diff --git a/patches/0001-fork.patch b/patches/0001-fork.patch index 1ecd75ac5..741564643 100644 --- a/patches/0001-fork.patch +++ b/patches/0001-fork.patch @@ -1,38 +1,55 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Ian Wahbe Date: Fri, 15 Dec 2023 13:32:07 -0800 -Subject: [PATCH] fork +Subject: [PATCH 1/2] fork diff --git a/go.mod b/go.mod -index 7be6025f..43b44c01 100644 +index cf85e5fc..4170854b 100644 --- a/go.mod +++ b/go.mod -@@ -1,6 +1,6 @@ - module github.com/hashicorp/terraform-provider-vault - --go 1.21 -+go 1.21.3 +@@ -4,7 +4,7 @@ go 1.21 require ( cloud.google.com/go/compute/metadata v0.2.3 -@@ -24,8 +24,8 @@ require ( +- cloud.google.com/go/iam v1.1.5 ++ cloud.google.com/go/iam v1.1.6 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.0 + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 +@@ -24,8 +24,9 @@ require ( github.com/hashicorp/go-secure-stdlib/awsutil v0.2.3 github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 github.com/hashicorp/go-version v1.6.0 + github.com/hashicorp/hcl v1.0.1-vault-5 github.com/hashicorp/terraform-plugin-sdk/v2 v2.31.0 - github.com/hashicorp/vault v1.11.3 ++ github.com/hashicorp/vault v1.15.5 github.com/hashicorp/vault-plugin-auth-jwt v0.18.0 github.com/hashicorp/vault-plugin-auth-kerberos v0.10.1 github.com/hashicorp/vault-plugin-auth-oci v0.14.2 -@@ -44,45 +44,19 @@ require ( +@@ -34,92 +35,63 @@ require ( + github.com/jcmturner/gokrb5/v8 v8.4.4 + github.com/mitchellh/go-homedir v1.1.0 + github.com/mitchellh/mapstructure v1.5.0 +- golang.org/x/crypto v0.18.0 +- golang.org/x/net v0.20.0 ++ golang.org/x/crypto v0.19.0 ++ golang.org/x/net v0.21.0 + golang.org/x/oauth2 v0.16.0 +- google.golang.org/api v0.156.0 +- google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac ++ google.golang.org/api v0.160.0 ++ google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 + k8s.io/utils v0.0.0-20240102154912-e7106e64919e + ) require ( - cloud.google.com/go/compute v1.23.3 // indirect +- cloud.google.com/go/compute v1.23.3 // indirect - cloud.google.com/go/kms v1.15.5 // indirect - cloud.google.com/go/monitoring v1.17.0 // indirect - github.com/Azure/azure-sdk-for-go v61.4.0+incompatible // indirect ++ cloud.google.com/go/compute v1.23.4 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 // indirect - github.com/Azure/go-autorest v14.2.0+incompatible // indirect - github.com/Azure/go-autorest/autorest v0.11.29 // indirect @@ -64,23 +81,35 @@ index 7be6025f..43b44c01 100644 - github.com/cespare/xxhash/v2 v2.2.0 // indirect - github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible // indirect - github.com/circonus-labs/circonusllhist v0.1.3 // indirect - github.com/cloudflare/circl v1.3.3 // indirect +- github.com/cloudflare/circl v1.3.3 // indirect - github.com/containerd/containerd v1.7.0 // indirect ++ github.com/cloudflare/circl v1.3.7 // indirect github.com/coreos/go-oidc/v3 v3.5.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/dimchansky/utfbom v1.1.1 // indirect - github.com/docker/distribution v2.8.2+incompatible // indirect - github.com/docker/docker v24.0.7+incompatible // indirect +- github.com/docker/distribution v2.8.2+incompatible // indirect +- github.com/docker/docker v24.0.7+incompatible // indirect ++ github.com/distribution/reference v0.5.0 // indirect ++ github.com/docker/docker v25.0.1+incompatible // indirect github.com/docker/go-connections v0.4.0 // indirect -@@ -96,7 +70,6 @@ require ( - github.com/go-logr/logr v1.3.0 // indirect + github.com/docker/go-units v0.5.0 // indirect + github.com/evanphx/json-patch/v5 v5.6.0 // indirect +- github.com/fatih/color v1.14.1 // indirect ++ github.com/fatih/color v1.15.0 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect + github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect + github.com/go-jose/go-jose/v3 v3.0.1 // indirect + github.com/go-ldap/ldap/v3 v3.4.4 // indirect +- github.com/go-logr/logr v1.3.0 // indirect ++ github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/golang-jwt/jwt/v5 v5.2.0 // indirect - github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe // indirect +- github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe // indirect ++ github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 // indirect github.com/golang-sql/sqlexp v0.1.0 // indirect -@@ -104,16 +77,13 @@ require ( + github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/golang/snappy v0.0.4 // indirect github.com/google/go-cmp v0.6.0 // indirect @@ -89,15 +118,24 @@ index 7be6025f..43b44c01 100644 github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect github.com/googleapis/gax-go/v2 v2.12.0 // indirect github.com/gosimple/unidecode v1.0.1 // indirect ++ github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 // indirect github.com/hashicorp/cap v0.4.1 // indirect - github.com/hashicorp/consul/api v1.14.0 // indirect github.com/hashicorp/go-checkpoint v0.5.0 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect - github.com/hashicorp/go-kms-wrapping v0.7.0 // indirect github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.0 // indirect - github.com/hashicorp/go-kms-wrapping/v2 v2.0.8 // indirect +- github.com/hashicorp/go-kms-wrapping/v2 v2.0.8 // indirect ++ github.com/hashicorp/go-kms-wrapping/v2 v2.0.14 // indirect github.com/hashicorp/go-plugin v1.6.0 // indirect -@@ -127,10 +97,8 @@ require ( + github.com/hashicorp/go-rootcerts v1.0.2 // indirect + github.com/hashicorp/go-secure-stdlib/base62 v0.1.2 // indirect +- github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 // indirect ++ github.com/hashicorp/go-secure-stdlib/mlock v0.1.3 // indirect + github.com/hashicorp/go-secure-stdlib/plugincontainer v0.2.2 // indirect + github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect + github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.2 // indirect +@@ -127,10 +99,8 @@ require ( github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/hashicorp/golang-lru v0.5.4 // indirect github.com/hashicorp/hc-install v0.6.2 // indirect @@ -108,7 +146,7 @@ index 7be6025f..43b44c01 100644 github.com/hashicorp/terraform-exec v0.19.0 // indirect github.com/hashicorp/terraform-json v0.18.0 // indirect github.com/hashicorp/terraform-plugin-go v0.20.0 // indirect -@@ -138,52 +106,31 @@ require ( +@@ -138,75 +108,55 @@ require ( github.com/hashicorp/terraform-registry-address v0.2.3 // indirect github.com/hashicorp/terraform-svchost v0.1.1 // indirect github.com/hashicorp/yamux v0.1.1 // indirect @@ -124,9 +162,10 @@ index 7be6025f..43b44c01 100644 - github.com/klauspost/compress v1.16.5 // indirect github.com/kylelemons/godebug v1.1.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.17 // indirect +- github.com/mattn/go-isatty v0.0.17 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect - github.com/mitchellh/cli v1.1.5 // indirect ++ github.com/mattn/go-isatty v0.0.19 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-testing-interface v1.14.1 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect @@ -161,16 +200,44 @@ index 7be6025f..43b44c01 100644 github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect -@@ -206,7 +153,6 @@ require ( - google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 // indirect - google.golang.org/grpc v1.60.1 // indirect + github.com/zclconf/go-cty v1.14.1 // indirect + go.opencensus.io v0.24.0 // indirect +- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 // indirect +- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect +- go.opentelemetry.io/otel v1.21.0 // indirect +- go.opentelemetry.io/otel/metric v1.21.0 // indirect +- go.opentelemetry.io/otel/trace v1.21.0 // indirect +- go.uber.org/atomic v1.10.0 // indirect ++ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 // indirect ++ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect ++ go.opentelemetry.io/otel v1.23.1 // indirect ++ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.23.1 // indirect ++ go.opentelemetry.io/otel/metric v1.23.1 // indirect ++ go.opentelemetry.io/otel/sdk v1.23.1 // indirect ++ go.opentelemetry.io/otel/trace v1.23.1 // indirect ++ go.uber.org/atomic v1.11.0 // indirect + golang.org/x/mod v0.14.0 // indirect + golang.org/x/sync v0.6.0 // indirect +- golang.org/x/sys v0.16.0 // indirect ++ golang.org/x/sys v0.17.0 // indirect + golang.org/x/text v0.14.0 // indirect + golang.org/x/time v0.5.0 // indirect +- golang.org/x/tools v0.13.0 // indirect ++ golang.org/x/tools v0.14.0 // indirect + google.golang.org/appengine v1.6.8 // indirect +- google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 // indirect +- google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 // indirect +- google.golang.org/grpc v1.60.1 // indirect ++ google.golang.org/genproto/googleapis/api v0.0.0-20240213162025-012b6fc9bca9 // indirect ++ google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 // indirect ++ google.golang.org/grpc v1.61.1 // indirect google.golang.org/protobuf v1.32.0 // indirect - gopkg.in/ini.v1 v1.62.0 // indirect gopkg.in/jcmturner/goidentity.v3 v3.0.0 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum -index df23c410..c407488e 100644 +index e1e88de2..ea39ae6e 100644 --- a/go.sum +++ b/go.sum @@ -3,7 +3,6 @@ bazil.org/fuse v0.0.0-20200407214033-5883e5a4b512/go.mod h1:FbcW6z/2VytnFDhZfumh @@ -190,6 +257,28 @@ index df23c410..c407488e 100644 cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4= cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw= cloud.google.com/go/accessapproval v1.6.0/go.mod h1:R0EiYnwV5fsRFiKZkPHr6mwyk2wxUJ30nL4j2pcFY2E= +@@ -177,8 +174,8 @@ cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63 + cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= + cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU= + cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE= +-cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk= +-cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI= ++cloud.google.com/go/compute v1.23.4 h1:EBT9Nw4q3zyE7G45Wvv3MzolIrCJEuHys5muLY0wvAw= ++cloud.google.com/go/compute v1.23.4/go.mod h1:/EJMj55asU6kAFnuZET8zqgwgJ9FvXWXOkkfQZa4ioI= + cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU= + cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= + cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= +@@ -318,8 +315,8 @@ cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGE + cloud.google.com/go/iam v0.11.0/go.mod h1:9PiLDanza5D+oWFZiH1uG+RnRCfEGKoyl6yo4cgWZGY= + cloud.google.com/go/iam v0.12.0/go.mod h1:knyHGviacl11zrtZUoDuYpDgLjvr28sLQaG0YB2GYAY= + cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0= +-cloud.google.com/go/iam v1.1.5 h1:1jTsCu4bcsNsE4iiqNT5SHwrDRCfRmIaaaVFhRveTJI= +-cloud.google.com/go/iam v1.1.5/go.mod h1:rB6P/Ic3mykPbFio+vo7403drjlgvoWfYpJhMXEbzv8= ++cloud.google.com/go/iam v1.1.6 h1:bEa06k05IO4f4uJonbB5iAgKTPpABy1ayxaIZV/GHVc= ++cloud.google.com/go/iam v1.1.6/go.mod h1:O0zxdPeGBoFdWW3HWmBxJsk0pfvNM/p/qa82rWOGTwI= + cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= + cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= + cloud.google.com/go/iap v1.6.0/go.mod h1:NSuvI9C/j7UdjGjIde7t7HBz+QTwBcapPE07+sSRcLk= @@ -339,8 +336,6 @@ cloud.google.com/go/kms v1.8.0/go.mod h1:4xFEhYFqvW+4VMELtZyxomGSYtSQKzM178ylFW4 cloud.google.com/go/kms v1.9.0/go.mod h1:qb1tPTgfF9RQP8e1wq4cLFErVuTJv7UsSC915J8dh3w= cloud.google.com/go/kms v1.10.0/go.mod h1:ng3KTUtQQU9bPX3+QGLsflZIHlkbn8amFAMY63m8d24= @@ -217,16 +306,21 @@ index df23c410..c407488e 100644 github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20221215162035-5330a85ea652/go.mod h1:OahwfttHWG6eJ0clwcfBAHoDI6X/LV/15hx/wlMZSrU= github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v36.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -+github.com/Azure/azure-sdk-for-go v56.3.0+incompatible h1:DmhwMrUIvpeoTDiWRDtNHqelNUd3Og8JCkrLHQK795c= github.com/Azure/azure-sdk-for-go v56.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v61.4.0+incompatible h1:BF2Pm3aQWIa6q9KmxyF1JYKYXtVw67vtvu2Wd54NGuY= -github.com/Azure/azure-sdk-for-go v61.4.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= ++github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= github.com/Azure/azure-sdk-for-go/sdk/azcore v0.19.0/go.mod h1:h6H6c8enJmmocHUbLiiGY6sx7f9i+X3m1CHdd5c6Rdw= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 h1:lGlwhPtrX6EVml1hO0ivjkUxsSyl4dsiw9qcA1k/3IQ= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA= -@@ -642,55 +632,20 @@ github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX - github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= +@@ -639,58 +629,24 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1. + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE= + github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= + github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= +-github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= ++github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= ++github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= @@ -280,7 +374,7 @@ index df23c410..c407488e 100644 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= -@@ -701,15 +656,8 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83 +@@ -701,15 +657,8 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= @@ -296,7 +390,7 @@ index df23c410..c407488e 100644 github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= -@@ -737,7 +685,6 @@ github.com/Microsoft/hcsshim v0.9.2/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfy +@@ -737,7 +686,6 @@ github.com/Microsoft/hcsshim v0.9.2/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfy github.com/Microsoft/hcsshim v0.9.3/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= github.com/Microsoft/hcsshim v0.9.4/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= github.com/Microsoft/hcsshim v0.9.6/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= @@ -304,7 +398,7 @@ index df23c410..c407488e 100644 github.com/Microsoft/hcsshim v0.10.0-rc.7/go.mod h1:ILuwjA+kNW+MrN/w5un7n3mTqkwsFu4Bp05/okFUZlE= github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY= -@@ -769,9 +716,6 @@ github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk5 +@@ -769,9 +717,6 @@ github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk5 github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY9UnI16Z+UJqRyk= github.com/alexflint/go-filemutex v1.2.0/go.mod h1:mYyQSWvw9Tx2/H2n9qXPb52tTYfE0pZAWcBq5mK025c= @@ -314,7 +408,7 @@ index df23c410..c407488e 100644 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -@@ -786,35 +730,26 @@ github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmms +@@ -786,35 +731,26 @@ github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmms github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= @@ -350,7 +444,7 @@ index df23c410..c407488e 100644 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA= github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA= -@@ -836,7 +771,6 @@ github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0Bsq +@@ -836,7 +772,6 @@ github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0Bsq github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bytecodealliance/wasmtime-go v0.36.0/go.mod h1:q320gUxqyI8yB+ZqRuaJOEnGkAnHh6WtJjMaT2CW4wI= @@ -358,7 +452,7 @@ index df23c410..c407488e 100644 github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M= github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= -@@ -854,7 +788,6 @@ github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6 +@@ -854,7 +789,6 @@ github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -366,7 +460,7 @@ index df23c410..c407488e 100644 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw= github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M= -@@ -869,9 +802,7 @@ github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJ +@@ -869,13 +803,12 @@ github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJ github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= github.com/cilium/ebpf v0.9.1/go.mod h1:+OhNOIXx/Fnu1IE8bJz2dzOA+VSfyTfdNUVdlQnxUFY= @@ -375,8 +469,25 @@ index df23c410..c407488e 100644 -github.com/circonus-labs/circonusllhist v0.1.3 h1:TJH+oke8D16535+jHExHj4nQvzlZrj7ug5D7I/orNUA= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= - github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= -@@ -924,7 +855,6 @@ github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go. +-github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= + github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= ++github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= ++github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= + github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= + github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= + github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +@@ -888,8 +821,9 @@ github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWH + github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= + github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= + github.com/cncf/xds/go v0.0.0-20230105202645-06c439db220b/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +-github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k= + github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= ++github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101 h1:7To3pQ+pZo0i3dsWEbinPNFs5gPSBOsJtx3wTT94VBY= ++github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= + github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= + github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= + github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= +@@ -924,7 +858,6 @@ github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go. github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.3.1-0.20191213020239-082f7e3aed57/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= @@ -384,7 +495,7 @@ index df23c410..c407488e 100644 github.com/containerd/containerd v1.4.0-beta.2.0.20200729163537-40b22ef07410/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -@@ -940,12 +870,10 @@ github.com/containerd/containerd v1.6.1/go.mod h1:1nJz5xCZPusx6jJU8Frfct988y0Npu +@@ -940,19 +873,18 @@ github.com/containerd/containerd v1.6.1/go.mod h1:1nJz5xCZPusx6jJU8Frfct988y0Npu github.com/containerd/containerd v1.6.6/go.mod h1:ZoP1geJldzCVY3Tonoz7b1IXk8rIX0Nltt5QE4OMNk0= github.com/containerd/containerd v1.6.8/go.mod h1:By6p5KqPK0/7/CgO/A6t/Gz+CUYUu2zf1hUaaymVXB0= github.com/containerd/containerd v1.6.9/go.mod h1:XVicUvkxOrftE2Q1YWUXgZwkkAxwQYNOFzYWvfVfEfQ= @@ -397,7 +508,25 @@ index df23c410..c407488e 100644 github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo= github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y= github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ= -@@ -1077,9 +1005,6 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZm + github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM= + github.com/containerd/continuity v0.2.2/go.mod h1:pWygW9u7LtS1o4N/Tn0FoCFDIXZ7rxcMX7HX1Dmibvk= +-github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg= + github.com/containerd/continuity v0.3.0/go.mod h1:wJEAIwKOm/pBZuBd0JmeTvnLquTB1Ag8espWhkykbPM= ++github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= ++github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= + github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= + github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= + github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0= +@@ -978,6 +910,8 @@ github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJ + github.com/containerd/imgcrypt v1.1.3/go.mod h1:/TPA1GIDXMzbj01yd8pIbQiLdQxed5ue1wb8bP7PQu4= + github.com/containerd/imgcrypt v1.1.4/go.mod h1:LorQnPtzL/T0IyCeftcsMEO7AqxUDbdO8j/tSUpgxvo= + github.com/containerd/imgcrypt v1.1.7/go.mod h1:FD8gqIcX5aTotCtOmjeCsi3A1dHmTZpnMISGKSczt4k= ++github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= ++github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= + github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c= + github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= + github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= +@@ -1077,32 +1011,30 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZm github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= @@ -405,25 +534,62 @@ index df23c410..c407488e 100644 -github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= -github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269/go.mod h1:28YO/VJk9/64+sTGNuYaBjWxrXTPrj0C0XmgTIOjxX4= ++github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= ++github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= -@@ -1095,7 +1020,6 @@ github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4Kfc - github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= + github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= + github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= + github.com/docker/cli v20.10.17+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +-github.com/docker/cli v20.10.20+incompatible h1:lWQbHSHUFs7KraSN2jOJK7zbMS2jNCHI4mt4xUFUVQ4= + github.com/docker/cli v20.10.20+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= ++github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbTO1lpcGSkU= ++github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= + github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= + github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= + github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= + github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +-github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v1.4.2-0.20200319182547-c7ad2b866182/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.17+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.20+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -@@ -1152,7 +1076,6 @@ github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2Vvl + github.com/docker/docker v23.0.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= + github.com/docker/docker v24.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +-github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM= +-github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= ++github.com/docker/docker v25.0.1+incompatible h1:k5TYd5rIVQRSqcTwCID+cyVA0yRg86+Pcrz1ls0/frA= ++github.com/docker/docker v25.0.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= + github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= + github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c= + github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= +@@ -1152,10 +1084,10 @@ github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2Vvl github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= - github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w= +-github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w= github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg= -@@ -1215,7 +1138,6 @@ github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vb ++github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= ++github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= + github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo= + github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= + github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +@@ -1199,8 +1131,8 @@ github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66D + github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= + github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= + github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= +-github.com/go-git/go-git/v5 v5.10.1 h1:tu8/D8i+TWxgKpzQ3Vc43e+kkhXqtsZCKI/egajKnxk= +-github.com/go-git/go-git/v5 v5.10.1/go.mod h1:uEuHjxkHap8kAl//V5F/nNWwqIYtP/402ddd05mp0wg= ++github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4= ++github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY= + github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= + github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= + github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +@@ -1215,7 +1147,6 @@ github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vb github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U= github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk= @@ -431,7 +597,18 @@ index df23c410..c407488e 100644 github.com/go-ldap/ldap/v3 v3.1.10/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q= github.com/go-ldap/ldap/v3 v3.4.1/go.mod h1:iYS1MdmrmceOJ1QOTnRXrIs7i3kloqtmGQjRvjKpyMg= github.com/go-ldap/ldap/v3 v3.4.4 h1:qPjipEpt+qDa6SI/h1fzuGWoRUY+qqQ9sOZq67/PYUs= -@@ -1260,7 +1182,6 @@ github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrt +@@ -1231,8 +1162,8 @@ github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV + github.com/go-logr/logr v1.2.1/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= + github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= + github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +-github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= +-github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= ++github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= ++github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= + github.com/go-logr/stdr v1.2.0/go.mod h1:YkVgnZu1ZjjL7xTxrfm/LLZBfkhTqSR1ydtm6jTKKwI= + github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= + github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= +@@ -1260,7 +1191,6 @@ github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrt github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= @@ -439,7 +616,7 @@ index df23c410..c407488e 100644 github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= -@@ -1284,11 +1205,8 @@ github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP +@@ -1284,15 +1214,13 @@ github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= @@ -450,8 +627,14 @@ index df23c410..c407488e 100644 -github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw= github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= - github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY= -@@ -1335,14 +1253,12 @@ github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx +-github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY= + github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= ++github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 h1:au07oEsX2xN0ktxqI+Sida1w446QrXBRJ0nee3SNZlA= ++github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= + github.com/golang-sql/sqlexp v0.1.0 h1:ZCD6MBpcuOVfGVqsEmY5/4FtYiKz6tSyUv9LPEDei6A= + github.com/golang-sql/sqlexp v0.1.0/go.mod h1:J4ad9Vo8ZCWQ2GMrC4UCQy1JpCbwU9m3EOqtpKwwwHI= + github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= +@@ -1335,14 +1263,12 @@ github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= @@ -466,7 +649,7 @@ index df23c410..c407488e 100644 github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= github.com/google/cel-go v0.12.6/go.mod h1:Jk7ljRzLBhkmiAwBoUxB1sZSCVBAzkqPF25olK/iRDw= github.com/google/flatbuffers v1.12.1/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= -@@ -1367,8 +1283,6 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +@@ -1367,8 +1293,6 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0= github.com/google/go-containerregistry v0.13.0/go.mod h1:J9FQ+eSS4a1aC2GNZxvNpbWhgp0487v+cgiilB4FqDo= @@ -475,7 +658,7 @@ index df23c410..c407488e 100644 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -@@ -1431,13 +1345,11 @@ github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2c +@@ -1431,13 +1355,11 @@ github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2c github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= @@ -489,7 +672,12 @@ index df23c410..c407488e 100644 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ= github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= -@@ -1463,11 +1375,7 @@ github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU +@@ -1460,14 +1382,12 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t + github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= + github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= + github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w= ++github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 h1:/c3QmbOGMGTOumP2iT/rCwB7b0QDGLKzqOmktBjT+Is= ++github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1/go.mod h1:5SN9VR2LTsRFsrEC6FHgRbTWrTHu6tqPeKxEQv15giM= github.com/hashicorp/cap v0.4.1 h1:LVYrTLbPV8W6DPwIm/zC/fbc4UTpCQ7nJhCAPshLuG4= github.com/hashicorp/cap v0.4.1/go.mod h1:oOoohCNd2JAgfvLz2NpFJTZiZ6CqH9dW8dZ2js52lGA= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= @@ -501,7 +689,7 @@ index df23c410..c407488e 100644 github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= -@@ -1480,54 +1388,39 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n +@@ -1480,62 +1400,49 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-cty v1.4.1-0.20200723130312-85980079f637 h1:Ud/6/AdmJ1R7ibdS0Wo5MWPj0T1R0fkpaD087bBaW8I= github.com/hashicorp/go-cty v1.4.1-0.20200723130312-85980079f637/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs= @@ -525,8 +713,10 @@ index df23c410..c407488e 100644 github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g= github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.0 h1:pSjQfW3vPtrOTcasTUKgCTQT7OGPPTTMVRrOfU6FJD8= github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.0/go.mod h1:xvb32K2keAc+R8DSFG2IwDcydK9DBQE+fGA5fsw6hSk= - github.com/hashicorp/go-kms-wrapping/v2 v2.0.8 h1:9Q2lu1YbbmiAgvYZ7Pr31RdlVonUpX+mmDL7Z7qTA2U= +-github.com/hashicorp/go-kms-wrapping/v2 v2.0.8 h1:9Q2lu1YbbmiAgvYZ7Pr31RdlVonUpX+mmDL7Z7qTA2U= github.com/hashicorp/go-kms-wrapping/v2 v2.0.8/go.mod h1:qTCjxGig/kjuj3hk1z8pOUrzbse/GxB1tGfbrq8tGJg= ++github.com/hashicorp/go-kms-wrapping/v2 v2.0.14 h1:1ZuhfnZgRnLK8S0KovJkoTCRIQId5pv3sDR7pG5VQBw= ++github.com/hashicorp/go-kms-wrapping/v2 v2.0.14/go.mod h1:0dWtzl2ilqKpavgM3id/kFK9L3tjo6fS4OhbVPSYpnQ= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-msgpack v1.1.5 h1:9byZdVjKTe5mce63pRVNP1L7UAmdHOTEMGehn6KvJWs= @@ -556,7 +746,17 @@ index df23c410..c407488e 100644 github.com/hashicorp/go-secure-stdlib/awsutil v0.2.3 h1:AAQ6Vmo/ncfrZYtbpjhO+g0Qt+iNpYtl3UWT1NLmbYY= github.com/hashicorp/go-secure-stdlib/awsutil v0.2.3/go.mod h1:oKHSQs4ivIfZ3fbXGQOop1XuDfdSb8RIsWTGaAanSfg= github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw= -@@ -1561,14 +1454,12 @@ github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b + github.com/hashicorp/go-secure-stdlib/base62 v0.1.2 h1:ET4pqyjiGmY09R5y+rSd70J2w45CtbWDNvGqWp/R3Ng= + github.com/hashicorp/go-secure-stdlib/base62 v0.1.2/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw= + github.com/hashicorp/go-secure-stdlib/mlock v0.1.1/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I= +-github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 h1:p4AKXPPS24tO8Wc8i1gLvSKdmkiSY5xuju57czJ/IJQ= + github.com/hashicorp/go-secure-stdlib/mlock v0.1.2/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I= ++github.com/hashicorp/go-secure-stdlib/mlock v0.1.3 h1:kH3Rhiht36xhAfhuHyWJDgdXXEx9IIZhDGRk24CDhzg= ++github.com/hashicorp/go-secure-stdlib/mlock v0.1.3/go.mod h1:ov1Q0oEDjC3+A4BwsG2YdKltrmEw8sf9Pau4V9JQ4Vo= + github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= + github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= + github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= +@@ -1561,14 +1468,12 @@ github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= @@ -571,7 +771,7 @@ index df23c410..c407488e 100644 github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hc-install v0.6.2 h1:V1k+Vraqz4olgZ9UzKiAcbman9i9scg9GgSt/U3mw/M= -@@ -1581,14 +1472,8 @@ github.com/hashicorp/hcl/v2 v2.19.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+J +@@ -1581,14 +1486,8 @@ github.com/hashicorp/hcl/v2 v2.19.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+J github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= @@ -586,12 +786,14 @@ index df23c410..c407488e 100644 github.com/hashicorp/terraform-exec v0.19.0 h1:FpqZ6n50Tk95mItTSS9BjeOVUb4eg81SpgVtZNNtFSM= github.com/hashicorp/terraform-exec v0.19.0/go.mod h1:tbxUpe3JKruE9Cuf65mycSIT8KiNPZ0FkuTE3H4urQg= github.com/hashicorp/terraform-json v0.18.0 h1:pCjgJEqqDESv4y0Tzdqfxr/edOIGkjs8keY42xfNBwU= -@@ -1603,23 +1488,17 @@ github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTV +@@ -1603,24 +1502,20 @@ github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTV github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM= github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= github.com/hashicorp/terraform-svchost v0.1.1/go.mod h1:mNsjQfZyf/Jhz35v6/0LWcv26+X7JPS+buii2c9/ctc= -github.com/hashicorp/vault v1.11.3 h1:KROmJz/YRIaYVpwJaWYNfHDcchtugCP8GTRz+939eT8= -github.com/hashicorp/vault v1.11.3/go.mod h1:shpQ0ikGOzP07k/TJG54VNzbOIISS4h/2UKRD4xjpj8= ++github.com/hashicorp/vault v1.15.5 h1:CzDfgFcKjMfsfYhxyfixugeDNcCTU5L0idJXsNEmt9g= ++github.com/hashicorp/vault v1.15.5/go.mod h1:Osg4441jt6uoCZi46XfASOy988G3mSh5UTo1EKmVnUY= github.com/hashicorp/vault-plugin-auth-jwt v0.18.0 h1:ooDRFPUtlRH2gvtXkG6Mpt2E/ziO8tCFU7lWdWtjW50= github.com/hashicorp/vault-plugin-auth-jwt v0.18.0/go.mod h1:nLMLAx8jTNEDYwa86nltCVAwhVt/gHODRlfRQSu3Wp8= github.com/hashicorp/vault-plugin-auth-kerberos v0.10.1 h1:nXni7zfOyhOWJBC42iWqIEZA+aYCo3diyVrr1mHs5yo= @@ -603,14 +805,15 @@ index df23c410..c407488e 100644 github.com/hashicorp/vault/api v1.4.1/go.mod h1:LkMdrZnWNrFaQyYYazWVn7KshilfDidgVBq6YiTq/bM= github.com/hashicorp/vault/api v1.9.1/go.mod h1:78kktNcQYbBGSrOjQfHjXN32OhhxXnbYl3zxpd2uPUs= github.com/hashicorp/vault/api v1.9.2/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8= - github.com/hashicorp/vault/api v1.10.0 h1:/US7sIjWN6Imp4o/Rj1Ce2Nr5bki/AXi9vAW3p2tOJQ= github.com/hashicorp/vault/api v1.10.0/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8= + github.com/hashicorp/vault/api v1.11.1-0.20240201194553-aab72100fb2f h1:p+fDsRR6J7c44vcQA9riGGH37GUI9Q//HhVO5F1kmHo= + github.com/hashicorp/vault/api v1.11.1-0.20240201194553-aab72100fb2f/go.mod h1:si+lJCYO7oGkIoNPAN8j3azBLTn9SjMGS+jFaHd1Cck= -github.com/hashicorp/vault/sdk v0.1.14-0.20200519221530-14615acda45f/go.mod h1:WX57W2PwkrOPQ6rVQk+dy5/htHIaB4aBM70EwKThu10= -github.com/hashicorp/vault/sdk v0.2.1/go.mod h1:WfUiO1vYzfBkz1TmoE4ZGU7HD0T0Cl/rZwaxjBkgN4U= github.com/hashicorp/vault/sdk v0.4.1/go.mod h1:aZ3fNuL5VNydQk8GcLJ2TV8YCRVvyaakYkhZRoVuhj0= github.com/hashicorp/vault/sdk v0.9.2/go.mod h1:gG0lA7P++KefplzvcD3vrfCmgxVAM7Z/SqX5NeOL/98= github.com/hashicorp/vault/sdk v0.10.0/go.mod h1:s9F8+FF/Q9HuChoi1OWnIPoHRU6V675qHhCYkXVPPQE= -@@ -1630,10 +1509,6 @@ github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87/go.mod h1:CtWFDAQg +@@ -1631,10 +1526,6 @@ github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87/go.mod h1:CtWFDAQg github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE= github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= @@ -621,7 +824,16 @@ index df23c410..c407488e 100644 github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -@@ -1676,7 +1551,6 @@ github.com/jhump/protoreflect v1.15.1 h1:HUMERORf3I3ZdX05WaQ6MIpd/NJ434hTp5YiKgf +@@ -1645,8 +1536,6 @@ github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH + github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= + github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= + github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= +-github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM= +-github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= + github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= + github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= + github.com/intel/goresctrl v0.2.0/go.mod h1:+CZdzouYFn5EsxgqAQTEzMfwKwuc0fVdMrT9FCCAVRQ= +@@ -1677,7 +1566,6 @@ github.com/jhump/protoreflect v1.15.1 h1:HUMERORf3I3ZdX05WaQ6MIpd/NJ434hTp5YiKgf github.com/jhump/protoreflect v1.15.1/go.mod h1:jD/2GMKKE6OqX8qTjhADU1e6DShO+gavG9e0Q693nKo= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= @@ -629,7 +841,7 @@ index df23c410..c407488e 100644 github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -@@ -1687,17 +1561,14 @@ github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22 +@@ -1688,17 +1576,14 @@ github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22 github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= @@ -647,7 +859,7 @@ index df23c410..c407488e 100644 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -@@ -1718,7 +1589,6 @@ github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47e +@@ -1719,7 +1604,6 @@ github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47e github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= @@ -655,7 +867,18 @@ index df23c410..c407488e 100644 github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -@@ -1770,7 +1640,6 @@ github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNx +@@ -1731,8 +1615,9 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB + github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= + github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= + github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= + github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= ++github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= ++github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= + github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= + github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= + github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +@@ -1771,12 +1656,12 @@ github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNx github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= @@ -663,7 +886,14 @@ index df23c410..c407488e 100644 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -@@ -1785,14 +1654,10 @@ github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4 +-github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng= + github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= ++github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= ++github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= + github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= + github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= + github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= +@@ -1786,14 +1671,10 @@ github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/matttproud/golang_protobuf_extensions v1.0.2/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= @@ -678,7 +908,7 @@ index df23c410..c407488e 100644 github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= -@@ -1801,9 +1666,6 @@ github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8Ie +@@ -1802,9 +1683,6 @@ github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8Ie github.com/minio/sha256-simd v1.0.0/go.mod h1:OuYzVNI5vcoYIAmbIvHPl3N3jUzVedXbKy5RFepssQM= github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= @@ -688,7 +918,7 @@ index df23c410..c407488e 100644 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= -@@ -1821,7 +1683,6 @@ github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS4 +@@ -1822,7 +1700,6 @@ github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS4 github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= @@ -696,7 +926,7 @@ index df23c410..c407488e 100644 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= -@@ -1834,14 +1695,12 @@ github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zx +@@ -1835,14 +1712,12 @@ github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zx github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mndrix/tap-go v0.0.0-20171203230836-629fa407e90b/go.mod h1:pzzDgJWZ34fGzaAZGFW22KVZDfyrYW+QABMrWnJBnSs= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= @@ -711,7 +941,7 @@ index df23c410..c407488e 100644 github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo= github.com/moby/sys/signal v0.6.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg= github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg= -@@ -1855,11 +1714,9 @@ github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbD +@@ -1856,11 +1731,9 @@ github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbD github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -723,7 +953,7 @@ index df23c410..c407488e 100644 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:caMODM3PzxT8aQXRPkAt8xlV/e7d7w8GM5g0fa5F0D8= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= -@@ -1871,8 +1728,6 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m +@@ -1872,8 +1745,6 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= @@ -732,18 +962,15 @@ index df23c410..c407488e 100644 github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM= github.com/networkplumbing/go-nft v0.2.0/go.mod h1:HnnM+tYvlGAsMU7yoYwXEVLLiDW9gdMmb5HoGcwpuQs= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -@@ -1968,10 +1823,8 @@ github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuh +@@ -1969,7 +1840,6 @@ github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuh github.com/opencontainers/selinux v1.10.