pulumi-vault 7.6.0a1764657486__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (274) hide show
  1. pulumi_vault/__init__.py +1399 -0
  2. pulumi_vault/_inputs.py +2701 -0
  3. pulumi_vault/_utilities.py +331 -0
  4. pulumi_vault/ad/__init__.py +12 -0
  5. pulumi_vault/ad/get_access_credentials.py +177 -0
  6. pulumi_vault/ad/secret_backend.py +1916 -0
  7. pulumi_vault/ad/secret_library.py +546 -0
  8. pulumi_vault/ad/secret_role.py +499 -0
  9. pulumi_vault/alicloud/__init__.py +9 -0
  10. pulumi_vault/alicloud/auth_backend_role.py +866 -0
  11. pulumi_vault/approle/__init__.py +12 -0
  12. pulumi_vault/approle/auth_backend_login.py +571 -0
  13. pulumi_vault/approle/auth_backend_role.py +1082 -0
  14. pulumi_vault/approle/auth_backend_role_secret_id.py +796 -0
  15. pulumi_vault/approle/get_auth_backend_role_id.py +169 -0
  16. pulumi_vault/audit.py +499 -0
  17. pulumi_vault/audit_request_header.py +277 -0
  18. pulumi_vault/auth_backend.py +565 -0
  19. pulumi_vault/aws/__init__.py +22 -0
  20. pulumi_vault/aws/auth_backend_cert.py +420 -0
  21. pulumi_vault/aws/auth_backend_client.py +1259 -0
  22. pulumi_vault/aws/auth_backend_config_identity.py +494 -0
  23. pulumi_vault/aws/auth_backend_identity_whitelist.py +380 -0
  24. pulumi_vault/aws/auth_backend_login.py +1046 -0
  25. pulumi_vault/aws/auth_backend_role.py +1961 -0
  26. pulumi_vault/aws/auth_backend_role_tag.py +638 -0
  27. pulumi_vault/aws/auth_backend_roletag_blacklist.py +366 -0
  28. pulumi_vault/aws/auth_backend_sts_role.py +414 -0
  29. pulumi_vault/aws/get_access_credentials.py +369 -0
  30. pulumi_vault/aws/get_static_access_credentials.py +137 -0
  31. pulumi_vault/aws/secret_backend.py +2018 -0
  32. pulumi_vault/aws/secret_backend_role.py +1188 -0
  33. pulumi_vault/aws/secret_backend_static_role.py +639 -0
  34. pulumi_vault/azure/__init__.py +15 -0
  35. pulumi_vault/azure/_inputs.py +108 -0
  36. pulumi_vault/azure/auth_backend_config.py +1096 -0
  37. pulumi_vault/azure/auth_backend_role.py +1176 -0
  38. pulumi_vault/azure/backend.py +1793 -0
  39. pulumi_vault/azure/backend_role.py +883 -0
  40. pulumi_vault/azure/get_access_credentials.py +400 -0
  41. pulumi_vault/azure/outputs.py +107 -0
  42. pulumi_vault/cert_auth_backend_role.py +1539 -0
  43. pulumi_vault/config/__init__.py +9 -0
  44. pulumi_vault/config/__init__.pyi +164 -0
  45. pulumi_vault/config/_inputs.py +73 -0
  46. pulumi_vault/config/outputs.py +1225 -0
  47. pulumi_vault/config/ui_custom_message.py +530 -0
  48. pulumi_vault/config/vars.py +230 -0
  49. pulumi_vault/consul/__init__.py +10 -0
  50. pulumi_vault/consul/secret_backend.py +1517 -0
  51. pulumi_vault/consul/secret_backend_role.py +847 -0
  52. pulumi_vault/database/__init__.py +14 -0
  53. pulumi_vault/database/_inputs.py +11907 -0
  54. pulumi_vault/database/outputs.py +8496 -0
  55. pulumi_vault/database/secret_backend_connection.py +1676 -0
  56. pulumi_vault/database/secret_backend_role.py +840 -0
  57. pulumi_vault/database/secret_backend_static_role.py +881 -0
