|
+
```python
|
|
378
|
+
import pulumi
|
|
379
|
+
import pulumi_vault as vault
|
|
380
|
+
|
|
381
|
+
key = vault.identity.OidcKey("key",
|
|
382
|
+
name="key",
|
|
383
|
+
algorithm="RS256")
|
|
384
|
+
role = vault.identity.OidcRole("role",
|
|
385
|
+
name="role",
|
|
386
|
+
key=key.name)
|
|
387
|
+
role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
|
|
388
|
+
key_name=key.name,
|
|
389
|
+
allowed_client_id=role.client_id)
|
|
390
|
+
```
|
|
391
|
+
|
|
392
|
+
## Import
|
|
393
|
+
|
|
394
|
+
The key can be imported with the role name, for example:
|
|
395
|
+
|
|
396
|
+
```sh
|
|
397
|
+
$ pulumi import vault:identity/oidcRole:OidcRole role role
|
|
398
|
+
```
|
|
399
|
+
|
|
400
|
+
:param str resource_name: The name of the resource.
|
|
401
|
+
:param OidcRoleArgs args: The arguments to use to populate this resource's properties.
|
|
402
|
+
:param pulumi.ResourceOptions opts: Options for the resource.
|
|
403
|
+
"""
|
|
404
|
+
...
|
|
405
|
+
def __init__(__self__, resource_name: str, *args, **kwargs):
|
|
406
|
+
resource_args, opts = _utilities.get_resource_args_opts(OidcRoleArgs, pulumi.ResourceOptions, *args, **kwargs)
|
|
407
|
+
if resource_args is not None:
|
|
408
|
+
__self__._internal_init(resource_name, opts, **resource_args.__dict__)
|
|
409
|
+
else:
|
|
410
|
+
__self__._internal_init(resource_name, *args, **kwargs)
|
|
411
|
+
|
|
412
|
+
def _internal_init(__self__,
|
|
413
|
+
resource_name: str,
|
|
414
|
+
opts: Optional[pulumi.ResourceOptions] = None,
|
|
415
|
+
client_id: Optional[pulumi.Input[_builtins.str]] = None,
|
|
416
|
+
key: Optional[pulumi.Input[_builtins.str]] = None,
|
|
417
|
+
name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
418
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
419
|
+
template: Optional[pulumi.Input[_builtins.str]] = None,
|
|
420
|
+
ttl: Optional[pulumi.Input[_builtins.int]] = None,
|
|
421
|
+
__props__=None):
|
|
422
|
+
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
|
423
|
+
if not isinstance(opts, pulumi.ResourceOptions):
|
|
424
|
+
raise TypeError('Expected resource options to be a ResourceOptions instance')
|
|
425
|
+
if opts.id is None:
|
|
426
|
+
if __props__ is not None:
|
|
427
|
+
raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
|
|
428
|
+
__props__ = OidcRoleArgs.__new__(OidcRoleArgs)
|
|
429
|
+
|
|
430
|
+
__props__.__dict__["client_id"] = client_id
|
|
431
|
+
if key is None and not opts.urn:
|
|
432
|
+
raise TypeError("Missing required property 'key'")
|
|
433
|
+
__props__.__dict__["key"] = key
|
|
434
|
+
__props__.__dict__["name"] = name
|
|
435
|
+
__props__.__dict__["namespace"] = namespace
|
|
436
|
+
__props__.__dict__["template"] = template
|
|
437
|
+
__props__.__dict__["ttl"] = ttl
|
|
438
|
+
super(OidcRole, __self__).__init__(
|
|
439
|
+
'vault:identity/oidcRole:OidcRole',
|
|
440
|
+
resource_name,
|
|
441
|
+
__props__,
|
|
442
|
+
opts)
|
|
443
|
+
|
|
444
|
+
@staticmethod
|
|
445
|
+
def get(resource_name: str,
|
|
446
|
+
id: pulumi.Input[str],
|
|
447
|
+
opts: Optional[pulumi.ResourceOptions] = None,
|
|
448
|
+
client_id: Optional[pulumi.Input[_builtins.str]] = None,
|
|
449
|
+
key: Optional[pulumi.Input[_builtins.str]] = None,
|
|
450
|
+
name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
451
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
452
|
+
template: Optional[pulumi.Input[_builtins.str]] = None,
|
|
453
|
+
ttl: Optional[pulumi.Input[_builtins.int]] = None) -> 'OidcRole':
|
|
454
|
+
"""
|
|
455
|
+
Get an existing OidcRole resource's state with the given name, id, and optional extra
|
|
456
|
+
properties used to qualify the lookup.
|
|
457
|
+
|
|
458
|
+
:param str resource_name: The unique name of the resulting resource.