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/oracle/oci-go-sdk v13.1.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888= github.com/oracle/oci-go-sdk v24.3.0+incompatible h1:x4mcfb4agelf1O4/1/auGlZ1lr97jXRSSN5MxTgG/zU= github.com/oracle/oci-go-sdk v24.3.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888= --github.com/ory/dockertest v3.3.5+incompatible h1:iLLK6SQwIhcbrG783Dghaaa3WPzGc+4Emza6EbVUUGA= - github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4aNE4= - github.com/ory/dockertest/v3 v3.10.0/go.mod h1:nr57ZbRWMqfsdGdFNLHz5jjNdDb7VVFnzAeW1n5N1Lg= - github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -@@ -1989,7 +1842,6 @@ github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rK + github.com/ory/dockertest v3.3.5+incompatible h1:iLLK6SQwIhcbrG783Dghaaa3WPzGc+4Emza6EbVUUGA= +@@ -1990,7 +1860,6 @@ github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rK github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY= github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= @@ -751,7 +978,7 @@ index df23c410..c407488e 100644 github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM= github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= -@@ -2011,14 +1863,11 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN +@@ -2012,14 +1881,11 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= @@ -766,7 +993,7 @@ index df23c410..c407488e 100644 github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= -@@ -2029,18 +1878,15 @@ github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqr +@@ -2030,18 +1896,15 @@ github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqr github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ= @@ -785,7 +1012,7 @@ index df23c410..c407488e 100644 github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -@@ -2049,11 +1895,9 @@ github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB8 +@@ -2050,11 +1913,9 @@ github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB8 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.30.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= @@ -797,7 +1024,7 @@ index df23c410..c407488e 100644 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -@@ -2064,7 +1908,6 @@ github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4O +@@ -2065,7 +1926,6 @@ github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4O github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= @@ -805,7 +1032,18 @@ index df23c410..c407488e 100644 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -@@ -2092,7 +1935,6 @@ github.com/safchain/ethtool v0.2.0/go.mod h1:WkKB1DnNtvsMlDmQ50sgwowDJV/hGbJSOvJ +@@ -2075,8 +1935,9 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L + github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= + github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= + github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o= +-github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= + github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= ++github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= ++github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= + github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= + github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY= + github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +@@ -2093,7 +1954,6 @@ github.com/safchain/ethtool v0.2.0/go.mod h1:WkKB1DnNtvsMlDmQ50sgwowDJV/hGbJSOvJ github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw= github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U= @@ -813,7 +1051,7 @@ index df23c410..c407488e 100644 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= -@@ -2100,8 +1942,6 @@ github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod +@@ -2101,8 +1961,6 @@ github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= @@ -822,8 +1060,14 @@ index df23c410..c407488e 100644 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= -@@ -2115,10 +1955,8 @@ github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0 +@@ -2112,14 +1970,13 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd + github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= + github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= + github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= +-github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= ++github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= ++github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ= github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= -github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM= @@ -833,7 +1077,7 @@ index df23c410..c407488e 100644 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= -@@ -2130,8 +1968,6 @@ github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY52 +@@ -2131,8 +1988,6 @@ github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY52 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= @@ -842,7 +1086,7 @@ index df23c410..c407488e 100644 github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= -@@ -2179,12 +2015,10 @@ github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG +@@ -2180,12 +2035,10 @@ github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= @@ -855,7 +1099,7 @@ index df23c410..c407488e 100644 github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c/go.mod h1:hzIxponao9Kjc7aWznkXaL4U4TWaDSs8zcsY4Ka08nM= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= -@@ -2229,8 +2063,6 @@ github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17 +@@ -2230,8 +2083,6 @@ github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= @@ -864,23 +1108,101 @@ index df23c410..c407488e 100644 github.com/yashtewari/glob-intersection v0.1.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -@@ -2328,7 +2160,6 @@ go.opentelemetry.io/otel/sdk v1.0.1/go.mod h1:HrdXne+BiwsOHYYkBE5ysIcv2bvdZstxzm +@@ -2284,13 +2135,13 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.2 + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0/go.mod h1:vEhqr0m4eTc+DWxfsXoXue2GBgV2uUwVznkGIHW/e5w= + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.35.0/go.mod h1:h8TWwRAhQpOd0aM5nYsRD8+flnkj+526GEIVlarH7eY= + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.40.0/go.mod h1:UMklln0+MRhZC4e3PwmN3pCtq4DyIadWw4yikh6bNrw= +-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 h1:SpGay3w+nEwMpfVnbqOLH5gY52/foP8RE8UzTZ1pdSE= +-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1/go.mod h1:4UoMYEZOC0yN/sPGH76KPkkU7zgiEWYWL9vwmbnTJPE= ++go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 h1:UNQQKPfTDe1J81ViolILjTKPr9WetKW6uei2hFgJmFs= ++go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0/go.mod h1:r9vWsPS/3AQItv3OSlEJ/E4mbrhUbbw18meOjArPtKQ= + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4= + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.32.0/go.mod h1:5eCOqeGphOyz6TsY3ZDNjE33SM/TFAK3RGuCL2naTgY= + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.0/go.mod h1:9NiG9I2aHTKkcxqCILhjtyNA1QEiCjdBACv4IvrFQ+c= +-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 h1:aFJWCqJMNjENlcleuuOkGAPH82y0yULBScfXcIEdS24= +-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo= ++go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 h1:sv9kVfal0MK0wBMCOGr+HeJm9v803BkJxGrk2au7j08= ++go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw= + go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= + go.opentelemetry.io/otel v1.0.1/go.mod h1:OPEOD4jIT2SlZPMmwT6FqZz2C0ZNdQqiWcoK6M0SNFU= + go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs= +@@ -2298,8 +2149,9 @@ go.opentelemetry.io/otel v1.7.0/go.mod h1:5BdUoMIz5WEs0vt0CUEMtSSaTSHBBVwrhnz7+n + go.opentelemetry.io/otel v1.8.0/go.mod h1:2pkj+iMj0o03Y+cW6/m8Y4WkRdYN3AvCXCnzRMp9yvM= + go.opentelemetry.io/otel v1.10.0/go.mod h1:NbvWjCthWHKBEUMpf0/v8ZRZlni86PpGFEMA9pnQSnQ= + go.opentelemetry.io/otel v1.14.0/go.mod h1:o4buv+dJzx8rohcUeRmWUZhqupFvzWis188WlggnNeU= +-go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc= +-go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= ++go.opentelemetry.io/otel v1.23.1 h1:Za4UzOqJYS+MUczKI320AtqZHZb7EqxO00jAHE0jmQY= ++go.opentelemetry.io/otel v1.23.1/go.mod h1:Td0134eafDLcTS4y+zQ26GE8u3dEuRBiBCTUIRHaikA= ++go.opentelemetry.io/otel/exporters/otlp v0.20.0 h1:PTNgq9MRmQqqJY0REVbZFvwkYOA85vbdQU/nVfxDyqg= + go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= + go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4= + go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.7.0/go.mod h1:M1hVZHNxcbkAlcvrOMlpQ4YOO3Awf+4N2dxkZL3xm04= +@@ -2310,6 +2162,8 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0/go.mod h1:hO1KLR7jcKaDD + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.7.0/go.mod h1:ceUgdyfNv4h4gLxHR0WNfDiiVmZFodZhZSbOLhpxqXE= + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.10.0/go.mod h1:Krqnjl22jUJ0HgMzw5eveuCvFDXY4nSYb4F8t5gdrag= + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.14.0/go.mod h1:HrbCVv40OOLTABmOn1ZWty6CHXkU8DK/Urc43tHug70= ++go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.23.1 h1:o8iWeVFa1BcLtVEV0LzrCxV2/55tB3xLxADr6Kyoey4= ++go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.23.1/go.mod h1:SEVfdK4IoBnbT2FXNM/k8yC08MrfbhWk3U4ljM8B3HE= + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.0.1/go.mod h1:xOvWoTOrQjxjW61xtOmD/WKGRYb/P4NzRo3bs65U6Rk= + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0/go.mod h1:keUU7UfnwWTWpJ+FWnyqmogPa82nuU5VUANFq49hlMY= + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.7.0/go.mod h1:E+/KKhwOSw8yoPxSSuUHG6vKppkvhN+S1Jc7Nib3k3o= +@@ -2317,20 +2171,23 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.10.0/go.mod h + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.14.0/go.mod h1:5w41DY6S9gZrbjuq6Y+753e96WfPha5IcsOSZTtullM= + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1:QNX1aly8ehqqX1LEa6YniTU7VY9I6R3X/oPxhGdTceE= + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.14.0/go.mod h1:+N7zNjIJv4K+DeX67XXET0P+eIciESgaFDBqh+ZJFS4= ++go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.23.1 h1:cfuy3bXmLJS7M1RZmAL6SuhGtKUp2KEsrm00OlAXkq4= ++go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.23.1/go.mod h1:22jr92C6KwlwItJmQzfixzQM3oyyuYLCfHiMY+rpsPU= + go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= + go.opentelemetry.io/otel/metric v0.30.0/go.mod h1:/ShZ7+TS4dHzDFmfi1kSXMhMVubNoP0oIaBp70J6UXU= + go.opentelemetry.io/otel/metric v0.31.0/go.mod h1:ohmwj9KTSIeBnDBm/ZwH2PSZxZzoOaG2xZeekTRzL5A= + go.opentelemetry.io/otel/metric v0.37.0/go.mod h1:DmdaHfGt54iV6UKxsV9slj2bBRJcKC1B1uvDLIioc1s= +-go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4= +-go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM= ++go.opentelemetry.io/otel/metric v1.23.1 h1:PQJmqJ9u2QaJLBOELl1cxIdPcpbwzbkjfEyelTl2rlo= ++go.opentelemetry.io/otel/metric v1.23.1/go.mod h1:mpG2QPlAfnK8yNhNJAxDZruU9Y1/HubbC+KyH8FaCWI= + go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= + go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= + go.opentelemetry.io/otel/sdk v1.0.1/go.mod h1:HrdXne+BiwsOHYYkBE5ysIcv2bvdZstxzmCQhxTcZkI= go.opentelemetry.io/otel/sdk v1.3.0/go.mod h1:rIo4suHNhQwBIPg9axF8V9CA72Wz2mKF1teNrup8yzs= go.opentelemetry.io/otel/sdk v1.7.0/go.mod h1:uTEOTwaqIVuTGiJN7ii13Ibp75wJmYUDe374q6cZwUU= go.opentelemetry.io/otel/sdk v1.10.0/go.mod h1:vO06iKzD5baltJz1zarxMCNHFpUlUiOy4s65ECtn6kE= -go.opentelemetry.io/otel/sdk v1.14.0 h1:PDCppFRDq8A1jL9v6KMI6dYesaq+DFcDZvjsoGvxGzY= go.opentelemetry.io/otel/sdk v1.14.0/go.mod h1:bwIC5TjrNG6QDCHNWvW4HLHtUQ4I+VQDsnjhvyZCALM= ++go.opentelemetry.io/otel/sdk v1.23.1 h1:O7JmZw0h76if63LQdsBMKQDWNb5oEcOThG9IrxscV+E= ++go.opentelemetry.io/otel/sdk v1.23.1/go.mod h1:LzdEVR5am1uKOOwfBWFef2DCi1nu3SA8XQxx2IerWFk= go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= -@@ -2349,7 +2180,6 @@ go.opentelemetry.io/proto/otlp v0.16.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI + go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= +@@ -2340,21 +2197,22 @@ go.opentelemetry.io/otel/trace v1.7.0/go.mod h1:fzLSB9nqR2eXzxPXb2JW9IKE+ScyXA48 + go.opentelemetry.io/otel/trace v1.8.0/go.mod h1:0Bt3PXY8w+3pheS3hQUt+wow8b1ojPaTBoTCh2zIFI4= + go.opentelemetry.io/otel/trace v1.10.0/go.mod h1:Sij3YYczqAdz+EhmGhE6TpTxUO5/F/AzrK+kxfGqySM= + go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+gozhnZjy/rw9G8= +-go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc= +-go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ= ++go.opentelemetry.io/otel/trace v1.23.1 h1:4LrmmEd8AU2rFvU1zegmvqW7+kWarxtNOPyeL6HmYY8= ++go.opentelemetry.io/otel/trace v1.23.1/go.mod h1:4IpnpJFwr1mo/6HL8XIPJaE9y0+u1KcVmuW7dwFSVrI= + go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= + go.opentelemetry.io/proto/otlp v0.9.0/go.mod h1:1vKfU9rv61e9EVGthD1zNvUbiwPcimSsOPU9brfSHJg= + go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ= + go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= + go.opentelemetry.io/proto/otlp v0.16.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= ++go.opentelemetry.io/proto/otlp v1.1.0 h1:2Di21piLrCqJ3U3eXGCTPHE9R8Nh+0uglSnOyxikMeI= ++go.opentelemetry.io/proto/otlp v1.1.0/go.mod h1:GpBHCBWiqvVLDqmHZsoMM3C5ySeKTC7ej/RNTae6MdY= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= - go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= -@@ -2369,7 +2199,6 @@ golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnf +-go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= +-go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= ++go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= ++go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= + go.uber.org/automaxprocs v1.5.1/go.mod h1:BF4eumQw0P9GtnuxxovUd06vwm1o18oMzFtK66vU6XU= + go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= + go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= +@@ -2370,7 +2228,6 @@ golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -888,7 +1210,7 @@ index df23c410..c407488e 100644 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -@@ -2378,12 +2207,9 @@ golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8U +@@ -2379,12 +2236,9 @@ golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -901,7 +1223,7 @@ index df23c410..c407488e 100644 golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= -@@ -2401,7 +2227,6 @@ golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0 +@@ -2402,14 +2256,13 @@ golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= @@ -909,7 +1231,16 @@ index df23c410..c407488e 100644 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= -@@ -2502,14 +2327,12 @@ golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLL + golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= + golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= +-golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= +-golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= ++golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= ++golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= + golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= + golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= + golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +@@ -2503,14 +2356,12 @@ golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -924,7 +1255,7 @@ index df23c410..c407488e 100644 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -@@ -2524,7 +2347,6 @@ golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v +@@ -2525,7 +2376,6 @@ golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= @@ -932,7 +1263,18 @@ index df23c410..c407488e 100644 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -@@ -2620,11 +2442,9 @@ golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5h +@@ -2560,8 +2410,8 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= + golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= + golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= + golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= +-golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= +-golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= ++golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= ++golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= + golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= + golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= + golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +@@ -2621,11 +2471,9 @@ golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -944,7 +1286,7 @@ index df23c410..c407488e 100644 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -@@ -2673,7 +2493,6 @@ golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7w +@@ -2674,7 +2522,6 @@ golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -952,7 +1294,29 @@ index df23c410..c407488e 100644 golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -@@ -2842,7 +2661,6 @@ golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtn +@@ -2765,8 +2612,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= + golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= + golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= + golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +-golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= +-golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= ++golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= ++golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= + golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= + golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= + golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +@@ -2781,8 +2628,8 @@ golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= + golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= + golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= + golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= +-golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= +-golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= ++golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= ++golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= + golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= + golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= + golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +@@ -2843,7 +2690,6 @@ golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190927191325-030b2cf1153e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -960,7 +1324,18 @@ index df23c410..c407488e 100644 golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -@@ -2918,7 +2736,6 @@ gonum.org/v1/plot v0.9.0/go.mod h1:3Pcqqmp6RHvJI72kgb8fThyUnav364FOsdDo2aGW5lY= +@@ -2899,8 +2745,8 @@ golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= + golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= + golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= + golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= +-golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ= +-golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= ++golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= ++golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= + golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= + golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= + golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +@@ -2919,7 +2765,6 @@ gonum.org/v1/plot v0.9.0/go.mod h1:3Pcqqmp6RHvJI72kgb8fThyUnav364FOsdDo2aGW5lY= gonum.org/v1/plot v0.10.1/go.mod h1:VZW5OlhkL1mysU9vaqNHnsy86inf6Ot+jB3r+BczCEo= google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= @@ -968,7 +1343,18 @@ index df23c410..c407488e 100644 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -@@ -2993,7 +2810,6 @@ google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRn +@@ -2976,8 +2821,8 @@ google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/ + google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= + google.golang.org/api v0.111.0/go.mod h1:qtFHvU9mhgTJegR31csQ+rwxyUTHOKFqCKWp1J0fdw0= + google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg= +-google.golang.org/api v0.156.0 h1:yloYcGbBtVYjLKQe4enCunxvwn3s2w/XPrrhVf6MsvQ= +-google.golang.org/api v0.156.0/go.mod h1:bUSmn4KFO0Q+69zo9CNIDp4Psi6BqM0np0CbzKRSiSY= ++google.golang.org/api v0.160.0 h1:SEspjXHVqE1m5a1fRy8JFB+5jSu+V0GEDKDghF3ttO4= ++google.golang.org/api v0.160.0/go.mod h1:0mu0TpK33qnydLvWqbImq2b1eQ5FHRSDCBzAxX9ZHyw= + google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= + google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= + google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +@@ -2994,7 +2839,6 @@ google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRn google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= @@ -976,7 +1362,7 @@ index df23c410..c407488e 100644 google.golang.org/genproto v0.0.0-20190522204451-c2c4e71fbf69/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -@@ -3011,7 +2827,6 @@ google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfG +@@ -3012,7 +2856,6 @@ google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= @@ -984,8 +1370,26 @@ index df23c410..c407488e 100644 google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -@@ -3142,12 +2957,10 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 h1: - google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917/go.mod h1:xtjpI3tXFPP051KaWnhvxkiubL/6dJ18vLVf7q2pTOU= +@@ -3131,24 +2974,22 @@ google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea/go.mod h1:UUQDJDOl + google.golang.org/genproto v0.0.0-20230331144136-dcfb400f0633/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= + google.golang.org/genproto v0.0.0-20230525234025-438c736192d0/go.mod h1:9ExIQyXL5hZrHzQceCwuSYwZZ5QZBazOcprJ5rgs3lY= + google.golang.org/genproto v0.0.0-20230526161137-0005af68ea54/go.mod h1:zqTuNwFlFRsw5zIts5VnzLQxSRqh+CGOTVMlYbY0Eyk= +-google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac h1:ZL/Teoy/ZGnzyrqK/Optxxp2pmVh+fmJ97slxSRyzUg= +-google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:+Rvu7ElI+aLzyDQhpHMFMMltsD6m7nqpuWDd2CwJw3k= ++google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 h1:g/4bk7P6TPMkAUbUhquq98xey1slwvuVJPosdBqYJlU= ++google.golang.org/genproto v0.0.0-20240205150955-31a09d347014/go.mod h1:xEgQu1e4stdSSsxPDK8Azkrk/ECl5HvdPf6nbZrTS5M= + google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8= + google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +-google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 h1:rcS6EyEaoCO52hQDupoSfrxI3R6C2Tq741is7X8OvnM= +-google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917/go.mod h1:CmlNWB9lSezaYELKS5Ym1r44VrrbPUa7JTvw+6MbpJ0= ++google.golang.org/genproto/googleapis/api v0.0.0-20240213162025-012b6fc9bca9 h1:4++qSzdWBUy9/2x8L5KZgwZw+mjJZ2yDSCGMVM0YzRs= ++google.golang.org/genproto/googleapis/api v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:PVreiBMirk8ypES6aw9d4p6iiBNSIfZEBqr3UGoAi2E= + google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234015-3fc162c6f38a/go.mod h1:xURIpW9ES5+/GZhnV6beoEtxQrnkRGIfP5VQG2tCBLc= + google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +-google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 h1:6G8oQ016D88m1xAKljMlBOOGWDZkes4kMhgGFlf8WcQ= +-google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917/go.mod h1:xtjpI3tXFPP051KaWnhvxkiubL/6dJ18vLVf7q2pTOU= ++google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 h1:hZB7eLIaYlW9qXRfCq/qDaPdbeY3757uARz5Vvfv+cY= ++google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:YUWgXUFRPfoYK1IHMuxH5K6nPEXSCzIMljnQ59lLRCk= google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= -google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= @@ -997,7 +1401,18 @@ index df23c410..c407488e 100644 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA= -@@ -3228,10 +3041,7 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +@@ -3191,8 +3032,8 @@ google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5v + google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= + google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= + google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= +-google.golang.org/grpc v1.60.1 h1:26+wFr+cNqSGFcOXcabYC0lUVJVRa2Sb2ortSK7VrEU= +-google.golang.org/grpc v1.60.1/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM= ++google.golang.org/grpc v1.61.1 h1:kLAiWrZs7YeDM6MumDe7m3y4aM6wacLzM1Y/wiLP9XY= ++google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= + google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= + google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= + google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +@@ -3229,10 +3070,7 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= diff --git a/patches/0002-remove-dependency-on-BUSL-code.patch b/patches/0002-remove-dependency-on-BUSL-code.patch new file mode 100644 index 000000000..2bccab9b7 --- /dev/null +++ b/patches/0002-remove-dependency-on-BUSL-code.patch @@ -0,0 +1,115 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Ian Wahbe +Date: Tue, 20 Feb 2024 17:33:24 +0100 +Subject: [PATCH 2/2] remove dependency on BUSL code + + +diff --git a/go.mod b/go.mod +index 4170854b..48a538a2 100644 +--- a/go.mod ++++ b/go.mod +@@ -26,7 +26,6 @@ require ( + github.com/hashicorp/go-version v1.6.0 + github.com/hashicorp/hcl v1.0.1-vault-5 + github.com/hashicorp/terraform-plugin-sdk/v2 v2.31.0 +- github.com/hashicorp/vault v1.15.5 + github.com/hashicorp/vault-plugin-auth-jwt v0.18.0 + github.com/hashicorp/vault-plugin-auth-kerberos v0.10.1 + github.com/hashicorp/vault-plugin-auth-oci v0.14.2 +@@ -46,6 +45,7 @@ require ( + require ( + cloud.google.com/go/compute v1.23.4 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 // indirect ++ github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect + github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect + github.com/Microsoft/go-winio v0.6.1 // indirect +@@ -56,9 +56,12 @@ require ( + github.com/armon/go-radix v1.0.0 // indirect + github.com/cenkalti/backoff/v3 v3.2.2 // indirect + github.com/cloudflare/circl v1.3.7 // indirect ++ github.com/containerd/continuity v0.4.2 // indirect ++ github.com/containerd/log v0.1.0 // indirect + github.com/coreos/go-oidc/v3 v3.5.0 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/distribution/reference v0.5.0 // indirect ++ github.com/docker/cli v25.0.1+incompatible // indirect + github.com/docker/docker v25.0.1+incompatible // indirect + github.com/docker/go-connections v0.4.0 // indirect + github.com/docker/go-units v0.5.0 // indirect +@@ -66,6 +69,7 @@ require ( + github.com/fatih/color v1.15.0 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect + github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect ++ github.com/go-git/go-git/v5 v5.11.0 // indirect + github.com/go-jose/go-jose/v3 v3.0.1 // indirect + github.com/go-ldap/ldap/v3 v3.4.4 // indirect + github.com/go-logr/logr v1.4.1 // indirect +@@ -114,6 +118,7 @@ require ( + github.com/jcmturner/goidentity/v6 v6.0.1 // indirect + github.com/jcmturner/rpc/v2 v2.0.3 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect ++ github.com/kr/pretty v0.3.1 // indirect + github.com/kylelemons/godebug v1.1.0 // indirect + github.com/mattn/go-colorable v0.1.13 // indirect + github.com/mattn/go-isatty v0.0.19 // indirect +@@ -131,6 +136,7 @@ require ( + github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect ++ github.com/rogpeppe/go-internal v1.11.0 // indirect + github.com/ryanuber/go-glob v1.0.0 // indirect + github.com/stretchr/testify v1.8.4 // indirect + github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect +diff --git a/go.sum b/go.sum +index ea39ae6e..3419f9b3 100644 +--- a/go.sum ++++ b/go.sum +@@ -610,8 +610,8 @@ github.com/AdaLogics/go-fuzz-headers v0.0.0-20221206110420-d395f97c4830/go.mod h + github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0= + github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20221215162035-5330a85ea652/go.mod h1:OahwfttHWG6eJ0clwcfBAHoDI6X/LV/15hx/wlMZSrU= + github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= ++github.com/Azure/azure-sdk-for-go v56.3.0+incompatible h1:DmhwMrUIvpeoTDiWRDtNHqelNUd3Og8JCkrLHQK795c= + github.com/Azure/azure-sdk-for-go v56.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +-github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= + github.com/Azure/azure-sdk-for-go/sdk/azcore v0.19.0/go.mod h1:h6H6c8enJmmocHUbLiiGY6sx7f9i+X3m1CHdd5c6Rdw= + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 h1:lGlwhPtrX6EVml1hO0ivjkUxsSyl4dsiw9qcA1k/3IQ= + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA= +@@ -1502,8 +1502,6 @@ github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTV + github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM= + github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= + github.com/hashicorp/terraform-svchost v0.1.1/go.mod h1:mNsjQfZyf/Jhz35v6/0LWcv26+X7JPS+buii2c9/ctc= +-github.com/hashicorp/vault v1.15.5 h1:CzDfgFcKjMfsfYhxyfixugeDNcCTU5L0idJXsNEmt9g= +-github.com/hashicorp/vault v1.15.5/go.mod h1:Osg4441jt6uoCZi46XfASOy988G3mSh5UTo1EKmVnUY= + github.com/hashicorp/vault-plugin-auth-jwt v0.18.0 h1:ooDRFPUtlRH2gvtXkG6Mpt2E/ziO8tCFU7lWdWtjW50= + github.com/hashicorp/vault-plugin-auth-jwt v0.18.0/go.mod h1:nLMLAx8jTNEDYwa86nltCVAwhVt/gHODRlfRQSu3Wp8= + github.com/hashicorp/vault-plugin-auth-kerberos v0.10.1 h1:nXni7zfOyhOWJBC42iWqIEZA+aYCo3diyVrr1mHs5yo= +@@ -1842,7 +1840,6 @@ github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M5 + github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= + github.com/oracle/oci-go-sdk v24.3.0+incompatible h1:x4mcfb4agelf1O4/1/auGlZ1lr97jXRSSN5MxTgG/zU= + github.com/oracle/oci-go-sdk v24.3.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888= +-github.com/ory/dockertest v3.3.5+incompatible h1:iLLK6SQwIhcbrG783Dghaaa3WPzGc+4Emza6EbVUUGA= + github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4aNE4= + github.com/ory/dockertest/v3 v3.10.0/go.mod h1:nr57ZbRWMqfsdGdFNLHz5jjNdDb7VVFnzAeW1n5N1Lg= + github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= +diff --git a/vault/resource_secrets_sync_config.go b/vault/resource_secrets_sync_config.go +index fce0ec62..55af5883 100644 +--- a/vault/resource_secrets_sync_config.go ++++ b/vault/resource_secrets_sync_config.go +@@ -10,7 +10,6 @@ import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-provider-vault/internal/provider" +- "github.com/hashicorp/vault/helper/namespace" + ) + + const ( +@@ -56,7 +55,7 @@ func secretsSyncConfigWrite(ctx context.Context, d *schema.ResourceData, meta in + return diag.FromErr(e) + } + +- if client.Namespace() != namespace.RootNamespaceID && client.Namespace() != "" { ++ if client.Namespace() != "root" && client.Namespace() != "" { + return diag.Errorf("error writing sync config, this API is reserved to the root namespace and cannot be used with %q", client.Namespace()) + } + diff --git a/provider/cmd/pulumi-resource-vault/bridge-metadata.json b/provider/cmd/pulumi-resource-vault/bridge-metadata.json index 0e9f19cf5..8e53dcd40 100644 --- a/provider/cmd/pulumi-resource-vault/bridge-metadata.json +++ b/provider/cmd/pulumi-resource-vault/bridge-metadata.json @@ -1677,6 +1677,39 @@ } } }, + "vault_secrets_sync_association": { + "current": "vault:secrets/syncAssociation:SyncAssociation", + "majorVersion": 5 + }, + "vault_secrets_sync_aws_destination": { + "current": "vault:secrets/syncAwsDestination:SyncAwsDestination", + "majorVersion": 5 + }, + "vault_secrets_sync_azure_destination": { + "current": "vault:secrets/syncAzureDestination:SyncAzureDestination", + "majorVersion": 5 + }, + "vault_secrets_sync_config": { + "current": "vault:secrets/syncConfig:SyncConfig", + "majorVersion": 5 + }, + "vault_secrets_sync_gcp_destination": { + "current": "vault:secrets/syncGcpDestination:SyncGcpDestination", + "majorVersion": 5 + }, + "vault_secrets_sync_gh_destination": { + "current": "vault:secrets/syncGhDestination:SyncGhDestination", + "majorVersion": 5 + }, + "vault_secrets_sync_vercel_destination": { + "current": "vault:secrets/syncVercelDestination:SyncVercelDestination", + "majorVersion": 5, + "fields": { + "deployment_environments": { + "maxItemsOne": false + } + } + }, "vault_ssh_secret_backend_ca": { "current": "vault:ssh/secretBackendCa:SecretBackendCa", "majorVersion": 5 @@ -2269,6 +2302,13 @@ "vault:rabbitMq/secretBackendRole:SecretBackendRole": "vault_rabbitmq_secret_backend_role", "vault:saml/authBackend:AuthBackend": "vault_saml_auth_backend", "vault:saml/authBackendRole:AuthBackendRole": "vault_saml_auth_backend_role", + "vault:secrets/syncAssociation:SyncAssociation": "vault_secrets_sync_association", + "vault:secrets/syncAwsDestination:SyncAwsDestination": "vault_secrets_sync_aws_destination", + "vault:secrets/syncAzureDestination:SyncAzureDestination": "vault_secrets_sync_azure_destination", + "vault:secrets/syncConfig:SyncConfig": "vault_secrets_sync_config", + "vault:secrets/syncGcpDestination:SyncGcpDestination": "vault_secrets_sync_gcp_destination", + "vault:secrets/syncGhDestination:SyncGhDestination": "vault_secrets_sync_gh_destination", + "vault:secrets/syncVercelDestination:SyncVercelDestination": "vault_secrets_sync_vercel_destination", "vault:ssh/secretBackendCa:SecretBackendCa": "vault_ssh_secret_backend_ca", "vault:ssh/secretBackendRole:SecretBackendRole": "vault_ssh_secret_backend_role", "vault:terraformcloud/secretBackend:SecretBackend": "vault_terraform_cloud_secret_backend", @@ -2498,7 +2538,11 @@ "defaultLeaseTtlSeconds": "default_lease_ttl_seconds", "disableRemount": "disable_remount", "iamEndpoint": "iam_endpoint", + "identityTokenAudience": "identity_token_audience", + "identityTokenKey": "identity_token_key", + "identityTokenTtl": "identity_token_ttl", "maxLeaseTtlSeconds": "max_lease_ttl_seconds", + "roleArn": "role_arn", "secretKey": "secret_key", "stsEndpoint": "sts_endpoint", "usernameTemplate": "username_template" @@ -2765,9 +2809,11 @@ }, "vault:database/SecretBackendConnectionOracle:SecretBackendConnectionOracle": { "connectionUrl": "connection_url", + "disconnectSessions": "disconnect_sessions", "maxConnectionLifetime": "max_connection_lifetime", "maxIdleConnections": "max_idle_connections", "maxOpenConnections": "max_open_connections", + "splitStatements": "split_statements", "usernameTemplate": "username_template" }, "vault:database/SecretBackendConnectionPostgresql:SecretBackendConnectionPostgresql": { @@ -2950,11 +2996,13 @@ "vault:database/SecretsMountOracle:SecretsMountOracle": { "allowedRoles": "allowed_roles", "connectionUrl": "connection_url", + "disconnectSessions": "disconnect_sessions", "maxConnectionLifetime": "max_connection_lifetime", "maxIdleConnections": "max_idle_connections", "maxOpenConnections": "max_open_connections", "pluginName": "plugin_name", "rootRotationStatements": "root_rotation_statements", + "splitStatements": "split_statements", "usernameTemplate": "username_template", "verifyConnection": "verify_connection" }, @@ -4249,6 +4297,45 @@ "tokenTtl": "token_ttl", "tokenType": "token_type" }, + "vault:secrets/syncAssociation:SyncAssociation": { + "secretName": "secret_name", + "syncStatus": "sync_status", + "updatedAt": "updated_at" + }, + "vault:secrets/syncAwsDestination:SyncAwsDestination": { + "accessKeyId": "access_key_id", + "customTags": "custom_tags", + "secretAccessKey": "secret_access_key", + "secretNameTemplate": "secret_name_template" + }, + "vault:secrets/syncAzureDestination:SyncAzureDestination": { + "clientId": "client_id", + "clientSecret": "client_secret", + "customTags": "custom_tags", + "keyVaultUri": "key_vault_uri", + "secretNameTemplate": "secret_name_template", + "tenantId": "tenant_id" + }, + "vault:secrets/syncConfig:SyncConfig": { + "queueCapacity": "queue_capacity" + }, + "vault:secrets/syncGcpDestination:SyncGcpDestination": { + "customTags": "custom_tags", + "secretNameTemplate": "secret_name_template" + }, + "vault:secrets/syncGhDestination:SyncGhDestination": { + "accessToken": "access_token", + "repositoryName": "repository_name", + "repositoryOwner": "repository_owner", + "secretNameTemplate": "secret_name_template" + }, + "vault:secrets/syncVercelDestination:SyncVercelDestination": { + "accessToken": "access_token", + "deploymentEnvironments": "deployment_environments", + "projectId": "project_id", + "secretNameTemplate": "secret_name_template", + "teamId": "team_id" + }, "vault:ssh/secretBackendCa:SecretBackendCa": { "generateSigningKey": "generate_signing_key", "privateKey": "private_key", diff --git a/provider/cmd/pulumi-resource-vault/schema.json b/provider/cmd/pulumi-resource-vault/schema.json index 62adf666d..d2c8a784e 100644 --- a/provider/cmd/pulumi-resource-vault/schema.json +++ b/provider/cmd/pulumi-resource-vault/schema.json @@ -42,6 +42,7 @@ "pkiSecret": "PkiSecret", "rabbitMq": "RabbitMQ", "saml": "Saml", + "secrets": "Secrets", "ssh": "Ssh", "terraformcloud": "TerraformCloud", "tokenauth": "TokenAuth", @@ -1374,6 +1375,10 @@ "type": "string", "description": "A URL containing connection information. See\nthe [Vault\ndocs](https://www.vaultproject.io/api-docs/secret/databases/mongodb.html#sample-payload)\nfor an example.\n" }, + "disconnectSessions": { + "type": "boolean", + "description": "Enable the built-in session disconnect mechanism.\n" + }, "maxConnectionLifetime": { "type": "integer", "description": "The maximum number of seconds to keep\na connection alive for.\n" @@ -1391,6 +1396,10 @@ "description": "The password to authenticate with.\n", "secret": true }, + "splitStatements": { + "type": "boolean", + "description": "Enable spliting statements after semi-colons.\n" + }, "username": { "type": "string", "description": "The username to authenticate with.\n" @@ -2681,6 +2690,10 @@ }, "description": "A map of sensitive data to pass to the endpoint. Useful for templated connection strings.\n\nSupported list of database secrets engines that can be configured:\n" }, + "disconnectSessions": { + "type": "boolean", + "description": "Set to true to disconnect any open sessions prior to running the revocation statements.\n" + }, "maxConnectionLifetime": { "type": "integer", "description": "The maximum amount of time a connection may be reused.\n" @@ -2713,6 +2726,10 @@ }, "description": "A list of database statements to be executed to rotate the root user's credentials.\n" }, + "splitStatements": { + "type": "boolean", + "description": "Set to true in order to split statements after semi-colons.\n" + }, "username": { "type": "string", "description": "The root credential username used in the connection URL.\n" @@ -7813,9 +7830,21 @@ "type": "string", "description": "Specifies a custom HTTP IAM endpoint to use.\n" }, + "identityTokenAudience": { + "type": "string", + "description": "The audience claim value. Requires Vault 1.16+.\n" + }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing identity tokens. Requires Vault 1.16+.\n" + }, + "identityTokenTtl": { + "type": "integer", + "description": "The TTL of generated identity tokens in seconds. Requires Vault 1.16+.\n" + }, "local": { "type": "boolean", - "description": "Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas.\n\n" + "description": "Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas.\n" }, "maxLeaseTtlSeconds": { "type": "integer", @@ -7833,6 +7862,10 @@ "type": "string", "description": "The AWS region to make API calls against. Defaults to us-east-1.\n" }, + "roleArn": { + "type": "string", + "description": "Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.\n\n" + }, "secretKey": { "type": "string", "description": "The AWS Secret Access Key to use when generating new credentials.\n", @@ -7849,6 +7882,7 @@ }, "required": [ "defaultLeaseTtlSeconds", + "identityTokenTtl", "maxLeaseTtlSeconds", "region", "usernameTemplate" @@ -7875,9 +7909,21 @@ "type": "string", "description": "Specifies a custom HTTP IAM endpoint to use.\n" }, + "identityTokenAudience": { + "type": "string", + "description": "The audience claim value. Requires Vault 1.16+.\n" + }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing identity tokens. Requires Vault 1.16+.\n" + }, + "identityTokenTtl": { + "type": "integer", + "description": "The TTL of generated identity tokens in seconds. Requires Vault 1.16+.\n" + }, "local": { "type": "boolean", - "description": "Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas.\n\n", + "description": "Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas.\n", "willReplaceOnChanges": true }, "maxLeaseTtlSeconds": { @@ -7897,6 +7943,10 @@ "type": "string", "description": "The AWS region to make API calls against. Defaults to us-east-1.\n" }, + "roleArn": { + "type": "string", + "description": "Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.\n\n" + }, "secretKey": { "type": "string", "description": "The AWS Secret Access Key to use when generating new credentials.\n", @@ -7935,9 +7985,21 @@ "type": "string", "description": "Specifies a custom HTTP IAM endpoint to use.