  58. pulumi_vault/database/secrets_mount.py +2160 -0
  59. pulumi_vault/egp_policy.py +399 -0
  60. pulumi_vault/gcp/__init__.py +17 -0
  61. pulumi_vault/gcp/_inputs.py +441 -0
  62. pulumi_vault/gcp/auth_backend.py +1486 -0
  63. pulumi_vault/gcp/auth_backend_role.py +1235 -0
  64. pulumi_vault/gcp/get_auth_backend_role.py +514 -0
  65. pulumi_vault/gcp/outputs.py +302 -0
  66. pulumi_vault/gcp/secret_backend.py +1807 -0
  67. pulumi_vault/gcp/secret_impersonated_account.py +484 -0
  68. pulumi_vault/gcp/secret_roleset.py +554 -0
  69. pulumi_vault/gcp/secret_static_account.py +557 -0
  70. pulumi_vault/generic/__init__.py +11 -0
  71. pulumi_vault/generic/endpoint.py +786 -0
  72. pulumi_vault/generic/get_secret.py +306 -0
  73. pulumi_vault/generic/secret.py +486 -0
  74. pulumi_vault/get_auth_backend.py +226 -0
  75. pulumi_vault/get_auth_backends.py +170 -0
  76. pulumi_vault/get_namespace.py +226 -0
  77. pulumi_vault/get_namespaces.py +202 -0
  78. pulumi_vault/get_nomad_access_token.py +210 -0
  79. pulumi_vault/get_policy_document.py +160 -0
  80. pulumi_vault/get_raft_autopilot_state.py +267 -0
  81. pulumi_vault/github/__init__.py +13 -0
  82. pulumi_vault/github/_inputs.py +225 -0
  83. pulumi_vault/github/auth_backend.py +1194 -0
  84. pulumi_vault/github/outputs.py +174 -0
  85. pulumi_vault/github/team.py +380 -0
  86. pulumi_vault/github/user.py +380 -0
  87. pulumi_vault/identity/__init__.py +35 -0
  88. pulumi_vault/identity/entity.py +447 -0
  89. pulumi_vault/identity/entity_alias.py +398 -0
  90. pulumi_vault/identity/entity_policies.py +455 -0
  91. pulumi_vault/identity/get_entity.py +384 -0
  92. pulumi_vault/identity/get_group.py +467 -0
  93. pulumi_vault/identity/get_oidc_client_creds.py +175 -0
  94. pulumi_vault/identity/get_oidc_openid_config.py +334 -0
  95. pulumi_vault/identity/get_oidc_public_keys.py +179 -0
  96. pulumi_vault/identity/group.py +805 -0
  97. pulumi_vault/identity/group_alias.py +386 -0
  98. pulumi_vault/identity/group_member_entity_ids.py +444 -0
  99. pulumi_vault/identity/group_member_group_ids.py +467 -0
  100. pulumi_vault/identity/group_policies.py +471 -0
  101. pulumi_vault/identity/mfa_duo.py +674 -0
  102. pulumi_vault/identity/mfa_login_enforcement.py +566 -0
  103. pulumi_vault/identity/mfa_okta.py +626 -0
  104. pulumi_vault/identity/mfa_pingid.py +616 -0
  105. pulumi_vault/identity/mfa_totp.py +758 -0
  106. pulumi_vault/identity/oidc.py +268 -0
  107. pulumi_vault/identity/oidc_assignment.py +375 -0
  108. pulumi_vault/identity/oidc_client.py +667 -0
  109. pulumi_vault/identity/oidc_key.py +474 -0
  110. pulumi_vault/identity/oidc_key_allowed_client_id.py +298 -0
  111. pulumi_vault/identity/oidc_provider.py +550 -0
  112. pulumi_vault/identity/oidc_role.py +543 -0
  113. pulumi_vault/identity/oidc_scope.py +355 -0
  114. pulumi_vault/identity/outputs.py +137 -0
  115. pulumi_vault/jwt/__init__.py +12 -0
  116. pulumi_vault/jwt/_inputs.py +225 -0
  117. pulumi_vault/jwt/auth_backend.py +1347 -0
