pulumi-venafi 1.8.0a1710160781__py3-none-any.whl → 1.11.0a1736835975__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of pulumi-venafi might be problematic. Click here for more details.
- pulumi_venafi/__init__.py +11 -0
- pulumi_venafi/_utilities.py +41 -5
- pulumi_venafi/certificate.py +459 -190
- pulumi_venafi/cloud_keystore_installation.py +409 -0
- pulumi_venafi/config/__init__.pyi +17 -2
- pulumi_venafi/config/vars.py +21 -2
- pulumi_venafi/get_cloud_keystore.py +166 -0
- pulumi_venafi/get_cloud_provider.py +167 -0
- pulumi_venafi/policy.py +58 -65
- pulumi_venafi/provider.py +73 -25
- pulumi_venafi/pulumi-plugin.json +2 -1
- pulumi_venafi/ssh_certificate.py +126 -75
- pulumi_venafi/ssh_config.py +5 -4
- {pulumi_venafi-1.8.0a1710160781.dist-info → pulumi_venafi-1.11.0a1736835975.dist-info}/METADATA +7 -6
- pulumi_venafi-1.11.0a1736835975.dist-info/RECORD +19 -0
- {pulumi_venafi-1.8.0a1710160781.dist-info → pulumi_venafi-1.11.0a1736835975.dist-info}/WHEEL +1 -1
- pulumi_venafi-1.8.0a1710160781.dist-info/RECORD +0 -16
- {pulumi_venafi-1.8.0a1710160781.dist-info → pulumi_venafi-1.11.0a1736835975.dist-info}/top_level.txt +0 -0
pulumi_venafi/provider.py
CHANGED
|
@@ -4,9 +4,14 @@
|
|
|
4
4
|
|
|
5
5
|
import copy
|
|
6
6
|
import warnings
|
|
7
|
+
import sys
|
|
7
8
|
import pulumi
|
|
8
9
|
import pulumi.runtime
|
|
9
10
|
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
|
11
|
+
if sys.version_info >= (3, 11):
|
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
|
13
|
+
else:
|
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
|
10
15
|
from . import _utilities
|
|
11
16
|
|
|
12
17
|
__all__ = ['ProviderArgs', 'Provider']
|
|
@@ -18,9 +23,11 @@ class ProviderArgs:
|
|
|
18
23
|
api_key: Optional[pulumi.Input[str]] = None,
|
|
19
24
|
client_id: Optional[pulumi.Input[str]] = None,
|
|
20
25
|
dev_mode: Optional[pulumi.Input[bool]] = None,
|
|
26
|
+
external_jwt: Optional[pulumi.Input[str]] = None,
|
|
21
27
|
p12_cert_filename: Optional[pulumi.Input[str]] = None,
|
|
22
28
|
p12_cert_password: Optional[pulumi.Input[str]] = None,
|
|
23
29
|
skip_retirement: Optional[pulumi.Input[bool]] = None,
|
|
30
|
+
token_url: Optional[pulumi.Input[str]] = None,
|
|
24
31
|
tpp_password: Optional[pulumi.Input[str]] = None,
|
|
25
32
|
tpp_username: Optional[pulumi.Input[str]] = None,
|
|
26
33
|
trust_bundle: Optional[pulumi.Input[str]] = None,
|
|
@@ -29,14 +36,15 @@ class ProviderArgs:
|
|
|
29
36
|
"""
|
|
30
37
|
The set of arguments for constructing a Provider resource.