\n" }, + "identityTokenAudience": { + "type": "string", + "description": "The audience claim value. Requires Vault 1.16+.\n" + }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing identity tokens. Requires Vault 1.16+.\n" + }, + "identityTokenTtl": { + "type": "integer", + "description": "The TTL of generated identity tokens in seconds. Requires Vault 1.16+.\n" + }, "local": { "type": "boolean", - "description": "Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas.\n\n", + "description": "Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas.\n", "willReplaceOnChanges": true }, "maxLeaseTtlSeconds": { @@ -7957,6 +8019,10 @@ "type": "string", "description": "The AWS region to make API calls against. Defaults to us-east-1.\n" }, + "roleArn": { + "type": "string", + "description": "Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.\n\n" + }, "secretKey": { "type": "string", "description": "The AWS Secret Access Key to use when generating new credentials.\n", @@ -27594,6 +27660,805 @@ "type": "object" } }, + "vault:secrets/syncAssociation:SyncAssociation": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst kvv2 = new vault.Mount(\"kvv2\", {\n path: \"kvv2\",\n type: \"kv\",\n options: {\n version: \"2\",\n },\n description: \"KV Version 2 secret engine mount\",\n});\nconst token = new vault.kv.SecretV2(\"token\", {\n mount: kvv2.path,\n dataJson: JSON.stringify({\n dev: \"B!gS3cr3t\",\n prod: \"S3cureP4$$\",\n }),\n});\nconst gh = new vault.secrets.SyncGhDestination(\"gh\", {\n accessToken: _var.access_token,\n repositoryOwner: _var.repo_owner,\n repositoryName: \"repo-name-example\",\n secretNameTemplate: \"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\",\n});\nconst ghToken = new vault.secrets.SyncAssociation(\"ghToken\", {\n type: gh.type,\n mount: kvv2.path,\n secretName: token.name,\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_vault as vault\n\nkvv2 = vault.Mount(\"kvv2\",\n path=\"kvv2\",\n type=\"kv\",\n options={\n \"version\": \"2\",\n },\n description=\"KV Version 2 secret engine mount\")\ntoken = vault.kv.SecretV2(\"token\",\n mount=kvv2.path,\n data_json=json.dumps({\n \"dev\": \"B!gS3cr3t\",\n \"prod\": \"S3cureP4$$\",\n }))\ngh = vault.secrets.SyncGhDestination(\"gh\",\n access_token=var[\"access_token\"],\n repository_owner=var[\"repo_owner\"],\n repository_name=\"repo-name-example\",\n secret_name_template=\"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\")\ngh_token = vault.secrets.SyncAssociation(\"ghToken\",\n type=gh.type,\n mount=kvv2.path,\n secret_name=token.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var kvv2 = new Vault.Mount(\"kvv2\", new()\n {\n Path = \"kvv2\",\n Type = \"kv\",\n Options = \n {\n { \"version\", \"2\" },\n },\n Description = \"KV Version 2 secret engine mount\",\n });\n\n var token = new Vault.Kv.SecretV2(\"token\", new()\n {\n Mount = kvv2.Path,\n DataJson = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"dev\"] = \"B!gS3cr3t\",\n [\"prod\"] = \"S3cureP4$$\",\n }),\n });\n\n var gh = new Vault.Secrets.SyncGhDestination(\"gh\", new()\n {\n AccessToken = @var.Access_token,\n RepositoryOwner = @var.Repo_owner,\n RepositoryName = \"repo-name-example\",\n SecretNameTemplate = \"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\",\n });\n\n var ghToken = new Vault.Secrets.SyncAssociation(\"ghToken\", new()\n {\n Type = gh.Type,\n Mount = kvv2.Path,\n SecretName = token.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-vault/sdk/v5/go/vault\"\n\t\"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/kv\"\n\t\"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/secrets\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkvv2, err := vault.NewMount(ctx, \"kvv2\", \u0026vault.MountArgs{\n\t\t\tPath: pulumi.String(\"kvv2\"),\n\t\t\tType: pulumi.String(\"kv\"),\n\t\t\tOptions: pulumi.Map{\n\t\t\t\t\"version\": pulumi.Any(\"2\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"KV Version 2 secret engine mount\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"dev\": \"B!gS3cr3t\",\n\t\t\t\"prod\": \"S3cureP4$$\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\ttoken, err := kv.NewSecretV2(ctx, \"token\", \u0026kv.SecretV2Args{\n\t\t\tMount: kvv2.Path,\n\t\t\tDataJson: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgh, err := secrets.NewSyncGhDestination(ctx, \"gh\", \u0026secrets.SyncGhDestinationArgs{\n\t\t\tAccessToken: pulumi.Any(_var.Access_token),\n\t\t\tRepositoryOwner: pulumi.Any(_var.Repo_owner),\n\t\t\tRepositoryName: pulumi.String(\"repo-name-example\"),\n\t\t\tSecretNameTemplate: pulumi.String(\"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secrets.NewSyncAssociation(ctx, \"ghToken\", \u0026secrets.SyncAssociationArgs{\n\t\t\tType: gh.Type,\n\t\t\tMount: kvv2.Path,\n\t\t\tSecretName: token.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.Mount;\nimport com.pulumi.vault.MountArgs;\nimport com.pulumi.vault.kv.SecretV2;\nimport com.pulumi.vault.kv.SecretV2Args;\nimport com.pulumi.vault.secrets.SyncGhDestination;\nimport com.pulumi.vault.secrets.SyncGhDestinationArgs;\nimport com.pulumi.vault.secrets.SyncAssociation;\nimport com.pulumi.vault.secrets.SyncAssociationArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var kvv2 = new Mount(\"kvv2\", MountArgs.builder() \n .path(\"kvv2\")\n .type(\"kv\")\n .options(Map.of(\"version\", \"2\"))\n .description(\"KV Version 2 secret engine mount\")\n .build());\n\n var token = new SecretV2(\"token\", SecretV2Args.builder() \n .mount(kvv2.path())\n .dataJson(serializeJson(\n jsonObject(\n jsonProperty(\"dev\", \"B!gS3cr3t\"),\n jsonProperty(\"prod\", \"S3cureP4$$\")\n )))\n .build());\n\n var gh = new SyncGhDestination(\"gh\", SyncGhDestinationArgs.builder() \n .accessToken(var_.access_token())\n .repositoryOwner(var_.repo_owner())\n .repositoryName(\"repo-name-example\")\n .secretNameTemplate(\"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\")\n .build());\n\n var ghToken = new SyncAssociation(\"ghToken\", SyncAssociationArgs.builder() \n .type(gh.type())\n .mount(kvv2.path())\n .secretName(token.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n kvv2:\n type: vault:Mount\n properties:\n path: kvv2\n type: kv\n options:\n version: '2'\n description: KV Version 2 secret engine mount\n token:\n type: vault:kv:SecretV2\n properties:\n mount: ${kvv2.path}\n dataJson:\n fn::toJSON:\n dev: B!gS3cr3t\n prod: S3cureP4$$\n gh:\n type: vault:secrets:SyncGhDestination\n properties:\n accessToken: ${var.access_token}\n repositoryOwner: ${var.repo_owner}\n repositoryName: repo-name-example\n secretNameTemplate: vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\n ghToken:\n type: vault:secrets:SyncAssociation\n properties:\n type: ${gh.type}\n mount: ${kvv2.path}\n secretName: ${token.name}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "mount": { + "type": "string", + "description": "Specifies the mount where the secret is located.\n" + }, + "name": { + "type": "string", + "description": "Specifies the name of the destination.\n" + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).\n" + }, + "secretName": { + "type": "string", + "description": "Specifies the name of the secret to synchronize.\n" + }, + "syncStatus": { + "type": "string", + "description": "Specifies the status of the association (for eg. `SYNCED`).\n" + }, + "type": { + "type": "string", + "description": "Specifies the destination type.\n" + }, + "updatedAt": { + "type": "string", + "description": "Duration string specifying when the secret was last updated.\n" + } + }, + "required": [ + "mount", + "name", + "secretName", + "syncStatus", + "type", + "updatedAt" + ], + "inputProperties": { + "mount": { + "type": "string", + "description": "Specifies the mount where the secret is located.\n", + "willReplaceOnChanges": true + }, + "name": { + "type": "string", + "description": "Specifies the name of the destination.\n", + "willReplaceOnChanges": true + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).\n", + "willReplaceOnChanges": true + }, + "secretName": { + "type": "string", + "description": "Specifies the name of the secret to synchronize.\n", + "willReplaceOnChanges": true + }, + "type": { + "type": "string", + "description": "Specifies the destination type.\n", + "willReplaceOnChanges": true + } + }, + "requiredInputs": [ + "mount", + "secretName", + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SyncAssociation resources.\n", + "properties": { + "mount": { + "type": "string", + "description": "Specifies the mount where the secret is located.\n", + "willReplaceOnChanges": true + }, + "name": { + "type": "string", + "description": "Specifies the name of the destination.\n", + "willReplaceOnChanges": true + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).\n", + "willReplaceOnChanges": true + }, + "secretName": { + "type": "string", + "description": "Specifies the name of the secret to synchronize.\n", + "willReplaceOnChanges": true + }, + "syncStatus": { + "type": "string", + "description": "Specifies the status of the association (for eg. `SYNCED`).\n" + }, + "type": { + "type": "string", + "description": "Specifies the destination type.\n", + "willReplaceOnChanges": true + }, + "updatedAt": { + "type": "string", + "description": "Duration string specifying when the secret was last updated.\n" + } + }, + "type": "object" + } + }, + "vault:secrets/syncAwsDestination:SyncAwsDestination": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst aws = new vault.secrets.SyncAwsDestination(\"aws\", {\n accessKeyId: _var.access_key_id,\n secretAccessKey: _var.secret_access_key,\n region: \"us-east-1\",\n secretNameTemplate: \"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\",\n customTags: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\naws = vault.secrets.SyncAwsDestination(\"aws\",\n access_key_id=var[\"access_key_id\"],\n secret_access_key=var[\"secret_access_key\"],\n region=\"us-east-1\",\n secret_name_template=\"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\",\n custom_tags={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var aws = new Vault.Secrets.SyncAwsDestination(\"aws\", new()\n {\n AccessKeyId = @var.Access_key_id,\n SecretAccessKey = @var.Secret_access_key,\n Region = \"us-east-1\",\n SecretNameTemplate = \"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\",\n CustomTags = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/secrets\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secrets.NewSyncAwsDestination(ctx, \"aws\", \u0026secrets.SyncAwsDestinationArgs{\n\t\t\tAccessKeyId: pulumi.Any(_var.Access_key_id),\n\t\t\tSecretAccessKey: pulumi.Any(_var.Secret_access_key),\n\t\t\tRegion: pulumi.String(\"us-east-1\"),\n\t\t\tSecretNameTemplate: pulumi.String(\"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\"),\n\t\t\tCustomTags: pulumi.Map{\n\t\t\t\t\"foo\": pulumi.Any(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.secrets.SyncAwsDestination;\nimport com.pulumi.vault.secrets.SyncAwsDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var aws = new SyncAwsDestination(\"aws\", SyncAwsDestinationArgs.builder() \n .accessKeyId(var_.access_key_id())\n .secretAccessKey(var_.secret_access_key())\n .region(\"us-east-1\")\n .secretNameTemplate(\"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\")\n .customTags(Map.of(\"foo\", \"bar\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n aws:\n type: vault:secrets:SyncAwsDestination\n properties:\n accessKeyId: ${var.access_key_id}\n secretAccessKey: ${var.secret_access_key}\n region: us-east-1\n secretNameTemplate: vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\n customTags:\n foo: bar\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAWS Secrets sync destinations can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import vault:secrets/syncAwsDestination:SyncAwsDestination aws aws-dest\n```\n ", + "properties": { + "accessKeyId": { + "type": "string", + "description": "Access key id to authenticate against the AWS secrets manager.\nCan be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment\nvariable.\n" + }, + "customTags": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "Custom tags to set on the secret managed at the destination.\n" + }, + "name": { + "type": "string", + "description": "Unique name of the AWS destination.\n" + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).\n" + }, + "region": { + "type": "string", + "description": "Region where to manage the secrets manager entries.\nCan be omitted and directly provided to Vault using the `AWS_REGION` environment\nvariable.\n" + }, + "secretAccessKey": { + "type": "string", + "description": "Secret access key to authenticate against the AWS secrets manager.\nCan be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment\nvariable.\n", + "secret": true + }, + "secretNameTemplate": { + "type": "string", + "description": "Template describing how to generate external secret names.\nSupports a subset of the Go Template syntax.\n" + }, + "type": { + "type": "string", + "description": "The type of the secrets destination (`aws-sm`).\n" + } + }, + "required": [ + "name", + "secretNameTemplate", + "type" + ], + "inputProperties": { + "accessKeyId": { + "type": "string", + "description": "Access key id to authenticate against the AWS secrets manager.\nCan be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment\nvariable.\n" + }, + "customTags": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "Custom tags to set on the secret managed at the destination.\n" + }, + "name": { + "type": "string", + "description": "Unique name of the AWS destination.\n", + "willReplaceOnChanges": true + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).\n", + "willReplaceOnChanges": true + }, + "region": { + "type": "string", + "description": "Region where to manage the secrets manager entries.\nCan be omitted and directly provided to Vault using the `AWS_REGION` environment\nvariable.\n", + "willReplaceOnChanges": true + }, + "secretAccessKey": { + "type": "string", + "description": "Secret access key to authenticate against the AWS secrets manager.\nCan be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment\nvariable.\n", + "secret": true + }, + "secretNameTemplate": { + "type": "string", + "description": "Template describing how to generate external secret names.\nSupports a subset of the Go Template syntax.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering SyncAwsDestination resources.\n", + "properties": { + "accessKeyId": { + "type": "string", + "description": "Access key id to authenticate against the AWS secrets manager.\nCan be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment\nvariable.\n" + }, + "customTags": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "Custom tags to set on the secret managed at the destination.\n" + }, + "name": { + "type": "string", + "description": "Unique name of the AWS destination.\n", + "willReplaceOnChanges": true + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).\n", + "willReplaceOnChanges": true + }, + "region": { + "type": "string", + "description": "Region where to manage the secrets manager entries.\nCan be omitted and directly provided to Vault using the `AWS_REGION` environment\nvariable.\n", + "willReplaceOnChanges": true + }, + "secretAccessKey": { + "type": "string", + "description": "Secret access key to authenticate against the AWS secrets manager.\nCan be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment\nvariable.\n", + "secret": true + }, + "secretNameTemplate": { + "type": "string", + "description": "Template describing how to generate external secret names.\nSupports a subset of the Go Template syntax.\n" + }, + "type": { + "type": "string", + "description": "The type of the secrets destination (`aws-sm`).\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, + "vault:secrets/syncAzureDestination:SyncAzureDestination": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst az = new vault.secrets.SyncAzureDestination(\"az\", {\n keyVaultUri: _var.key_vault_uri,\n clientId: _var.client_id,\n clientSecret: _var.client_secret,\n tenantId: _var.tenant_id,\n secretNameTemplate: \"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\",\n customTags: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\naz = vault.secrets.SyncAzureDestination(\"az\",\n key_vault_uri=var[\"key_vault_uri\"],\n client_id=var[\"client_id\"],\n client_secret=var[\"client_secret\"],\n tenant_id=var[\"tenant_id\"],\n secret_name_template=\"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\",\n custom_tags={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var az = new Vault.Secrets.SyncAzureDestination(\"az\", new()\n {\n KeyVaultUri = @var.Key_vault_uri,\n ClientId = @var.Client_id,\n ClientSecret = @var.Client_secret,\n TenantId = @var.Tenant_id,\n SecretNameTemplate = \"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\",\n CustomTags = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/secrets\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secrets.NewSyncAzureDestination(ctx, \"az\", \u0026secrets.SyncAzureDestinationArgs{\n\t\t\tKeyVaultUri: pulumi.Any(_var.Key_vault_uri),\n\t\t\tClientId: pulumi.Any(_var.Client_id),\n\t\t\tClientSecret: pulumi.Any(_var.Client_secret),\n\t\t\tTenantId: pulumi.Any(_var.Tenant_id),\n\t\t\tSecretNameTemplate: pulumi.String(\"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\"),\n\t\t\tCustomTags: pulumi.Map{\n\t\t\t\t\"foo\": pulumi.Any(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.secrets.SyncAzureDestination;\nimport com.pulumi.vault.secrets.SyncAzureDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var az = new SyncAzureDestination(\"az\", SyncAzureDestinationArgs.builder() \n .keyVaultUri(var_.key_vault_uri())\n .clientId(var_.client_id())\n .clientSecret(var_.client_secret())\n .tenantId(var_.tenant_id())\n .secretNameTemplate(\"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\")\n .customTags(Map.of(\"foo\", \"bar\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n az:\n type: vault:secrets:SyncAzureDestination\n properties:\n keyVaultUri: ${var.key_vault_uri}\n clientId: ${var.client_id}\n clientSecret: ${var.client_secret}\n tenantId: ${var.tenant_id}\n secretNameTemplate: vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\n customTags:\n foo: bar\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAzure Secrets sync destinations can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import vault:secrets/syncAzureDestination:SyncAzureDestination az az-dest\n```\n ", + "properties": { + "clientId": { + "type": "string", + "description": "Client ID of an Azure app registration.\nCan be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment\nvariable.\n" + }, + "clientSecret": { + "type": "string", + "description": "Client Secret of an Azure app registration.\nCan be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment\nvariable.\n", + "secret": true + }, + "cloud": { + "type": "string", + "description": "Specifies a cloud for the client. The default is Azure Public Cloud.\n" + }, + "customTags": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "Custom tags to set on the secret managed at the destination.\n" + }, + "keyVaultUri": { + "type": "string", + "description": "URI of an existing Azure Key Vault instance.\nCan be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment\nvariable.\n" + }, + "name": { + "type": "string", + "description": "Unique name of the Azure destination.\n" + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).\n" + }, + "secretNameTemplate": { + "type": "string", + "description": "Template describing how to generate external secret names.\nSupports a subset of the Go Template syntax.\n" + }, + "tenantId": { + "type": "string", + "description": "ID of the target Azure tenant.\nCan be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment\nvariable.\n" + }, + "type": { + "type": "string", + "description": "The type of the secrets destination (`azure-kv`).\n" + } + }, + "required": [ + "name", + "secretNameTemplate", + "type" + ], + "inputProperties": { + "clientId": { + "type": "string", + "description": "Client ID of an Azure app registration.\nCan be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment\nvariable.\n" + }, + "clientSecret": { + "type": "string", + "description": "Client Secret of an Azure app registration.\nCan be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment\nvariable.\n", + "secret": true + }, + "cloud": { + "type": "string", + "description": "Specifies a cloud for the client. The default is Azure Public Cloud.\n", + "willReplaceOnChanges": true + }, + "customTags": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "Custom tags to set on the secret managed at the destination.\n" + }, + "keyVaultUri": { + "type": "string", + "description": "URI of an existing Azure Key Vault instance.\nCan be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment\nvariable.\n", + "willReplaceOnChanges": true + }, + "name": { + "type": "string", + "description": "Unique name of the Azure destination.\n", + "willReplaceOnChanges": true + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).\n", + "willReplaceOnChanges": true + }, + "secretNameTemplate": { + "type": "string", + "description": "Template describing how to generate external secret names.\nSupports a subset of the Go Template syntax.\n" + }, + "tenantId": { + "type": "string", + "description": "ID of the target Azure tenant.\nCan be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment\nvariable.\n", + "willReplaceOnChanges": true + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering SyncAzureDestination resources.\n", + "properties": { + "clientId": { + "type": "string", + "description": "Client ID of an Azure app registration.\nCan be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment\nvariable.\n" + }, + "clientSecret": { + "type": "string", + "description": "Client Secret of an Azure app registration.\nCan be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment\nvariable.\n", + "secret": true + }, + "cloud": { + "type": "string", + "description": "Specifies a cloud for the client. The default is Azure Public Cloud.\n", + "willReplaceOnChanges": true + }, + "customTags": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "Custom tags to set on the secret managed at the destination.\n" + }, + "keyVaultUri": { + "type": "string", + "description": "URI of an existing Azure Key Vault instance.\nCan be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment\nvariable.\n", + "willReplaceOnChanges": true + }, + "name": { + "type": "string", + "description": "Unique name of the Azure destination.\n", + "willReplaceOnChanges": true + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).\n", + "willReplaceOnChanges": true + }, + "secretNameTemplate": { + "type": "string", + "description": "Template describing how to generate external secret names.\nSupports a subset of the Go Template syntax.\n" + }, + "tenantId": { + "type": "string", + "description": "ID of the target Azure tenant.\nCan be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment\nvariable.\n", + "willReplaceOnChanges": true + }, + "type": { + "type": "string", + "description": "The type of the secrets destination (`azure-kv`).\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, + "vault:secrets/syncConfig:SyncConfig": { + "description": "Configures the secret sync global config. \nThe config is global and can only be managed in the root namespace.\n\n\u003e **Important** The config is global so the vault.secrets.SyncConfig resource must not be defined\nmultiple times for the same Vault server. If multiple definition exists, the last one applied will be\neffective.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst globalConfig = new vault.secrets.SyncConfig(\"globalConfig\", {\n disabled: true,\n queueCapacity: 500000,\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\nglobal_config = vault.secrets.SyncConfig(\"globalConfig\",\n disabled=True,\n queue_capacity=500000)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var globalConfig = new Vault.Secrets.SyncConfig(\"globalConfig\", new()\n {\n Disabled = true,\n QueueCapacity = 500000,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/secrets\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secrets.NewSyncConfig(ctx, \"globalConfig\", \u0026secrets.SyncConfigArgs{\n\t\t\tDisabled: pulumi.Bool(true),\n\t\t\tQueueCapacity: pulumi.Int(500000),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.secrets.SyncConfig;\nimport com.pulumi.vault.secrets.SyncConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var globalConfig = new SyncConfig(\"globalConfig\", SyncConfigArgs.builder() \n .disabled(true)\n .queueCapacity(500000)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n globalConfig:\n type: vault:secrets:SyncConfig\n properties:\n disabled: true\n queueCapacity: 500000\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n```sh\n $ pulumi import vault:secrets/syncConfig:SyncConfig config global_config\n```\n ", + "properties": { + "disabled": { + "type": "boolean", + "description": "Disables the syncing process between Vault and external destinations. Defaults to `false`.\n" + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThis resource can only be configured in the root namespace.\n*Available only for Vault Enterprise*.\n" + }, + "queueCapacity": { + "type": "integer", + "description": "Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`.\n" + } + }, + "inputProperties": { + "disabled": { + "type": "boolean", + "description": "Disables the syncing process between Vault and external destinations. Defaults to `false`.\n" + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThis resource can only be configured in the root namespace.\n*Available only for Vault Enterprise*.\n", + "willReplaceOnChanges": true + }, + "queueCapacity": { + "type": "integer", + "description": "Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering SyncConfig resources.\n", + "properties": { + "disabled": { + "type": "boolean", + "description": "Disables the syncing process between Vault and external destinations. Defaults to `false`.\n" + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThis resource can only be configured in the root namespace.\n*Available only for Vault Enterprise*.\n", + "willReplaceOnChanges": true + }, + "queueCapacity": { + "type": "integer", + "description": "Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`.\n" + } + }, + "type": "object" + } + }, + "vault:secrets/syncGcpDestination:SyncGcpDestination": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fs from \"fs\";\nimport * as vault from \"@pulumi/vault\";\n\nconst gcp = new vault.secrets.SyncGcpDestination(\"gcp\", {\n credentials: fs.readFileSync(_var.credentials_file, \"utf8\"),\n secretNameTemplate: \"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\",\n customTags: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\ngcp = vault.secrets.SyncGcpDestination(\"gcp\",\n credentials=(lambda path: open(path).read())(var[\"credentials_file\"]),\n secret_name_template=\"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\",\n custom_tags={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gcp = new Vault.Secrets.SyncGcpDestination(\"gcp\", new()\n {\n Credentials = File.ReadAllText(@var.Credentials_file),\n SecretNameTemplate = \"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\",\n CustomTags = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/secrets\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc readFileOrPanic(path string) pulumi.StringPtrInput {\n\tdata, err := os.ReadFile(path)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn pulumi.String(string(data))\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secrets.NewSyncGcpDestination(ctx, \"gcp\", \u0026secrets.SyncGcpDestinationArgs{\n\t\t\tCredentials: readFileOrPanic(_var.Credentials_file),\n\t\t\tSecretNameTemplate: pulumi.String(\"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\"),\n\t\t\tCustomTags: pulumi.Map{\n\t\t\t\t\"foo\": pulumi.Any(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.secrets.SyncGcpDestination;\nimport com.pulumi.vault.secrets.SyncGcpDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var gcp = new SyncGcpDestination(\"gcp\", SyncGcpDestinationArgs.builder() \n .credentials(Files.readString(Paths.get(var_.credentials_file())))\n .secretNameTemplate(\"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\")\n .customTags(Map.of(\"foo\", \"bar\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n gcp:\n type: vault:secrets:SyncGcpDestination\n properties:\n credentials:\n fn::readFile: ${var.credentials_file}\n secretNameTemplate: vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\n customTags:\n foo: bar\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGCP Secrets sync destinations can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import vault:secrets/syncGcpDestination:SyncGcpDestination gcp gcp-dest\n```\n ", + "properties": { + "credentials": { + "type": "string", + "description": "JSON-encoded credentials to use to connect to GCP.\nCan be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment\nvariable.\n", + "secret": true + }, + "customTags": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "Custom tags to set on the secret managed at the destination.\n" + }, + "name": { + "type": "string", + "description": "Unique name of the GCP destination.\n" + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).\n" + }, + "secretNameTemplate": { + "type": "string", + "description": "Template describing how to generate external secret names.\nSupports a subset of the Go Template syntax.\n" + }, + "type": { + "type": "string", + "description": "The type of the secrets destination (`gcp-sm`).\n" + } + }, + "required": [ + "name", + "secretNameTemplate", + "type" + ], + "inputProperties": { + "credentials": { + "type": "string", + "description": "JSON-encoded credentials to use to connect to GCP.\nCan be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment\nvariable.\n", + "secret": true + }, + "customTags": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "Custom tags to set on the secret managed at the destination.\n" + }, + "name": { + "type": "string", + "description": "Unique name of the GCP destination.\n", + "willReplaceOnChanges": true + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).\n", + "willReplaceOnChanges": true + }, + "secretNameTemplate": { + "type": "string", + "description": "Template describing how to generate external secret names.\nSupports a subset of the Go Template syntax.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering SyncGcpDestination resources.\n", + "properties": { + "credentials": { + "type": "string", + "description": "JSON-encoded credentials to use to connect to GCP.\nCan be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment\nvariable.\n", + "secret": true + }, + "customTags": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "Custom tags to set on the secret managed at the destination.\n" + }, + "name": { + "type": "string", + "description": "Unique name of the GCP destination.\n", + "willReplaceOnChanges": true + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).\n", + "willReplaceOnChanges": true + }, + "secretNameTemplate": { + "type": "string", + "description": "Template describing how to generate external secret names.\nSupports a subset of the Go Template syntax.\n" + }, + "type": { + "type": "string", + "description": "The type of the secrets destination (`gcp-sm`).\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, + "vault:secrets/syncGhDestination:SyncGhDestination": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst gh = new vault.secrets.SyncGhDestination(\"gh\", {\n accessToken: _var.access_token,\n repositoryOwner: _var.repo_owner,\n repositoryName: \"repo-name-example\",\n secretNameTemplate: \"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\",\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\ngh = vault.secrets.SyncGhDestination(\"gh\",\n access_token=var[\"access_token\"],\n repository_owner=var[\"repo_owner\"],\n repository_name=\"repo-name-example\",\n secret_name_template=\"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gh = new Vault.Secrets.SyncGhDestination(\"gh\", new()\n {\n AccessToken = @var.Access_token,\n RepositoryOwner = @var.Repo_owner,\n RepositoryName = \"repo-name-example\",\n SecretNameTemplate = \"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/secrets\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secrets.NewSyncGhDestination(ctx, \"gh\", \u0026secrets.SyncGhDestinationArgs{\n\t\t\tAccessToken: pulumi.Any(_var.Access_token),\n\t\t\tRepositoryOwner: pulumi.Any(_var.Repo_owner),\n\t\t\tRepositoryName: pulumi.String(\"repo-name-example\"),\n\t\t\tSecretNameTemplate: pulumi.String(\"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.secrets.SyncGhDestination;\nimport com.pulumi.vault.secrets.SyncGhDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var gh = new SyncGhDestination(\"gh\", SyncGhDestinationArgs.builder() \n .accessToken(var_.access_token())\n .repositoryOwner(var_.repo_owner())\n .repositoryName(\"repo-name-example\")\n .secretNameTemplate(\"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n gh:\n type: vault:secrets:SyncGhDestination\n properties:\n accessToken: ${var.access_token}\n repositoryOwner: ${var.repo_owner}\n repositoryName: repo-name-example\n secretNameTemplate: vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGitHub Secrets sync destinations can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import vault:secrets/syncGhDestination:SyncGhDestination gh gh-dest\n```\n ", + "properties": { + "accessToken": { + "type": "string", + "description": "Fine-grained or personal access token.\nCan be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment\nvariable.\n", + "secret": true + }, + "name": { + "type": "string", + "description": "Unique name of the GitHub destination.\n" + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).\n" + }, + "repositoryName": { + "type": "string", + "description": "Name of the repository.\nCan be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment\nvariable.\n" + }, + "repositoryOwner": { + "type": "string", + "description": "GitHub organization or username that owns the repository.\nCan be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment\nvariable.\n" + }, + "secretNameTemplate": { + "type": "string", + "description": "Template describing how to generate external secret names.\nSupports a subset of the Go Template syntax.\n" + }, + "type": { + "type": "string", + "description": "The type of the secrets destination (`gh`).\n" + } + }, + "required": [ + "name", + "secretNameTemplate", + "type" + ], + "inputProperties": { + "accessToken": { + "type": "string", + "description": "Fine-grained or personal access token.\nCan be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment\nvariable.\n", + "secret": true + }, + "name": { + "type": "string", + "description": "Unique name of the GitHub destination.\n", + "willReplaceOnChanges": true + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).\n", + "willReplaceOnChanges": true + }, + "repositoryName": { + "type": "string", + "description": "Name of the repository.\nCan be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment\nvariable.\n", + "willReplaceOnChanges": true + }, + "repositoryOwner": { + "type": "string", + "description": "GitHub organization or username that owns the repository.\nCan be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment\nvariable.\n", + "willReplaceOnChanges": true + }, + "secretNameTemplate": { + "type": "string", + "description": "Template describing how to generate external secret names.\nSupports a subset of the Go Template syntax.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering SyncGhDestination resources.\n", + "properties": { + "accessToken": { + "type": "string", + "description": "Fine-grained or personal access token.\nCan be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment\nvariable.\n", + "secret": true + }, + "name": { + "type": "string", + "description": "Unique name of the GitHub destination.\n", + "willReplaceOnChanges": true + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).\n", + "willReplaceOnChanges": true + }, + "repositoryName": { + "type": "string", + "description": "Name of the repository.\nCan be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment\nvariable.\n", + "willReplaceOnChanges": true + }, + "repositoryOwner": { + "type": "string", + "description": "GitHub organization or username that owns the repository.\nCan be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment\nvariable.\n", + "willReplaceOnChanges": true + }, + "secretNameTemplate": { + "type": "string", + "description": "Template describing how to generate external secret names.\nSupports a subset of the Go Template syntax.\n" + }, + "type": { + "type": "string", + "description": "The type of the secrets destination (`gh`).\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, + "vault:secrets/syncVercelDestination:SyncVercelDestination": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst vercel = new vault.secrets.SyncVercelDestination(\"vercel\", {\n accessToken: _var.access_token,\n projectId: _var.project_id,\n deploymentEnvironments: [\n \"development\",\n \"preview\",\n \"production\",\n ],\n secretNameTemplate: \"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\",\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\nvercel = vault.secrets.SyncVercelDestination(\"vercel\",\n access_token=var[\"access_token\"],\n project_id=var[\"project_id\"],\n deployment_environments=[\n \"development\",\n \"preview\",\n \"production\",\n ],\n secret_name_template=\"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var vercel = new Vault.Secrets.SyncVercelDestination(\"vercel\", new()\n {\n AccessToken = @var.Access_token,\n ProjectId = @var.Project_id,\n DeploymentEnvironments = new[]\n {\n \"development\",\n \"preview\",\n \"production\",\n },\n SecretNameTemplate = \"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/secrets\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secrets.NewSyncVercelDestination(ctx, \"vercel\", \u0026secrets.SyncVercelDestinationArgs{\n\t\t\tAccessToken: pulumi.Any(_var.Access_token),\n\t\t\tProjectId: pulumi.Any(_var.Project_id),\n\t\t\tDeploymentEnvironments: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"development\"),\n\t\t\t\tpulumi.String(\"preview\"),\n\t\t\t\tpulumi.String(\"production\"),\n\t\t\t},\n\t\t\tSecretNameTemplate: pulumi.String(\"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.secrets.SyncVercelDestination;\nimport com.pulumi.vault.secrets.SyncVercelDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var vercel = new SyncVercelDestination(\"vercel\", SyncVercelDestinationArgs.builder() \n .accessToken(var_.access_token())\n .projectId(var_.project_id())\n .deploymentEnvironments( \n \"development\",\n \"preview\",\n \"production\")\n .secretNameTemplate(\"vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n vercel:\n type: vault:secrets:SyncVercelDestination\n properties:\n accessToken: ${var.access_token}\n projectId: ${var.project_id}\n deploymentEnvironments:\n - development\n - preview\n - production\n secretNameTemplate: vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGitHub Secrets sync destinations can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import vault:secrets/syncVercelDestination:SyncVercelDestination vercel vercel-dest\n```\n ", + "properties": { + "accessToken": { + "type": "string", + "description": "Vercel API access token with the permissions to manage environment\nvariables.\n", + "secret": true + }, + "deploymentEnvironments": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Deployment environments where the environment variables\nare available. Accepts `development`, `preview` and `production`.\n" + }, + "name": { + "type": "string", + "description": "Unique name of the GitHub destination.\n" + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).\n" + }, + "projectId": { + "type": "string", + "description": "Project ID where to manage environment variables.\n" + }, + "secretNameTemplate": { + "type": "string", + "description": "Template describing how to generate external secret names.\nSupports a subset of the Go Template syntax.\n" + }, + "teamId": { + "type": "string", + "description": "Team ID where to manage environment variables.\n" + }, + "type": { + "type": "string", + "description": "The type of the secrets destination (`vercel-project`).\n" + } + }, + "required": [ + "accessToken", + "deploymentEnvironments", + "name", + "projectId", + "secretNameTemplate", + "type" + ], + "inputProperties": { + "accessToken": { + "type": "string", + "description": "Vercel API access token with the permissions to manage environment\nvariables.