  118. pulumi_vault/jwt/auth_backend_role.py +1847 -0
  119. pulumi_vault/jwt/outputs.py +174 -0
  120. pulumi_vault/kmip/__init__.py +11 -0
  121. pulumi_vault/kmip/secret_backend.py +1591 -0
  122. pulumi_vault/kmip/secret_role.py +1194 -0
  123. pulumi_vault/kmip/secret_scope.py +372 -0
  124. pulumi_vault/kubernetes/__init__.py +15 -0
  125. pulumi_vault/kubernetes/auth_backend_config.py +654 -0
  126. pulumi_vault/kubernetes/auth_backend_role.py +1031 -0
  127. pulumi_vault/kubernetes/get_auth_backend_config.py +280 -0
  128. pulumi_vault/kubernetes/get_auth_backend_role.py +470 -0
  129. pulumi_vault/kubernetes/get_service_account_token.py +344 -0
  130. pulumi_vault/kubernetes/secret_backend.py +1341 -0
  131. pulumi_vault/kubernetes/secret_backend_role.py +1140 -0
  132. pulumi_vault/kv/__init__.py +18 -0
  133. pulumi_vault/kv/_inputs.py +124 -0
  134. pulumi_vault/kv/get_secret.py +240 -0
  135. pulumi_vault/kv/get_secret_subkeys_v2.py +275 -0
  136. pulumi_vault/kv/get_secret_v2.py +315 -0
  137. pulumi_vault/kv/get_secrets_list.py +186 -0
  138. pulumi_vault/kv/get_secrets_list_v2.py +243 -0
  139. pulumi_vault/kv/outputs.py +102 -0
  140. pulumi_vault/kv/secret.py +397 -0
  141. pulumi_vault/kv/secret_backend_v2.py +455 -0
  142. pulumi_vault/kv/secret_v2.py +970 -0
  143. pulumi_vault/ldap/__init__.py +19 -0
  144. pulumi_vault/ldap/_inputs.py +225 -0
  145. pulumi_vault/ldap/auth_backend.py +2520 -0
  146. pulumi_vault/ldap/auth_backend_group.py +386 -0
  147. pulumi_vault/ldap/auth_backend_user.py +439 -0
  148. pulumi_vault/ldap/get_dynamic_credentials.py +181 -0
  149. pulumi_vault/ldap/get_static_credentials.py +192 -0
  150. pulumi_vault/ldap/outputs.py +174 -0
  151. pulumi_vault/ldap/secret_backend.py +2207 -0
  152. pulumi_vault/ldap/secret_backend_dynamic_role.py +767 -0
  153. pulumi_vault/ldap/secret_backend_library_set.py +552 -0
  154. pulumi_vault/ldap/secret_backend_static_role.py +541 -0
  155. pulumi_vault/managed/__init__.py +11 -0
  156. pulumi_vault/managed/_inputs.py +944 -0
  157. pulumi_vault/managed/keys.py +398 -0
  158. pulumi_vault/managed/outputs.py +667 -0
  159. pulumi_vault/mfa_duo.py +589 -0
  160. pulumi_vault/mfa_okta.py +623 -0
  161. pulumi_vault/mfa_pingid.py +670 -0
  162. pulumi_vault/mfa_totp.py +620 -0
  163. pulumi_vault/mongodbatlas/__init__.py +10 -0
  164. pulumi_vault/mongodbatlas/secret_backend.py +388 -0
  165. pulumi_vault/mongodbatlas/secret_role.py +726 -0
  166. pulumi_vault/mount.py +1262 -0
  167. pulumi_vault/namespace.py +452 -0
  168. pulumi_vault/nomad_secret_backend.py +1559 -0
  169. pulumi_vault/nomad_secret_role.py +489 -0
  170. pulumi_vault/oci_auth_backend.py +676 -0
  171. pulumi_vault/oci_auth_backend_role.py +852 -0
  172. pulumi_vault/okta/__init__.py +13 -0
  173. pulumi_vault/okta/_inputs.py +320 -0
  174. pulumi_vault/okta/auth_backend.py +1231 -0
  175. pulumi_vault/okta/auth_backend_group.py +369 -0
  176. pulumi_vault/okta/auth_backend_user.py +416 -0
  177. pulumi_vault/okta/outputs.py +244 -0