|
|
31
38
|
:param pulumi.Input[str] access_token: Access token for Venafi TLSPDC, user should use this for authentication
|
|
32
|
-
:param pulumi.Input[str] api_key: API key for Venafi
|
|
39
|
+
:param pulumi.Input[str] api_key: API key for Venafi Control Plane. Example: 142231b7-cvb0-412e-886b-6aeght0bc93d
|
|
33
40
|
:param pulumi.Input[str] client_id: application that will be using the token
|
|
34
41
|
:param pulumi.Input[bool] dev_mode: When set to true, the resulting certificate will be issued by an ephemeral, no trust CA rather than enrolling using
|
|
35
|
-
Venafi as a Service or Trust Protection Platform. Useful for development and testing
|
|
42
|
+
Venafi as a Service or Trust Protection Platform. Useful for development and testing
|
|
43
|
+
:param pulumi.Input[str] external_jwt: JWT of the identity provider associated to the Venafi Control Plane service account that is granting the access token
|
|
36
44
|
:param pulumi.Input[str] p12_cert_filename: Filename of PKCS#12 keystore containing a client certificate, private key, and chain certificates to authenticate to
|
|
37
45
|
TLSPDC
|
|
38
46
|
:param pulumi.Input[str] p12_cert_password: Password for the PKCS#12 keystore declared in p12_cert
|
|
39
|
-
:param pulumi.Input[
|
|
47
|
+
:param pulumi.Input[str] token_url: Endpoint URL to request new Venafi Control Plane access tokens
|
|
40
48
|
:param pulumi.Input[str] tpp_password: Password for WebSDK user. Example: password
|
|
41
49
|
:param pulumi.Input[str] tpp_username: WebSDK user for Venafi TLSPDC. Example: admin
|
|
42
50
|
:param pulumi.Input[str] trust_bundle: Use to specify a PEM-formatted file that contains certificates to be trust anchors for all communications with the
|
|
@@ -53,12 +61,16 @@ class ProviderArgs:
|
|
|
53
61
|
pulumi.set(__self__, "client_id", client_id)
|
|
54
62
|
if dev_mode is not None:
|
|
55
63
|
pulumi.set(__self__, "dev_mode", dev_mode)
|
|
64
|
+
if external_jwt is not None:
|
|
65
|
+
pulumi.set(__self__, "external_jwt", external_jwt)
|
|
56
66
|
if p12_cert_filename is not None:
|
|
57
67
|
pulumi.set(__self__, "p12_cert_filename", p12_cert_filename)
|
|
58
68
|
if p12_cert_password is not None:
|
|
59
69
|
pulumi.set(__self__, "p12_cert_password", p12_cert_password)
|
|
60
70
|
if skip_retirement is not None:
|
|
61
71
|
pulumi.set(__self__, "skip_retirement", skip_retirement)
|
|
72
|
+
if token_url is not None:
|
|
73
|
+
pulumi.set(__self__, "token_url", token_url)
|
|
62
74
|
if tpp_password is not None:
|
|
63
75
|
warnings.warn(""", please use access_token instead""", DeprecationWarning)
|
|
64
76
|
pulumi.log.warn("""tpp_password is deprecated: , please use access_token instead""")
|
|
@@ -92,7 +104,7 @@ class ProviderArgs:
|
|
|
92
104
|
@pulumi.getter(name="apiKey")
|
|
93
105
|
def api_key(self) -> Optional[pulumi.Input[str]]:
|
|
94
106
|
"""
|
|
95
|
-
API key for Venafi
|
|
107
|
+
API key for Venafi Control Plane. Example: 142231b7-cvb0-412e-886b-6aeght0bc93d
|
|
96
108
|
"""
|
|
97
109
|
return pulumi.get(self, "api_key")
|
|
98
110
|
|
|
@@ -117,7 +129,7 @@ class ProviderArgs:
|
|
|
117
129
|
def dev_mode(self) -> Optional[pulumi.Input[bool]]:
|
|
118
130
|
"""
|
|
119
131
|
When set to true, the resulting certificate will be issued by an ephemeral, no trust CA rather than enrolling using
|
|
120
|
-
Venafi as a Service or Trust Protection Platform. Useful for development and testing
|
|
132
|
+
Venafi as a Service or Trust Protection Platform. Useful for development and testing
|
|
121
133
|
"""
|
|
122
134
|
return pulumi.get(self, "dev_mode")
|
|
123
135
|
|
|
@@ -125,6 +137,18 @@ class ProviderArgs:
|
|
|
125
137
|
def dev_mode(self, value: Optional[pulumi.Input[bool]]):
|
|
126
138
|
pulumi.set(self, "dev_mode", value)
|
|
127
139
|
|
|
140
|
+
@property
|
|
141
|
+
@pulumi.getter(name="externalJwt")
|
|
142
|
+
def external_jwt(self) -> Optional[pulumi.Input[str]]:
|
|
143
|
+
"""
|
|
144
|
+
JWT of the identity provider associated to the Venafi Control Plane service account that is granting the access token
|
|
145
|
+
"""
|
|
146
|
+
return pulumi.get(self, "external_jwt")
|
|
147
|
+
|
|
148
|
+
@external_jwt.setter
|
|
149
|
+
def external_jwt(self, value: Optional[pulumi.Input[str]]):
|
|
150
|
+
pulumi.set(self, "external_jwt", value)
|
|
151
|
+
|
|
128
152
|
@property
|
|
129
153
|
@pulumi.getter(name="p12CertFilename")
|
|
130
154
|
def p12_cert_filename(self) -> Optional[pulumi.Input[str]]:
|
|
@@ -153,24 +177,31 @@ class ProviderArgs:
|
|
|
153
177
|
@property
|
|
154
178
|
@pulumi.getter(name="skipRetirement")
|
|
155
179
|
def skip_retirement(self) -> Optional[pulumi.Input[bool]]:
|
|
156
|
-
"""
|
|
157
|
-
When true, certificates will not be retired on Venafi platforms when terraform destroy is run. Default is false.