\n", + "secret": true + }, + "deploymentEnvironments": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Deployment environments where the environment variables\nare available. Accepts `development`, `preview` and `production`.\n" + }, + "name": { + "type": "string", + "description": "Unique name of the GitHub destination.\n", + "willReplaceOnChanges": true + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).\n", + "willReplaceOnChanges": true + }, + "projectId": { + "type": "string", + "description": "Project ID where to manage environment variables.\n", + "willReplaceOnChanges": true + }, + "secretNameTemplate": { + "type": "string", + "description": "Template describing how to generate external secret names.\nSupports a subset of the Go Template syntax.\n" + }, + "teamId": { + "type": "string", + "description": "Team ID where to manage environment variables.\n" + } + }, + "requiredInputs": [ + "accessToken", + "deploymentEnvironments", + "projectId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SyncVercelDestination resources.\n", + "properties": { + "accessToken": { + "type": "string", + "description": "Vercel API access token with the permissions to manage environment\nvariables.\n", + "secret": true + }, + "deploymentEnvironments": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Deployment environments where the environment variables\nare available. Accepts `development`, `preview` and `production`.\n" + }, + "name": { + "type": "string", + "description": "Unique name of the GitHub destination.\n", + "willReplaceOnChanges": true + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).\n", + "willReplaceOnChanges": true + }, + "projectId": { + "type": "string", + "description": "Project ID where to manage environment variables.\n", + "willReplaceOnChanges": true + }, + "secretNameTemplate": { + "type": "string", + "description": "Template describing how to generate external secret names.\nSupports a subset of the Go Template syntax.\n" + }, + "teamId": { + "type": "string", + "description": "Team ID where to manage environment variables.\n" + }, + "type": { + "type": "string", + "description": "The type of the secrets destination (`vercel-project`).\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, "vault:ssh/secretBackendCa:SecretBackendCa": { "description": "Provides a resource to manage CA information in an SSH secret backend\n[SSH secret backend within Vault](https://www.vaultproject.io/docs/secrets/ssh/index.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst example = new vault.Mount(\"example\", {type: \"ssh\"});\nconst foo = new vault.ssh.SecretBackendCa(\"foo\", {backend: example.path});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\nexample = vault.Mount(\"example\", type=\"ssh\")\nfoo = vault.ssh.SecretBackendCa(\"foo\", backend=example.path)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Vault.Mount(\"example\", new()\n {\n Type = \"ssh\",\n });\n\n var foo = new Vault.Ssh.SecretBackendCa(\"foo\", new()\n {\n Backend = example.Path,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v5/go/vault\"\n\t\"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/ssh\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := vault.NewMount(ctx, \"example\", \u0026vault.MountArgs{\n\t\t\tType: pulumi.String(\"ssh\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ssh.NewSecretBackendCa(ctx, \"foo\", \u0026ssh.SecretBackendCaArgs{\n\t\t\tBackend: example.Path,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.Mount;\nimport com.pulumi.vault.MountArgs;\nimport com.pulumi.vault.ssh.SecretBackendCa;\nimport com.pulumi.vault.ssh.SecretBackendCaArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Mount(\"example\", MountArgs.builder() \n .type(\"ssh\")\n .build());\n\n var foo = new SecretBackendCa(\"foo\", SecretBackendCaArgs.builder() \n .backend(example.path())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: vault:Mount\n properties:\n type: ssh\n foo:\n type: vault:ssh:SecretBackendCa\n properties:\n backend: ${example.path}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSSH secret backend CAs can be imported using the `path`, e.g.\n\n```sh\n $ pulumi import vault:ssh/secretBackendCa:SecretBackendCa foo ssh\n```\n ", "properties": { diff --git a/provider/go.mod b/provider/go.mod index fba9df087..64b73e763 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -9,14 +9,14 @@ require ( ) require ( - cloud.google.com/go v0.111.0 // indirect - cloud.google.com/go/compute v1.23.3 // indirect + cloud.google.com/go v0.112.0 // indirect + cloud.google.com/go/compute v1.23.4 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect - cloud.google.com/go/iam v1.1.5 // indirect - cloud.google.com/go/kms v1.15.5 // indirect + cloud.google.com/go/iam v1.1.6 // indirect + cloud.google.com/go/kms v1.15.6 // indirect cloud.google.com/go/logging v1.9.0 // indirect - cloud.google.com/go/longrunning v0.5.4 // indirect - cloud.google.com/go/storage v1.35.1 // indirect + cloud.google.com/go/longrunning v0.5.5 // indirect + cloud.google.com/go/storage v1.36.0 // indirect dario.cat/mergo v1.0.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.0 // indirect @@ -26,11 +26,11 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 // indirect github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect - github.com/BurntSushi/toml v1.2.1 // indirect + github.com/BurntSushi/toml v1.3.2 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver v1.5.0 // indirect - github.com/Masterminds/semver/v3 v3.1.1 // indirect - github.com/Masterminds/sprig/v3 v3.2.2 // indirect + github.com/Masterminds/semver/v3 v3.2.1 // indirect + github.com/Masterminds/sprig/v3 v3.2.3 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect @@ -71,9 +71,9 @@ require ( github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/deckarep/golang-set/v2 v2.5.0 // indirect + github.com/distribution/reference v0.5.0 // indirect github.com/djherbis/times v1.5.0 // indirect - github.com/docker/distribution v2.8.2+incompatible // indirect - github.com/docker/docker v24.0.7+incompatible // indirect + github.com/docker/docker v25.0.1+incompatible // indirect github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/edsrzf/mmap-go v1.1.0 // indirect @@ -82,7 +82,6 @@ require ( github.com/evanphx/json-patch/v5 v5.6.0 // indirect github.com/fatih/color v1.15.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/frankban/quicktest v1.14.4 // indirect github.com/gedex/inflector v0.0.0-20170307190818-16278e9db813 // indirect github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect @@ -90,7 +89,7 @@ require ( github.com/go-git/go-git/v5 v5.11.0 // indirect github.com/go-jose/go-jose/v3 v3.0.1 // indirect github.com/go-ldap/ldap/v3 v3.4.4 // indirect - github.com/go-logr/logr v1.3.0 // indirect + github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/gofrs/uuid v4.3.0+incompatible // indirect github.com/gogo/protobuf v1.3.2 // indirect @@ -120,7 +119,7 @@ require ( github.com/hashicorp/go-hclog v1.6.2 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.0 // indirect - github.com/hashicorp/go-kms-wrapping/v2 v2.0.9-0.20230228100945-740d2999c798 // indirect + github.com/hashicorp/go-kms-wrapping/v2 v2.0.14 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-plugin v1.6.0 // indirect github.com/hashicorp/go-retryablehttp v0.7.5 // indirect @@ -128,7 +127,7 @@ require ( github.com/hashicorp/go-safetemp v1.0.0 // indirect github.com/hashicorp/go-secure-stdlib/awsutil v0.2.3 // indirect github.com/hashicorp/go-secure-stdlib/base62 v0.1.2 // indirect - github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 // indirect + github.com/hashicorp/go-secure-stdlib/mlock v0.1.3 // indirect github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/plugincontainer v0.2.2 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect @@ -149,13 +148,14 @@ require ( github.com/hashicorp/terraform-plugin-sdk/v2 v2.31.0 // indirect github.com/hashicorp/terraform-registry-address v0.2.3 // indirect github.com/hashicorp/terraform-svchost v0.1.1 // indirect + github.com/hashicorp/vault v1.15.5 // indirect github.com/hashicorp/vault-plugin-auth-jwt v0.18.0 // indirect github.com/hashicorp/vault-plugin-auth-kerberos v0.10.1 // indirect github.com/hashicorp/vault-plugin-auth-oci v0.14.2 // indirect - github.com/hashicorp/vault/api v1.10.0 // indirect + github.com/hashicorp/vault/api v1.11.1-0.20240201194553-aab72100fb2f // indirect github.com/hashicorp/vault/sdk v0.10.2 // indirect github.com/hashicorp/yamux v0.1.1 // indirect - github.com/huandu/xstrings v1.3.2 // indirect + github.com/huandu/xstrings v1.4.0 // indirect github.com/iancoleman/strcase v0.2.0 // indirect github.com/imdario/mergo v0.3.15 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect @@ -228,7 +228,7 @@ require ( github.com/shopspring/decimal v1.3.1 // indirect github.com/skeema/knownhosts v1.2.1 // indirect github.com/spf13/afero v1.9.5 // indirect - github.com/spf13/cast v1.5.0 // indirect + github.com/spf13/cast v1.5.1 // indirect github.com/spf13/cobra v1.7.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/stretchr/testify v1.8.4 // indirect @@ -246,32 +246,34 @@ require ( github.com/xeipuuv/gojsonschema v1.2.0 // indirect github.com/zclconf/go-cty v1.14.1 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect - go.opentelemetry.io/otel v1.21.0 // indirect - go.opentelemetry.io/otel/metric v1.21.0 // indirect - go.opentelemetry.io/otel/trace v1.21.0 // indirect - go.uber.org/atomic v1.10.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect + go.opentelemetry.io/otel v1.23.1 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.23.1 // indirect + go.opentelemetry.io/otel/metric v1.23.1 // indirect + go.opentelemetry.io/otel/trace v1.23.1 // indirect + go.opentelemetry.io/proto/otlp v1.1.0 // indirect + go.uber.org/atomic v1.11.0 // indirect gocloud.dev v0.36.0 // indirect gocloud.dev/secrets/hashivault v0.27.0 // indirect - golang.org/x/crypto v0.18.0 // indirect + golang.org/x/crypto v0.19.0 // indirect golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect golang.org/x/mod v0.14.0 // indirect - golang.org/x/net v0.20.0 // indirect + golang.org/x/net v0.21.0 // indirect golang.org/x/oauth2 v0.16.0 // indirect golang.org/x/sync v0.6.0 // indirect - golang.org/x/sys v0.16.0 // indirect - golang.org/x/term v0.16.0 // indirect + golang.org/x/sys v0.17.0 // indirect + golang.org/x/term v0.17.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.15.0 // indirect golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect - google.golang.org/api v0.156.0 // indirect + google.golang.org/api v0.160.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 // indirect - google.golang.org/grpc v1.61.0 // indirect + google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240213162025-012b6fc9bca9 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 // indirect + google.golang.org/grpc v1.61.1 // indirect google.golang.org/protobuf v1.32.0 // indirect gopkg.in/jcmturner/goidentity.v3 v3.0.0 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect diff --git a/provider/go.sum b/provider/go.sum index 649b86ad5..c0ee9a378 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -40,8 +40,8 @@ cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRY cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM= cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I= cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY= -cloud.google.com/go v0.111.0 h1:YHLKNupSD1KqjDbQ3+LVdQ81h/UJbJyZG203cEfnQgM= -cloud.google.com/go v0.111.0/go.mod h1:0mibmpKP1TyOOFYQY5izo0LnT+ecvOQ0Sg3OdmMiNRU= +cloud.google.com/go v0.112.0 h1:tpFCD7hpHFlQ8yPwT3x+QeXqc2T6+n6T+hmABHfDUSM= +cloud.google.com/go v0.112.0/go.mod h1:3jEEVwZ/MHU4djK5t5RHuKOA/GbLddgTdVubX1qnPD4= cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4= cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw= cloud.google.com/go/accessapproval v1.6.0/go.mod h1:R0EiYnwV5fsRFiKZkPHr6mwyk2wxUJ30nL4j2pcFY2E= @@ -178,8 +178,8 @@ cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63 cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU= cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE= -cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk= -cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI= +cloud.google.com/go/compute v1.23.4 h1:EBT9Nw4q3zyE7G45Wvv3MzolIrCJEuHys5muLY0wvAw= +cloud.google.com/go/compute v1.23.4/go.mod h1:/EJMj55asU6kAFnuZET8zqgwgJ9FvXWXOkkfQZa4ioI= cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= @@ -320,8 +320,8 @@ cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGE cloud.google.com/go/iam v0.11.0/go.mod h1:9PiLDanza5D+oWFZiH1uG+RnRCfEGKoyl6yo4cgWZGY= cloud.google.com/go/iam v0.12.0/go.mod h1:knyHGviacl11zrtZUoDuYpDgLjvr28sLQaG0YB2GYAY= cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0= -cloud.google.com/go/iam v1.1.5 h1:1jTsCu4bcsNsE4iiqNT5SHwrDRCfRmIaaaVFhRveTJI= -cloud.google.com/go/iam v1.1.5/go.mod h1:rB6P/Ic3mykPbFio+vo7403drjlgvoWfYpJhMXEbzv8= +cloud.google.com/go/iam v1.1.6 h1:bEa06k05IO4f4uJonbB5iAgKTPpABy1ayxaIZV/GHVc= +cloud.google.com/go/iam v1.1.6/go.mod h1:O0zxdPeGBoFdWW3HWmBxJsk0pfvNM/p/qa82rWOGTwI= cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= cloud.google.com/go/iap v1.6.0/go.mod h1:NSuvI9C/j7UdjGjIde7t7HBz+QTwBcapPE07+sSRcLk= @@ -341,8 +341,8 @@ cloud.google.com/go/kms v1.8.0/go.mod h1:4xFEhYFqvW+4VMELtZyxomGSYtSQKzM178ylFW4 cloud.google.com/go/kms v1.9.0/go.mod h1:qb1tPTgfF9RQP8e1wq4cLFErVuTJv7UsSC915J8dh3w= cloud.google.com/go/kms v1.10.0/go.mod h1:ng3KTUtQQU9bPX3+QGLsflZIHlkbn8amFAMY63m8d24= cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI= -cloud.google.com/go/kms v1.15.5 h1:pj1sRfut2eRbD9pFRjNnPNg/CzJPuQAzUujMIM1vVeM= -cloud.google.com/go/kms v1.15.5/go.mod h1:cU2H5jnp6G2TDpUGZyqTCoy1n16fbubHZjmVXSMtwDI= +cloud.google.com/go/kms v1.15.6 h1:ktpEMQmsOAYj3VZwH020FcQlm23BVYg8T8O1woG2GcE= +cloud.google.com/go/kms v1.15.6/go.mod h1:yF75jttnIdHfGBoE51AKsD/Yqf+/jICzB9v1s1acsms= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE= @@ -358,8 +358,8 @@ cloud.google.com/go/logging v1.9.0/go.mod h1:1Io0vnZv4onoUnsVUQY3HZ3Igb1nBchky0A cloud.google.com/go/longrunning v0.1.1/go.mod h1:UUFxuDWkv22EuY93jjmDMFT5GPQKeFVJBIF6QlTqdsE= cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI0YSmW3iIlLJc= cloud.google.com/go/longrunning v0.4.1/go.mod h1:4iWDqhBZ70CvZ6BfETbvam3T8FMvLK+eFj0E6AaRQTo= -cloud.google.com/go/longrunning v0.5.4 h1:w8xEcbZodnA2BbW6sVirkkoC+1gP8wS57EUUgGS0GVg= -cloud.google.com/go/longrunning v0.5.4/go.mod h1:zqNVncI0BOP8ST6XQD1+VcvuShMmq7+xFSzOL++V0dI= +cloud.google.com/go/longrunning v0.5.5 h1:GOE6pZFdSrTb4KAiKnXsJBtlE6mEyaW44oKyMILWnOg= +cloud.google.com/go/longrunning v0.5.5/go.mod h1:WV2LAxD8/rg5Z1cNW6FJ/ZpX4E4VnDnoTk0yawPBB7s= cloud.google.com/go/managedidentities v1.3.0/go.mod h1:UzlW3cBOiPrzucO5qWkNkh0w33KFtBJU281hacNvsdE= cloud.google.com/go/managedidentities v1.4.0/go.mod h1:NWSBYbEMgqmbZsLIyKvxrYbtqOsxY1ZrGM+9RgDqInM= cloud.google.com/go/managedidentities v1.5.0/go.mod h1:+dWcZ0JlUmpuxpIDfyP5pP5y0bLdRwOS4Lp7gMni/LA= @@ -551,8 +551,8 @@ cloud.google.com/go/storage v1.24.0/go.mod h1:3xrJEFMXBsQLgxwThyjuD3aYlroL0TMRec cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s= cloud.google.com/go/storage v1.28.1/go.mod h1:Qnisd4CqDdo6BGs2AD5LLnEsmSQ80wQ5ogcBBKhU86Y= cloud.google.com/go/storage v1.29.0/go.mod h1:4puEjyTKnku6gfKoTfNOU/W+a9JyuVNxjpS5GBrB8h4= -cloud.google.com/go/storage v1.35.1 h1:B59ahL//eDfx2IIKFBeT5Atm9wnNmj3+8xG/W4WB//w= -cloud.google.com/go/storage v1.35.1/go.mod h1:M6M/3V/D3KpzMTJyPOR/HU6n2Si5QdaXYEsng2xgOs8= +cloud.google.com/go/storage v1.36.0 h1:P0mOkAcaJxhCTvAkMhxMfrTKiNcub4YmmPBtlhAyTr8= +cloud.google.com/go/storage v1.36.0/go.mod h1:M6M/3V/D3KpzMTJyPOR/HU6n2Si5QdaXYEsng2xgOs8= cloud.google.com/go/storagetransfer v1.5.0/go.mod h1:dxNzUopWy7RQevYFHewchb29POFv3/AaBgnhqzqiK0w= cloud.google.com/go/storagetransfer v1.6.0/go.mod h1:y77xm4CQV/ZhFZH75PLEXY0ROiS7Gh6pSKrM8dJyg6I= cloud.google.com/go/storagetransfer v1.7.0/go.mod h1:8Giuj1QNb1kfLAiWM1bN6dHzfdlDAVC9rv9abHot2W4= @@ -638,8 +638,8 @@ github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9mo github.com/Azure/azure-sdk-for-go v56.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v63.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v65.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v66.0.0+incompatible h1:bmmC38SlE8/E81nNADlgmVGurPWMHDX2YNXVQMrBpEE= github.com/Azure/azure-sdk-for-go v66.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= github.com/Azure/azure-sdk-for-go/sdk/azcore v0.19.0/go.mod h1:h6H6c8enJmmocHUbLiiGY6sx7f9i+X3m1CHdd5c6Rdw= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.0.0/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= @@ -669,8 +669,9 @@ github.com/Azure/go-amqp v0.17.0/go.mod h1:9YJ3RhxRT1gquYnzpZO1vcYMMpAdJT+QEg6fw github.com/Azure/go-amqp v0.17.5/go.mod h1:9YJ3RhxRT1gquYnzpZO1vcYMMpAdJT+QEg6fwmw9Zlg= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= -github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= +github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= +github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= @@ -705,8 +706,9 @@ github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0/go.mod h1:Vt9s github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 h1:DzHpqpoJVaCgOUdVHxE8QB52S6NiVdDQvGlny1qvPqA= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak= github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= +github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/GoogleCloudPlatform/cloudsql-proxy v1.31.2/go.mod h1:qR6jVnZTKDCW3j+fC9mOEPHm++1nKDMkqbbkD6KNsfo= @@ -718,11 +720,13 @@ github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJ github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= -github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc= github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= +github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= +github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Masterminds/sprig/v3 v3.2.1/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk= -github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8= -github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk= +github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= +github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= @@ -1079,8 +1083,9 @@ github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ= github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM= github.com/containerd/continuity v0.2.2/go.mod h1:pWygW9u7LtS1o4N/Tn0FoCFDIXZ7rxcMX7HX1Dmibvk= -github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg= github.com/containerd/continuity v0.3.0/go.mod h1:wJEAIwKOm/pBZuBd0JmeTvnLquTB1Ag8espWhkykbPM= +github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= +github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0= @@ -1106,6 +1111,8 @@ github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJ github.com/containerd/imgcrypt v1.1.3/go.mod h1:/TPA1GIDXMzbj01yd8pIbQiLdQxed5ue1wb8bP7PQu4= github.com/containerd/imgcrypt v1.1.4/go.mod h1:LorQnPtzL/T0IyCeftcsMEO7AqxUDbdO8j/tSUpgxvo= github.com/containerd/imgcrypt v1.1.7/go.mod h1:FD8gqIcX5aTotCtOmjeCsi3A1dHmTZpnMISGKSczt4k= +github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= +github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c= github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= @@ -1216,6 +1223,8 @@ github.com/digitalocean/godo v1.78.0/go.mod h1:GBmu8MkjZmNARE7IXRPmkbbnocNN8+uBm github.com/digitalocean/godo v1.81.0/go.mod h1:BPCqvwbjbGqxuUnIKB4EvS/AX7IDnNmt5fwvIkWo+ew= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269/go.mod h1:28YO/VJk9/64+sTGNuYaBjWxrXTPrj0C0XmgTIOjxX4= +github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= +github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/djherbis/times v1.5.0 h1:79myA211VwPhFTqUk8xehWrsEO+zcIZj0zT8mXPVARU= github.com/djherbis/times v1.5.0/go.mod h1:5q7FDLvbNg1L/KaBmPcWlVR9NmoKo3+ucqUA3ijQhA0= github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= @@ -1224,13 +1233,13 @@ github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli v20.10.17+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/cli v20.10.20+incompatible h1:lWQbHSHUFs7KraSN2jOJK7zbMS2jNCHI4mt4xUFUVQ4= github.com/docker/cli v20.10.20+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbTO1lpcGSkU= +github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= @@ -1239,8 +1248,8 @@ github.com/docker/docker v20.10.17+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05 github.com/docker/docker v20.10.20+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v23.0.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v24.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM= -github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v25.0.1+incompatible h1:k5TYd5rIVQRSqcTwCID+cyVA0yRg86+Pcrz1ls0/frA= +github.com/docker/docker v25.0.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= @@ -1403,8 +1412,8 @@ github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV github.com/go-logr/logr v1.2.1/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= -github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= +github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.0/go.mod h1:YkVgnZu1ZjjL7xTxrfm/LLZBfkhTqSR1ydtm6jTKKwI= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= @@ -1519,8 +1528,9 @@ github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzw github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw= github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= -github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= +github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 h1:au07oEsX2xN0ktxqI+Sida1w446QrXBRJ0nee3SNZlA= +github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= github.com/golang-sql/sqlexp v0.1.0 h1:ZCD6MBpcuOVfGVqsEmY5/4FtYiKz6tSyUv9LPEDei6A= github.com/golang-sql/sqlexp v0.1.0/go.mod h1:J4ad9Vo8ZCWQ2GMrC4UCQy1JpCbwU9m3EOqtpKwwwHI= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= @@ -1707,10 +1717,13 @@ github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= github.com/grpc-ecosystem/grpc-gateway/v2 v2.10.2/go.mod h1:chrfS3YoLAlKTRE5cFWvCbt8uGAjshktT4PveTUpsFQ= github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 h1:/c3QmbOGMGTOumP2iT/rCwB7b0QDGLKzqOmktBjT+Is= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1/go.mod h1:5SN9VR2LTsRFsrEC6FHgRbTWrTHu6tqPeKxEQv15giM= github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 h1:MJG/KsmcqMwFAkh8mTnAwhyKoB+sTAnY4CACC110tbU= github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645/go.mod h1:6iZfnjpejD4L/4DwD7NryNaJyCQdzwWwH2MWhCA90Kw= github.com/hanwen/go-fuse v1.0.0/go.mod h1:unqXarDXqzAk0rt98O2tVndEPIpUgLD9+rwFisZH3Ok= @@ -1759,8 +1772,8 @@ github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jU github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.0 h1:pSjQfW3vPtrOTcasTUKgCTQT7OGPPTTMVRrOfU6FJD8= github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.0/go.mod h1:xvb32K2keAc+R8DSFG2IwDcydK9DBQE+fGA5fsw6hSk= github.com/hashicorp/go-kms-wrapping/v2 v2.0.8/go.mod h1:qTCjxGig/kjuj3hk1z8pOUrzbse/GxB1tGfbrq8tGJg= -github.com/hashicorp/go-kms-wrapping/v2 v2.0.9-0.20230228100945-740d2999c798 h1:22yjMhn+kJ7u8RaP5qcYEn02zHWnIg1/JxE4BL8JLtQ= -github.com/hashicorp/go-kms-wrapping/v2 v2.0.9-0.20230228100945-740d2999c798/go.mod h1:iRHxwFG8L24HhemSuvDYtuwVkjkl+OkTLvQ5bmqzAqE= +github.com/hashicorp/go-kms-wrapping/v2 v2.0.14 h1:1ZuhfnZgRnLK8S0KovJkoTCRIQId5pv3sDR7pG5VQBw= +github.com/hashicorp/go-kms-wrapping/v2 v2.0.14/go.mod h1:0dWtzl2ilqKpavgM3id/kFK9L3tjo6fS4OhbVPSYpnQ= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= @@ -1791,8 +1804,9 @@ github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PU github.com/hashicorp/go-secure-stdlib/base62 v0.1.2 h1:ET4pqyjiGmY09R5y+rSd70J2w45CtbWDNvGqWp/R3Ng= github.com/hashicorp/go-secure-stdlib/base62 v0.1.2/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw= github.com/hashicorp/go-secure-stdlib/mlock v0.1.1/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I= -github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 h1:p4AKXPPS24tO8Wc8i1gLvSKdmkiSY5xuju57czJ/IJQ= github.com/hashicorp/go-secure-stdlib/mlock v0.1.2/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I= +github.com/hashicorp/go-secure-stdlib/mlock v0.1.3 h1:kH3Rhiht36xhAfhuHyWJDgdXXEx9IIZhDGRk24CDhzg= +github.com/hashicorp/go-secure-stdlib/mlock v0.1.3/go.mod h1:ov1Q0oEDjC3+A4BwsG2YdKltrmEw8sf9Pau4V9JQ4Vo= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= @@ -1871,6 +1885,8 @@ github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVf github.com/hashicorp/terraform-svchost v0.0.0-20191011084731-65d371908596/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg= github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= github.com/hashicorp/terraform-svchost v0.1.1/go.mod h1:mNsjQfZyf/Jhz35v6/0LWcv26+X7JPS+buii2c9/ctc= +github.com/hashicorp/vault v1.15.5 h1:CzDfgFcKjMfsfYhxyfixugeDNcCTU5L0idJXsNEmt9g= +github.com/hashicorp/vault v1.15.5/go.mod h1:Osg4441jt6uoCZi46XfASOy988G3mSh5UTo1EKmVnUY= github.com/hashicorp/vault-plugin-auth-jwt v0.18.0 h1:ooDRFPUtlRH2gvtXkG6Mpt2E/ziO8tCFU7lWdWtjW50= github.com/hashicorp/vault-plugin-auth-jwt v0.18.0/go.mod h1:nLMLAx8jTNEDYwa86nltCVAwhVt/gHODRlfRQSu3Wp8= github.com/hashicorp/vault-plugin-auth-kerberos v0.10.1 h1:nXni7zfOyhOWJBC42iWqIEZA+aYCo3diyVrr1mHs5yo= @@ -1881,8 +1897,9 @@ github.com/hashicorp/vault/api v1.4.1/go.mod h1:LkMdrZnWNrFaQyYYazWVn7KshilfDidg github.com/hashicorp/vault/api v1.7.2/go.mod h1:xbfA+1AvxFseDzxxdWaL0uO99n1+tndus4GCrtouy0M= github.com/hashicorp/vault/api v1.9.1/go.mod h1:78kktNcQYbBGSrOjQfHjXN32OhhxXnbYl3zxpd2uPUs= github.com/hashicorp/vault/api v1.9.2/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8= -github.com/hashicorp/vault/api v1.10.0 h1:/US7sIjWN6Imp4o/Rj1Ce2Nr5bki/AXi9vAW3p2tOJQ= github.com/hashicorp/vault/api v1.10.0/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8= +github.com/hashicorp/vault/api v1.11.1-0.20240201194553-aab72100fb2f h1:p+fDsRR6J7c44vcQA9riGGH37GUI9Q//HhVO5F1kmHo= +github.com/hashicorp/vault/api v1.11.1-0.20240201194553-aab72100fb2f/go.mod h1:si+lJCYO7oGkIoNPAN8j3azBLTn9SjMGS+jFaHd1Cck= github.com/hashicorp/vault/sdk v0.4.1/go.mod h1:aZ3fNuL5VNydQk8GcLJ2TV8YCRVvyaakYkhZRoVuhj0= github.com/hashicorp/vault/sdk v0.5.1/go.mod h1:DoGraE9kKGNcVgPmTuX357Fm6WAx1Okvde8Vp3dPDoU= github.com/hashicorp/vault/sdk v0.5.3/go.mod h1:DoGraE9kKGNcVgPmTuX357Fm6WAx1Okvde8Vp3dPDoU= @@ -1907,8 +1924,10 @@ github.com/hexops/valast v1.4.4 h1:rETyycw+/L2ZVJHHNxEBgh8KUn+87WugH9MxcEv9PGs= github.com/hexops/valast v1.4.4/go.mod h1:Jcy1pNH7LNraVaAZDLyv21hHg2WBv9Nf9FL6fGxU7o4= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw= github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU= +github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/iancoleman/strcase v0.2.0 h1:05I4QRnGpI0m37iZQRuskXh+w77mr6Z41lwQzuHLwW0= github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= @@ -2374,6 +2393,7 @@ github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnh github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/oracle/oci-go-sdk v24.3.0+incompatible h1:x4mcfb4agelf1O4/1/auGlZ1lr97jXRSSN5MxTgG/zU= github.com/oracle/oci-go-sdk v24.3.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888= +github.com/ory/dockertest v3.3.5+incompatible h1:iLLK6SQwIhcbrG783Dghaaa3WPzGc+4Emza6EbVUUGA= github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4aNE4= github.com/ory/dockertest/v3 v3.10.0/go.mod h1:nr57ZbRWMqfsdGdFNLHz5jjNdDb7VVFnzAeW1n5N1Lg= github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= @@ -2592,8 +2612,9 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/skeema/knownhosts v1.2.0/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ= github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= @@ -2614,8 +2635,8 @@ github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM= github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= -github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= +github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA= +github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48= github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= @@ -2814,14 +2835,14 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.2 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0/go.mod h1:vEhqr0m4eTc+DWxfsXoXue2GBgV2uUwVznkGIHW/e5w= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.35.0/go.mod h1:h8TWwRAhQpOd0aM5nYsRD8+flnkj+526GEIVlarH7eY= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.40.0/go.mod h1:UMklln0+MRhZC4e3PwmN3pCtq4DyIadWw4yikh6bNrw= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 h1:SpGay3w+nEwMpfVnbqOLH5gY52/foP8RE8UzTZ1pdSE= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1/go.mod h1:4UoMYEZOC0yN/sPGH76KPkkU7zgiEWYWL9vwmbnTJPE= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 h1:UNQQKPfTDe1J81ViolILjTKPr9WetKW6uei2hFgJmFs= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0/go.mod h1:r9vWsPS/3AQItv3OSlEJ/E4mbrhUbbw18meOjArPtKQ= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.31.0/go.mod h1:PFmBsWbldL1kiWZk9+0LBZz2brhByaGsvp6pRICMlPE= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.32.0/go.mod h1:5eCOqeGphOyz6TsY3ZDNjE33SM/TFAK3RGuCL2naTgY= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.0/go.mod h1:9NiG9I2aHTKkcxqCILhjtyNA1QEiCjdBACv4IvrFQ+c= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 h1:aFJWCqJMNjENlcleuuOkGAPH82y0yULBScfXcIEdS24= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 h1:sv9kVfal0MK0wBMCOGr+HeJm9v803BkJxGrk2au7j08= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw= go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= go.opentelemetry.io/otel v1.0.1/go.mod h1:OPEOD4jIT2SlZPMmwT6FqZz2C0ZNdQqiWcoK6M0SNFU= go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs= @@ -2831,8 +2852,9 @@ go.opentelemetry.io/otel v1.7.0/go.mod h1:5BdUoMIz5WEs0vt0CUEMtSSaTSHBBVwrhnz7+n go.opentelemetry.io/otel v1.8.0/go.mod h1:2pkj+iMj0o03Y+cW6/m8Y4WkRdYN3AvCXCnzRMp9yvM= go.opentelemetry.io/otel v1.10.0/go.mod h1:NbvWjCthWHKBEUMpf0/v8ZRZlni86PpGFEMA9pnQSnQ= go.opentelemetry.io/otel v1.14.0/go.mod h1:o4buv+dJzx8rohcUeRmWUZhqupFvzWis188WlggnNeU= -go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc= -go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= +go.opentelemetry.io/otel v1.23.1 h1:Za4UzOqJYS+MUczKI320AtqZHZb7EqxO00jAHE0jmQY= +go.opentelemetry.io/otel v1.23.1/go.mod h1:Td0134eafDLcTS4y+zQ26GE8u3dEuRBiBCTUIRHaikA= +go.opentelemetry.io/otel/exporters/otlp v0.20.0 h1:PTNgq9MRmQqqJY0REVbZFvwkYOA85vbdQU/nVfxDyqg= go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4= go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.6.1/go.mod h1:NEu79Xo32iVb+0gVNV8PMd7GoWqnyDXRlj04yFjqz40= @@ -2845,6 +2867,8 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.6.1/go.mod h1:YJ/JbY5ag/tSQ go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.7.0/go.mod h1:ceUgdyfNv4h4gLxHR0WNfDiiVmZFodZhZSbOLhpxqXE= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.10.0/go.mod h1:Krqnjl22jUJ0HgMzw5eveuCvFDXY4nSYb4F8t5gdrag= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.14.0/go.mod h1:HrbCVv40OOLTABmOn1ZWty6CHXkU8DK/Urc43tHug70= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.23.1 h1:o8iWeVFa1BcLtVEV0LzrCxV2/55tB3xLxADr6Kyoey4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.23.1/go.mod h1:SEVfdK4IoBnbT2FXNM/k8yC08MrfbhWk3U4ljM8B3HE= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.0.1/go.mod h1:xOvWoTOrQjxjW61xtOmD/WKGRYb/P4NzRo3bs65U6Rk= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0/go.mod h1:keUU7UfnwWTWpJ+FWnyqmogPa82nuU5VUANFq49hlMY= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.6.1/go.mod h1:UJJXJj0rltNIemDMwkOJyggsvyMG9QHfJeFH0HS5JjM= @@ -2855,13 +2879,15 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.6.1/go.mod h1:DAKwdo06hFLc0U88O10x4xnb5sc7dDRDqRuiN+io8JE= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.7.0/go.mod h1:aFXT9Ng2seM9eizF+LfKiyPBGy8xIZKwhusC1gIu3hA= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.14.0/go.mod h1:+N7zNjIJv4K+DeX67XXET0P+eIciESgaFDBqh+ZJFS4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.23.1 h1:cfuy3bXmLJS7M1RZmAL6SuhGtKUp2KEsrm00OlAXkq4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.23.1/go.mod h1:22jr92C6KwlwItJmQzfixzQM3oyyuYLCfHiMY+rpsPU= go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= go.opentelemetry.io/otel/metric v0.28.0/go.mod h1:TrzsfQAmQaB1PDcdhBauLMk7nyyg9hm+GoQq/ekE9Iw= go.opentelemetry.io/otel/metric v0.30.0/go.mod h1:/ShZ7+TS4dHzDFmfi1kSXMhMVubNoP0oIaBp70J6UXU= go.opentelemetry.io/otel/metric v0.31.0/go.mod h1:ohmwj9KTSIeBnDBm/ZwH2PSZxZzoOaG2xZeekTRzL5A= go.opentelemetry.io/otel/metric v0.37.0/go.mod h1:DmdaHfGt54iV6UKxsV9slj2bBRJcKC1B1uvDLIioc1s= -go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4= -go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM= +go.opentelemetry.io/otel/metric v1.23.1 h1:PQJmqJ9u2QaJLBOELl1cxIdPcpbwzbkjfEyelTl2rlo= +go.opentelemetry.io/otel/metric v1.23.1/go.mod h1:mpG2QPlAfnK8yNhNJAxDZruU9Y1/HubbC+KyH8FaCWI= go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= go.opentelemetry.io/otel/sdk v1.0.1/go.mod h1:HrdXne+BiwsOHYYkBE5ysIcv2bvdZstxzmCQhxTcZkI= @@ -2870,8 +2896,8 @@ go.opentelemetry.io/otel/sdk v1.6.1/go.mod h1:IVYrddmFZ+eJqu2k38qD3WezFR2pymCzm8 go.opentelemetry.io/otel/sdk v1.7.0/go.mod h1:uTEOTwaqIVuTGiJN7ii13Ibp75wJmYUDe374q6cZwUU= go.opentelemetry.io/otel/sdk v1.10.0/go.mod h1:vO06iKzD5baltJz1zarxMCNHFpUlUiOy4s65ECtn6kE= go.opentelemetry.io/otel/sdk v1.14.0/go.mod h1:bwIC5TjrNG6QDCHNWvW4HLHtUQ4I+VQDsnjhvyZCALM= -go.opentelemetry.io/otel/sdk v1.19.0 h1:6USY6zH+L8uMH8L3t1enZPR3WFEmSTADlqldyHtJi3o= -go.opentelemetry.io/otel/sdk v1.19.0/go.mod h1:NedEbbS4w3C6zElbLdPJKOpJQOrGUJ+GfzpjUvI0v1A= +go.opentelemetry.io/otel/sdk v1.23.1 h1:O7JmZw0h76if63LQdsBMKQDWNb5oEcOThG9IrxscV+E= +go.opentelemetry.io/otel/sdk v1.23.1/go.mod h1:LzdEVR5am1uKOOwfBWFef2DCi1nu3SA8XQxx2IerWFk= go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= @@ -2883,8 +2909,8 @@ go.opentelemetry.io/otel/trace v1.7.0/go.mod h1:fzLSB9nqR2eXzxPXb2JW9IKE+ScyXA48 go.opentelemetry.io/otel/trace v1.8.0/go.mod h1:0Bt3PXY8w+3pheS3hQUt+wow8b1ojPaTBoTCh2zIFI4= go.opentelemetry.io/otel/trace v1.10.0/go.mod h1:Sij3YYczqAdz+EhmGhE6TpTxUO5/F/AzrK+kxfGqySM= go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+gozhnZjy/rw9G8= -go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc= -go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ= +go.opentelemetry.io/otel/trace v1.23.1 h1:4LrmmEd8AU2rFvU1zegmvqW7+kWarxtNOPyeL6HmYY8= +go.opentelemetry.io/otel/trace v1.23.1/go.mod h1:4IpnpJFwr1mo/6HL8XIPJaE9y0+u1KcVmuW7dwFSVrI= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.9.0/go.mod h1:1vKfU9rv61e9EVGthD1zNvUbiwPcimSsOPU9brfSHJg= go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ= @@ -2892,14 +2918,16 @@ go.opentelemetry.io/proto/otlp v0.12.1/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.opentelemetry.io/proto/otlp v0.16.