  178. pulumi_vault/outputs.py +502 -0
  179. pulumi_vault/pkisecret/__init__.py +38 -0
  180. pulumi_vault/pkisecret/_inputs.py +270 -0
  181. pulumi_vault/pkisecret/backend_acme_eab.py +550 -0
  182. pulumi_vault/pkisecret/backend_config_acme.py +690 -0
  183. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1370 -0
  184. pulumi_vault/pkisecret/backend_config_cluster.py +370 -0
  185. pulumi_vault/pkisecret/backend_config_cmpv2.py +693 -0
  186. pulumi_vault/pkisecret/backend_config_est.py +756 -0
  187. pulumi_vault/pkisecret/backend_config_scep.py +738 -0
  188. pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
  189. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +226 -0
  190. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  191. pulumi_vault/pkisecret/get_backend_config_scep.py +271 -0
  192. pulumi_vault/pkisecret/get_backend_issuer.py +395 -0
  193. pulumi_vault/pkisecret/get_backend_issuers.py +192 -0
  194. pulumi_vault/pkisecret/get_backend_key.py +211 -0
  195. pulumi_vault/pkisecret/get_backend_keys.py +192 -0
  196. pulumi_vault/pkisecret/outputs.py +270 -0
  197. pulumi_vault/pkisecret/secret_backend_cert.py +1315 -0
  198. pulumi_vault/pkisecret/secret_backend_config_ca.py +386 -0
  199. pulumi_vault/pkisecret/secret_backend_config_issuers.py +392 -0
  200. pulumi_vault/pkisecret/secret_backend_config_urls.py +462 -0
  201. pulumi_vault/pkisecret/secret_backend_crl_config.py +846 -0
  202. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +1629 -0
  203. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +444 -0
  204. pulumi_vault/pkisecret/secret_backend_issuer.py +1089 -0
  205. pulumi_vault/pkisecret/secret_backend_key.py +613 -0
  206. pulumi_vault/pkisecret/secret_backend_role.py +2694 -0
  207. pulumi_vault/pkisecret/secret_backend_root_cert.py +2134 -0
  208. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +2031 -0
  209. pulumi_vault/pkisecret/secret_backend_sign.py +1194 -0
  210. pulumi_vault/plugin.py +596 -0
  211. pulumi_vault/plugin_pinned_version.py +299 -0
  212. pulumi_vault/policy.py +279 -0
  213. pulumi_vault/provider.py +781 -0
  214. pulumi_vault/pulumi-plugin.json +5 -0
  215. pulumi_vault/py.typed +0 -0
  216. pulumi_vault/quota_lease_count.py +504 -0
  217. pulumi_vault/quota_rate_limit.py +751 -0
  218. pulumi_vault/rabbitmq/__init__.py +12 -0
  219. pulumi_vault/rabbitmq/_inputs.py +235 -0
  220. pulumi_vault/rabbitmq/outputs.py +144 -0
  221. pulumi_vault/rabbitmq/secret_backend.py +1437 -0
  222. pulumi_vault/rabbitmq/secret_backend_role.py +496 -0
  223. pulumi_vault/raft_autopilot.py +609 -0
  224. pulumi_vault/raft_snapshot_agent_config.py +1591 -0
  225. pulumi_vault/rgp_policy.py +349 -0
  226. pulumi_vault/saml/__init__.py +12 -0
  227. pulumi_vault/saml/_inputs.py +225 -0
  228. pulumi_vault/saml/auth_backend.py +811 -0
  229. pulumi_vault/saml/auth_backend_role.py +1068 -0
  230. pulumi_vault/saml/outputs.py +174 -0
  231. pulumi_vault/scep_auth_backend_role.py +908 -0
  232. pulumi_vault/secrets/__init__.py +18 -0