|
|
158
|
-
"""
|
|
159
180
|
return pulumi.get(self, "skip_retirement")
|
|
160
181
|
|
|
161
182
|
@skip_retirement.setter
|
|
162
183
|
def skip_retirement(self, value: Optional[pulumi.Input[bool]]):
|
|
163
184
|
pulumi.set(self, "skip_retirement", value)
|
|
164
185
|
|
|
186
|
+
@property
|
|
187
|
+
@pulumi.getter(name="tokenUrl")
|
|
188
|
+
def token_url(self) -> Optional[pulumi.Input[str]]:
|
|
189
|
+
"""
|
|
190
|
+
Endpoint URL to request new Venafi Control Plane access tokens
|
|
191
|
+
"""
|
|
192
|
+
return pulumi.get(self, "token_url")
|
|
193
|
+
|
|
194
|
+
@token_url.setter
|
|
195
|
+
def token_url(self, value: Optional[pulumi.Input[str]]):
|
|
196
|
+
pulumi.set(self, "token_url", value)
|
|
197
|
+
|
|
165
198
|
@property
|
|
166
199
|
@pulumi.getter(name="tppPassword")
|
|
200
|
+
@_utilities.deprecated(""", please use access_token instead""")
|
|
167
201
|
def tpp_password(self) -> Optional[pulumi.Input[str]]:
|
|
168
202
|
"""
|
|
169
203
|
Password for WebSDK user. Example: password
|
|
170
204
|
"""
|
|
171
|
-
warnings.warn(""", please use access_token instead""", DeprecationWarning)
|
|
172
|
-
pulumi.log.warn("""tpp_password is deprecated: , please use access_token instead""")
|
|
173
|
-
|
|
174
205
|
return pulumi.get(self, "tpp_password")
|
|
175
206
|
|
|
176
207
|
@tpp_password.setter
|
|
@@ -179,13 +210,11 @@ class ProviderArgs:
|
|
|
179
210
|
|
|
180
211
|
@property
|
|
181
212
|
@pulumi.getter(name="tppUsername")
|
|
213
|
+
@_utilities.deprecated(""", please use access_token instead""")
|
|
182
214
|
def tpp_username(self) -> Optional[pulumi.Input[str]]:
|
|
183
215
|
"""
|
|
184
216
|
WebSDK user for Venafi TLSPDC. Example: admin
|
|
185
217
|
"""
|
|
186
|
-
warnings.warn(""", please use access_token instead""", DeprecationWarning)
|
|
187
|
-
pulumi.log.warn("""tpp_username is deprecated: , please use access_token instead""")
|
|
188
|
-
|
|
189
218
|
return pulumi.get(self, "tpp_username")
|
|
190
219
|
|
|
191
220
|
@tpp_username.setter
|
|
@@ -240,9 +269,11 @@ class Provider(pulumi.ProviderResource):
|
|
|
240
269
|
api_key: Optional[pulumi.Input[str]] = None,
|
|
241
270
|
client_id: Optional[pulumi.Input[str]] = None,
|
|
242
271
|
dev_mode: Optional[pulumi.Input[bool]] = None,
|
|
272
|
+
external_jwt: Optional[pulumi.Input[str]] = None,
|
|
243
273
|
p12_cert_filename: Optional[pulumi.Input[str]] = None,
|
|
244
274
|
p12_cert_password: Optional[pulumi.Input[str]] = None,
|
|
245
275
|
skip_retirement: Optional[pulumi.Input[bool]] = None,
|
|
276
|
+
token_url: Optional[pulumi.Input[str]] = None,
|
|
246
277
|
tpp_password: Optional[pulumi.Input[str]] = None,
|
|
247
278
|
tpp_username: Optional[pulumi.Input[str]] = None,
|
|
248
279
|
trust_bundle: Optional[pulumi.Input[str]] = None,
|
|
@@ -258,14 +289,15 @@ class Provider(pulumi.ProviderResource):
|
|
|
258
289
|
:param str resource_name: The name of the resource.