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= +go.opentelemetry.io/proto/otlp v1.1.0 h1:2Di21piLrCqJ3U3eXGCTPHE9R8Nh+0uglSnOyxikMeI= +go.opentelemetry.io/proto/otlp v1.1.0/go.mod h1:GpBHCBWiqvVLDqmHZsoMM3C5ySeKTC7ej/RNTae6MdY= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= -go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= +go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= +go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/automaxprocs v1.5.1/go.mod h1:BF4eumQw0P9GtnuxxovUd06vwm1o18oMzFtK66vU6XU= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= @@ -2972,14 +3000,15 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= +golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE= golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= -golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= -golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= +golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -3142,8 +3171,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= -golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= -golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= +golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -3366,8 +3395,8 @@ golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= -golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -3384,8 +3413,8 @@ golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= -golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= -golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= +golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -3604,8 +3633,8 @@ google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/ google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= google.golang.org/api v0.111.0/go.mod h1:qtFHvU9mhgTJegR31csQ+rwxyUTHOKFqCKWp1J0fdw0= google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg= -google.golang.org/api v0.156.0 h1:yloYcGbBtVYjLKQe4enCunxvwn3s2w/XPrrhVf6MsvQ= -google.golang.org/api v0.156.0/go.mod h1:bUSmn4KFO0Q+69zo9CNIDp4Psi6BqM0np0CbzKRSiSY= +google.golang.org/api v0.160.0 h1:SEspjXHVqE1m5a1fRy8JFB+5jSu+V0GEDKDghF3ttO4= +google.golang.org/api v0.160.0/go.mod h1:0mu0TpK33qnydLvWqbImq2b1eQ5FHRSDCBzAxX9ZHyw= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -3768,16 +3797,16 @@ google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea/go.mod h1:UUQDJDOl google.golang.org/genproto v0.0.0-20230331144136-dcfb400f0633/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= google.golang.org/genproto v0.0.0-20230525234025-438c736192d0/go.mod h1:9ExIQyXL5hZrHzQceCwuSYwZZ5QZBazOcprJ5rgs3lY= google.golang.org/genproto v0.0.0-20230526161137-0005af68ea54/go.mod h1:zqTuNwFlFRsw5zIts5VnzLQxSRqh+CGOTVMlYbY0Eyk= -google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac h1:ZL/Teoy/ZGnzyrqK/Optxxp2pmVh+fmJ97slxSRyzUg= -google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:+Rvu7ElI+aLzyDQhpHMFMMltsD6m7nqpuWDd2CwJw3k= +google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 h1:g/4bk7P6TPMkAUbUhquq98xey1slwvuVJPosdBqYJlU= +google.golang.org/genproto v0.0.0-20240205150955-31a09d347014/go.mod h1:xEgQu1e4stdSSsxPDK8Azkrk/ECl5HvdPf6nbZrTS5M= google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8= google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= -google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 h1:rcS6EyEaoCO52hQDupoSfrxI3R6C2Tq741is7X8OvnM= -google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917/go.mod h1:CmlNWB9lSezaYELKS5Ym1r44VrrbPUa7JTvw+6MbpJ0= +google.golang.org/genproto/googleapis/api v0.0.0-20240213162025-012b6fc9bca9 h1:4++qSzdWBUy9/2x8L5KZgwZw+mjJZ2yDSCGMVM0YzRs= +google.golang.org/genproto/googleapis/api v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:PVreiBMirk8ypES6aw9d4p6iiBNSIfZEBqr3UGoAi2E= google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234015-3fc162c6f38a/go.mod h1:xURIpW9ES5+/GZhnV6beoEtxQrnkRGIfP5VQG2tCBLc= google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 h1:6G8oQ016D88m1xAKljMlBOOGWDZkes4kMhgGFlf8WcQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917/go.mod h1:xtjpI3tXFPP051KaWnhvxkiubL/6dJ18vLVf7q2pTOU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 h1:hZB7eLIaYlW9qXRfCq/qDaPdbeY3757uARz5Vvfv+cY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:YUWgXUFRPfoYK1IHMuxH5K6nPEXSCzIMljnQ59lLRCk= google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= @@ -3830,8 +3859,8 @@ google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5v google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= -google.golang.org/grpc v1.61.0 h1:TOvOcuXn30kRao+gfcvsebNEa5iZIiLkisYEkf7R7o0= -google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/grpc v1.61.1 h1:kLAiWrZs7YeDM6MumDe7m3y4aM6wacLzM1Y/wiLP9XY= +google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= diff --git a/provider/resources.go b/provider/resources.go index 69fbfbdd3..29a79fe7a 100644 --- a/provider/resources.go +++ b/provider/resources.go @@ -63,6 +63,7 @@ const ( pkiSecretMod = "PkiSecret" rabbitMqMod = "RabbitMQ" samlMod = "Saml" + secretsMod = "Secrets" sshMod = "Ssh" terraformCloudMod = "TerraformCloud" tokenMod = "TokenAuth" @@ -93,6 +94,7 @@ var moduleMap = map[string]string{ "pki_secret": pkiSecretMod, "rabbitmq": rabbitMqMod, "saml": samlMod, + "secrets": secretsMod, "ssh": sshMod, "terraform_cloud": terraformCloudMod, "token": tokenMod, diff --git a/sdk/dotnet/Aws/SecretBackend.cs b/sdk/dotnet/Aws/SecretBackend.cs index d6a1f7478..d5a6fa71f 100644 --- a/sdk/dotnet/Aws/SecretBackend.cs +++ b/sdk/dotnet/Aws/SecretBackend.cs @@ -54,6 +54,24 @@ public partial class SecretBackend : global::Pulumi.CustomResource [Output("iamEndpoint")] public Output IamEndpoint { get; private set; } = null!; + /// + /// The audience claim value. Requires Vault 1.16+. + /// + [Output("identityTokenAudience")] + public Output IdentityTokenAudience { get; private set; } = null!; + + /// + /// The key to use for signing identity tokens. Requires Vault 1.16+. + /// + [Output("identityTokenKey")] + public Output IdentityTokenKey { get; private set; } = null!; + + /// + /// The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + /// + [Output("identityTokenTtl")] + public Output IdentityTokenTtl { get; private set; } = null!; + /// /// Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. /// @@ -89,6 +107,12 @@ public partial class SecretBackend : global::Pulumi.CustomResource [Output("region")] public Output Region { get; private set; } = null!; + /// + /// Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + /// + [Output("roleArn")] + public Output RoleArn { get; private set; } = null!; + /// /// The AWS Secret Access Key to use when generating new credentials. /// @@ -201,6 +225,24 @@ public Input? AccessKey [Input("iamEndpoint")] public Input? IamEndpoint { get; set; } + /// + /// The audience claim value. Requires Vault 1.16+. + /// + [Input("identityTokenAudience")] + public Input? IdentityTokenAudience { get; set; } + + /// + /// The key to use for signing identity tokens. Requires Vault 1.16+. + /// + [Input("identityTokenKey")] + public Input? IdentityTokenKey { get; set; } + + /// + /// The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + /// + [Input("identityTokenTtl")] + public Input? IdentityTokenTtl { get; set; } + /// /// Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. /// @@ -236,6 +278,12 @@ public Input? AccessKey [Input("region")] public Input? Region { get; set; } + /// + /// Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + /// + [Input("roleArn")] + public Input? RoleArn { get; set; } + [Input("secretKey")] private Input? _secretKey; @@ -315,6 +363,24 @@ public Input? AccessKey [Input("iamEndpoint")] public Input? IamEndpoint { get; set; } + /// + /// The audience claim value. Requires Vault 1.16+. + /// + [Input("identityTokenAudience")] + public Input? IdentityTokenAudience { get; set; } + + /// + /// The key to use for signing identity tokens. Requires Vault 1.16+. + /// + [Input("identityTokenKey")] + public Input? IdentityTokenKey { get; set; } + + /// + /// The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + /// + [Input("identityTokenTtl")] + public Input? IdentityTokenTtl { get; set; } + /// /// Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. /// @@ -350,6 +416,12 @@ public Input? AccessKey [Input("region")] public Input? Region { get; set; } + /// + /// Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + /// + [Input("roleArn")] + public Input? RoleArn { get; set; } + [Input("secretKey")] private Input? _secretKey; diff --git a/sdk/dotnet/Database/Inputs/SecretBackendConnectionOracleArgs.cs b/sdk/dotnet/Database/Inputs/SecretBackendConnectionOracleArgs.cs index ba8001650..cbf4d3a29 100644 --- a/sdk/dotnet/Database/Inputs/SecretBackendConnectionOracleArgs.cs +++ b/sdk/dotnet/Database/Inputs/SecretBackendConnectionOracleArgs.cs @@ -21,6 +21,12 @@ public sealed class SecretBackendConnectionOracleArgs : global::Pulumi.ResourceA [Input("connectionUrl")] public Input? ConnectionUrl { get; set; } + /// + /// Enable the built-in session disconnect mechanism. + /// + [Input("disconnectSessions")] + public Input? DisconnectSessions { get; set; } + /// /// The maximum number of seconds to keep /// a connection alive for. @@ -58,6 +64,12 @@ public Input? Password } } + /// + /// Enable spliting statements after semi-colons. + /// + [Input("splitStatements")] + public Input? SplitStatements { get; set; } + /// /// The username to authenticate with. /// diff --git a/sdk/dotnet/Database/Inputs/SecretBackendConnectionOracleGetArgs.cs b/sdk/dotnet/Database/Inputs/SecretBackendConnectionOracleGetArgs.cs index c7b054c51..1caa3ab12 100644 --- a/sdk/dotnet/Database/Inputs/SecretBackendConnectionOracleGetArgs.cs +++ b/sdk/dotnet/Database/Inputs/SecretBackendConnectionOracleGetArgs.cs @@ -21,6 +21,12 @@ public sealed class SecretBackendConnectionOracleGetArgs : global::Pulumi.Resour [Input("connectionUrl")] public Input? ConnectionUrl { get; set; } + /// + /// Enable the built-in session disconnect mechanism. + /// + [Input("disconnectSessions")] + public Input? DisconnectSessions { get; set; } + /// /// The maximum number of seconds to keep /// a connection alive for. @@ -58,6 +64,12 @@ public Input? Password } } + /// + /// Enable spliting statements after semi-colons. + /// + [Input("splitStatements")] + public Input? SplitStatements { get; set; } + /// /// The username to authenticate with. /// diff --git a/sdk/dotnet/Database/Inputs/SecretsMountOracleArgs.cs b/sdk/dotnet/Database/Inputs/SecretsMountOracleArgs.cs index f353ee549..0680bc9fe 100644 --- a/sdk/dotnet/Database/Inputs/SecretsMountOracleArgs.cs +++ b/sdk/dotnet/Database/Inputs/SecretsMountOracleArgs.cs @@ -46,6 +46,12 @@ public InputMap Data set => _data = value; } + /// + /// Set to true to disconnect any open sessions prior to running the revocation statements. + /// + [Input("disconnectSessions")] + public Input? DisconnectSessions { get; set; } + /// /// The maximum amount of time a connection may be reused. /// @@ -106,6 +112,12 @@ public InputList RootRotationStatements set => _rootRotationStatements = value; } + /// + /// Set to true in order to split statements after semi-colons. + /// + [Input("splitStatements")] + public Input? SplitStatements { get; set; } + /// /// The root credential username used in the connection URL. /// diff --git a/sdk/dotnet/Database/Inputs/SecretsMountOracleGetArgs.cs b/sdk/dotnet/Database/Inputs/SecretsMountOracleGetArgs.cs index 57d547da6..5d72781fc 100644 --- a/sdk/dotnet/Database/Inputs/SecretsMountOracleGetArgs.cs +++ b/sdk/dotnet/Database/Inputs/SecretsMountOracleGetArgs.cs @@ -46,6 +46,12 @@ public InputMap Data set => _data = value; } + /// + /// Set to true to disconnect any open sessions prior to running the revocation statements. + /// + [Input("disconnectSessions")] + public Input? DisconnectSessions { get; set; } + /// /// The maximum amount of time a connection may be reused. /// @@ -106,6 +112,12 @@ public InputList RootRotationStatements set => _rootRotationStatements = value; } + /// + /// Set to true in order to split statements after semi-colons. + /// + [Input("splitStatements")] + public Input? SplitStatements { get; set; } + /// /// The root credential username used in the connection URL. /// diff --git a/sdk/dotnet/Database/Outputs/SecretBackendConnectionOracle.cs b/sdk/dotnet/Database/Outputs/SecretBackendConnectionOracle.cs index f230f034e..5c83dbad1 100644 --- a/sdk/dotnet/Database/Outputs/SecretBackendConnectionOracle.cs +++ b/sdk/dotnet/Database/Outputs/SecretBackendConnectionOracle.cs @@ -21,6 +21,10 @@ public sealed class SecretBackendConnectionOracle /// public readonly string? ConnectionUrl; /// + /// Enable the built-in session disconnect mechanism. + /// + public readonly bool? DisconnectSessions; + /// /// The maximum number of seconds to keep /// a connection alive for. /// @@ -40,6 +44,10 @@ public sealed class SecretBackendConnectionOracle /// public readonly string? Password; /// + /// Enable spliting statements after semi-colons. + /// + public readonly bool? SplitStatements; + /// /// The username to authenticate with. /// public readonly string? Username; @@ -52,6 +60,8 @@ public sealed class SecretBackendConnectionOracle private SecretBackendConnectionOracle( string? connectionUrl, + bool? disconnectSessions, + int? maxConnectionLifetime, int? maxIdleConnections, @@ -60,15 +70,19 @@ private SecretBackendConnectionOracle( string? password, + bool? splitStatements, + string? username, string? usernameTemplate) { ConnectionUrl = connectionUrl; + DisconnectSessions = disconnectSessions; MaxConnectionLifetime = maxConnectionLifetime; MaxIdleConnections = maxIdleConnections; MaxOpenConnections = maxOpenConnections; Password = password; + SplitStatements = splitStatements; Username = username; UsernameTemplate = usernameTemplate; } diff --git a/sdk/dotnet/Database/Outputs/SecretsMountOracle.cs b/sdk/dotnet/Database/Outputs/SecretsMountOracle.cs index aefbb7513..34aa342bf 100644 --- a/sdk/dotnet/Database/Outputs/SecretsMountOracle.cs +++ b/sdk/dotnet/Database/Outputs/SecretsMountOracle.cs @@ -30,6 +30,10 @@ public sealed class SecretsMountOracle /// public readonly ImmutableDictionary? Data; /// + /// Set to true to disconnect any open sessions prior to running the revocation statements. + /// + public readonly bool? DisconnectSessions; + /// /// The maximum amount of time a connection may be reused. /// public readonly int? MaxConnectionLifetime; @@ -60,6 +64,10 @@ public sealed class SecretsMountOracle /// public readonly ImmutableArray RootRotationStatements; /// + /// Set to true in order to split statements after semi-colons. + /// + public readonly bool? SplitStatements; + /// /// The root credential username used in the connection URL. /// public readonly string? Username; @@ -81,6 +89,8 @@ private SecretsMountOracle( ImmutableDictionary? data, + bool? disconnectSessions, + int? maxConnectionLifetime, int? maxIdleConnections, @@ -95,6 +105,8 @@ private SecretsMountOracle( ImmutableArray rootRotationStatements, + bool? splitStatements, + string? username, string? usernameTemplate, @@ -104,6 +116,7 @@ private SecretsMountOracle( AllowedRoles = allowedRoles; ConnectionUrl = connectionUrl; Data = data; + DisconnectSessions = disconnectSessions; MaxConnectionLifetime = maxConnectionLifetime; MaxIdleConnections = maxIdleConnections; MaxOpenConnections = maxOpenConnections; @@ -111,6 +124,7 @@ private SecretsMountOracle( Password = password; PluginName = pluginName; RootRotationStatements = rootRotationStatements; + SplitStatements = splitStatements; Username = username; UsernameTemplate = usernameTemplate; VerifyConnection = verifyConnection; diff --git a/sdk/dotnet/Secrets/README.md b/sdk/dotnet/Secrets/README.md new file mode 100644 index 000000000..3772fcf89 --- /dev/null +++ b/sdk/dotnet/Secrets/README.md @@ -0,0 +1 @@ +A Pulumi package for creating and managing HashiCorp Vault cloud resources. diff --git a/sdk/dotnet/Secrets/SyncAssociation.cs b/sdk/dotnet/Secrets/SyncAssociation.cs new file mode 100644 index 000000000..602215926 --- /dev/null +++ b/sdk/dotnet/Secrets/SyncAssociation.cs @@ -0,0 +1,245 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Vault.Secrets +{ + /// + /// ## Example Usage + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using System.Text.Json; + /// using Pulumi; + /// using Vault = Pulumi.Vault; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var kvv2 = new Vault.Mount("kvv2", new() + /// { + /// Path = "kvv2", + /// Type = "kv", + /// Options = + /// { + /// { "version", "2" }, + /// }, + /// Description = "KV Version 2 secret engine mount", + /// }); + /// + /// var token = new Vault.Kv.SecretV2("token", new() + /// { + /// Mount = kvv2.Path, + /// DataJson = JsonSerializer.Serialize(new Dictionary<string, object?> + /// { + /// ["dev"] = "B!gS3cr3t", + /// ["prod"] = "S3cureP4$$", + /// }), + /// }); + /// + /// var gh = new Vault.Secrets.SyncGhDestination("gh", new() + /// { + /// AccessToken = @var.Access_token, + /// RepositoryOwner = @var.Repo_owner, + /// RepositoryName = "repo-name-example", + /// SecretNameTemplate = "vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}", + /// }); + /// + /// var ghToken = new Vault.Secrets.SyncAssociation("ghToken", new() + /// { + /// Type = gh.Type, + /// Mount = kvv2.Path, + /// SecretName = token.Name, + /// }); + /// + /// }); + /// ``` + /// + [VaultResourceType("vault:secrets/syncAssociation:SyncAssociation")] + public partial class SyncAssociation : global::Pulumi.CustomResource + { + /// + /// Specifies the mount where the secret is located. + /// + [Output("mount")] + public Output Mount { get; private set; } = null!; + + /// + /// Specifies the name of the destination. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// The namespace to provision the resource in. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + /// + [Output("namespace")] + public Output Namespace { get; private set; } = null!; + + /// + /// Specifies the name of the secret to synchronize. + /// + [Output("secretName")] + public Output SecretName { get; private set; } = null!; + + /// + /// Specifies the status of the association (for eg. `SYNCED`). + /// + [Output("syncStatus")] + public Output SyncStatus { get; private set; } = null!; + + /// + /// Specifies the destination type. + /// + [Output("type")] + public Output Type { get; private set; } = null!; + + /// + /// Duration string specifying when the secret was last updated. + /// + [Output("updatedAt")] + public Output UpdatedAt { get; private set; } = null!; + + + /// + /// Create a SyncAssociation resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public SyncAssociation(string name, SyncAssociationArgs args, CustomResourceOptions? options = null) + : base("vault:secrets/syncAssociation:SyncAssociation", name, args ?? new SyncAssociationArgs(), MakeResourceOptions(options, "")) + { + } + + private SyncAssociation(string name, Input id, SyncAssociationState? state = null, CustomResourceOptions? options = null) + : base("vault:secrets/syncAssociation:SyncAssociation", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing SyncAssociation resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static SyncAssociation Get(string name, Input id, SyncAssociationState? state = null, CustomResourceOptions? options = null) + { + return new SyncAssociation(name, id, state, options); + } + } + + public sealed class SyncAssociationArgs : global::Pulumi.ResourceArgs + { + /// + /// Specifies the mount where the secret is located. + /// + [Input("mount", required: true)] + public Input Mount { get; set; } = null!; + + /// + /// Specifies the name of the destination. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// The namespace to provision the resource in. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + /// + [Input("namespace")] + public Input? Namespace { get; set; } + + /// + /// Specifies the name of the secret to synchronize. + /// + [Input("secretName", required: true)] + public Input SecretName { get; set; } = null!; + + /// + /// Specifies the destination type. + /// + [Input("type", required: true)] + public Input Type { get; set; } = null!; + + public SyncAssociationArgs() + { + } + public static new SyncAssociationArgs Empty => new SyncAssociationArgs(); + } + + public sealed class SyncAssociationState : global::Pulumi.ResourceArgs + { + /// + /// Specifies the mount where the secret is located. + /// + [Input("mount")] + public Input? Mount { get; set; } + + /// + /// Specifies the name of the destination. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// The namespace to provision the resource in. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + /// + [Input("namespace")] + public Input? Namespace { get; set; } + + /// + /// Specifies the name of the secret to synchronize. + /// + [Input("secretName")] + public Input? SecretName { get; set; } + + /// + /// Specifies the status of the association (for eg. `SYNCED`). + /// + [Input("syncStatus")] + public Input? SyncStatus { get; set; } + + /// + /// Specifies the destination type. + /// + [Input("type")] + public Input? Type { get; set; } + + /// + /// Duration string specifying when the secret was last updated. + /// + [Input("updatedAt")] + public Input? UpdatedAt { get; set; } + + public SyncAssociationState() + { + } + public static new SyncAssociationState Empty => new SyncAssociationState(); + } +} diff --git a/sdk/dotnet/Secrets/SyncAwsDestination.cs b/sdk/dotnet/Secrets/SyncAwsDestination.cs new file mode 100644 index 000000000..39360c39d --- /dev/null +++ b/sdk/dotnet/Secrets/SyncAwsDestination.cs @@ -0,0 +1,309 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Vault.Secrets +{ + /// + /// ## Example Usage + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Vault = Pulumi.Vault; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var aws = new Vault.Secrets.SyncAwsDestination("aws", new() + /// { + /// AccessKeyId = @var.Access_key_id, + /// SecretAccessKey = @var.Secret_access_key, + /// Region = "us-east-1", + /// SecretNameTemplate = "vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}", + /// CustomTags = + /// { + /// { "foo", "bar" }, + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// AWS Secrets sync destinations can be imported using the `name`, e.g. + /// + /// ```sh + /// $ pulumi import vault:secrets/syncAwsDestination:SyncAwsDestination aws aws-dest + /// ``` + /// + [VaultResourceType("vault:secrets/syncAwsDestination:SyncAwsDestination")] + public partial class SyncAwsDestination : global::Pulumi.CustomResource + { + /// + /// Access key id to authenticate against the AWS secrets manager. + /// Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + /// variable. + /// + [Output("accessKeyId")] + public Output AccessKeyId { get; private set; } = null!; + + /// + /// Custom tags to set on the secret managed at the destination. + /// + [Output("customTags")] + public Output?> CustomTags { get; private set; } = null!; + + /// + /// Unique name of the AWS destination. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// The namespace to provision the resource in. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + /// + [Output("namespace")] + public Output Namespace { get; private set; } = null!; + + /// + /// Region where to manage the secrets manager entries. + /// Can be omitted and directly provided to Vault using the `AWS_REGION` environment + /// variable. + /// + [Output("region")] + public Output Region { get; private set; } = null!; + + /// + /// Secret access key to authenticate against the AWS secrets manager. + /// Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + /// variable. + /// + [Output("secretAccessKey")] + public Output SecretAccessKey { get; private set; } = null!; + + /// + /// Template describing how to generate external secret names. + /// Supports a subset of the Go Template syntax. + /// + [Output("secretNameTemplate")] + public Output SecretNameTemplate { get; private set; } = null!; + + /// + /// The type of the secrets destination (`aws-sm`). + /// + [Output("type")] + public Output Type { get; private set; } = null!; + + + /// + /// Create a SyncAwsDestination resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public SyncAwsDestination(string name, SyncAwsDestinationArgs? args = null, CustomResourceOptions? options = null) + : base("vault:secrets/syncAwsDestination:SyncAwsDestination", name, args ?? new SyncAwsDestinationArgs(), MakeResourceOptions(options, "")) + { + } + + private SyncAwsDestination(string name, Input id, SyncAwsDestinationState? state = null, CustomResourceOptions? options = null) + : base("vault:secrets/syncAwsDestination:SyncAwsDestination", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + AdditionalSecretOutputs = + { + "secretAccessKey", + }, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing SyncAwsDestination resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static SyncAwsDestination Get(string name, Input id, SyncAwsDestinationState? state = null, CustomResourceOptions? options = null) + { + return new SyncAwsDestination(name, id, state, options); + } + } + + public sealed class SyncAwsDestinationArgs : global::Pulumi.ResourceArgs + { + /// + /// Access key id to authenticate against the AWS secrets manager. + /// Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + /// variable. + /// + [Input("accessKeyId")] + public Input? AccessKeyId { get; set; } + + [Input("customTags")] + private InputMap? _customTags; + + /// + /// Custom tags to set on the secret managed at the destination. + /// + public InputMap CustomTags + { + get => _customTags ?? (_customTags = new InputMap()); + set => _customTags = value; + } + + /// + /// Unique name of the AWS destination. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// The namespace to provision the resource in. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + /// + [Input("namespace")] + public Input? Namespace { get; set; } + + /// + /// Region where to manage the secrets manager entries. + /// Can be omitted and directly provided to Vault using the `AWS_REGION` environment + /// variable. + /// + [Input("region")] + public Input? Region { get; set; } + + [Input("secretAccessKey")] + private Input? _secretAccessKey; + + /// + /// Secret access key to authenticate against the AWS secrets manager. + /// Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + /// variable. + /// + public Input? SecretAccessKey + { + get => _secretAccessKey; + set + { + var emptySecret = Output.CreateSecret(0); + _secretAccessKey = Output.Tuple?, int>(value, emptySecret).Apply(t => t.Item1); + } + } + + /// + /// Template describing how to generate external secret names. + /// Supports a subset of the Go Template syntax. + /// + [Input("secretNameTemplate")] + public Input? SecretNameTemplate { get; set; } + + public SyncAwsDestinationArgs() + { + } + public static new SyncAwsDestinationArgs Empty => new SyncAwsDestinationArgs(); + } + + public sealed class SyncAwsDestinationState : global::Pulumi.ResourceArgs + { + /// + /// Access key id to authenticate against the AWS secrets manager. + /// Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + /// variable. + /// + [Input("accessKeyId")] + public Input? AccessKeyId { get; set; } + + [Input("customTags")] + private InputMap? _customTags; + + /// + /// Custom tags to set on the secret managed at the destination. + /// + public InputMap CustomTags + { + get => _customTags ?? (_customTags = new InputMap()); + set => _customTags = value; + } + + /// + /// Unique name of the AWS destination. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// The namespace to provision the resource in. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + /// + [Input("namespace")] + public Input? Namespace { get; set; } + + /// + /// Region where to manage the secrets manager entries. + /// Can be omitted and directly provided to Vault using the `AWS_REGION` environment + /// variable. + /// + [Input("region")] + public Input? Region { get; set; } + + [Input("secretAccessKey")] + private Input? _secretAccessKey; + + /// + /// Secret access key to authenticate against the AWS secrets manager. + /// Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + /// variable. + /// + public Input? SecretAccessKey + { + get => _secretAccessKey; + set + { + var emptySecret = Output.CreateSecret(0); + _secretAccessKey = Output.Tuple?, int>(value, emptySecret).Apply(t => t.Item1); + } + } + + /// + /// Template describing how to generate external secret names. + /// Supports a subset of the Go Template syntax. + /// + [Input("secretNameTemplate")] + public Input? SecretNameTemplate { get; set; } + + /// + /// The type of the secrets destination (`aws-sm`). + /// + [Input("type")] + public Input? Type { get; set; } + + public SyncAwsDestinationState() + { + } + public static new SyncAwsDestinationState Empty => new SyncAwsDestinationState(); + } +} diff --git a/sdk/dotnet/Secrets/SyncAzureDestination.cs b/sdk/dotnet/Secrets/SyncAzureDestination.cs new file mode 100644 index 000000000..747f83b7a --- /dev/null +++ b/sdk/dotnet/Secrets/SyncAzureDestination.cs @@ -0,0 +1,352 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Vault.Secrets +{ + /// + /// ## Example Usage + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Vault = Pulumi.Vault; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var az = new Vault.Secrets.SyncAzureDestination("az", new() + /// { + /// KeyVaultUri = @var.Key_vault_uri, + /// ClientId = @var.Client_id, + /// ClientSecret = @var.Client_secret, + /// TenantId = @var.Tenant_id, + /// SecretNameTemplate = "vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}", + /// CustomTags = + /// { + /// { "foo", "bar" }, + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// Azure Secrets sync destinations can be imported using the `name`, e.g. + /// + /// ```sh + /// $ pulumi import vault:secrets/syncAzureDestination:SyncAzureDestination az az-dest + /// ``` + /// + [VaultResourceType("vault:secrets/syncAzureDestination:SyncAzureDestination")] + public partial class SyncAzureDestination : global::Pulumi.CustomResource + { + /// + /// Client ID of an Azure app registration. + /// Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + /// variable. + /// + [Output("clientId")] + public Output ClientId { get; private set; } = null!; + + /// + /// Client Secret of an Azure app registration. + /// Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + /// variable. + /// + [Output("clientSecret")] + public Output ClientSecret { get; private set; } = null!; + + /// + /// Specifies a cloud for the client. The default is Azure Public Cloud. + /// + [Output("cloud")] + public Output Cloud { get; private set; } = null!; + + /// + /// Custom tags to set on the secret managed at the destination. + /// + [Output("customTags")] + public Output?> CustomTags { get; private set; } = null!; + + /// + /// URI of an existing Azure Key Vault instance. + /// Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + /// variable. + /// + [Output("keyVaultUri")] + public Output KeyVaultUri { get; private set; } = null!; + + /// + /// Unique name of the Azure destination. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// The namespace to provision the resource in. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + /// + [Output("namespace")] + public Output Namespace { get; private set; } = null!; + + /// + /// Template describing how to generate external secret names. + /// Supports a subset of the Go Template syntax. + /// + [Output("secretNameTemplate")] + public Output SecretNameTemplate { get; private set; } = null!; + + /// + /// ID of the target Azure tenant. + /// Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + /// variable. + /// + [Output("tenantId")] + public Output TenantId { get; private set; } = null!; + + /// + /// The type of the secrets destination (`azure-kv`). + /// + [Output("type")] + public Output Type { get; private set; } = null!; + + + /// + /// Create a SyncAzureDestination resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public SyncAzureDestination(string name, SyncAzureDestinationArgs? args = null, CustomResourceOptions? options = null) + : base("vault:secrets/syncAzureDestination:SyncAzureDestination", name, args ?? new SyncAzureDestinationArgs(), MakeResourceOptions(options, "")) + { + } + + private SyncAzureDestination(string name, Input id, SyncAzureDestinationState? state = null, CustomResourceOptions? options = null) + : base("vault:secrets/syncAzureDestination:SyncAzureDestination", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + AdditionalSecretOutputs = + { + "clientSecret", + }, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing SyncAzureDestination resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static SyncAzureDestination Get(string name, Input id, SyncAzureDestinationState? state = null, CustomResourceOptions? options = null) + { + return new SyncAzureDestination(name, id, state, options); + } + } + + public sealed class SyncAzureDestinationArgs : global::Pulumi.ResourceArgs + { + /// + /// Client ID of an Azure app registration. + /// Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + /// variable. + /// + [Input("clientId")] + public Input? ClientId { get; set; } + + [Input("clientSecret")] + private Input? _clientSecret; + + /// + /// Client Secret of an Azure app registration. + /// Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + /// variable. + /// + public Input? ClientSecret + { + get => _clientSecret; + set + { + var emptySecret = Output.CreateSecret(0); + _clientSecret = Output.Tuple?, int>(value, emptySecret).Apply(t => t.Item1); + } + } + + /// + /// Specifies a cloud for the client. The default is Azure Public Cloud. + /// + [Input("cloud")] + public Input? Cloud { get; set; } + + [Input("customTags")] + private InputMap? _customTags; + + /// + /// Custom tags to set on the secret managed at the destination. + /// + public InputMap CustomTags + { + get => _customTags ?? (_customTags = new InputMap()); + set => _customTags = value; + } + + /// + /// URI of an existing Azure Key Vault instance. + /// Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + /// variable. + /// + [Input("keyVaultUri")] + public Input? KeyVaultUri { get; set; } + + /// + /// Unique name of the Azure destination. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// The namespace to provision the resource in. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + /// + [Input("namespace")] + public Input? Namespace { get; set; } + + /// + /// Template describing how to generate external secret names. + /// Supports a subset of the Go Template syntax. + /// + [Input("secretNameTemplate")] + public Input? SecretNameTemplate { get; set; } + + /// + /// ID of the target Azure tenant. + /// Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + /// variable. + /// + [Input("tenantId")] + public Input? TenantId { get; set; } + + public SyncAzureDestinationArgs() + { + } + public static new SyncAzureDestinationArgs Empty => new SyncAzureDestinationArgs(); + } + + public sealed class SyncAzureDestinationState : global::Pulumi.ResourceArgs + { + /// + /// Client ID of an Azure app registration. + /// Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + /// variable. + /// + [Input("clientId")] + public Input? ClientId { get; set; } + + [Input("clientSecret")] + private Input? _clientSecret; + + /// + /// Client Secret of an Azure app registration. + /// Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + /// variable. + /// + public Input? ClientSecret + { + get => _clientSecret; + set + { + var emptySecret = Output.CreateSecret(0); + _clientSecret = Output.Tuple?, int>(value, emptySecret).Apply(t => t.Item1); + } + } + + /// + /// Specifies a cloud for the client. The default is Azure Public Cloud. + /// + [Input("cloud")] + public Input? Cloud { get; set; } + + [Input("customTags")] + private InputMap? _customTags; + + /// + /// Custom tags to set on the secret managed at the destination. + /// + public InputMap CustomTags + { + get => _customTags ?? (_customTags = new InputMap()); + set => _customTags = value; + } + + /// + /// URI of an existing Azure Key Vault instance. + /// Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + /// variable. + /// + [Input("keyVaultUri")] + public Input? KeyVaultUri { get; set; } + + /// + /// Unique name of the Azure destination. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// The namespace to provision the resource in. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + /// + [Input("namespace")] + public Input? Namespace { get; set; } + + /// + /// Template describing how to generate external secret names. + /// Supports a subset of the Go Template syntax. + /// + [Input("secretNameTemplate")] + public Input? SecretNameTemplate { get; set; } + + /// + /// ID of the target Azure tenant. + /// Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + /// variable. + /// + [Input("tenantId")] + public Input? TenantId { get; set; } + + /// + /// The type of the secrets destination (`azure-kv`). + /// + [Input("type")] + public Input? Type { get; set; } + + public SyncAzureDestinationState() + { + } + public static new SyncAzureDestinationState Empty => new SyncAzureDestinationState(); + } +} diff --git a/sdk/dotnet/Secrets/SyncConfig.cs b/sdk/dotnet/Secrets/SyncConfig.cs new file mode 100644 index 000000000..ce17368c9 --- /dev/null +++ b/sdk/dotnet/Secrets/SyncConfig.cs @@ -0,0 +1,167 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Vault.Secrets +{ + /// + /// Configures the secret sync global config. + /// The config is global and can only be managed in the root namespace. + /// + /// > **Important** The config is global so the vault.secrets.SyncConfig resource must not be defined + /// multiple times for the same Vault server. If multiple definition exists, the last one applied will be + /// effective. + /// + /// ## Example Usage + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Vault = Pulumi.Vault; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var globalConfig = new Vault.Secrets.SyncConfig("globalConfig", new() + /// { + /// Disabled = true, + /// QueueCapacity = 500000, + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// ```sh + /// $ pulumi import vault:secrets/syncConfig:SyncConfig config global_config + /// ``` + /// + [VaultResourceType("vault:secrets/syncConfig:SyncConfig")] + public partial class SyncConfig : global::Pulumi.CustomResource + { + /// + /// Disables the syncing process between Vault and external destinations. Defaults to `false`. + /// + [Output("disabled")] + public Output Disabled { get; private set; } = null!; + + /// + /// The namespace to provision the resource in. + /// This resource can only be configured in the root namespace. + /// *Available only for Vault Enterprise*. + /// + [Output("namespace")] + public Output Namespace { get; private set; } = null!; + + /// + /// Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + /// + [Output("queueCapacity")] + public Output QueueCapacity { get; private set; } = null!; + + + /// + /// Create a SyncConfig resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public SyncConfig(string name, SyncConfigArgs? args = null, CustomResourceOptions? options = null) + : base("vault:secrets/syncConfig:SyncConfig", name, args ?? new SyncConfigArgs(), MakeResourceOptions(options, "")) + { + } + + private SyncConfig(string name, Input id, SyncConfigState? state = null, CustomResourceOptions? options = null) + : base("vault:secrets/syncConfig:SyncConfig", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing SyncConfig resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static SyncConfig Get(string name, Input id, SyncConfigState? state = null, CustomResourceOptions? options = null) + { + return new SyncConfig(name, id, state, options); + } + } + + public sealed class SyncConfigArgs : global::Pulumi.ResourceArgs + { + /// + /// Disables the syncing process between Vault and external destinations. Defaults to `false`. + /// + [Input("disabled")] + public Input? Disabled { get; set; } + + /// + /// The namespace to provision the resource in. + /// This resource can only be configured in the root namespace. + /// *Available only for Vault Enterprise*. + /// + [Input("namespace")] + public Input? Namespace { get; set; } + + /// + /// Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + /// + [Input("queueCapacity")] + public Input? QueueCapacity { get; set; } + + public SyncConfigArgs() + { + } + public static new SyncConfigArgs Empty => new SyncConfigArgs(); + } + + public sealed class SyncConfigState : global::Pulumi.ResourceArgs + { + /// + /// Disables the syncing process between Vault and external destinations. Defaults to `false`. + /// + [Input("disabled")] + public Input? Disabled { get; set; } + + /// + /// The namespace to provision the resource in. + /// This resource can only be configured in the root namespace. + /// *Available only for Vault Enterprise*. + /// + [Input("namespace")] + public Input? Namespace { get; set; } + + /// + /// Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + /// + [Input("queueCapacity")] + public Input? QueueCapacity { get; set; } + + public SyncConfigState() + { + } + public static new SyncConfigState Empty => new SyncConfigState(); + } +} diff --git a/sdk/dotnet/Secrets/SyncGcpDestination.cs b/sdk/dotnet/Secrets/SyncGcpDestination.cs new file mode 100644 index 000000000..a90ab8d68 --- /dev/null +++ b/sdk/dotnet/Secrets/SyncGcpDestination.cs @@ -0,0 +1,260 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Vault.Secrets +{ + /// + /// ## Example Usage + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.IO; + /// using System.Linq; + /// using Pulumi; + /// using Vault = Pulumi.Vault; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var gcp = new Vault.Secrets.SyncGcpDestination("gcp", new() + /// { + /// Credentials = File.ReadAllText(@var.Credentials_file), + /// SecretNameTemplate = "vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}", + /// CustomTags = + /// { + /// { "foo", "bar" }, + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// GCP Secrets sync destinations can be imported using the `name`, e.g. + /// + /// ```sh + /// $ pulumi import vault:secrets/syncGcpDestination:SyncGcpDestination gcp gcp-dest + /// ``` + /// + [VaultResourceType("vault:secrets/syncGcpDestination:SyncGcpDestination")] + public partial class SyncGcpDestination : global::Pulumi.CustomResource + { + /// + /// JSON-encoded credentials to use to connect to GCP. + /// Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + /// variable. + /// + [Output("credentials")] + public Output Credentials { get; private set; } = null!; + + /// + /// Custom tags to set on the secret managed at the destination. + /// + [Output("customTags")] + public Output?> CustomTags { get; private set; } = null!; + + /// + /// Unique name of the GCP destination. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// The namespace to provision the resource in. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + /// + [Output("namespace")] + public Output Namespace { get; private set; } = null!; + + /// + /// Template describing how to generate external secret names. + /// Supports a subset of the Go Template syntax. + /// + [Output("secretNameTemplate")] + public Output SecretNameTemplate { get; private set; } = null!; + + /// + /// The type of the secrets destination (`gcp-sm`). + /// + [Output("type")] + public Output Type { get; private set; } = null!; + + + /// + /// Create a SyncGcpDestination resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public SyncGcpDestination(string name, SyncGcpDestinationArgs? args = null, CustomResourceOptions? options = null) + : base("vault:secrets/syncGcpDestination:SyncGcpDestination", name, args ?? new SyncGcpDestinationArgs(), MakeResourceOptions(options, "")) + { + } + + private SyncGcpDestination(string name, Input id, SyncGcpDestinationState? state = null, CustomResourceOptions? options = null) + : base("vault:secrets/syncGcpDestination:SyncGcpDestination", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + AdditionalSecretOutputs = + { + "credentials", + }, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing SyncGcpDestination resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static SyncGcpDestination Get(string name, Input id, SyncGcpDestinationState? state = null, CustomResourceOptions? options = null) + { + return new SyncGcpDestination(name, id, state, options); + } + } + + public sealed class SyncGcpDestinationArgs : global::Pulumi.ResourceArgs + { + [Input("credentials")] + private Input? _credentials; + + /// + /// JSON-encoded credentials to use to connect to GCP. + /// Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + /// variable. + /// + public Input? Credentials + { + get => _credentials; + set + { + var emptySecret = Output.CreateSecret(0); + _credentials = Output.Tuple?, int>(value, emptySecret).Apply(t => t.Item1); + } + } + + [Input("customTags")] + private InputMap? _customTags; + + /// + /// Custom tags to set on the secret managed at the destination. + /// + public InputMap CustomTags + { + get => _customTags ?? (_customTags = new InputMap()); + set => _customTags = value; + } + + /// + /// Unique name of the GCP destination. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// The namespace to provision the resource in. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + /// + [Input("namespace")] + public Input? Namespace { get; set; } + + /// + /// Template describing how to generate external secret names. + /// Supports a subset of the Go Template syntax. + /// + [Input("secretNameTemplate")] + public Input? SecretNameTemplate { get; set; } + + public SyncGcpDestinationArgs() + { + } + public static new SyncGcpDestinationArgs Empty => new SyncGcpDestinationArgs(); + } + + public sealed class SyncGcpDestinationState : global::Pulumi.ResourceArgs + { + [Input("credentials")] + private Input? _credentials; + + /// + /// JSON-encoded credentials to use to connect to GCP. + /// Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + /// variable. + /// + public Input? Credentials + { + get => _credentials; + set + { + var emptySecret = Output.CreateSecret(0); + _credentials = Output.Tuple?, int>(value, emptySecret).Apply(t => t.Item1); + } + } + + [Input("customTags")] + private InputMap? _customTags; + + /// + /// Custom tags to set on the secret managed at the destination. + /// + public InputMap CustomTags + { + get => _customTags ?? (_customTags = new InputMap()); + set => _customTags = value; + } + + /// + /// Unique name of the GCP destination. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// The namespace to provision the resource in. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + /// + [Input("namespace")] + public Input? Namespace { get; set; } + + /// + /// Template describing how to generate external secret names. + /// Supports a subset of the Go Template syntax. + /// + [Input("secretNameTemplate")] + public Input? SecretNameTemplate { get; set; } + + /// + /// The type of the secrets destination (`gcp-sm`). + /// + [Input("type")] + public Input? Type { get; set; } + + public SyncGcpDestinationState() + { + } + public static new SyncGcpDestinationState Empty => new SyncGcpDestinationState(); + } +} diff --git a/sdk/dotnet/Secrets/SyncGhDestination.cs b/sdk/dotnet/Secrets/SyncGhDestination.cs new file mode 100644 index 000000000..bfdad5914 --- /dev/null +++ b/sdk/dotnet/Secrets/SyncGhDestination.cs @@ -0,0 +1,275 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Vault.Secrets +{ + /// + /// ## Example Usage + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Vault = Pulumi.Vault; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var gh = new Vault.Secrets.SyncGhDestination("gh", new() + /// { + /// AccessToken = @var.Access_token, + /// RepositoryOwner = @var.Repo_owner, + /// RepositoryName = "repo-name-example", + /// SecretNameTemplate = "vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}", + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// GitHub Secrets sync destinations can be imported using the `name`, e.g. + /// + /// ```sh + /// $ pulumi import vault:secrets/syncGhDestination:SyncGhDestination gh gh-dest + /// ``` + /// + [VaultResourceType("vault:secrets/syncGhDestination:SyncGhDestination")] + public partial class SyncGhDestination : global::Pulumi.CustomResource + { + /// + /// Fine-grained or personal access token. + /// Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + /// variable. + /// + [Output("accessToken")] + public Output AccessToken { get; private set; } = null!; + + /// + /// Unique name of the GitHub destination. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// The namespace to provision the resource in. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + /// + [Output("namespace")] + public Output Namespace { get; private set; } = null!; + + /// + /// Name of the repository. + /// Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + /// variable. + /// + [Output("repositoryName")] + public Output RepositoryName { get; private set; } = null!; + + /// + /// GitHub organization or username that owns the repository. + /// Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + /// variable. + /// + [Output("repositoryOwner")] + public Output RepositoryOwner { get; private set; } = null!; + + /// + /// Template describing how to generate external secret names. + /// Supports a subset of the Go Template syntax. + /// + [Output("secretNameTemplate")] + public Output SecretNameTemplate { get; private set; } = null!; + + /// + /// The type of the secrets destination (`gh`). + /// + [Output("type")] + public Output Type { get; private set; } = null!; + + + /// + /// Create a SyncGhDestination resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public SyncGhDestination(string name, SyncGhDestinationArgs? args = null, CustomResourceOptions? options = null) + : base("vault:secrets/syncGhDestination:SyncGhDestination", name, args ?? new SyncGhDestinationArgs(), MakeResourceOptions(options, "")) + { + } + + private SyncGhDestination(string name, Input id, SyncGhDestinationState? state = null, CustomResourceOptions? options = null) + : base("vault:secrets/syncGhDestination:SyncGhDestination", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + AdditionalSecretOutputs = + { + "accessToken", + }, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing SyncGhDestination resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static SyncGhDestination Get(string name, Input id, SyncGhDestinationState? state = null, CustomResourceOptions? options = null) + { + return new SyncGhDestination(name, id, state, options); + } + } + + public sealed class SyncGhDestinationArgs : global::Pulumi.ResourceArgs + { + [Input("accessToken")] + private Input? _accessToken; + + /// + /// Fine-grained or personal access token. + /// Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + /// variable. + /// + public Input? AccessToken + { + get => _accessToken; + set + { + var emptySecret = Output.CreateSecret(0); + _accessToken = Output.Tuple?, int>(value, emptySecret).Apply(t => t.Item1); + } + } + + /// + /// Unique name of the GitHub destination. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// The namespace to provision the resource in. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + /// + [Input("namespace")] + public Input? Namespace { get; set; } + + /// + /// Name of the repository. + /// Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + /// variable. + /// + [Input("repositoryName")] + public Input? RepositoryName { get; set; } + + /// + /// GitHub organization or username that owns the repository. + /// Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + /// variable. + /// + [Input("repositoryOwner")] + public Input? RepositoryOwner { get; set; } + + /// + /// Template describing how to generate external secret names. + /// Supports a subset of the Go Template syntax. + /// + [Input("secretNameTemplate")] + public Input? SecretNameTemplate { get; set; } + + public SyncGhDestinationArgs() + { + } + public static new SyncGhDestinationArgs Empty => new SyncGhDestinationArgs(); + } + + public sealed class SyncGhDestinationState : global::Pulumi.ResourceArgs + { + [Input("accessToken")] + private Input? _accessToken; + + /// + /// Fine-grained or personal access token. + /// Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + /// variable. + /// + public Input? AccessToken + { + get => _accessToken; + set + { + var emptySecret = Output.CreateSecret(0); + _accessToken = Output.Tuple?, int>(value, emptySecret).Apply(t => t.Item1); + } + } + + /// + /// Unique name of the GitHub destination. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// The namespace to provision the resource in. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + /// + [Input("namespace")] + public Input? Namespace { get; set; } + + /// + /// Name of the repository. + /// Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + /// variable. + /// + [Input("repositoryName")] + public Input? RepositoryName { get; set; } + + /// + /// GitHub organization or username that owns the repository. + /// Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + /// variable. + /// + [Input("repositoryOwner")] + public Input? RepositoryOwner { get; set; } + + /// + /// Template describing how to generate external secret names. + /// Supports a subset of the Go Template syntax. + /// + [Input("secretNameTemplate")] + public Input? SecretNameTemplate { get; set; } + + /// + /// The type of the secrets destination (`gh`). + /// + [Input("type")] + public Input? Type { get; set; } + + public SyncGhDestinationState() + { + } + public static new SyncGhDestinationState Empty => new SyncGhDestinationState(); + } +} diff --git a/sdk/dotnet/Secrets/SyncVercelDestination.cs b/sdk/dotnet/Secrets/SyncVercelDestination.cs new file mode 100644 index 000000000..ff1abe87b --- /dev/null +++ b/sdk/dotnet/Secrets/SyncVercelDestination.cs @@ -0,0 +1,298 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Vault.Secrets +{ + /// + /// ## Example Usage + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Vault = Pulumi.Vault; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var vercel = new Vault.Secrets.SyncVercelDestination("vercel", new() + /// { + /// AccessToken = @var.Access_token, + /// ProjectId = @var.Project_id, + /// DeploymentEnvironments = new[] + /// { + /// "development", + /// "preview", + /// "production", + /// }, + /// SecretNameTemplate = "vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}", + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// GitHub Secrets sync destinations can be imported using the `name`, e.g. + /// + /// ```sh + /// $ pulumi import vault:secrets/syncVercelDestination:SyncVercelDestination vercel vercel-dest + /// ``` + /// + [VaultResourceType("vault:secrets/syncVercelDestination:SyncVercelDestination")] + public partial class SyncVercelDestination : global::Pulumi.CustomResource + { + /// + /// Vercel API access token with the permissions to manage environment + /// variables. + /// + [Output("accessToken")] + public Output AccessToken { get; private set; } = null!; + + /// + /// Deployment environments where the environment variables + /// are available. Accepts `development`, `preview` and `production`. + /// + [Output("deploymentEnvironments")] + public Output> DeploymentEnvironments { get; private set; } = null!; + + /// + /// Unique name of the GitHub destination. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// The namespace to provision the resource in. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + /// + [Output("namespace")] + public Output Namespace { get; private set; } = null!; + + /// + /// Project ID where to manage environment variables. + /// + [Output("projectId")] + public Output ProjectId { get; private set; } = null!; + + /// + /// Template describing how to generate external secret names. + /// Supports a subset of the Go Template syntax. + /// + [Output("secretNameTemplate")] + public Output SecretNameTemplate { get; private set; } = null!; + + /// + /// Team ID where to manage environment variables. + /// + [Output("teamId")] + public Output TeamId { get; private set; } = null!; + + /// + /// The type of the secrets destination (`vercel-project`). + /// + [Output("type")] + public Output Type { get; private set; } = null!; + + + /// + /// Create a SyncVercelDestination resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public SyncVercelDestination(string name, SyncVercelDestinationArgs args, CustomResourceOptions? options = null) + : base("vault:secrets/syncVercelDestination:SyncVercelDestination", name, args ?? new SyncVercelDestinationArgs(), MakeResourceOptions(options, "")) + { + } + + private SyncVercelDestination(string name, Input id, SyncVercelDestinationState? state = null, CustomResourceOptions? options = null) + : base("vault:secrets/syncVercelDestination:SyncVercelDestination", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + AdditionalSecretOutputs = + { + "accessToken", + }, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing SyncVercelDestination resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static SyncVercelDestination Get(string name, Input id, SyncVercelDestinationState? state = null, CustomResourceOptions? options = null) + { + return new SyncVercelDestination(name, id, state, options); + } + } + + public sealed class SyncVercelDestinationArgs : global::Pulumi.ResourceArgs + { + [Input("accessToken", required: true)] + private Input? _accessToken; + + /// + /// Vercel API access token with the permissions to manage environment + /// variables. + /// + public Input? AccessToken + { + get => _accessToken; + set + { + var emptySecret = Output.CreateSecret(0); + _accessToken = Output.Tuple?, int>(value, emptySecret).Apply(t => t.Item1); + } + } + + [Input("deploymentEnvironments", required: true)] + private InputList? _deploymentEnvironments; + + /// + /// Deployment environments where the environment variables + /// are available. Accepts `development`, `preview` and `production`. + /// + public InputList DeploymentEnvironments + { + get => _deploymentEnvironments ?? (_deploymentEnvironments = new InputList()); + set => _deploymentEnvironments = value; + } + + /// + /// Unique name of the GitHub destination. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// The namespace to provision the resource in. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + /// + [Input("namespace")] + public Input? Namespace { get; set; } + + /// + /// Project ID where to manage environment variables. + /// + [Input("projectId", required: true)] + public Input ProjectId { get; set; } = null!; + + /// + /// Template describing how to generate external secret names. + /// Supports a subset of the Go Template syntax. + /// + [Input("secretNameTemplate")] + public Input? SecretNameTemplate { get; set; } + + /// + /// Team ID where to manage environment variables. + /// + [Input("teamId")] + public Input? TeamId { get; set; } + + public SyncVercelDestinationArgs() + { + } + public static new SyncVercelDestinationArgs Empty => new SyncVercelDestinationArgs(); + } + + public sealed class SyncVercelDestinationState : global::Pulumi.ResourceArgs + { + [Input("accessToken")] + private Input? _accessToken; + + /// + /// Vercel API access token with the permissions to manage environment + /// variables. + /// + public Input? AccessToken + { + get => _accessToken; + set + { + var emptySecret = Output.CreateSecret(0); + _accessToken = Output.Tuple?, int>(value, emptySecret).Apply(t => t.Item1); + } + } + + [Input("deploymentEnvironments")] + private InputList? _deploymentEnvironments; + + /// + /// Deployment environments where the environment variables + /// are available. Accepts `development`, `preview` and `production`. + /// + public InputList DeploymentEnvironments + { + get => _deploymentEnvironments ?? (_deploymentEnvironments = new InputList()); + set => _deploymentEnvironments = value; + } + + /// + /// Unique name of the GitHub destination. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// The namespace to provision the resource in. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + /// + [Input("namespace")] + public Input? Namespace { get; set; } + + /// + /// Project ID where to manage environment variables. + /// + [Input("projectId")] + public Input? ProjectId { get; set; } + + /// + /// Template describing how to generate external secret names. + /// Supports a subset of the Go Template syntax. + /// + [Input("secretNameTemplate")] + public Input? SecretNameTemplate { get; set; } + + /// + /// Team ID where to manage environment variables. + /// + [Input("teamId")] + public Input? TeamId { get; set; } + + /// + /// The type of the secrets destination (`vercel-project`). + /// + [Input("type")] + public Input? Type { get; set; } + + public SyncVercelDestinationState() + { + } + public static new SyncVercelDestinationState Empty => new SyncVercelDestinationState(); + } +} diff --git a/sdk/go/vault/aws/secretBackend.go b/sdk/go/vault/aws/secretBackend.go index 2f9654ac9..9e4db6c57 100644 --- a/sdk/go/vault/aws/secretBackend.go +++ b/sdk/go/vault/aws/secretBackend.go @@ -36,6 +36,12 @@ type SecretBackend struct { DisableRemount pulumi.BoolPtrOutput `pulumi:"disableRemount"` // Specifies a custom HTTP IAM endpoint to use. IamEndpoint pulumi.StringPtrOutput `pulumi:"iamEndpoint"` + // The audience claim value. Requires Vault 1.16+. + IdentityTokenAudience pulumi.StringPtrOutput `pulumi:"identityTokenAudience"` + // The key to use for signing identity tokens. Requires Vault 1.16+. + IdentityTokenKey pulumi.StringPtrOutput `pulumi:"identityTokenKey"` + // The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + IdentityTokenTtl pulumi.IntOutput `pulumi:"identityTokenTtl"` // Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. Local pulumi.BoolPtrOutput `pulumi:"local"` // The maximum TTL that can be requested @@ -51,6 +57,8 @@ type SecretBackend struct { Path pulumi.StringPtrOutput `pulumi:"path"` // The AWS region to make API calls against. Defaults to us-east-1. Region pulumi.StringOutput `pulumi:"region"` + // Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + RoleArn pulumi.StringPtrOutput `pulumi:"roleArn"` // The AWS Secret Access Key to use when generating new credentials. SecretKey pulumi.StringPtrOutput `pulumi:"secretKey"` // Specifies a custom HTTP STS endpoint to use. @@ -113,6 +121,12 @@ type secretBackendState struct { DisableRemount *bool `pulumi:"disableRemount"` // Specifies a custom HTTP IAM endpoint to use. IamEndpoint *string `pulumi:"iamEndpoint"` + // The audience claim value. Requires Vault 1.16+. + IdentityTokenAudience *string `pulumi:"identityTokenAudience"` + // The key to use for signing identity tokens. Requires Vault 1.16+. + IdentityTokenKey *string `pulumi:"identityTokenKey"` + // The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + IdentityTokenTtl *int `pulumi:"identityTokenTtl"` // Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. Local *bool `pulumi:"local"` // The maximum TTL that can be requested @@ -128,6 +142,8 @@ type secretBackendState struct { Path *string `pulumi:"path"` // The AWS region to make API calls against. Defaults to us-east-1. Region *string `pulumi:"region"` + // Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + RoleArn *string `pulumi:"roleArn"` // The AWS Secret Access Key to use when generating new credentials. SecretKey *string `pulumi:"secretKey"` // Specifies a custom HTTP STS endpoint to use. @@ -150,6 +166,12 @@ type SecretBackendState struct { DisableRemount pulumi.BoolPtrInput // Specifies a custom HTTP IAM endpoint to use. IamEndpoint pulumi.StringPtrInput + // The audience claim value. Requires Vault 1.16+. + IdentityTokenAudience pulumi.StringPtrInput + // The key to use for signing identity tokens. Requires Vault 1.16+. + IdentityTokenKey pulumi.StringPtrInput + // The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + IdentityTokenTtl pulumi.IntPtrInput // Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. Local pulumi.BoolPtrInput // The maximum TTL that can be requested @@ -165,6 +187,8 @@ type SecretBackendState struct { Path pulumi.StringPtrInput // The AWS region to make API calls against. Defaults to us-east-1. Region pulumi.StringPtrInput + // Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + RoleArn pulumi.StringPtrInput // The AWS Secret Access Key to use when generating new credentials. SecretKey pulumi.StringPtrInput // Specifies a custom HTTP STS endpoint to use. @@ -191,6 +215,12 @@ type secretBackendArgs struct { DisableRemount *bool `pulumi:"disableRemount"` // Specifies a custom HTTP IAM endpoint to use. IamEndpoint *string `pulumi:"iamEndpoint"` + // The audience claim value. Requires Vault 1.16+. + IdentityTokenAudience *string `pulumi:"identityTokenAudience"` + // The key to use for signing identity tokens. Requires Vault 1.16+. + IdentityTokenKey *string `pulumi:"identityTokenKey"` + // The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + IdentityTokenTtl *int `pulumi:"identityTokenTtl"` // Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. Local *bool `pulumi:"local"` // The maximum TTL that can be requested @@ -206,6 +236,8 @@ type secretBackendArgs struct { Path *string `pulumi:"path"` // The AWS region to make API calls against. Defaults to us-east-1. Region *string `pulumi:"region"` + // Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + RoleArn *string `pulumi:"roleArn"` // The AWS Secret Access Key to use when generating new credentials. SecretKey *string `pulumi:"secretKey"` // Specifies a custom HTTP STS endpoint to use. @@ -229,6 +261,12 @@ type SecretBackendArgs struct { DisableRemount pulumi.BoolPtrInput // Specifies a custom HTTP IAM endpoint to use. IamEndpoint pulumi.StringPtrInput + // The audience claim value. Requires Vault 1.16+. + IdentityTokenAudience pulumi.StringPtrInput + // The key to use for signing identity tokens. Requires Vault 1.16+. + IdentityTokenKey pulumi.StringPtrInput + // The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + IdentityTokenTtl pulumi.IntPtrInput // Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. Local pulumi.BoolPtrInput // The maximum TTL that can be requested @@ -244,6 +282,8 @@ type SecretBackendArgs struct { Path pulumi.StringPtrInput // The AWS region to make API calls against. Defaults to us-east-1. Region pulumi.StringPtrInput + // Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + RoleArn pulumi.StringPtrInput // The AWS Secret Access Key to use when generating new credentials. SecretKey pulumi.StringPtrInput // Specifies a custom HTTP STS endpoint to use. @@ -367,6 +407,21 @@ func (o SecretBackendOutput) IamEndpoint() pulumi.StringPtrOutput { return o.ApplyT(func(v *SecretBackend) pulumi.StringPtrOutput { return v.IamEndpoint }).(pulumi.StringPtrOutput) } +// The audience claim value. Requires Vault 1.16+. +func (o SecretBackendOutput) IdentityTokenAudience() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SecretBackend) pulumi.StringPtrOutput { return v.IdentityTokenAudience }).(pulumi.StringPtrOutput) +} + +// The key to use for signing identity tokens. Requires Vault 1.16+. +func (o SecretBackendOutput) IdentityTokenKey() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SecretBackend) pulumi.StringPtrOutput { return v.IdentityTokenKey }).(pulumi.StringPtrOutput) +} + +// The TTL of generated identity tokens in seconds. Requires Vault 1.16+. +func (o SecretBackendOutput) IdentityTokenTtl() pulumi.IntOutput { + return o.ApplyT(func(v *SecretBackend) pulumi.IntOutput { return v.IdentityTokenTtl }).(pulumi.IntOutput) +} + // Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. func (o SecretBackendOutput) Local() pulumi.BoolPtrOutput { return o.ApplyT(func(v *SecretBackend) pulumi.BoolPtrOutput { return v.Local }).(pulumi.BoolPtrOutput) @@ -397,6 +452,11 @@ func (o SecretBackendOutput) Region() pulumi.StringOutput { return o.ApplyT(func(v *SecretBackend) pulumi.StringOutput { return v.Region }).(pulumi.StringOutput) } +// Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. +func (o SecretBackendOutput) RoleArn() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SecretBackend) pulumi.StringPtrOutput { return v.RoleArn }).(pulumi.StringPtrOutput) +} + // The AWS Secret Access Key to use when generating new credentials. func (o SecretBackendOutput) SecretKey() pulumi.StringPtrOutput { return o.ApplyT(func(v *SecretBackend) pulumi.StringPtrOutput { return v.SecretKey }).(pulumi.StringPtrOutput) diff --git a/sdk/go/vault/database/pulumiTypes.go b/sdk/go/vault/database/pulumiTypes.go index 3d5c3eb20..ca02c876d 100644 --- a/sdk/go/vault/database/pulumiTypes.go +++ b/sdk/go/vault/database/pulumiTypes.go @@ -3707,6 +3707,8 @@ type SecretBackendConnectionOracle struct { // docs](https://www.vaultproject.io/api-docs/secret/databases/mongodb.html#sample-payload) // for an example. ConnectionUrl *string `pulumi:"connectionUrl"` + // Enable the built-in session disconnect mechanism. + DisconnectSessions *bool `pulumi:"disconnectSessions"` // The maximum number of seconds to keep // a connection alive for. MaxConnectionLifetime *int `pulumi:"maxConnectionLifetime"` @@ -3718,6 +3720,8 @@ type SecretBackendConnectionOracle struct { MaxOpenConnections *int `pulumi:"maxOpenConnections"` // The password to authenticate with. Password *string `pulumi:"password"` + // Enable spliting statements after semi-colons. + SplitStatements *bool `pulumi:"splitStatements"` // The username to authenticate with. Username *string `pulumi:"username"` // Template describing how dynamic usernames are generated. @@ -3741,6 +3745,8 @@ type SecretBackendConnectionOracleArgs struct { // docs](https://www.vaultproject.io/api-docs/secret/databases/mongodb.html#sample-payload) // for an example. ConnectionUrl pulumi.StringPtrInput `pulumi:"connectionUrl"` + // Enable the built-in session disconnect mechanism. + DisconnectSessions pulumi.BoolPtrInput `pulumi:"disconnectSessions"` // The maximum number of seconds to keep // a connection alive for. MaxConnectionLifetime pulumi.IntPtrInput `pulumi:"maxConnectionLifetime"` @@ -3752,6 +3758,8 @@ type SecretBackendConnectionOracleArgs struct { MaxOpenConnections pulumi.IntPtrInput `pulumi:"maxOpenConnections"` // The password to authenticate with. Password pulumi.StringPtrInput `pulumi:"password"` + // Enable spliting statements after semi-colons. + SplitStatements pulumi.BoolPtrInput `pulumi:"splitStatements"` // The username to authenticate with. Username pulumi.StringPtrInput `pulumi:"username"` // Template describing how dynamic usernames are generated. @@ -3843,6 +3851,11 @@ func (o SecretBackendConnectionOracleOutput) ConnectionUrl() pulumi.StringPtrOut return o.ApplyT(func(v SecretBackendConnectionOracle) *string { return v.ConnectionUrl }).(pulumi.StringPtrOutput) } +// Enable the built-in session disconnect mechanism. +func (o SecretBackendConnectionOracleOutput) DisconnectSessions() pulumi.BoolPtrOutput { + return o.ApplyT(func(v SecretBackendConnectionOracle) *bool { return v.DisconnectSessions }).(pulumi.BoolPtrOutput) +} + // The maximum number of seconds to keep // a connection alive for. func (o SecretBackendConnectionOracleOutput) MaxConnectionLifetime() pulumi.IntPtrOutput { @@ -3866,6 +3879,11 @@ func (o SecretBackendConnectionOracleOutput) Password() pulumi.StringPtrOutput { return o.ApplyT(func(v SecretBackendConnectionOracle) *string { return v.Password }).(pulumi.StringPtrOutput) } +// Enable spliting statements after semi-colons. +func (o SecretBackendConnectionOracleOutput) SplitStatements() pulumi.BoolPtrOutput { + return o.ApplyT(func(v SecretBackendConnectionOracle) *bool { return v.SplitStatements }).(pulumi.BoolPtrOutput) +} + // The username to authenticate with. func (o SecretBackendConnectionOracleOutput) Username() pulumi.StringPtrOutput { return o.ApplyT(func(v SecretBackendConnectionOracle) *string { return v.Username }).(pulumi.StringPtrOutput) @@ -3913,6 +3931,16 @@ func (o SecretBackendConnectionOraclePtrOutput) ConnectionUrl() pulumi.StringPtr }).(pulumi.StringPtrOutput) } +// Enable the built-in session disconnect mechanism. +func (o SecretBackendConnectionOraclePtrOutput) DisconnectSessions() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *SecretBackendConnectionOracle) *bool { + if v == nil { + return nil + } + return v.DisconnectSessions + }).(pulumi.BoolPtrOutput) +} + // The maximum number of seconds to keep // a connection alive for. func (o SecretBackendConnectionOraclePtrOutput) MaxConnectionLifetime() pulumi.IntPtrOutput { @@ -3956,6 +3984,16 @@ func (o SecretBackendConnectionOraclePtrOutput) Password() pulumi.StringPtrOutpu }).(pulumi.StringPtrOutput) } +// Enable spliting statements after semi-colons. +func (o SecretBackendConnectionOraclePtrOutput) SplitStatements() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *SecretBackendConnectionOracle) *bool { + if v == nil { + return nil + } + return v.SplitStatements + }).(pulumi.BoolPtrOutput) +} + // The username to authenticate with. func (o SecretBackendConnectionOraclePtrOutput) Username() pulumi.StringPtrOutput { return o.ApplyT(func(v *SecretBackendConnectionOracle) *string { @@ -8264,6 +8302,8 @@ type SecretsMountOracle struct { // // Supported list of database secrets engines that can be configured: Data map[string]interface{} `pulumi:"data"` + // Set to true to disconnect any open sessions prior to running the revocation statements. + DisconnectSessions *bool `pulumi:"disconnectSessions"` // The maximum amount of time a connection may be reused. MaxConnectionLifetime *int `pulumi:"maxConnectionLifetime"` // The maximum number of idle connections to @@ -8280,6 +8320,8 @@ type SecretsMountOracle struct { PluginName *string `pulumi:"pluginName"` // A list of database statements to be executed to rotate the root user's credentials. RootRotationStatements []string `pulumi:"rootRotationStatements"` + // Set to true in order to split statements after semi-colons. + SplitStatements *bool `pulumi:"splitStatements"` // The root credential username used in the connection URL. Username *string `pulumi:"username"` // [Template](https://www.vaultproject.io/docs/concepts/username-templating) describing how dynamic usernames are generated. @@ -8311,6 +8353,8 @@ type SecretsMountOracleArgs struct { // // Supported list of database secrets engines that can be configured: Data pulumi.MapInput `pulumi:"data"` + // Set to true to disconnect any open sessions prior to running the revocation statements. + DisconnectSessions pulumi.BoolPtrInput `pulumi:"disconnectSessions"` // The maximum amount of time a connection may be reused. MaxConnectionLifetime pulumi.IntPtrInput `pulumi:"maxConnectionLifetime"` // The maximum number of idle connections to @@ -8327,6 +8371,8 @@ type SecretsMountOracleArgs struct { PluginName pulumi.StringPtrInput `pulumi:"pluginName"` // A list of database statements to be executed to rotate the root user's credentials. RootRotationStatements pulumi.StringArrayInput `pulumi:"rootRotationStatements"` + // Set to true in order to split statements after semi-colons. + SplitStatements pulumi.BoolPtrInput `pulumi:"splitStatements"` // The root credential username used in the connection URL. Username pulumi.StringPtrInput `pulumi:"username"` // [Template](https://www.vaultproject.io/docs/concepts/username-templating) describing how dynamic usernames are generated. @@ -8406,6 +8452,11 @@ func (o SecretsMountOracleOutput) Data() pulumi.MapOutput { return o.ApplyT(func(v SecretsMountOracle) map[string]interface{} { return v.Data }).(pulumi.MapOutput) } +// Set to true to disconnect any open sessions prior to running the revocation statements. +func (o SecretsMountOracleOutput) DisconnectSessions() pulumi.BoolPtrOutput { + return o.ApplyT(func(v SecretsMountOracle) *bool { return v.DisconnectSessions }).(pulumi.BoolPtrOutput) +} + // The maximum amount of time a connection may be reused. func (o SecretsMountOracleOutput) MaxConnectionLifetime() pulumi.IntPtrOutput { return o.ApplyT(func(v SecretsMountOracle) *int { return v.MaxConnectionLifetime }).(pulumi.IntPtrOutput) @@ -8443,6 +8494,11 @@ func (o SecretsMountOracleOutput) RootRotationStatements() pulumi.StringArrayOut return o.ApplyT(func(v SecretsMountOracle) []string { return v.RootRotationStatements }).(pulumi.StringArrayOutput) } +// Set to true in order to split statements after semi-colons. +func (o SecretsMountOracleOutput) SplitStatements() pulumi.BoolPtrOutput { + return o.ApplyT(func(v SecretsMountOracle) *bool { return v.SplitStatements }).(pulumi.BoolPtrOutput) +} + // The root credential username used in the connection URL. func (o SecretsMountOracleOutput) Username() pulumi.StringPtrOutput { return o.ApplyT(func(v SecretsMountOracle) *string { return v.Username }).(pulumi.StringPtrOutput) diff --git a/sdk/go/vault/secrets/init.go b/sdk/go/vault/secrets/init.go new file mode 100644 index 000000000..0b3f3da0e --- /dev/null +++ b/sdk/go/vault/secrets/init.go @@ -0,0 +1,86 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package secrets + +import ( + "fmt" + + "github.com/blang/semver" + "github.com/pulumi/pulumi-vault/sdk/v5/go/vault/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +type module struct { + version semver.Version +} + +func (m *module) Version() semver.Version { + return m.version +} + +func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi.Resource, err error) { + switch typ { + case "vault:secrets/syncAssociation:SyncAssociation": + r = &SyncAssociation{} + case "vault:secrets/syncAwsDestination:SyncAwsDestination": + r = &SyncAwsDestination{} + case "vault:secrets/syncAzureDestination:SyncAzureDestination": + r = &SyncAzureDestination{} + case "vault:secrets/syncConfig:SyncConfig": + r = &SyncConfig{} + case "vault:secrets/syncGcpDestination:SyncGcpDestination": + r = &SyncGcpDestination{} + case "vault:secrets/syncGhDestination:SyncGhDestination": + r = &SyncGhDestination{} + case "vault:secrets/syncVercelDestination:SyncVercelDestination": + r = &SyncVercelDestination{} + default: + return nil, fmt.Errorf("unknown resource type: %s", typ) + } + + err = ctx.RegisterResource(typ, name, nil, r, pulumi.URN_(urn)) + return +} + +func init() { + version, err := internal.PkgVersion() + if err != nil { + version = semver.Version{Major: 1} + } + pulumi.RegisterResourceModule( + "vault", + "secrets/syncAssociation", + &module{version}, + ) + pulumi.RegisterResourceModule( + "vault", + "secrets/syncAwsDestination", + &module{version}, + ) + pulumi.RegisterResourceModule( + "vault", + "secrets/syncAzureDestination", + &module{version}, + ) + pulumi.RegisterResourceModule( + "vault", + "secrets/syncConfig", + &module{version}, + ) + pulumi.RegisterResourceModule( + "vault", + "secrets/syncGcpDestination", + &module{version}, + ) + pulumi.RegisterResourceModule( + "vault", + "secrets/syncGhDestination", + &module{version}, + ) + pulumi.RegisterResourceModule( + "vault", + "secrets/syncVercelDestination", + &module{version}, + ) +} diff --git a/sdk/go/vault/secrets/syncAssociation.go b/sdk/go/vault/secrets/syncAssociation.go new file mode 100644 index 000000000..1f7028a33 --- /dev/null +++ b/sdk/go/vault/secrets/syncAssociation.go @@ -0,0 +1,384 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package secrets + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-vault/sdk/v5/go/vault/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// ## Example Usage +// +// ```go +// package main +// +// import ( +// +// "encoding/json" +// +// "github.com/pulumi/pulumi-vault/sdk/v5/go/vault" +// "github.com/pulumi/pulumi-vault/sdk/v5/go/vault/kv" +// "github.com/pulumi/pulumi-vault/sdk/v5/go/vault/secrets" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// kvv2, err := vault.NewMount(ctx, "kvv2", &vault.MountArgs{ +// Path: pulumi.String("kvv2"), +// Type: pulumi.String("kv"), +// Options: pulumi.Map{ +// "version": pulumi.Any("2"), +// }, +// Description: pulumi.String("KV Version 2 secret engine mount"), +// }) +// if err != nil { +// return err +// } +// tmpJSON0, err := json.Marshal(map[string]interface{}{ +// "dev": "B!gS3cr3t", +// "prod": "S3cureP4$$", +// }) +// if err != nil { +// return err +// } +// json0 := string(tmpJSON0) +// token, err := kv.NewSecretV2(ctx, "token", &kv.SecretV2Args{ +// Mount: kvv2.Path, +// DataJson: pulumi.String(json0), +// }) +// if err != nil { +// return err +// } +// gh, err := secrets.NewSyncGhDestination(ctx, "gh", &secrets.SyncGhDestinationArgs{ +// AccessToken: pulumi.Any(_var.Access_token), +// RepositoryOwner: pulumi.Any(_var.Repo_owner), +// RepositoryName: pulumi.String("repo-name-example"), +// SecretNameTemplate: pulumi.String("vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}"), +// }) +// if err != nil { +// return err +// } +// _, err = secrets.NewSyncAssociation(ctx, "ghToken", &secrets.SyncAssociationArgs{ +// Type: gh.Type, +// Mount: kvv2.Path, +// SecretName: token.Name, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +type SyncAssociation struct { + pulumi.CustomResourceState + + // Specifies the mount where the secret is located. + Mount pulumi.StringOutput `pulumi:"mount"` + // Specifies the name of the destination. + Name pulumi.StringOutput `pulumi:"name"` + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace pulumi.StringPtrOutput `pulumi:"namespace"` + // Specifies the name of the secret to synchronize. + SecretName pulumi.StringOutput `pulumi:"secretName"` + // Specifies the status of the association (for eg. `SYNCED`). + SyncStatus pulumi.StringOutput `pulumi:"syncStatus"` + // Specifies the destination type. + Type pulumi.StringOutput `pulumi:"type"` + // Duration string specifying when the secret was last updated. + UpdatedAt pulumi.StringOutput `pulumi:"updatedAt"` +} + +// NewSyncAssociation registers a new resource with the given unique name, arguments, and options. +func NewSyncAssociation(ctx *pulumi.Context, + name string, args *SyncAssociationArgs, opts ...pulumi.ResourceOption) (*SyncAssociation, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.Mount == nil { + return nil, errors.New("invalid value for required argument 'Mount'") + } + if args.SecretName == nil { + return nil, errors.New("invalid value for required argument 'SecretName'") + } + if args.Type == nil { + return nil, errors.New("invalid value for required argument 'Type'") + } + opts = internal.PkgResourceDefaultOpts(opts) + var resource SyncAssociation + err := ctx.RegisterResource("vault:secrets/syncAssociation:SyncAssociation", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetSyncAssociation gets an existing SyncAssociation resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetSyncAssociation(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *SyncAssociationState, opts ...pulumi.ResourceOption) (*SyncAssociation, error) { + var resource SyncAssociation + err := ctx.ReadResource("vault:secrets/syncAssociation:SyncAssociation", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering SyncAssociation resources. +type syncAssociationState struct { + // Specifies the mount where the secret is located. + Mount *string `pulumi:"mount"` + // Specifies the name of the destination. + Name *string `pulumi:"name"` + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace *string `pulumi:"namespace"` + // Specifies the name of the secret to synchronize. + SecretName *string `pulumi:"secretName"` + // Specifies the status of the association (for eg. `SYNCED`). + SyncStatus *string `pulumi:"syncStatus"` + // Specifies the destination type. + Type *string `pulumi:"type"` + // Duration string specifying when the secret was last updated. + UpdatedAt *string `pulumi:"updatedAt"` +} + +type SyncAssociationState struct { + // Specifies the mount where the secret is located. + Mount pulumi.StringPtrInput + // Specifies the name of the destination. + Name pulumi.StringPtrInput + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace pulumi.StringPtrInput + // Specifies the name of the secret to synchronize. + SecretName pulumi.StringPtrInput + // Specifies the status of the association (for eg. `SYNCED`). + SyncStatus pulumi.StringPtrInput + // Specifies the destination type. + Type pulumi.StringPtrInput + // Duration string specifying when the secret was last updated. + UpdatedAt pulumi.StringPtrInput +} + +func (SyncAssociationState) ElementType() reflect.Type { + return reflect.TypeOf((*syncAssociationState)(nil)).Elem() +} + +type syncAssociationArgs struct { + // Specifies the mount where the secret is located. + Mount string `pulumi:"mount"` + // Specifies the name of the destination. + Name *string `pulumi:"name"` + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace *string `pulumi:"namespace"` + // Specifies the name of the secret to synchronize. + SecretName string `pulumi:"secretName"` + // Specifies the destination type. + Type string `pulumi:"type"` +} + +// The set of arguments for constructing a SyncAssociation resource. +type SyncAssociationArgs struct { + // Specifies the mount where the secret is located. + Mount pulumi.StringInput + // Specifies the name of the destination. + Name pulumi.StringPtrInput + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace pulumi.StringPtrInput + // Specifies the name of the secret to synchronize. + SecretName pulumi.StringInput + // Specifies the destination type. + Type pulumi.StringInput +} + +func (SyncAssociationArgs) ElementType() reflect.Type { + return reflect.TypeOf((*syncAssociationArgs)(nil)).Elem() +} + +type SyncAssociationInput interface { + pulumi.Input + + ToSyncAssociationOutput() SyncAssociationOutput + ToSyncAssociationOutputWithContext(ctx context.Context) SyncAssociationOutput +} + +func (*SyncAssociation) ElementType() reflect.Type { + return reflect.TypeOf((**SyncAssociation)(nil)).Elem() +} + +func (i *SyncAssociation) ToSyncAssociationOutput() SyncAssociationOutput { + return i.ToSyncAssociationOutputWithContext(context.Background()) +} + +func (i *SyncAssociation) ToSyncAssociationOutputWithContext(ctx context.Context) SyncAssociationOutput { + return pulumi.ToOutputWithContext(ctx, i).(SyncAssociationOutput) +} + +// SyncAssociationArrayInput is an input type that accepts SyncAssociationArray and SyncAssociationArrayOutput values. +// You can construct a concrete instance of `SyncAssociationArrayInput` via: +// +// SyncAssociationArray{ SyncAssociationArgs{...} } +type SyncAssociationArrayInput interface { + pulumi.Input + + ToSyncAssociationArrayOutput() SyncAssociationArrayOutput + ToSyncAssociationArrayOutputWithContext(context.Context) SyncAssociationArrayOutput +} + +type SyncAssociationArray []SyncAssociationInput + +func (SyncAssociationArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SyncAssociation)(nil)).Elem() +} + +func (i SyncAssociationArray) ToSyncAssociationArrayOutput() SyncAssociationArrayOutput { + return i.ToSyncAssociationArrayOutputWithContext(context.Background()) +} + +func (i SyncAssociationArray) ToSyncAssociationArrayOutputWithContext(ctx context.Context) SyncAssociationArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(SyncAssociationArrayOutput) +} + +// SyncAssociationMapInput is an input type that accepts SyncAssociationMap and SyncAssociationMapOutput values. +// You can construct a concrete instance of `SyncAssociationMapInput` via: +// +// SyncAssociationMap{ "key": SyncAssociationArgs{...