  233. pulumi_vault/secrets/_inputs.py +110 -0
  234. pulumi_vault/secrets/outputs.py +94 -0
  235. pulumi_vault/secrets/sync_association.py +450 -0
  236. pulumi_vault/secrets/sync_aws_destination.py +780 -0
  237. pulumi_vault/secrets/sync_azure_destination.py +736 -0
  238. pulumi_vault/secrets/sync_config.py +303 -0
  239. pulumi_vault/secrets/sync_gcp_destination.py +572 -0
  240. pulumi_vault/secrets/sync_gh_destination.py +688 -0
  241. pulumi_vault/secrets/sync_github_apps.py +376 -0
  242. pulumi_vault/secrets/sync_vercel_destination.py +603 -0
  243. pulumi_vault/ssh/__init__.py +13 -0
  244. pulumi_vault/ssh/_inputs.py +76 -0
  245. pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
  246. pulumi_vault/ssh/outputs.py +51 -0
  247. pulumi_vault/ssh/secret_backend_ca.py +588 -0
  248. pulumi_vault/ssh/secret_backend_role.py +1493 -0
  249. pulumi_vault/terraformcloud/__init__.py +11 -0
  250. pulumi_vault/terraformcloud/secret_backend.py +1321 -0
  251. pulumi_vault/terraformcloud/secret_creds.py +445 -0
  252. pulumi_vault/terraformcloud/secret_role.py +563 -0
  253. pulumi_vault/token.py +1026 -0
  254. pulumi_vault/tokenauth/__init__.py +9 -0
  255. pulumi_vault/tokenauth/auth_backend_role.py +1135 -0
  256. pulumi_vault/transform/__init__.py +14 -0
  257. pulumi_vault/transform/alphabet.py +348 -0
  258. pulumi_vault/transform/get_decode.py +287 -0
  259. pulumi_vault/transform/get_encode.py +291 -0
  260. pulumi_vault/transform/role.py +350 -0
  261. pulumi_vault/transform/template.py +592 -0
  262. pulumi_vault/transform/transformation.py +608 -0
  263. pulumi_vault/transit/__init__.py +15 -0
  264. pulumi_vault/transit/get_cmac.py +256 -0
  265. pulumi_vault/transit/get_decrypt.py +181 -0
  266. pulumi_vault/transit/get_encrypt.py +174 -0
  267. pulumi_vault/transit/get_sign.py +328 -0
  268. pulumi_vault/transit/get_verify.py +373 -0
  269. pulumi_vault/transit/secret_backend_key.py +1202 -0
  270. pulumi_vault/transit/secret_cache_config.py +302 -0
  271. pulumi_vault-7.6.0a1764657486.dist-info/METADATA +92 -0
  272. pulumi_vault-7.6.0a1764657486.dist-info/RECORD +274 -0
  273. pulumi_vault-7.6.0a1764657486.dist-info/WHEEL +5 -0
  274. pulumi_vault-7.6.0a1764657486.dist-info/top_level.txt +1 -0
pulumi_vault/kubernetes/get_auth_backend_config.py ADDED
@@ -0,0 +1,280 @@
1
+ # coding=utf-8
2
+ # *** WARNING: this file was generated by pulumi-language-python. ***
3
+ # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
+
5
+ import builtins as _builtins
6
+ import warnings
7
+ import sys
8
+ import pulumi
9
+ import pulumi.runtime
10
+ from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
15
+ from .. import _utilities
16
+
17
+ __all__ = [
18
+ 'GetAuthBackendConfigResult',
19
+ 'AwaitableGetAuthBackendConfigResult',
20
+ 'get_auth_backend_config',
21
+ 'get_auth_backend_config_output',
22
+ ]
23
+
24
+ @pulumi.output_type
25
+ class GetAuthBackendConfigResult:
26
+ """
27
+ A collection of values returned by getAuthBackendConfig.