|
|
459
|
+
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
|
460
|
+
:param pulumi.ResourceOptions opts: Options for the resource.
|
|
461
|
+
:param pulumi.Input[_builtins.str] client_id: The value that will be included in the `aud` field of all the OIDC identity
|
|
462
|
+
tokens issued by this role
|
|
463
|
+
:param pulumi.Input[_builtins.str] key: A configured named key, the key must already exist
|
|
464
|
+
before tokens can be issued.
|
|
465
|
+
:param pulumi.Input[_builtins.str] name: Name of the OIDC Role to create.
|
|
466
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
467
|
+
The value should not contain leading or trailing forward slashes.
|
|
468
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
469
|
+
*Available only for Vault Enterprise*.
|
|
470
|
+
:param pulumi.Input[_builtins.str] template: The template string to use for generating tokens. This may be in
|
|
471
|
+
string-ified JSON or base64 format. See the
|
|
472
|
+
[documentation](https://www.vaultproject.io/docs/secrets/identity/index.html#token-contents-and-templates)
|
|
473
|
+
for the template format.
|
|
474
|
+
:param pulumi.Input[_builtins.int] ttl: TTL of the tokens generated against the role in number of seconds.
|
|
475
|
+
"""
|
|
476
|
+
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
|
477
|
+
|
|
478
|
+
__props__ = _OidcRoleState.__new__(_OidcRoleState)
|
|
479
|
+
|
|
480
|
+
__props__.__dict__["client_id"] = client_id
|
|
481
|
+
__props__.__dict__["key"] = key
|
|
482
|
+
__props__.__dict__["name"] = name
|
|
483
|
+
__props__.__dict__["namespace"] = namespace
|
|
484
|
+
__props__.__dict__["template"] = template
|
|
485
|
+
__props__.__dict__["ttl"] = ttl
|
|
486
|
+
return OidcRole(resource_name, opts=opts, __props__=__props__)
|
|
487
|
+
|
|
488
|
+
@_builtins.property
|
|
489
|
+
@pulumi.getter(name="clientId")
|
|
490
|
+
def client_id(self) -> pulumi.Output[_builtins.str]:
|
|
491
|
+
"""
|
|
492
|
+
The value that will be included in the `aud` field of all the OIDC identity
|
|
493
|
+
tokens issued by this role
|
|
494
|
+
"""
|
|
495
|
+
return pulumi.get(self, "client_id")
|
|
496
|
+
|
|
497
|
+
@_builtins.property
|
|
498
|
+
@pulumi.getter
|
|
499
|
+
def key(self) -> pulumi.Output[_builtins.str]:
|
|
500
|
+
"""
|
|
501
|
+
A configured named key, the key must already exist
|
|
502
|
+
before tokens can be issued.
|
|
503
|
+
"""
|
|
504
|
+
return pulumi.get(self, "key")
|
|
505
|
+
|
|
506
|
+
@_builtins.property
|
|
507
|
+
@pulumi.getter
|
|
508
|
+
def name(self) -> pulumi.Output[_builtins.str]:
|
|
509
|
+
"""
|
|
510
|
+
Name of the OIDC Role to create.
|
|
511
|
+
"""
|
|
512
|
+
return pulumi.get(self, "name")
|
|
513
|
+
|
|
514
|
+
@_builtins.property
|
|
515
|
+
@pulumi.getter
|
|
516
|
+
def namespace(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
517
|
+
"""
|
|
518
|
+
The namespace to provision the resource in.
|
|
519
|
+
The value should not contain leading or trailing forward slashes.
|
|
520
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
521
|
+
*Available only for Vault Enterprise*.
|
|
522
|
+
"""
|
|
523
|
+
return pulumi.get(self, "namespace")
|
|
524
|
+
|
|
525
|
+
@_builtins.property
|
|
526
|
+
@pulumi.getter
|
|
527
|
+
def template(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
528
|
+
"""
|
|
529
|
+
The template string to use for generating tokens. This may be in
|
|
530
|
+
string-ified JSON or base64 format. See the
|
|
531
|
+
[documentation](https://www.vaultproject.io/docs/secrets/identity/index.html#token-contents-and-templates)
|
|
532
|
+
for the template format.
|
|
533
|
+
"""
|
|
534
|
+
return pulumi.get(self, "template")
|
|
535
|
+
|
|
536
|
+
@_builtins.property
|
|
537
|
+
@pulumi.getter
|
|
538
|
+
def ttl(self) -> pulumi.Output[Optional[_builtins.int]]:
|
|
539
|
+
"""
|
|
540
|
+
TTL of the tokens generated against the role in number of seconds.
|
|
541
|
+
"""
|
|
542
|
+
return pulumi.get(self, "ttl")
|
|
543
|
+
|