} } +type SyncAssociationMapInput interface { + pulumi.Input + + ToSyncAssociationMapOutput() SyncAssociationMapOutput + ToSyncAssociationMapOutputWithContext(context.Context) SyncAssociationMapOutput +} + +type SyncAssociationMap map[string]SyncAssociationInput + +func (SyncAssociationMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SyncAssociation)(nil)).Elem() +} + +func (i SyncAssociationMap) ToSyncAssociationMapOutput() SyncAssociationMapOutput { + return i.ToSyncAssociationMapOutputWithContext(context.Background()) +} + +func (i SyncAssociationMap) ToSyncAssociationMapOutputWithContext(ctx context.Context) SyncAssociationMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(SyncAssociationMapOutput) +} + +type SyncAssociationOutput struct{ *pulumi.OutputState } + +func (SyncAssociationOutput) ElementType() reflect.Type { + return reflect.TypeOf((**SyncAssociation)(nil)).Elem() +} + +func (o SyncAssociationOutput) ToSyncAssociationOutput() SyncAssociationOutput { + return o +} + +func (o SyncAssociationOutput) ToSyncAssociationOutputWithContext(ctx context.Context) SyncAssociationOutput { + return o +} + +// Specifies the mount where the secret is located. +func (o SyncAssociationOutput) Mount() pulumi.StringOutput { + return o.ApplyT(func(v *SyncAssociation) pulumi.StringOutput { return v.Mount }).(pulumi.StringOutput) +} + +// Specifies the name of the destination. +func (o SyncAssociationOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v *SyncAssociation) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) +} + +// The namespace to provision the resource in. +// The value should not contain leading or trailing forward slashes. +// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). +func (o SyncAssociationOutput) Namespace() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SyncAssociation) pulumi.StringPtrOutput { return v.Namespace }).(pulumi.StringPtrOutput) +} + +// Specifies the name of the secret to synchronize. +func (o SyncAssociationOutput) SecretName() pulumi.StringOutput { + return o.ApplyT(func(v *SyncAssociation) pulumi.StringOutput { return v.SecretName }).(pulumi.StringOutput) +} + +// Specifies the status of the association (for eg. `SYNCED`). +func (o SyncAssociationOutput) SyncStatus() pulumi.StringOutput { + return o.ApplyT(func(v *SyncAssociation) pulumi.StringOutput { return v.SyncStatus }).(pulumi.StringOutput) +} + +// Specifies the destination type. +func (o SyncAssociationOutput) Type() pulumi.StringOutput { + return o.ApplyT(func(v *SyncAssociation) pulumi.StringOutput { return v.Type }).(pulumi.StringOutput) +} + +// Duration string specifying when the secret was last updated. +func (o SyncAssociationOutput) UpdatedAt() pulumi.StringOutput { + return o.ApplyT(func(v *SyncAssociation) pulumi.StringOutput { return v.UpdatedAt }).(pulumi.StringOutput) +} + +type SyncAssociationArrayOutput struct{ *pulumi.OutputState } + +func (SyncAssociationArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SyncAssociation)(nil)).Elem() +} + +func (o SyncAssociationArrayOutput) ToSyncAssociationArrayOutput() SyncAssociationArrayOutput { + return o +} + +func (o SyncAssociationArrayOutput) ToSyncAssociationArrayOutputWithContext(ctx context.Context) SyncAssociationArrayOutput { + return o +} + +func (o SyncAssociationArrayOutput) Index(i pulumi.IntInput) SyncAssociationOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *SyncAssociation { + return vs[0].([]*SyncAssociation)[vs[1].(int)] + }).(SyncAssociationOutput) +} + +type SyncAssociationMapOutput struct{ *pulumi.OutputState } + +func (SyncAssociationMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SyncAssociation)(nil)).Elem() +} + +func (o SyncAssociationMapOutput) ToSyncAssociationMapOutput() SyncAssociationMapOutput { + return o +} + +func (o SyncAssociationMapOutput) ToSyncAssociationMapOutputWithContext(ctx context.Context) SyncAssociationMapOutput { + return o +} + +func (o SyncAssociationMapOutput) MapIndex(k pulumi.StringInput) SyncAssociationOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *SyncAssociation { + return vs[0].(map[string]*SyncAssociation)[vs[1].(string)] + }).(SyncAssociationOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*SyncAssociationInput)(nil)).Elem(), &SyncAssociation{}) + pulumi.RegisterInputType(reflect.TypeOf((*SyncAssociationArrayInput)(nil)).Elem(), SyncAssociationArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*SyncAssociationMapInput)(nil)).Elem(), SyncAssociationMap{}) + pulumi.RegisterOutputType(SyncAssociationOutput{}) + pulumi.RegisterOutputType(SyncAssociationArrayOutput{}) + pulumi.RegisterOutputType(SyncAssociationMapOutput{}) +} diff --git a/sdk/go/vault/secrets/syncAwsDestination.go b/sdk/go/vault/secrets/syncAwsDestination.go new file mode 100644 index 000000000..9ffbab218 --- /dev/null +++ b/sdk/go/vault/secrets/syncAwsDestination.go @@ -0,0 +1,417 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package secrets + +import ( + "context" + "reflect" + + "github.com/pulumi/pulumi-vault/sdk/v5/go/vault/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// ## Example Usage +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-vault/sdk/v5/go/vault/secrets" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := secrets.NewSyncAwsDestination(ctx, "aws", &secrets.SyncAwsDestinationArgs{ +// AccessKeyId: pulumi.Any(_var.Access_key_id), +// SecretAccessKey: pulumi.Any(_var.Secret_access_key), +// Region: pulumi.String("us-east-1"), +// SecretNameTemplate: pulumi.String("vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}"), +// CustomTags: pulumi.Map{ +// "foo": pulumi.Any("bar"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// AWS Secrets sync destinations can be imported using the `name`, e.g. +// +// ```sh +// +// $ pulumi import vault:secrets/syncAwsDestination:SyncAwsDestination aws aws-dest +// +// ``` +type SyncAwsDestination struct { + pulumi.CustomResourceState + + // Access key id to authenticate against the AWS secrets manager. + // Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + // variable. + AccessKeyId pulumi.StringPtrOutput `pulumi:"accessKeyId"` + // Custom tags to set on the secret managed at the destination. + CustomTags pulumi.MapOutput `pulumi:"customTags"` + // Unique name of the AWS destination. + Name pulumi.StringOutput `pulumi:"name"` + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace pulumi.StringPtrOutput `pulumi:"namespace"` + // Region where to manage the secrets manager entries. + // Can be omitted and directly provided to Vault using the `AWS_REGION` environment + // variable. + Region pulumi.StringPtrOutput `pulumi:"region"` + // Secret access key to authenticate against the AWS secrets manager. + // Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + // variable. + SecretAccessKey pulumi.StringPtrOutput `pulumi:"secretAccessKey"` + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate pulumi.StringOutput `pulumi:"secretNameTemplate"` + // The type of the secrets destination (`aws-sm`). + Type pulumi.StringOutput `pulumi:"type"` +} + +// NewSyncAwsDestination registers a new resource with the given unique name, arguments, and options. +func NewSyncAwsDestination(ctx *pulumi.Context, + name string, args *SyncAwsDestinationArgs, opts ...pulumi.ResourceOption) (*SyncAwsDestination, error) { + if args == nil { + args = &SyncAwsDestinationArgs{} + } + + if args.SecretAccessKey != nil { + args.SecretAccessKey = pulumi.ToSecret(args.SecretAccessKey).(pulumi.StringPtrInput) + } + secrets := pulumi.AdditionalSecretOutputs([]string{ + "secretAccessKey", + }) + opts = append(opts, secrets) + opts = internal.PkgResourceDefaultOpts(opts) + var resource SyncAwsDestination + err := ctx.RegisterResource("vault:secrets/syncAwsDestination:SyncAwsDestination", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetSyncAwsDestination gets an existing SyncAwsDestination resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetSyncAwsDestination(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *SyncAwsDestinationState, opts ...pulumi.ResourceOption) (*SyncAwsDestination, error) { + var resource SyncAwsDestination + err := ctx.ReadResource("vault:secrets/syncAwsDestination:SyncAwsDestination", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering SyncAwsDestination resources. +type syncAwsDestinationState struct { + // Access key id to authenticate against the AWS secrets manager. + // Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + // variable. + AccessKeyId *string `pulumi:"accessKeyId"` + // Custom tags to set on the secret managed at the destination. + CustomTags map[string]interface{} `pulumi:"customTags"` + // Unique name of the AWS destination. + Name *string `pulumi:"name"` + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace *string `pulumi:"namespace"` + // Region where to manage the secrets manager entries. + // Can be omitted and directly provided to Vault using the `AWS_REGION` environment + // variable. + Region *string `pulumi:"region"` + // Secret access key to authenticate against the AWS secrets manager. + // Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + // variable. + SecretAccessKey *string `pulumi:"secretAccessKey"` + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate *string `pulumi:"secretNameTemplate"` + // The type of the secrets destination (`aws-sm`). + Type *string `pulumi:"type"` +} + +type SyncAwsDestinationState struct { + // Access key id to authenticate against the AWS secrets manager. + // Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + // variable. + AccessKeyId pulumi.StringPtrInput + // Custom tags to set on the secret managed at the destination. + CustomTags pulumi.MapInput + // Unique name of the AWS destination. + Name pulumi.StringPtrInput + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace pulumi.StringPtrInput + // Region where to manage the secrets manager entries. + // Can be omitted and directly provided to Vault using the `AWS_REGION` environment + // variable. + Region pulumi.StringPtrInput + // Secret access key to authenticate against the AWS secrets manager. + // Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + // variable. + SecretAccessKey pulumi.StringPtrInput + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate pulumi.StringPtrInput + // The type of the secrets destination (`aws-sm`). + Type pulumi.StringPtrInput +} + +func (SyncAwsDestinationState) ElementType() reflect.Type { + return reflect.TypeOf((*syncAwsDestinationState)(nil)).Elem() +} + +type syncAwsDestinationArgs struct { + // Access key id to authenticate against the AWS secrets manager. + // Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + // variable. + AccessKeyId *string `pulumi:"accessKeyId"` + // Custom tags to set on the secret managed at the destination. + CustomTags map[string]interface{} `pulumi:"customTags"` + // Unique name of the AWS destination. + Name *string `pulumi:"name"` + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace *string `pulumi:"namespace"` + // Region where to manage the secrets manager entries. + // Can be omitted and directly provided to Vault using the `AWS_REGION` environment + // variable. + Region *string `pulumi:"region"` + // Secret access key to authenticate against the AWS secrets manager. + // Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + // variable. + SecretAccessKey *string `pulumi:"secretAccessKey"` + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate *string `pulumi:"secretNameTemplate"` +} + +// The set of arguments for constructing a SyncAwsDestination resource. +type SyncAwsDestinationArgs struct { + // Access key id to authenticate against the AWS secrets manager. + // Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + // variable. + AccessKeyId pulumi.StringPtrInput + // Custom tags to set on the secret managed at the destination. + CustomTags pulumi.MapInput + // Unique name of the AWS destination. + Name pulumi.StringPtrInput + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace pulumi.StringPtrInput + // Region where to manage the secrets manager entries. + // Can be omitted and directly provided to Vault using the `AWS_REGION` environment + // variable. + Region pulumi.StringPtrInput + // Secret access key to authenticate against the AWS secrets manager. + // Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + // variable. + SecretAccessKey pulumi.StringPtrInput + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate pulumi.StringPtrInput +} + +func (SyncAwsDestinationArgs) ElementType() reflect.Type { + return reflect.TypeOf((*syncAwsDestinationArgs)(nil)).Elem() +} + +type SyncAwsDestinationInput interface { + pulumi.Input + + ToSyncAwsDestinationOutput() SyncAwsDestinationOutput + ToSyncAwsDestinationOutputWithContext(ctx context.Context) SyncAwsDestinationOutput +} + +func (*SyncAwsDestination) ElementType() reflect.Type { + return reflect.TypeOf((**SyncAwsDestination)(nil)).Elem() +} + +func (i *SyncAwsDestination) ToSyncAwsDestinationOutput() SyncAwsDestinationOutput { + return i.ToSyncAwsDestinationOutputWithContext(context.Background()) +} + +func (i *SyncAwsDestination) ToSyncAwsDestinationOutputWithContext(ctx context.Context) SyncAwsDestinationOutput { + return pulumi.ToOutputWithContext(ctx, i).(SyncAwsDestinationOutput) +} + +// SyncAwsDestinationArrayInput is an input type that accepts SyncAwsDestinationArray and SyncAwsDestinationArrayOutput values. +// You can construct a concrete instance of `SyncAwsDestinationArrayInput` via: +// +// SyncAwsDestinationArray{ SyncAwsDestinationArgs{...} } +type SyncAwsDestinationArrayInput interface { + pulumi.Input + + ToSyncAwsDestinationArrayOutput() SyncAwsDestinationArrayOutput + ToSyncAwsDestinationArrayOutputWithContext(context.Context) SyncAwsDestinationArrayOutput +} + +type SyncAwsDestinationArray []SyncAwsDestinationInput + +func (SyncAwsDestinationArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SyncAwsDestination)(nil)).Elem() +} + +func (i SyncAwsDestinationArray) ToSyncAwsDestinationArrayOutput() SyncAwsDestinationArrayOutput { + return i.ToSyncAwsDestinationArrayOutputWithContext(context.Background()) +} + +func (i SyncAwsDestinationArray) ToSyncAwsDestinationArrayOutputWithContext(ctx context.Context) SyncAwsDestinationArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(SyncAwsDestinationArrayOutput) +} + +// SyncAwsDestinationMapInput is an input type that accepts SyncAwsDestinationMap and SyncAwsDestinationMapOutput values. +// You can construct a concrete instance of `SyncAwsDestinationMapInput` via: +// +// SyncAwsDestinationMap{ "key": SyncAwsDestinationArgs{...} } +type SyncAwsDestinationMapInput interface { + pulumi.Input + + ToSyncAwsDestinationMapOutput() SyncAwsDestinationMapOutput + ToSyncAwsDestinationMapOutputWithContext(context.Context) SyncAwsDestinationMapOutput +} + +type SyncAwsDestinationMap map[string]SyncAwsDestinationInput + +func (SyncAwsDestinationMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SyncAwsDestination)(nil)).Elem() +} + +func (i SyncAwsDestinationMap) ToSyncAwsDestinationMapOutput() SyncAwsDestinationMapOutput { + return i.ToSyncAwsDestinationMapOutputWithContext(context.Background()) +} + +func (i SyncAwsDestinationMap) ToSyncAwsDestinationMapOutputWithContext(ctx context.Context) SyncAwsDestinationMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(SyncAwsDestinationMapOutput) +} + +type SyncAwsDestinationOutput struct{ *pulumi.OutputState } + +func (SyncAwsDestinationOutput) ElementType() reflect.Type { + return reflect.TypeOf((**SyncAwsDestination)(nil)).Elem() +} + +func (o SyncAwsDestinationOutput) ToSyncAwsDestinationOutput() SyncAwsDestinationOutput { + return o +} + +func (o SyncAwsDestinationOutput) ToSyncAwsDestinationOutputWithContext(ctx context.Context) SyncAwsDestinationOutput { + return o +} + +// Access key id to authenticate against the AWS secrets manager. +// Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment +// variable. +func (o SyncAwsDestinationOutput) AccessKeyId() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SyncAwsDestination) pulumi.StringPtrOutput { return v.AccessKeyId }).(pulumi.StringPtrOutput) +} + +// Custom tags to set on the secret managed at the destination. +func (o SyncAwsDestinationOutput) CustomTags() pulumi.MapOutput { + return o.ApplyT(func(v *SyncAwsDestination) pulumi.MapOutput { return v.CustomTags }).(pulumi.MapOutput) +} + +// Unique name of the AWS destination. +func (o SyncAwsDestinationOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v *SyncAwsDestination) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) +} + +// The namespace to provision the resource in. +// The value should not contain leading or trailing forward slashes. +// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). +func (o SyncAwsDestinationOutput) Namespace() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SyncAwsDestination) pulumi.StringPtrOutput { return v.Namespace }).(pulumi.StringPtrOutput) +} + +// Region where to manage the secrets manager entries. +// Can be omitted and directly provided to Vault using the `AWS_REGION` environment +// variable. +func (o SyncAwsDestinationOutput) Region() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SyncAwsDestination) pulumi.StringPtrOutput { return v.Region }).(pulumi.StringPtrOutput) +} + +// Secret access key to authenticate against the AWS secrets manager. +// Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment +// variable. +func (o SyncAwsDestinationOutput) SecretAccessKey() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SyncAwsDestination) pulumi.StringPtrOutput { return v.SecretAccessKey }).(pulumi.StringPtrOutput) +} + +// Template describing how to generate external secret names. +// Supports a subset of the Go Template syntax. +func (o SyncAwsDestinationOutput) SecretNameTemplate() pulumi.StringOutput { + return o.ApplyT(func(v *SyncAwsDestination) pulumi.StringOutput { return v.SecretNameTemplate }).(pulumi.StringOutput) +} + +// The type of the secrets destination (`aws-sm`). +func (o SyncAwsDestinationOutput) Type() pulumi.StringOutput { + return o.ApplyT(func(v *SyncAwsDestination) pulumi.StringOutput { return v.Type }).(pulumi.StringOutput) +} + +type SyncAwsDestinationArrayOutput struct{ *pulumi.OutputState } + +func (SyncAwsDestinationArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SyncAwsDestination)(nil)).Elem() +} + +func (o SyncAwsDestinationArrayOutput) ToSyncAwsDestinationArrayOutput() SyncAwsDestinationArrayOutput { + return o +} + +func (o SyncAwsDestinationArrayOutput) ToSyncAwsDestinationArrayOutputWithContext(ctx context.Context) SyncAwsDestinationArrayOutput { + return o +} + +func (o SyncAwsDestinationArrayOutput) Index(i pulumi.IntInput) SyncAwsDestinationOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *SyncAwsDestination { + return vs[0].([]*SyncAwsDestination)[vs[1].(int)] + }).(SyncAwsDestinationOutput) +} + +type SyncAwsDestinationMapOutput struct{ *pulumi.OutputState } + +func (SyncAwsDestinationMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SyncAwsDestination)(nil)).Elem() +} + +func (o SyncAwsDestinationMapOutput) ToSyncAwsDestinationMapOutput() SyncAwsDestinationMapOutput { + return o +} + +func (o SyncAwsDestinationMapOutput) ToSyncAwsDestinationMapOutputWithContext(ctx context.Context) SyncAwsDestinationMapOutput { + return o +} + +func (o SyncAwsDestinationMapOutput) MapIndex(k pulumi.StringInput) SyncAwsDestinationOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *SyncAwsDestination { + return vs[0].(map[string]*SyncAwsDestination)[vs[1].(string)] + }).(SyncAwsDestinationOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*SyncAwsDestinationInput)(nil)).Elem(), &SyncAwsDestination{}) + pulumi.RegisterInputType(reflect.TypeOf((*SyncAwsDestinationArrayInput)(nil)).Elem(), SyncAwsDestinationArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*SyncAwsDestinationMapInput)(nil)).Elem(), SyncAwsDestinationMap{}) + pulumi.RegisterOutputType(SyncAwsDestinationOutput{}) + pulumi.RegisterOutputType(SyncAwsDestinationArrayOutput{}) + pulumi.RegisterOutputType(SyncAwsDestinationMapOutput{}) +} diff --git a/sdk/go/vault/secrets/syncAzureDestination.go b/sdk/go/vault/secrets/syncAzureDestination.go new file mode 100644 index 000000000..d218bc543 --- /dev/null +++ b/sdk/go/vault/secrets/syncAzureDestination.go @@ -0,0 +1,460 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package secrets + +import ( + "context" + "reflect" + + "github.com/pulumi/pulumi-vault/sdk/v5/go/vault/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// ## Example Usage +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-vault/sdk/v5/go/vault/secrets" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := secrets.NewSyncAzureDestination(ctx, "az", &secrets.SyncAzureDestinationArgs{ +// KeyVaultUri: pulumi.Any(_var.Key_vault_uri), +// ClientId: pulumi.Any(_var.Client_id), +// ClientSecret: pulumi.Any(_var.Client_secret), +// TenantId: pulumi.Any(_var.Tenant_id), +// SecretNameTemplate: pulumi.String("vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}"), +// CustomTags: pulumi.Map{ +// "foo": pulumi.Any("bar"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// Azure Secrets sync destinations can be imported using the `name`, e.g. +// +// ```sh +// +// $ pulumi import vault:secrets/syncAzureDestination:SyncAzureDestination az az-dest +// +// ``` +type SyncAzureDestination struct { + pulumi.CustomResourceState + + // Client ID of an Azure app registration. + // Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + // variable. + ClientId pulumi.StringPtrOutput `pulumi:"clientId"` + // Client Secret of an Azure app registration. + // Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + // variable. + ClientSecret pulumi.StringPtrOutput `pulumi:"clientSecret"` + // Specifies a cloud for the client. The default is Azure Public Cloud. + Cloud pulumi.StringPtrOutput `pulumi:"cloud"` + // Custom tags to set on the secret managed at the destination. + CustomTags pulumi.MapOutput `pulumi:"customTags"` + // URI of an existing Azure Key Vault instance. + // Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + // variable. + KeyVaultUri pulumi.StringPtrOutput `pulumi:"keyVaultUri"` + // Unique name of the Azure destination. + Name pulumi.StringOutput `pulumi:"name"` + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace pulumi.StringPtrOutput `pulumi:"namespace"` + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate pulumi.StringOutput `pulumi:"secretNameTemplate"` + // ID of the target Azure tenant. + // Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + // variable. + TenantId pulumi.StringPtrOutput `pulumi:"tenantId"` + // The type of the secrets destination (`azure-kv`). + Type pulumi.StringOutput `pulumi:"type"` +} + +// NewSyncAzureDestination registers a new resource with the given unique name, arguments, and options. +func NewSyncAzureDestination(ctx *pulumi.Context, + name string, args *SyncAzureDestinationArgs, opts ...pulumi.ResourceOption) (*SyncAzureDestination, error) { + if args == nil { + args = &SyncAzureDestinationArgs{} + } + + if args.ClientSecret != nil { + args.ClientSecret = pulumi.ToSecret(args.ClientSecret).(pulumi.StringPtrInput) + } + secrets := pulumi.AdditionalSecretOutputs([]string{ + "clientSecret", + }) + opts = append(opts, secrets) + opts = internal.PkgResourceDefaultOpts(opts) + var resource SyncAzureDestination + err := ctx.RegisterResource("vault:secrets/syncAzureDestination:SyncAzureDestination", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetSyncAzureDestination gets an existing SyncAzureDestination resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetSyncAzureDestination(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *SyncAzureDestinationState, opts ...pulumi.ResourceOption) (*SyncAzureDestination, error) { + var resource SyncAzureDestination + err := ctx.ReadResource("vault:secrets/syncAzureDestination:SyncAzureDestination", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering SyncAzureDestination resources. +type syncAzureDestinationState struct { + // Client ID of an Azure app registration. + // Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + // variable. + ClientId *string `pulumi:"clientId"` + // Client Secret of an Azure app registration. + // Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + // variable. + ClientSecret *string `pulumi:"clientSecret"` + // Specifies a cloud for the client. The default is Azure Public Cloud. + Cloud *string `pulumi:"cloud"` + // Custom tags to set on the secret managed at the destination. + CustomTags map[string]interface{} `pulumi:"customTags"` + // URI of an existing Azure Key Vault instance. + // Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + // variable. + KeyVaultUri *string `pulumi:"keyVaultUri"` + // Unique name of the Azure destination. + Name *string `pulumi:"name"` + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace *string `pulumi:"namespace"` + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate *string `pulumi:"secretNameTemplate"` + // ID of the target Azure tenant. + // Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + // variable. + TenantId *string `pulumi:"tenantId"` + // The type of the secrets destination (`azure-kv`). + Type *string `pulumi:"type"` +} + +type SyncAzureDestinationState struct { + // Client ID of an Azure app registration. + // Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + // variable. + ClientId pulumi.StringPtrInput + // Client Secret of an Azure app registration. + // Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + // variable. + ClientSecret pulumi.StringPtrInput + // Specifies a cloud for the client. The default is Azure Public Cloud. + Cloud pulumi.StringPtrInput + // Custom tags to set on the secret managed at the destination. + CustomTags pulumi.MapInput + // URI of an existing Azure Key Vault instance. + // Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + // variable. + KeyVaultUri pulumi.StringPtrInput + // Unique name of the Azure destination. + Name pulumi.StringPtrInput + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace pulumi.StringPtrInput + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate pulumi.StringPtrInput + // ID of the target Azure tenant. + // Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + // variable. + TenantId pulumi.StringPtrInput + // The type of the secrets destination (`azure-kv`). + Type pulumi.StringPtrInput +} + +func (SyncAzureDestinationState) ElementType() reflect.Type { + return reflect.TypeOf((*syncAzureDestinationState)(nil)).Elem() +} + +type syncAzureDestinationArgs struct { + // Client ID of an Azure app registration. + // Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + // variable. + ClientId *string `pulumi:"clientId"` + // Client Secret of an Azure app registration. + // Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + // variable. + ClientSecret *string `pulumi:"clientSecret"` + // Specifies a cloud for the client. The default is Azure Public Cloud. + Cloud *string `pulumi:"cloud"` + // Custom tags to set on the secret managed at the destination. + CustomTags map[string]interface{} `pulumi:"customTags"` + // URI of an existing Azure Key Vault instance. + // Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + // variable. + KeyVaultUri *string `pulumi:"keyVaultUri"` + // Unique name of the Azure destination. + Name *string `pulumi:"name"` + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace *string `pulumi:"namespace"` + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate *string `pulumi:"secretNameTemplate"` + // ID of the target Azure tenant. + // Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + // variable. + TenantId *string `pulumi:"tenantId"` +} + +// The set of arguments for constructing a SyncAzureDestination resource. +type SyncAzureDestinationArgs struct { + // Client ID of an Azure app registration. + // Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + // variable. + ClientId pulumi.StringPtrInput + // Client Secret of an Azure app registration. + // Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + // variable. + ClientSecret pulumi.StringPtrInput + // Specifies a cloud for the client. The default is Azure Public Cloud. + Cloud pulumi.StringPtrInput + // Custom tags to set on the secret managed at the destination. + CustomTags pulumi.MapInput + // URI of an existing Azure Key Vault instance. + // Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + // variable. + KeyVaultUri pulumi.StringPtrInput + // Unique name of the Azure destination. + Name pulumi.StringPtrInput + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace pulumi.StringPtrInput + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate pulumi.StringPtrInput + // ID of the target Azure tenant. + // Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + // variable. + TenantId pulumi.StringPtrInput +} + +func (SyncAzureDestinationArgs) ElementType() reflect.Type { + return reflect.TypeOf((*syncAzureDestinationArgs)(nil)).Elem() +} + +type SyncAzureDestinationInput interface { + pulumi.Input + + ToSyncAzureDestinationOutput() SyncAzureDestinationOutput + ToSyncAzureDestinationOutputWithContext(ctx context.Context) SyncAzureDestinationOutput +} + +func (*SyncAzureDestination) ElementType() reflect.Type { + return reflect.TypeOf((**SyncAzureDestination)(nil)).Elem() +} + +func (i *SyncAzureDestination) ToSyncAzureDestinationOutput() SyncAzureDestinationOutput { + return i.ToSyncAzureDestinationOutputWithContext(context.Background()) +} + +func (i *SyncAzureDestination) ToSyncAzureDestinationOutputWithContext(ctx context.Context) SyncAzureDestinationOutput { + return pulumi.ToOutputWithContext(ctx, i).(SyncAzureDestinationOutput) +} + +// SyncAzureDestinationArrayInput is an input type that accepts SyncAzureDestinationArray and SyncAzureDestinationArrayOutput values. +// You can construct a concrete instance of `SyncAzureDestinationArrayInput` via: +// +// SyncAzureDestinationArray{ SyncAzureDestinationArgs{...} } +type SyncAzureDestinationArrayInput interface { + pulumi.Input + + ToSyncAzureDestinationArrayOutput() SyncAzureDestinationArrayOutput + ToSyncAzureDestinationArrayOutputWithContext(context.Context) SyncAzureDestinationArrayOutput +} + +type SyncAzureDestinationArray []SyncAzureDestinationInput + +func (SyncAzureDestinationArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SyncAzureDestination)(nil)).Elem() +} + +func (i SyncAzureDestinationArray) ToSyncAzureDestinationArrayOutput() SyncAzureDestinationArrayOutput { + return i.ToSyncAzureDestinationArrayOutputWithContext(context.Background()) +} + +func (i SyncAzureDestinationArray) ToSyncAzureDestinationArrayOutputWithContext(ctx context.Context) SyncAzureDestinationArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(SyncAzureDestinationArrayOutput) +} + +// SyncAzureDestinationMapInput is an input type that accepts SyncAzureDestinationMap and SyncAzureDestinationMapOutput values. +// You can construct a concrete instance of `SyncAzureDestinationMapInput` via: +// +// SyncAzureDestinationMap{ "key": SyncAzureDestinationArgs{...} } +type SyncAzureDestinationMapInput interface { + pulumi.Input + + ToSyncAzureDestinationMapOutput() SyncAzureDestinationMapOutput + ToSyncAzureDestinationMapOutputWithContext(context.Context) SyncAzureDestinationMapOutput +} + +type SyncAzureDestinationMap map[string]SyncAzureDestinationInput + +func (SyncAzureDestinationMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SyncAzureDestination)(nil)).Elem() +} + +func (i SyncAzureDestinationMap) ToSyncAzureDestinationMapOutput() SyncAzureDestinationMapOutput { + return i.ToSyncAzureDestinationMapOutputWithContext(context.Background()) +} + +func (i SyncAzureDestinationMap) ToSyncAzureDestinationMapOutputWithContext(ctx context.Context) SyncAzureDestinationMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(SyncAzureDestinationMapOutput) +} + +type SyncAzureDestinationOutput struct{ *pulumi.OutputState } + +func (SyncAzureDestinationOutput) ElementType() reflect.Type { + return reflect.TypeOf((**SyncAzureDestination)(nil)).Elem() +} + +func (o SyncAzureDestinationOutput) ToSyncAzureDestinationOutput() SyncAzureDestinationOutput { + return o +} + +func (o SyncAzureDestinationOutput) ToSyncAzureDestinationOutputWithContext(ctx context.Context) SyncAzureDestinationOutput { + return o +} + +// Client ID of an Azure app registration. +// Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment +// variable. +func (o SyncAzureDestinationOutput) ClientId() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SyncAzureDestination) pulumi.StringPtrOutput { return v.ClientId }).(pulumi.StringPtrOutput) +} + +// Client Secret of an Azure app registration. +// Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment +// variable. +func (o SyncAzureDestinationOutput) ClientSecret() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SyncAzureDestination) pulumi.StringPtrOutput { return v.ClientSecret }).(pulumi.StringPtrOutput) +} + +// Specifies a cloud for the client. The default is Azure Public Cloud. +func (o SyncAzureDestinationOutput) Cloud() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SyncAzureDestination) pulumi.StringPtrOutput { return v.Cloud }).(pulumi.StringPtrOutput) +} + +// Custom tags to set on the secret managed at the destination. +func (o SyncAzureDestinationOutput) CustomTags() pulumi.MapOutput { + return o.ApplyT(func(v *SyncAzureDestination) pulumi.MapOutput { return v.CustomTags }).(pulumi.MapOutput) +} + +// URI of an existing Azure Key Vault instance. +// Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment +// variable. +func (o SyncAzureDestinationOutput) KeyVaultUri() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SyncAzureDestination) pulumi.StringPtrOutput { return v.KeyVaultUri }).(pulumi.StringPtrOutput) +} + +// Unique name of the Azure destination. +func (o SyncAzureDestinationOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v *SyncAzureDestination) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) +} + +// The namespace to provision the resource in. +// The value should not contain leading or trailing forward slashes. +// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). +func (o SyncAzureDestinationOutput) Namespace() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SyncAzureDestination) pulumi.StringPtrOutput { return v.Namespace }).(pulumi.StringPtrOutput) +} + +// Template describing how to generate external secret names. +// Supports a subset of the Go Template syntax. +func (o SyncAzureDestinationOutput) SecretNameTemplate() pulumi.StringOutput { + return o.ApplyT(func(v *SyncAzureDestination) pulumi.StringOutput { return v.SecretNameTemplate }).(pulumi.StringOutput) +} + +// ID of the target Azure tenant. +// Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment +// variable. +func (o SyncAzureDestinationOutput) TenantId() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SyncAzureDestination) pulumi.StringPtrOutput { return v.TenantId }).(pulumi.StringPtrOutput) +} + +// The type of the secrets destination (`azure-kv`). +func (o SyncAzureDestinationOutput) Type() pulumi.StringOutput { + return o.ApplyT(func(v *SyncAzureDestination) pulumi.StringOutput { return v.Type }).(pulumi.StringOutput) +} + +type SyncAzureDestinationArrayOutput struct{ *pulumi.OutputState } + +func (SyncAzureDestinationArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SyncAzureDestination)(nil)).Elem() +} + +func (o SyncAzureDestinationArrayOutput) ToSyncAzureDestinationArrayOutput() SyncAzureDestinationArrayOutput { + return o +} + +func (o SyncAzureDestinationArrayOutput) ToSyncAzureDestinationArrayOutputWithContext(ctx context.Context) SyncAzureDestinationArrayOutput { + return o +} + +func (o SyncAzureDestinationArrayOutput) Index(i pulumi.IntInput) SyncAzureDestinationOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *SyncAzureDestination { + return vs[0].([]*SyncAzureDestination)[vs[1].(int)] + }).(SyncAzureDestinationOutput) +} + +type SyncAzureDestinationMapOutput struct{ *pulumi.OutputState } + +func (SyncAzureDestinationMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SyncAzureDestination)(nil)).Elem() +} + +func (o SyncAzureDestinationMapOutput) ToSyncAzureDestinationMapOutput() SyncAzureDestinationMapOutput { + return o +} + +func (o SyncAzureDestinationMapOutput) ToSyncAzureDestinationMapOutputWithContext(ctx context.Context) SyncAzureDestinationMapOutput { + return o +} + +func (o SyncAzureDestinationMapOutput) MapIndex(k pulumi.StringInput) SyncAzureDestinationOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *SyncAzureDestination { + return vs[0].(map[string]*SyncAzureDestination)[vs[1].(string)] + }).(SyncAzureDestinationOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*SyncAzureDestinationInput)(nil)).Elem(), &SyncAzureDestination{}) + pulumi.RegisterInputType(reflect.TypeOf((*SyncAzureDestinationArrayInput)(nil)).Elem(), SyncAzureDestinationArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*SyncAzureDestinationMapInput)(nil)).Elem(), SyncAzureDestinationMap{}) + pulumi.RegisterOutputType(SyncAzureDestinationOutput{}) + pulumi.RegisterOutputType(SyncAzureDestinationArrayOutput{}) + pulumi.RegisterOutputType(SyncAzureDestinationMapOutput{}) +} diff --git a/sdk/go/vault/secrets/syncConfig.go b/sdk/go/vault/secrets/syncConfig.go new file mode 100644 index 000000000..e50827969 --- /dev/null +++ b/sdk/go/vault/secrets/syncConfig.go @@ -0,0 +1,297 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package secrets + +import ( + "context" + "reflect" + + "github.com/pulumi/pulumi-vault/sdk/v5/go/vault/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Configures the secret sync global config. +// The config is global and can only be managed in the root namespace. +// +// > **Important** The config is global so the secrets.SyncConfig resource must not be defined +// multiple times for the same Vault server. If multiple definition exists, the last one applied will be +// effective. +// +// ## Example Usage +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-vault/sdk/v5/go/vault/secrets" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := secrets.NewSyncConfig(ctx, "globalConfig", &secrets.SyncConfigArgs{ +// Disabled: pulumi.Bool(true), +// QueueCapacity: pulumi.Int(500000), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// ```sh +// +// $ pulumi import vault:secrets/syncConfig:SyncConfig config global_config +// +// ``` +type SyncConfig struct { + pulumi.CustomResourceState + + // Disables the syncing process between Vault and external destinations. Defaults to `false`. + Disabled pulumi.BoolPtrOutput `pulumi:"disabled"` + // The namespace to provision the resource in. + // This resource can only be configured in the root namespace. + // *Available only for Vault Enterprise*. + Namespace pulumi.StringPtrOutput `pulumi:"namespace"` + // Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + QueueCapacity pulumi.IntPtrOutput `pulumi:"queueCapacity"` +} + +// NewSyncConfig registers a new resource with the given unique name, arguments, and options. +func NewSyncConfig(ctx *pulumi.Context, + name string, args *SyncConfigArgs, opts ...pulumi.ResourceOption) (*SyncConfig, error) { + if args == nil { + args = &SyncConfigArgs{} + } + + opts = internal.PkgResourceDefaultOpts(opts) + var resource SyncConfig + err := ctx.RegisterResource("vault:secrets/syncConfig:SyncConfig", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetSyncConfig gets an existing SyncConfig resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetSyncConfig(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *SyncConfigState, opts ...pulumi.ResourceOption) (*SyncConfig, error) { + var resource SyncConfig + err := ctx.ReadResource("vault:secrets/syncConfig:SyncConfig", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering SyncConfig resources. +type syncConfigState struct { + // Disables the syncing process between Vault and external destinations. Defaults to `false`. + Disabled *bool `pulumi:"disabled"` + // The namespace to provision the resource in. + // This resource can only be configured in the root namespace. + // *Available only for Vault Enterprise*. + Namespace *string `pulumi:"namespace"` + // Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + QueueCapacity *int `pulumi:"queueCapacity"` +} + +type SyncConfigState struct { + // Disables the syncing process between Vault and external destinations. Defaults to `false`. + Disabled pulumi.BoolPtrInput + // The namespace to provision the resource in. + // This resource can only be configured in the root namespace. + // *Available only for Vault Enterprise*. + Namespace pulumi.StringPtrInput + // Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + QueueCapacity pulumi.IntPtrInput +} + +func (SyncConfigState) ElementType() reflect.Type { + return reflect.TypeOf((*syncConfigState)(nil)).Elem() +} + +type syncConfigArgs struct { + // Disables the syncing process between Vault and external destinations. Defaults to `false`. + Disabled *bool `pulumi:"disabled"` + // The namespace to provision the resource in. + // This resource can only be configured in the root namespace. + // *Available only for Vault Enterprise*. + Namespace *string `pulumi:"namespace"` + // Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + QueueCapacity *int `pulumi:"queueCapacity"` +} + +// The set of arguments for constructing a SyncConfig resource. +type SyncConfigArgs struct { + // Disables the syncing process between Vault and external destinations. Defaults to `false`. + Disabled pulumi.BoolPtrInput + // The namespace to provision the resource in. + // This resource can only be configured in the root namespace. + // *Available only for Vault Enterprise*. + Namespace pulumi.StringPtrInput + // Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + QueueCapacity pulumi.IntPtrInput +} + +func (SyncConfigArgs) ElementType() reflect.Type { + return reflect.TypeOf((*syncConfigArgs)(nil)).Elem() +} + +type SyncConfigInput interface { + pulumi.Input + + ToSyncConfigOutput() SyncConfigOutput + ToSyncConfigOutputWithContext(ctx context.Context) SyncConfigOutput +} + +func (*SyncConfig) ElementType() reflect.Type { + return reflect.TypeOf((**SyncConfig)(nil)).Elem() +} + +func (i *SyncConfig) ToSyncConfigOutput() SyncConfigOutput { + return i.ToSyncConfigOutputWithContext(context.Background()) +} + +func (i *SyncConfig) ToSyncConfigOutputWithContext(ctx context.Context) SyncConfigOutput { + return pulumi.ToOutputWithContext(ctx, i).