28
+ """
29
+ def __init__(__self__, backend=None, disable_iss_validation=None, disable_local_ca_jwt=None, id=None, issuer=None, kubernetes_ca_cert=None, kubernetes_host=None, namespace=None, pem_keys=None, use_annotations_as_alias_metadata=None):
30
+ if backend and not isinstance(backend, str):
31
+ raise TypeError("Expected argument 'backend' to be a str")
32
+ pulumi.set(__self__, "backend", backend)
33
+ if disable_iss_validation and not isinstance(disable_iss_validation, bool):
34
+ raise TypeError("Expected argument 'disable_iss_validation' to be a bool")
35
+ pulumi.set(__self__, "disable_iss_validation", disable_iss_validation)
36
+ if disable_local_ca_jwt and not isinstance(disable_local_ca_jwt, bool):
37
+ raise TypeError("Expected argument 'disable_local_ca_jwt' to be a bool")
38
+ pulumi.set(__self__, "disable_local_ca_jwt", disable_local_ca_jwt)
39
+ if id and not isinstance(id, str):
40
+ raise TypeError("Expected argument 'id' to be a str")
41
+ pulumi.set(__self__, "id", id)
42
+ if issuer and not isinstance(issuer, str):
43
+ raise TypeError("Expected argument 'issuer' to be a str")
44
+ pulumi.set(__self__, "issuer", issuer)
45
+ if kubernetes_ca_cert and not isinstance(kubernetes_ca_cert, str):
46
+ raise TypeError("Expected argument 'kubernetes_ca_cert' to be a str")
47
+ pulumi.set(__self__, "kubernetes_ca_cert", kubernetes_ca_cert)
48
+ if kubernetes_host and not isinstance(kubernetes_host, str):
49
+ raise TypeError("Expected argument 'kubernetes_host' to be a str")
50
+ pulumi.set(__self__, "kubernetes_host", kubernetes_host)
51
+ if namespace and not isinstance(namespace, str):
52
+ raise TypeError("Expected argument 'namespace' to be a str")
53
+ pulumi.set(__self__, "namespace", namespace)
54
+ if pem_keys and not isinstance(pem_keys, list):
55
+ raise TypeError("Expected argument 'pem_keys' to be a list")
56
+ pulumi.set(__self__, "pem_keys", pem_keys)
57
+ if use_annotations_as_alias_metadata and not isinstance(use_annotations_as_alias_metadata, bool):
58
+ raise TypeError("Expected argument 'use_annotations_as_alias_metadata' to be a bool")
59
+ pulumi.set(__self__, "use_annotations_as_alias_metadata", use_annotations_as_alias_metadata)
60
+
61
+ @_builtins.property
62
+ @pulumi.getter
63
+ def backend(self) -> Optional[_builtins.str]:
64
+ return pulumi.get(self, "backend")
65
+
66
+ @_builtins.property
67
+ @pulumi.getter(name="disableIssValidation")
68
+ def disable_iss_validation(self) -> _builtins.bool:
69
+ """
70
+ (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
71
+ """
72
+ return pulumi.get(self, "disable_iss_validation")
73
+
74
+ @_builtins.property
75
+ @pulumi.getter(name="disableLocalCaJwt")
76
+ def disable_local_ca_jwt(self) -> _builtins.bool:
77
+ """
78
+ (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
79
+ """
80
+ return pulumi.get(self, "disable_local_ca_jwt")
81
+
82
+ @_builtins.property
83
+ @pulumi.getter
84
+ def id(self) -> _builtins.str:
85
+ """
86
+ The provider-assigned unique ID for this managed resource.
87
+ """
88
+ return pulumi.get(self, "id")
89
+
90
+ @_builtins.property
91
+ @pulumi.getter
92
+ def issuer(self) -> _builtins.str:
93
+ """
94
+ Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
95
+ """
96
+ return pulumi.get(self, "issuer")
97
+
98
+ @_builtins.property
99
+ @pulumi.getter(name="kubernetesCaCert")
100
+ def kubernetes_ca_cert(self) -> _builtins.str:
101
+ """
102
+ PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
103
+ """
104
+ return pulumi.get(self, "kubernetes_ca_cert")
105
+
106
+ @_builtins.property
107
+ @pulumi.getter(name="kubernetesHost")
108
+ def kubernetes_host(self) -> _builtins.str:
109
+ """
110
+ Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
111
+ """
112
+ return pulumi.get(self, "kubernetes_host")
113
+
114
+ @_builtins.property
115
+ @pulumi.getter
116
+ def namespace(self) -> Optional[_builtins.str]:
117
+ return pulumi.get(self, "namespace")
118
+
119
+ @_builtins.property
120
+ @pulumi.getter(name="pemKeys")
121
+ def pem_keys(self) -> Sequence[_builtins.str]:
122
+ """
123
+ Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