|
|
259
290
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
|
260
291
|
:param pulumi.Input[str] access_token: Access token for Venafi TLSPDC, user should use this for authentication
|
|
261
|
-
:param pulumi.Input[str] api_key: API key for Venafi
|
|
292
|
+
:param pulumi.Input[str] api_key: API key for Venafi Control Plane. Example: 142231b7-cvb0-412e-886b-6aeght0bc93d
|
|
262
293
|
:param pulumi.Input[str] client_id: application that will be using the token
|
|
263
294
|
:param pulumi.Input[bool] dev_mode: When set to true, the resulting certificate will be issued by an ephemeral, no trust CA rather than enrolling using
|
|
264
|
-
Venafi as a Service or Trust Protection Platform. Useful for development and testing
|
|
295
|
+
Venafi as a Service or Trust Protection Platform. Useful for development and testing
|
|
296
|
+
:param pulumi.Input[str] external_jwt: JWT of the identity provider associated to the Venafi Control Plane service account that is granting the access token
|
|
265
297
|
:param pulumi.Input[str] p12_cert_filename: Filename of PKCS#12 keystore containing a client certificate, private key, and chain certificates to authenticate to
|
|
266
298
|
TLSPDC
|
|
267
299
|
:param pulumi.Input[str] p12_cert_password: Password for the PKCS#12 keystore declared in p12_cert
|
|
268
|
-
:param pulumi.Input[
|
|
300
|
+
:param pulumi.Input[str] token_url: Endpoint URL to request new Venafi Control Plane access tokens
|
|
269
301
|
:param pulumi.Input[str] tpp_password: Password for WebSDK user. Example: password
|
|
270
302
|
:param pulumi.Input[str] tpp_username: WebSDK user for Venafi TLSPDC. Example: admin
|
|
271
303
|
:param pulumi.Input[str] trust_bundle: Use to specify a PEM-formatted file that contains certificates to be trust anchors for all communications with the
|
|
@@ -305,9 +337,11 @@ class Provider(pulumi.ProviderResource):
|
|
|
305
337
|
api_key: Optional[pulumi.Input[str]] = None,
|
|
306
338
|
client_id: Optional[pulumi.Input[str]] = None,
|
|
307
339
|
dev_mode: Optional[pulumi.Input[bool]] = None,
|
|
340
|
+
external_jwt: Optional[pulumi.Input[str]] = None,
|
|
308
341
|
p12_cert_filename: Optional[pulumi.Input[str]] = None,
|
|
309
342
|
p12_cert_password: Optional[pulumi.Input[str]] = None,
|
|
310
343
|
skip_retirement: Optional[pulumi.Input[bool]] = None,
|
|
344
|
+
token_url: Optional[pulumi.Input[str]] = None,
|
|
311
345
|
tpp_password: Optional[pulumi.Input[str]] = None,
|
|
312
346
|
tpp_username: Optional[pulumi.Input[str]] = None,
|
|
313
347
|
trust_bundle: Optional[pulumi.Input[str]] = None,
|
|
@@ -326,15 +360,17 @@ class Provider(pulumi.ProviderResource):
|
|
|
326
360
|
__props__.__dict__["api_key"] = None if api_key is None else pulumi.Output.secret(api_key)
|
|
327
361
|
__props__.__dict__["client_id"] = client_id
|
|
328
362
|
__props__.__dict__["dev_mode"] = pulumi.Output.from_input(dev_mode).apply(pulumi.runtime.to_json) if dev_mode is not None else None
|
|
363
|
+
__props__.__dict__["external_jwt"] = None if external_jwt is None else pulumi.Output.secret(external_jwt)
|
|
329
364
|
__props__.__dict__["p12_cert_filename"] = p12_cert_filename
|
|
330
365
|
__props__.__dict__["p12_cert_password"] = None if p12_cert_password is None else pulumi.Output.secret(p12_cert_password)
|
|
331
366
|
__props__.__dict__["skip_retirement"] = pulumi.Output.from_input(skip_retirement).apply(pulumi.runtime.to_json) if skip_retirement is not None else None
|
|
367
|
+
__props__.__dict__["token_url"] = None if token_url is None else pulumi.Output.secret(token_url)
|