124
+ """
125
+ return pulumi.get(self, "pem_keys")
126
+
127
+ @_builtins.property
128
+ @pulumi.getter(name="useAnnotationsAsAliasMetadata")
129
+ def use_annotations_as_alias_metadata(self) -> _builtins.bool:
130
+ """
131
+ (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
132
+ """
133
+ return pulumi.get(self, "use_annotations_as_alias_metadata")
134
+
135
+
136
+ class AwaitableGetAuthBackendConfigResult(GetAuthBackendConfigResult):
137
+ # pylint: disable=using-constant-test
138
+ def __await__(self):
139
+ if False:
140
+ yield self
141
+ return GetAuthBackendConfigResult(
142
+ backend=self.backend,
143
+ disable_iss_validation=self.disable_iss_validation,
144
+ disable_local_ca_jwt=self.disable_local_ca_jwt,
145
+ id=self.id,
146
+ issuer=self.issuer,
147
+ kubernetes_ca_cert=self.kubernetes_ca_cert,
148
+ kubernetes_host=self.kubernetes_host,
149
+ namespace=self.namespace,
150
+ pem_keys=self.pem_keys,
151
+ use_annotations_as_alias_metadata=self.use_annotations_as_alias_metadata)
152
+
153
+
154
+ def get_auth_backend_config(backend: Optional[_builtins.str] = None,
155
+ disable_iss_validation: Optional[_builtins.bool] = None,
156
+ disable_local_ca_jwt: Optional[_builtins.bool] = None,
157
+ issuer: Optional[_builtins.str] = None,
158
+ kubernetes_ca_cert: Optional[_builtins.str] = None,
159
+ kubernetes_host: Optional[_builtins.str] = None,
160
+ namespace: Optional[_builtins.str] = None,
161
+ pem_keys: Optional[Sequence[_builtins.str]] = None,
162
+ use_annotations_as_alias_metadata: Optional[_builtins.bool] = None,
163
+ opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetAuthBackendConfigResult:
164
+ """
165
+ Reads the Role of an Kubernetes from a Vault server. See the [Vault
166
+ documentation](https://www.vaultproject.io/api-docs/auth/kubernetes#read-config) for more
167
+ information.
168
+
169
+ ## Example Usage
170
+
171
+ ```python
172
+ import pulumi
173
+ import pulumi_vault as vault
174
+
175
+ config = vault.kubernetes.get_auth_backend_config(backend="my-kubernetes-backend")
176
+ pulumi.export("tokenReviewerJwt", config.token_reviewer_jwt)
177
+ ```
178
+
179
+
180
+ :param _builtins.str backend: The unique name for the Kubernetes backend the config to
181
+ retrieve Role attributes for resides in. Defaults to "kubernetes".
182
+ :param _builtins.bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
183
+ :param _builtins.bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
184
+ :param _builtins.str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
185
+ :param _builtins.str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
186
+ :param _builtins.str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
187
+ :param _builtins.str namespace: The namespace of the target resource.
188
+ The value should not contain leading or trailing forward slashes.
189
+ The `namespace` is always relative to the provider's configured namespace.
190
+ *Available only for Vault Enterprise*.
191
+ :param Sequence[_builtins.str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
192
+ :param _builtins.bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
193
+ """
194
+ __args__ = dict()
195
+ __args__['backend'] = backend
196
+ __args__['disableIssValidation'] = disable_iss_validation
197
+ __args__['disableLocalCaJwt'] = disable_local_ca_jwt
198
+ __args__['issuer'] = issuer
199
+ __args__['kubernetesCaCert'] = kubernetes_ca_cert
200
+ __args__['kubernetesHost'] = kubernetes_host
201
+ __args__['namespace'] = namespace
202
+ __args__['pemKeys'] = pem_keys
203
+ __args__['useAnnotationsAsAliasMetadata'] = use_annotations_as_alias_metadata
204
+ opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
205
+ __ret__ = pulumi.runtime.invoke('vault:kubernetes/getAuthBackendConfig:getAuthBackendConfig', __args__, opts=opts, typ=GetAuthBackendConfigResult).value
206
+
207
+ return AwaitableGetAuthBackendConfigResult(
208
+ backend=pulumi.get(__ret__, 'backend'),
209
+ disable_iss_validation=pulumi.get(__ret__, 'disable_iss_validation'),
210
+ disable_local_ca_jwt=pulumi.get(__ret__, 'disable_local_ca_jwt'),
211
+ id=pulumi.get(__ret__, 'id'),