|
332
368
|
__props__.__dict__["tpp_password"] = None if tpp_password is None else pulumi.Output.secret(tpp_password)
|
|
333
369
|
__props__.__dict__["tpp_username"] = tpp_username
|
|
334
370
|
__props__.__dict__["trust_bundle"] = trust_bundle
|
|
335
371
|
__props__.__dict__["url"] = url
|
|
336
372
|
__props__.__dict__["zone"] = zone
|
|
337
|
-
secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["accessToken", "apiKey", "p12CertPassword", "tppPassword"])
|
|
373
|
+
secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["accessToken", "apiKey", "externalJwt", "p12CertPassword", "tokenUrl", "tppPassword"])
|
|
338
374
|
opts = pulumi.ResourceOptions.merge(opts, secret_opts)
|
|
339
375
|
super(Provider, __self__).__init__(
|
|
340
376
|
'venafi',
|
|
@@ -354,7 +390,7 @@ class Provider(pulumi.ProviderResource):
|
|
|
354
390
|
@pulumi.getter(name="apiKey")
|
|
355
391
|
def api_key(self) -> pulumi.Output[Optional[str]]:
|
|
356
392
|
"""
|
|
357
|
-
API key for Venafi
|
|
393
|
+
API key for Venafi Control Plane. Example: 142231b7-cvb0-412e-886b-6aeght0bc93d
|
|
358
394
|
"""
|
|
359
395
|
return pulumi.get(self, "api_key")
|
|
360
396
|
|
|
@@ -366,6 +402,14 @@ class Provider(pulumi.ProviderResource):
|
|
|
366
402
|
"""
|
|
367
403
|
return pulumi.get(self, "client_id")
|
|
368
404
|
|
|
405
|
+
@property
|
|
406
|
+
@pulumi.getter(name="externalJwt")
|
|
407
|
+
def external_jwt(self) -> pulumi.Output[Optional[str]]:
|
|
408
|
+
"""
|
|
409
|
+
JWT of the identity provider associated to the Venafi Control Plane service account that is granting the access token
|
|
410
|
+
"""
|
|
411
|
+
return pulumi.get(self, "external_jwt")
|
|
412
|
+
|
|
369
413
|
@property
|
|
370
414
|
@pulumi.getter(name="p12CertFilename")
|
|
371
415
|
def p12_cert_filename(self) -> pulumi.Output[Optional[str]]:
|
|
@@ -383,26 +427,30 @@ class Provider(pulumi.ProviderResource):
|
|
|
383
427
|
"""
|
|
384
428
|
return pulumi.get(self, "p12_cert_password")
|
|
385
429
|
|
|
430
|
+
@property
|
|
431
|
+
@pulumi.getter(name="tokenUrl")
|
|
432
|
+
def token_url(self) -> pulumi.Output[Optional[str]]:
|
|
433
|
+
"""
|
|
434
|
+
Endpoint URL to request new Venafi Control Plane access tokens
|
|
435
|
+
"""
|
|
436
|
+
return pulumi.get(self, "token_url")
|
|
437
|
+
|
|
386
438
|
@property
|
|
387
439
|
@pulumi.getter(name="tppPassword")
|
|
440
|
+
@_utilities.deprecated(""", please use access_token instead""")
|
|
388
441
|
def tpp_password(self) -> pulumi.Output[Optional[str]]:
|
|
389
442
|
"""
|
|
390
443
|
Password for WebSDK user. Example: password
|
|
391
444
|
"""
|
|
392
|
-
warnings.warn(""", please use access_token instead""", DeprecationWarning)
|
|
393
|
-
pulumi.log.warn("""tpp_password is deprecated: , please use access_token instead""")
|
|
394
|
-
|
|
395
445
|
return pulumi.get(self, "tpp_password")
|
|
396
446
|
|
|
397
447
|
@property
|
|
398
448
|
@pulumi.getter(name="tppUsername")
|
|
449
|
+
@_utilities.deprecated(""", please use access_token instead""")
|
|
399
450
|
def tpp_username(self) -> pulumi.Output[Optional[str]]:
|
|
400
451
|
"""
|
|
401
452
|
WebSDK user for Venafi TLSPDC. Example: admin
|
|
402
453
|
"""
|
|
403
|
-
warnings.warn(""", please use access_token instead""", DeprecationWarning)
|
|
404
|
-
pulumi.log.warn("""tpp_username is deprecated: , please use access_token instead""")
|
|
405
|
-
|
|
406
454
|
return pulumi.get(self, "tpp_username")
|
|
407
455
|
|
|
408
456
|
@property
|
pulumi_venafi/pulumi-plugin.json
CHANGED