212
+ issuer=pulumi.get(__ret__, 'issuer'),
213
+ kubernetes_ca_cert=pulumi.get(__ret__, 'kubernetes_ca_cert'),
214
+ kubernetes_host=pulumi.get(__ret__, 'kubernetes_host'),
215
+ namespace=pulumi.get(__ret__, 'namespace'),
216
+ pem_keys=pulumi.get(__ret__, 'pem_keys'),
217
+ use_annotations_as_alias_metadata=pulumi.get(__ret__, 'use_annotations_as_alias_metadata'))
218
+ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[_builtins.str]]] = None,
219
+ disable_iss_validation: Optional[pulumi.Input[Optional[_builtins.bool]]] = None,
220
+ disable_local_ca_jwt: Optional[pulumi.Input[Optional[_builtins.bool]]] = None,
221
+ issuer: Optional[pulumi.Input[Optional[_builtins.str]]] = None,
222
+ kubernetes_ca_cert: Optional[pulumi.Input[Optional[_builtins.str]]] = None,
223
+ kubernetes_host: Optional[pulumi.Input[Optional[_builtins.str]]] = None,
224
+ namespace: Optional[pulumi.Input[Optional[_builtins.str]]] = None,
225
+ pem_keys: Optional[pulumi.Input[Optional[Sequence[_builtins.str]]]] = None,
226
+ use_annotations_as_alias_metadata: Optional[pulumi.Input[Optional[_builtins.bool]]] = None,
227
+ opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAuthBackendConfigResult]:
228
+ """
229
+ Reads the Role of an Kubernetes from a Vault server. See the [Vault
230
+ documentation](https://www.vaultproject.io/api-docs/auth/kubernetes#read-config) for more
231
+ information.
232
+
233
+ ## Example Usage
234
+
235
+ ```python
236
+ import pulumi
237
+ import pulumi_vault as vault
238
+
239
+ config = vault.kubernetes.get_auth_backend_config(backend="my-kubernetes-backend")
240
+ pulumi.export("tokenReviewerJwt", config.token_reviewer_jwt)
241
+ ```
242
+
243
+
244
+ :param _builtins.str backend: The unique name for the Kubernetes backend the config to
245
+ retrieve Role attributes for resides in. Defaults to "kubernetes".
246
+ :param _builtins.bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
247
+ :param _builtins.bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
248
+ :param _builtins.str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
249
+ :param _builtins.str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
250
+ :param _builtins.str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
251
+ :param _builtins.str namespace: The namespace of the target resource.
252
+ The value should not contain leading or trailing forward slashes.
253
+ The `namespace` is always relative to the provider's configured namespace.
254
+ *Available only for Vault Enterprise*.
255
+ :param Sequence[_builtins.str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
256
+ :param _builtins.bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
257
+ """
258
+ __args__ = dict()
259
+ __args__['backend'] = backend
260
+ __args__['disableIssValidation'] = disable_iss_validation
261
+ __args__['disableLocalCaJwt'] = disable_local_ca_jwt
262
+ __args__['issuer'] = issuer
263
+ __args__['kubernetesCaCert'] = kubernetes_ca_cert
264
+ __args__['kubernetesHost'] = kubernetes_host
265
+ __args__['namespace'] = namespace
266
+ __args__['pemKeys'] = pem_keys
267
+ __args__['useAnnotationsAsAliasMetadata'] = use_annotations_as_alias_metadata
268
+ opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
269
+ __ret__ = pulumi.runtime.invoke_output('vault:kubernetes/getAuthBackendConfig:getAuthBackendConfig', __args__, opts=opts, typ=GetAuthBackendConfigResult)
270
+ return __ret__.apply(lambda __response__: GetAuthBackendConfigResult(
271
+ backend=pulumi.get(__response__, 'backend'),
272
+ disable_iss_validation=pulumi.get(__response__, 'disable_iss_validation'),
273
+ disable_local_ca_jwt=pulumi.get(__response__, 'disable_local_ca_jwt'),
274
+ id=pulumi.get(__response__, 'id'),
275
+ issuer=pulumi.get(__response__, 'issuer'),
276
+ kubernetes_ca_cert=pulumi.get(__response__, 'kubernetes_ca_cert'),
277
+ kubernetes_host=pulumi.get(__response__, 'kubernetes_host'),
278
+ namespace=pulumi.get(__response__, 'namespace'),
279
+ pem_keys=pulumi.get(__response__, 'pem_keys'),
280
+ use_annotations_as_alias_metadata=pulumi.get(__response__, 'use_annotations_as_alias_metadata')))