(SyncConfigOutput) +} + +// SyncConfigArrayInput is an input type that accepts SyncConfigArray and SyncConfigArrayOutput values. +// You can construct a concrete instance of `SyncConfigArrayInput` via: +// +// SyncConfigArray{ SyncConfigArgs{...} } +type SyncConfigArrayInput interface { + pulumi.Input + + ToSyncConfigArrayOutput() SyncConfigArrayOutput + ToSyncConfigArrayOutputWithContext(context.Context) SyncConfigArrayOutput +} + +type SyncConfigArray []SyncConfigInput + +func (SyncConfigArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SyncConfig)(nil)).Elem() +} + +func (i SyncConfigArray) ToSyncConfigArrayOutput() SyncConfigArrayOutput { + return i.ToSyncConfigArrayOutputWithContext(context.Background()) +} + +func (i SyncConfigArray) ToSyncConfigArrayOutputWithContext(ctx context.Context) SyncConfigArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(SyncConfigArrayOutput) +} + +// SyncConfigMapInput is an input type that accepts SyncConfigMap and SyncConfigMapOutput values. +// You can construct a concrete instance of `SyncConfigMapInput` via: +// +// SyncConfigMap{ "key": SyncConfigArgs{...} } +type SyncConfigMapInput interface { + pulumi.Input + + ToSyncConfigMapOutput() SyncConfigMapOutput + ToSyncConfigMapOutputWithContext(context.Context) SyncConfigMapOutput +} + +type SyncConfigMap map[string]SyncConfigInput + +func (SyncConfigMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SyncConfig)(nil)).Elem() +} + +func (i SyncConfigMap) ToSyncConfigMapOutput() SyncConfigMapOutput { + return i.ToSyncConfigMapOutputWithContext(context.Background()) +} + +func (i SyncConfigMap) ToSyncConfigMapOutputWithContext(ctx context.Context) SyncConfigMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(SyncConfigMapOutput) +} + +type SyncConfigOutput struct{ *pulumi.OutputState } + +func (SyncConfigOutput) ElementType() reflect.Type { + return reflect.TypeOf((**SyncConfig)(nil)).Elem() +} + +func (o SyncConfigOutput) ToSyncConfigOutput() SyncConfigOutput { + return o +} + +func (o SyncConfigOutput) ToSyncConfigOutputWithContext(ctx context.Context) SyncConfigOutput { + return o +} + +// Disables the syncing process between Vault and external destinations. Defaults to `false`. +func (o SyncConfigOutput) Disabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *SyncConfig) pulumi.BoolPtrOutput { return v.Disabled }).(pulumi.BoolPtrOutput) +} + +// The namespace to provision the resource in. +// This resource can only be configured in the root namespace. +// *Available only for Vault Enterprise*. +func (o SyncConfigOutput) Namespace() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SyncConfig) pulumi.StringPtrOutput { return v.Namespace }).(pulumi.StringPtrOutput) +} + +// Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. +func (o SyncConfigOutput) QueueCapacity() pulumi.IntPtrOutput { + return o.ApplyT(func(v *SyncConfig) pulumi.IntPtrOutput { return v.QueueCapacity }).(pulumi.IntPtrOutput) +} + +type SyncConfigArrayOutput struct{ *pulumi.OutputState } + +func (SyncConfigArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SyncConfig)(nil)).Elem() +} + +func (o SyncConfigArrayOutput) ToSyncConfigArrayOutput() SyncConfigArrayOutput { + return o +} + +func (o SyncConfigArrayOutput) ToSyncConfigArrayOutputWithContext(ctx context.Context) SyncConfigArrayOutput { + return o +} + +func (o SyncConfigArrayOutput) Index(i pulumi.IntInput) SyncConfigOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *SyncConfig { + return vs[0].([]*SyncConfig)[vs[1].(int)] + }).(SyncConfigOutput) +} + +type SyncConfigMapOutput struct{ *pulumi.OutputState } + +func (SyncConfigMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SyncConfig)(nil)).Elem() +} + +func (o SyncConfigMapOutput) ToSyncConfigMapOutput() SyncConfigMapOutput { + return o +} + +func (o SyncConfigMapOutput) ToSyncConfigMapOutputWithContext(ctx context.Context) SyncConfigMapOutput { + return o +} + +func (o SyncConfigMapOutput) MapIndex(k pulumi.StringInput) SyncConfigOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *SyncConfig { + return vs[0].(map[string]*SyncConfig)[vs[1].(string)] + }).(SyncConfigOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*SyncConfigInput)(nil)).Elem(), &SyncConfig{}) + pulumi.RegisterInputType(reflect.TypeOf((*SyncConfigArrayInput)(nil)).Elem(), SyncConfigArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*SyncConfigMapInput)(nil)).Elem(), SyncConfigMap{}) + pulumi.RegisterOutputType(SyncConfigOutput{}) + pulumi.RegisterOutputType(SyncConfigArrayOutput{}) + pulumi.RegisterOutputType(SyncConfigMapOutput{}) +} diff --git a/sdk/go/vault/secrets/syncGcpDestination.go b/sdk/go/vault/secrets/syncGcpDestination.go new file mode 100644 index 000000000..b849674b6 --- /dev/null +++ b/sdk/go/vault/secrets/syncGcpDestination.go @@ -0,0 +1,371 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package secrets + +import ( + "context" + "reflect" + + "github.com/pulumi/pulumi-vault/sdk/v5/go/vault/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// ## Example Usage +// +// ```go +// package main +// +// import ( +// +// "os" +// +// "github.com/pulumi/pulumi-vault/sdk/v5/go/vault/secrets" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func readFileOrPanic(path string) pulumi.StringPtrInput { +// data, err := os.ReadFile(path) +// if err != nil { +// panic(err.Error()) +// } +// return pulumi.String(string(data)) +// } +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := secrets.NewSyncGcpDestination(ctx, "gcp", &secrets.SyncGcpDestinationArgs{ +// Credentials: readFileOrPanic(_var.Credentials_file), +// SecretNameTemplate: pulumi.String("vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}"), +// CustomTags: pulumi.Map{ +// "foo": pulumi.Any("bar"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// GCP Secrets sync destinations can be imported using the `name`, e.g. +// +// ```sh +// +// $ pulumi import vault:secrets/syncGcpDestination:SyncGcpDestination gcp gcp-dest +// +// ``` +type SyncGcpDestination struct { + pulumi.CustomResourceState + + // JSON-encoded credentials to use to connect to GCP. + // Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + // variable. + Credentials pulumi.StringPtrOutput `pulumi:"credentials"` + // Custom tags to set on the secret managed at the destination. + CustomTags pulumi.MapOutput `pulumi:"customTags"` + // Unique name of the GCP destination. + Name pulumi.StringOutput `pulumi:"name"` + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace pulumi.StringPtrOutput `pulumi:"namespace"` + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate pulumi.StringOutput `pulumi:"secretNameTemplate"` + // The type of the secrets destination (`gcp-sm`). + Type pulumi.StringOutput `pulumi:"type"` +} + +// NewSyncGcpDestination registers a new resource with the given unique name, arguments, and options. +func NewSyncGcpDestination(ctx *pulumi.Context, + name string, args *SyncGcpDestinationArgs, opts ...pulumi.ResourceOption) (*SyncGcpDestination, error) { + if args == nil { + args = &SyncGcpDestinationArgs{} + } + + if args.Credentials != nil { + args.Credentials = pulumi.ToSecret(args.Credentials).(pulumi.StringPtrInput) + } + secrets := pulumi.AdditionalSecretOutputs([]string{ + "credentials", + }) + opts = append(opts, secrets) + opts = internal.PkgResourceDefaultOpts(opts) + var resource SyncGcpDestination + err := ctx.RegisterResource("vault:secrets/syncGcpDestination:SyncGcpDestination", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetSyncGcpDestination gets an existing SyncGcpDestination resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetSyncGcpDestination(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *SyncGcpDestinationState, opts ...pulumi.ResourceOption) (*SyncGcpDestination, error) { + var resource SyncGcpDestination + err := ctx.ReadResource("vault:secrets/syncGcpDestination:SyncGcpDestination", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering SyncGcpDestination resources. +type syncGcpDestinationState struct { + // JSON-encoded credentials to use to connect to GCP. + // Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + // variable. + Credentials *string `pulumi:"credentials"` + // Custom tags to set on the secret managed at the destination. + CustomTags map[string]interface{} `pulumi:"customTags"` + // Unique name of the GCP destination. + Name *string `pulumi:"name"` + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace *string `pulumi:"namespace"` + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate *string `pulumi:"secretNameTemplate"` + // The type of the secrets destination (`gcp-sm`). + Type *string `pulumi:"type"` +} + +type SyncGcpDestinationState struct { + // JSON-encoded credentials to use to connect to GCP. + // Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + // variable. + Credentials pulumi.StringPtrInput + // Custom tags to set on the secret managed at the destination. + CustomTags pulumi.MapInput + // Unique name of the GCP destination. + Name pulumi.StringPtrInput + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace pulumi.StringPtrInput + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate pulumi.StringPtrInput + // The type of the secrets destination (`gcp-sm`). + Type pulumi.StringPtrInput +} + +func (SyncGcpDestinationState) ElementType() reflect.Type { + return reflect.TypeOf((*syncGcpDestinationState)(nil)).Elem() +} + +type syncGcpDestinationArgs struct { + // JSON-encoded credentials to use to connect to GCP. + // Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + // variable. + Credentials *string `pulumi:"credentials"` + // Custom tags to set on the secret managed at the destination. + CustomTags map[string]interface{} `pulumi:"customTags"` + // Unique name of the GCP destination. + Name *string `pulumi:"name"` + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace *string `pulumi:"namespace"` + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate *string `pulumi:"secretNameTemplate"` +} + +// The set of arguments for constructing a SyncGcpDestination resource. +type SyncGcpDestinationArgs struct { + // JSON-encoded credentials to use to connect to GCP. + // Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + // variable. + Credentials pulumi.StringPtrInput + // Custom tags to set on the secret managed at the destination. + CustomTags pulumi.MapInput + // Unique name of the GCP destination. + Name pulumi.StringPtrInput + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace pulumi.StringPtrInput + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate pulumi.StringPtrInput +} + +func (SyncGcpDestinationArgs) ElementType() reflect.Type { + return reflect.TypeOf((*syncGcpDestinationArgs)(nil)).Elem() +} + +type SyncGcpDestinationInput interface { + pulumi.Input + + ToSyncGcpDestinationOutput() SyncGcpDestinationOutput + ToSyncGcpDestinationOutputWithContext(ctx context.Context) SyncGcpDestinationOutput +} + +func (*SyncGcpDestination) ElementType() reflect.Type { + return reflect.TypeOf((**SyncGcpDestination)(nil)).Elem() +} + +func (i *SyncGcpDestination) ToSyncGcpDestinationOutput() SyncGcpDestinationOutput { + return i.ToSyncGcpDestinationOutputWithContext(context.Background()) +} + +func (i *SyncGcpDestination) ToSyncGcpDestinationOutputWithContext(ctx context.Context) SyncGcpDestinationOutput { + return pulumi.ToOutputWithContext(ctx, i).(SyncGcpDestinationOutput) +} + +// SyncGcpDestinationArrayInput is an input type that accepts SyncGcpDestinationArray and SyncGcpDestinationArrayOutput values. +// You can construct a concrete instance of `SyncGcpDestinationArrayInput` via: +// +// SyncGcpDestinationArray{ SyncGcpDestinationArgs{...} } +type SyncGcpDestinationArrayInput interface { + pulumi.Input + + ToSyncGcpDestinationArrayOutput() SyncGcpDestinationArrayOutput + ToSyncGcpDestinationArrayOutputWithContext(context.Context) SyncGcpDestinationArrayOutput +} + +type SyncGcpDestinationArray []SyncGcpDestinationInput + +func (SyncGcpDestinationArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SyncGcpDestination)(nil)).Elem() +} + +func (i SyncGcpDestinationArray) ToSyncGcpDestinationArrayOutput() SyncGcpDestinationArrayOutput { + return i.ToSyncGcpDestinationArrayOutputWithContext(context.Background()) +} + +func (i SyncGcpDestinationArray) ToSyncGcpDestinationArrayOutputWithContext(ctx context.Context) SyncGcpDestinationArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(SyncGcpDestinationArrayOutput) +} + +// SyncGcpDestinationMapInput is an input type that accepts SyncGcpDestinationMap and SyncGcpDestinationMapOutput values. +// You can construct a concrete instance of `SyncGcpDestinationMapInput` via: +// +// SyncGcpDestinationMap{ "key": SyncGcpDestinationArgs{...} } +type SyncGcpDestinationMapInput interface { + pulumi.Input + + ToSyncGcpDestinationMapOutput() SyncGcpDestinationMapOutput + ToSyncGcpDestinationMapOutputWithContext(context.Context) SyncGcpDestinationMapOutput +} + +type SyncGcpDestinationMap map[string]SyncGcpDestinationInput + +func (SyncGcpDestinationMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SyncGcpDestination)(nil)).Elem() +} + +func (i SyncGcpDestinationMap) ToSyncGcpDestinationMapOutput() SyncGcpDestinationMapOutput { + return i.ToSyncGcpDestinationMapOutputWithContext(context.Background()) +} + +func (i SyncGcpDestinationMap) ToSyncGcpDestinationMapOutputWithContext(ctx context.Context) SyncGcpDestinationMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(SyncGcpDestinationMapOutput) +} + +type SyncGcpDestinationOutput struct{ *pulumi.OutputState } + +func (SyncGcpDestinationOutput) ElementType() reflect.Type { + return reflect.TypeOf((**SyncGcpDestination)(nil)).Elem() +} + +func (o SyncGcpDestinationOutput) ToSyncGcpDestinationOutput() SyncGcpDestinationOutput { + return o +} + +func (o SyncGcpDestinationOutput) ToSyncGcpDestinationOutputWithContext(ctx context.Context) SyncGcpDestinationOutput { + return o +} + +// JSON-encoded credentials to use to connect to GCP. +// Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment +// variable. +func (o SyncGcpDestinationOutput) Credentials() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SyncGcpDestination) pulumi.StringPtrOutput { return v.Credentials }).(pulumi.StringPtrOutput) +} + +// Custom tags to set on the secret managed at the destination. +func (o SyncGcpDestinationOutput) CustomTags() pulumi.MapOutput { + return o.ApplyT(func(v *SyncGcpDestination) pulumi.MapOutput { return v.CustomTags }).(pulumi.MapOutput) +} + +// Unique name of the GCP destination. +func (o SyncGcpDestinationOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v *SyncGcpDestination) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) +} + +// The namespace to provision the resource in. +// The value should not contain leading or trailing forward slashes. +// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). +func (o SyncGcpDestinationOutput) Namespace() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SyncGcpDestination) pulumi.StringPtrOutput { return v.Namespace }).(pulumi.StringPtrOutput) +} + +// Template describing how to generate external secret names. +// Supports a subset of the Go Template syntax. +func (o SyncGcpDestinationOutput) SecretNameTemplate() pulumi.StringOutput { + return o.ApplyT(func(v *SyncGcpDestination) pulumi.StringOutput { return v.SecretNameTemplate }).(pulumi.StringOutput) +} + +// The type of the secrets destination (`gcp-sm`). +func (o SyncGcpDestinationOutput) Type() pulumi.StringOutput { + return o.ApplyT(func(v *SyncGcpDestination) pulumi.StringOutput { return v.Type }).(pulumi.StringOutput) +} + +type SyncGcpDestinationArrayOutput struct{ *pulumi.OutputState } + +func (SyncGcpDestinationArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SyncGcpDestination)(nil)).Elem() +} + +func (o SyncGcpDestinationArrayOutput) ToSyncGcpDestinationArrayOutput() SyncGcpDestinationArrayOutput { + return o +} + +func (o SyncGcpDestinationArrayOutput) ToSyncGcpDestinationArrayOutputWithContext(ctx context.Context) SyncGcpDestinationArrayOutput { + return o +} + +func (o SyncGcpDestinationArrayOutput) Index(i pulumi.IntInput) SyncGcpDestinationOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *SyncGcpDestination { + return vs[0].([]*SyncGcpDestination)[vs[1].(int)] + }).(SyncGcpDestinationOutput) +} + +type SyncGcpDestinationMapOutput struct{ *pulumi.OutputState } + +func (SyncGcpDestinationMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SyncGcpDestination)(nil)).Elem() +} + +func (o SyncGcpDestinationMapOutput) ToSyncGcpDestinationMapOutput() SyncGcpDestinationMapOutput { + return o +} + +func (o SyncGcpDestinationMapOutput) ToSyncGcpDestinationMapOutputWithContext(ctx context.Context) SyncGcpDestinationMapOutput { + return o +} + +func (o SyncGcpDestinationMapOutput) MapIndex(k pulumi.StringInput) SyncGcpDestinationOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *SyncGcpDestination { + return vs[0].(map[string]*SyncGcpDestination)[vs[1].(string)] + }).(SyncGcpDestinationOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*SyncGcpDestinationInput)(nil)).Elem(), &SyncGcpDestination{}) + pulumi.RegisterInputType(reflect.TypeOf((*SyncGcpDestinationArrayInput)(nil)).Elem(), SyncGcpDestinationArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*SyncGcpDestinationMapInput)(nil)).Elem(), SyncGcpDestinationMap{}) + pulumi.RegisterOutputType(SyncGcpDestinationOutput{}) + pulumi.RegisterOutputType(SyncGcpDestinationArrayOutput{}) + pulumi.RegisterOutputType(SyncGcpDestinationMapOutput{}) +} diff --git a/sdk/go/vault/secrets/syncGhDestination.go b/sdk/go/vault/secrets/syncGhDestination.go new file mode 100644 index 000000000..6712b8625 --- /dev/null +++ b/sdk/go/vault/secrets/syncGhDestination.go @@ -0,0 +1,399 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package secrets + +import ( + "context" + "reflect" + + "github.com/pulumi/pulumi-vault/sdk/v5/go/vault/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// ## Example Usage +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-vault/sdk/v5/go/vault/secrets" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := secrets.NewSyncGhDestination(ctx, "gh", &secrets.SyncGhDestinationArgs{ +// AccessToken: pulumi.Any(_var.Access_token), +// RepositoryOwner: pulumi.Any(_var.Repo_owner), +// RepositoryName: pulumi.String("repo-name-example"), +// SecretNameTemplate: pulumi.String("vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// GitHub Secrets sync destinations can be imported using the `name`, e.g. +// +// ```sh +// +// $ pulumi import vault:secrets/syncGhDestination:SyncGhDestination gh gh-dest +// +// ``` +type SyncGhDestination struct { + pulumi.CustomResourceState + + // Fine-grained or personal access token. + // Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + // variable. + AccessToken pulumi.StringPtrOutput `pulumi:"accessToken"` + // Unique name of the GitHub destination. + Name pulumi.StringOutput `pulumi:"name"` + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace pulumi.StringPtrOutput `pulumi:"namespace"` + // Name of the repository. + // Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + // variable. + RepositoryName pulumi.StringPtrOutput `pulumi:"repositoryName"` + // GitHub organization or username that owns the repository. + // Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + // variable. + RepositoryOwner pulumi.StringPtrOutput `pulumi:"repositoryOwner"` + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate pulumi.StringOutput `pulumi:"secretNameTemplate"` + // The type of the secrets destination (`gh`). + Type pulumi.StringOutput `pulumi:"type"` +} + +// NewSyncGhDestination registers a new resource with the given unique name, arguments, and options. +func NewSyncGhDestination(ctx *pulumi.Context, + name string, args *SyncGhDestinationArgs, opts ...pulumi.ResourceOption) (*SyncGhDestination, error) { + if args == nil { + args = &SyncGhDestinationArgs{} + } + + if args.AccessToken != nil { + args.AccessToken = pulumi.ToSecret(args.AccessToken).(pulumi.StringPtrInput) + } + secrets := pulumi.AdditionalSecretOutputs([]string{ + "accessToken", + }) + opts = append(opts, secrets) + opts = internal.PkgResourceDefaultOpts(opts) + var resource SyncGhDestination + err := ctx.RegisterResource("vault:secrets/syncGhDestination:SyncGhDestination", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetSyncGhDestination gets an existing SyncGhDestination resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetSyncGhDestination(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *SyncGhDestinationState, opts ...pulumi.ResourceOption) (*SyncGhDestination, error) { + var resource SyncGhDestination + err := ctx.ReadResource("vault:secrets/syncGhDestination:SyncGhDestination", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering SyncGhDestination resources. +type syncGhDestinationState struct { + // Fine-grained or personal access token. + // Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + // variable. + AccessToken *string `pulumi:"accessToken"` + // Unique name of the GitHub destination. + Name *string `pulumi:"name"` + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace *string `pulumi:"namespace"` + // Name of the repository. + // Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + // variable. + RepositoryName *string `pulumi:"repositoryName"` + // GitHub organization or username that owns the repository. + // Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + // variable. + RepositoryOwner *string `pulumi:"repositoryOwner"` + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate *string `pulumi:"secretNameTemplate"` + // The type of the secrets destination (`gh`). + Type *string `pulumi:"type"` +} + +type SyncGhDestinationState struct { + // Fine-grained or personal access token. + // Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + // variable. + AccessToken pulumi.StringPtrInput + // Unique name of the GitHub destination. + Name pulumi.StringPtrInput + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace pulumi.StringPtrInput + // Name of the repository. + // Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + // variable. + RepositoryName pulumi.StringPtrInput + // GitHub organization or username that owns the repository. + // Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + // variable. + RepositoryOwner pulumi.StringPtrInput + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate pulumi.StringPtrInput + // The type of the secrets destination (`gh`). + Type pulumi.StringPtrInput +} + +func (SyncGhDestinationState) ElementType() reflect.Type { + return reflect.TypeOf((*syncGhDestinationState)(nil)).Elem() +} + +type syncGhDestinationArgs struct { + // Fine-grained or personal access token. + // Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + // variable. + AccessToken *string `pulumi:"accessToken"` + // Unique name of the GitHub destination. + Name *string `pulumi:"name"` + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace *string `pulumi:"namespace"` + // Name of the repository. + // Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + // variable. + RepositoryName *string `pulumi:"repositoryName"` + // GitHub organization or username that owns the repository. + // Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + // variable. + RepositoryOwner *string `pulumi:"repositoryOwner"` + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate *string `pulumi:"secretNameTemplate"` +} + +// The set of arguments for constructing a SyncGhDestination resource. +type SyncGhDestinationArgs struct { + // Fine-grained or personal access token. + // Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + // variable. + AccessToken pulumi.StringPtrInput + // Unique name of the GitHub destination. + Name pulumi.StringPtrInput + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace pulumi.StringPtrInput + // Name of the repository. + // Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + // variable. + RepositoryName pulumi.StringPtrInput + // GitHub organization or username that owns the repository. + // Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + // variable. + RepositoryOwner pulumi.StringPtrInput + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate pulumi.StringPtrInput +} + +func (SyncGhDestinationArgs) ElementType() reflect.Type { + return reflect.TypeOf((*syncGhDestinationArgs)(nil)).Elem() +} + +type SyncGhDestinationInput interface { + pulumi.Input + + ToSyncGhDestinationOutput() SyncGhDestinationOutput + ToSyncGhDestinationOutputWithContext(ctx context.Context) SyncGhDestinationOutput +} + +func (*SyncGhDestination) ElementType() reflect.Type { + return reflect.TypeOf((**SyncGhDestination)(nil)).Elem() +} + +func (i *SyncGhDestination) ToSyncGhDestinationOutput() SyncGhDestinationOutput { + return i.ToSyncGhDestinationOutputWithContext(context.Background()) +} + +func (i *SyncGhDestination) ToSyncGhDestinationOutputWithContext(ctx context.Context) SyncGhDestinationOutput { + return pulumi.ToOutputWithContext(ctx, i).(SyncGhDestinationOutput) +} + +// SyncGhDestinationArrayInput is an input type that accepts SyncGhDestinationArray and SyncGhDestinationArrayOutput values. +// You can construct a concrete instance of `SyncGhDestinationArrayInput` via: +// +// SyncGhDestinationArray{ SyncGhDestinationArgs{...} } +type SyncGhDestinationArrayInput interface { + pulumi.Input + + ToSyncGhDestinationArrayOutput() SyncGhDestinationArrayOutput + ToSyncGhDestinationArrayOutputWithContext(context.Context) SyncGhDestinationArrayOutput +} + +type SyncGhDestinationArray []SyncGhDestinationInput + +func (SyncGhDestinationArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SyncGhDestination)(nil)).Elem() +} + +func (i SyncGhDestinationArray) ToSyncGhDestinationArrayOutput() SyncGhDestinationArrayOutput { + return i.ToSyncGhDestinationArrayOutputWithContext(context.Background()) +} + +func (i SyncGhDestinationArray) ToSyncGhDestinationArrayOutputWithContext(ctx context.Context) SyncGhDestinationArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(SyncGhDestinationArrayOutput) +} + +// SyncGhDestinationMapInput is an input type that accepts SyncGhDestinationMap and SyncGhDestinationMapOutput values. +// You can construct a concrete instance of `SyncGhDestinationMapInput` via: +// +// SyncGhDestinationMap{ "key": SyncGhDestinationArgs{...} } +type SyncGhDestinationMapInput interface { + pulumi.Input + + ToSyncGhDestinationMapOutput() SyncGhDestinationMapOutput + ToSyncGhDestinationMapOutputWithContext(context.Context) SyncGhDestinationMapOutput +} + +type SyncGhDestinationMap map[string]SyncGhDestinationInput + +func (SyncGhDestinationMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SyncGhDestination)(nil)).Elem() +} + +func (i SyncGhDestinationMap) ToSyncGhDestinationMapOutput() SyncGhDestinationMapOutput { + return i.ToSyncGhDestinationMapOutputWithContext(context.Background()) +} + +func (i SyncGhDestinationMap) ToSyncGhDestinationMapOutputWithContext(ctx context.Context) SyncGhDestinationMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(SyncGhDestinationMapOutput) +} + +type SyncGhDestinationOutput struct{ *pulumi.OutputState } + +func (SyncGhDestinationOutput) ElementType() reflect.Type { + return reflect.TypeOf((**SyncGhDestination)(nil)).Elem() +} + +func (o SyncGhDestinationOutput) ToSyncGhDestinationOutput() SyncGhDestinationOutput { + return o +} + +func (o SyncGhDestinationOutput) ToSyncGhDestinationOutputWithContext(ctx context.Context) SyncGhDestinationOutput { + return o +} + +// Fine-grained or personal access token. +// Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment +// variable. +func (o SyncGhDestinationOutput) AccessToken() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SyncGhDestination) pulumi.StringPtrOutput { return v.AccessToken }).(pulumi.StringPtrOutput) +} + +// Unique name of the GitHub destination. +func (o SyncGhDestinationOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v *SyncGhDestination) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) +} + +// The namespace to provision the resource in. +// The value should not contain leading or trailing forward slashes. +// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). +func (o SyncGhDestinationOutput) Namespace() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SyncGhDestination) pulumi.StringPtrOutput { return v.Namespace }).(pulumi.StringPtrOutput) +} + +// Name of the repository. +// Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment +// variable. +func (o SyncGhDestinationOutput) RepositoryName() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SyncGhDestination) pulumi.StringPtrOutput { return v.RepositoryName }).(pulumi.StringPtrOutput) +} + +// GitHub organization or username that owns the repository. +// Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment +// variable. +func (o SyncGhDestinationOutput) RepositoryOwner() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SyncGhDestination) pulumi.StringPtrOutput { return v.RepositoryOwner }).(pulumi.StringPtrOutput) +} + +// Template describing how to generate external secret names. +// Supports a subset of the Go Template syntax. +func (o SyncGhDestinationOutput) SecretNameTemplate() pulumi.StringOutput { + return o.ApplyT(func(v *SyncGhDestination) pulumi.StringOutput { return v.SecretNameTemplate }).(pulumi.StringOutput) +} + +// The type of the secrets destination (`gh`). +func (o SyncGhDestinationOutput) Type() pulumi.StringOutput { + return o.ApplyT(func(v *SyncGhDestination) pulumi.StringOutput { return v.Type }).(pulumi.StringOutput) +} + +type SyncGhDestinationArrayOutput struct{ *pulumi.OutputState } + +func (SyncGhDestinationArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SyncGhDestination)(nil)).Elem() +} + +func (o SyncGhDestinationArrayOutput) ToSyncGhDestinationArrayOutput() SyncGhDestinationArrayOutput { + return o +} + +func (o SyncGhDestinationArrayOutput) ToSyncGhDestinationArrayOutputWithContext(ctx context.Context) SyncGhDestinationArrayOutput { + return o +} + +func (o SyncGhDestinationArrayOutput) Index(i pulumi.IntInput) SyncGhDestinationOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *SyncGhDestination { + return vs[0].([]*SyncGhDestination)[vs[1].(int)] + }).(SyncGhDestinationOutput) +} + +type SyncGhDestinationMapOutput struct{ *pulumi.OutputState } + +func (SyncGhDestinationMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SyncGhDestination)(nil)).Elem() +} + +func (o SyncGhDestinationMapOutput) ToSyncGhDestinationMapOutput() SyncGhDestinationMapOutput { + return o +} + +func (o SyncGhDestinationMapOutput) ToSyncGhDestinationMapOutputWithContext(ctx context.Context) SyncGhDestinationMapOutput { + return o +} + +func (o SyncGhDestinationMapOutput) MapIndex(k pulumi.StringInput) SyncGhDestinationOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *SyncGhDestination { + return vs[0].(map[string]*SyncGhDestination)[vs[1].(string)] + }).(SyncGhDestinationOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*SyncGhDestinationInput)(nil)).Elem(), &SyncGhDestination{}) + pulumi.RegisterInputType(reflect.TypeOf((*SyncGhDestinationArrayInput)(nil)).Elem(), SyncGhDestinationArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*SyncGhDestinationMapInput)(nil)).Elem(), SyncGhDestinationMap{}) + pulumi.RegisterOutputType(SyncGhDestinationOutput{}) + pulumi.RegisterOutputType(SyncGhDestinationArrayOutput{}) + pulumi.RegisterOutputType(SyncGhDestinationMapOutput{}) +} diff --git a/sdk/go/vault/secrets/syncVercelDestination.go b/sdk/go/vault/secrets/syncVercelDestination.go new file mode 100644 index 000000000..f3b15c6aa --- /dev/null +++ b/sdk/go/vault/secrets/syncVercelDestination.go @@ -0,0 +1,404 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package secrets + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-vault/sdk/v5/go/vault/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// ## Example Usage +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-vault/sdk/v5/go/vault/secrets" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := secrets.NewSyncVercelDestination(ctx, "vercel", &secrets.SyncVercelDestinationArgs{ +// AccessToken: pulumi.Any(_var.Access_token), +// ProjectId: pulumi.Any(_var.Project_id), +// DeploymentEnvironments: pulumi.StringArray{ +// pulumi.String("development"), +// pulumi.String("preview"), +// pulumi.String("production"), +// }, +// SecretNameTemplate: pulumi.String("vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// GitHub Secrets sync destinations can be imported using the `name`, e.g. +// +// ```sh +// +// $ pulumi import vault:secrets/syncVercelDestination:SyncVercelDestination vercel vercel-dest +// +// ``` +type SyncVercelDestination struct { + pulumi.CustomResourceState + + // Vercel API access token with the permissions to manage environment + // variables. + AccessToken pulumi.StringOutput `pulumi:"accessToken"` + // Deployment environments where the environment variables + // are available. Accepts `development`, `preview` and `production`. + DeploymentEnvironments pulumi.StringArrayOutput `pulumi:"deploymentEnvironments"` + // Unique name of the GitHub destination. + Name pulumi.StringOutput `pulumi:"name"` + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace pulumi.StringPtrOutput `pulumi:"namespace"` + // Project ID where to manage environment variables. + ProjectId pulumi.StringOutput `pulumi:"projectId"` + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate pulumi.StringOutput `pulumi:"secretNameTemplate"` + // Team ID where to manage environment variables. + TeamId pulumi.StringPtrOutput `pulumi:"teamId"` + // The type of the secrets destination (`vercel-project`). + Type pulumi.StringOutput `pulumi:"type"` +} + +// NewSyncVercelDestination registers a new resource with the given unique name, arguments, and options. +func NewSyncVercelDestination(ctx *pulumi.Context, + name string, args *SyncVercelDestinationArgs, opts ...pulumi.ResourceOption) (*SyncVercelDestination, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.AccessToken == nil { + return nil, errors.New("invalid value for required argument 'AccessToken'") + } + if args.DeploymentEnvironments == nil { + return nil, errors.New("invalid value for required argument 'DeploymentEnvironments'") + } + if args.ProjectId == nil { + return nil, errors.New("invalid value for required argument 'ProjectId'") + } + if args.AccessToken != nil { + args.AccessToken = pulumi.ToSecret(args.AccessToken).(pulumi.StringInput) + } + secrets := pulumi.AdditionalSecretOutputs([]string{ + "accessToken", + }) + opts = append(opts, secrets) + opts = internal.PkgResourceDefaultOpts(opts) + var resource SyncVercelDestination + err := ctx.RegisterResource("vault:secrets/syncVercelDestination:SyncVercelDestination", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetSyncVercelDestination gets an existing SyncVercelDestination resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetSyncVercelDestination(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *SyncVercelDestinationState, opts ...pulumi.ResourceOption) (*SyncVercelDestination, error) { + var resource SyncVercelDestination + err := ctx.ReadResource("vault:secrets/syncVercelDestination:SyncVercelDestination", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering SyncVercelDestination resources. +type syncVercelDestinationState struct { + // Vercel API access token with the permissions to manage environment + // variables. + AccessToken *string `pulumi:"accessToken"` + // Deployment environments where the environment variables + // are available. Accepts `development`, `preview` and `production`. + DeploymentEnvironments []string `pulumi:"deploymentEnvironments"` + // Unique name of the GitHub destination. + Name *string `pulumi:"name"` + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace *string `pulumi:"namespace"` + // Project ID where to manage environment variables. + ProjectId *string `pulumi:"projectId"` + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate *string `pulumi:"secretNameTemplate"` + // Team ID where to manage environment variables. + TeamId *string `pulumi:"teamId"` + // The type of the secrets destination (`vercel-project`). + Type *string `pulumi:"type"` +} + +type SyncVercelDestinationState struct { + // Vercel API access token with the permissions to manage environment + // variables. + AccessToken pulumi.StringPtrInput + // Deployment environments where the environment variables + // are available. Accepts `development`, `preview` and `production`. + DeploymentEnvironments pulumi.StringArrayInput + // Unique name of the GitHub destination. + Name pulumi.StringPtrInput + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace pulumi.StringPtrInput + // Project ID where to manage environment variables. + ProjectId pulumi.StringPtrInput + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate pulumi.StringPtrInput + // Team ID where to manage environment variables. + TeamId pulumi.StringPtrInput + // The type of the secrets destination (`vercel-project`). + Type pulumi.StringPtrInput +} + +func (SyncVercelDestinationState) ElementType() reflect.Type { + return reflect.TypeOf((*syncVercelDestinationState)(nil)).Elem() +} + +type syncVercelDestinationArgs struct { + // Vercel API access token with the permissions to manage environment + // variables. + AccessToken string `pulumi:"accessToken"` + // Deployment environments where the environment variables + // are available. Accepts `development`, `preview` and `production`. + DeploymentEnvironments []string `pulumi:"deploymentEnvironments"` + // Unique name of the GitHub destination. + Name *string `pulumi:"name"` + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace *string `pulumi:"namespace"` + // Project ID where to manage environment variables. + ProjectId string `pulumi:"projectId"` + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate *string `pulumi:"secretNameTemplate"` + // Team ID where to manage environment variables. + TeamId *string `pulumi:"teamId"` +} + +// The set of arguments for constructing a SyncVercelDestination resource. +type SyncVercelDestinationArgs struct { + // Vercel API access token with the permissions to manage environment + // variables. + AccessToken pulumi.StringInput + // Deployment environments where the environment variables + // are available. Accepts `development`, `preview` and `production`. + DeploymentEnvironments pulumi.StringArrayInput + // Unique name of the GitHub destination. + Name pulumi.StringPtrInput + // The namespace to provision the resource in. + // The value should not contain leading or trailing forward slashes. + // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + Namespace pulumi.StringPtrInput + // Project ID where to manage environment variables. + ProjectId pulumi.StringInput + // Template describing how to generate external secret names. + // Supports a subset of the Go Template syntax. + SecretNameTemplate pulumi.StringPtrInput + // Team ID where to manage environment variables. + TeamId pulumi.StringPtrInput +} + +func (SyncVercelDestinationArgs) ElementType() reflect.Type { + return reflect.TypeOf((*syncVercelDestinationArgs)(nil)).Elem() +} + +type SyncVercelDestinationInput interface { + pulumi.Input + + ToSyncVercelDestinationOutput() SyncVercelDestinationOutput + ToSyncVercelDestinationOutputWithContext(ctx context.Context) SyncVercelDestinationOutput +} + +func (*SyncVercelDestination) ElementType() reflect.Type { + return reflect.TypeOf((**SyncVercelDestination)(nil)).Elem() +} + +func (i *SyncVercelDestination) ToSyncVercelDestinationOutput() SyncVercelDestinationOutput { + return i.ToSyncVercelDestinationOutputWithContext(context.Background()) +} + +func (i *SyncVercelDestination) ToSyncVercelDestinationOutputWithContext(ctx context.Context) SyncVercelDestinationOutput { + return pulumi.ToOutputWithContext(ctx, i).(SyncVercelDestinationOutput) +} + +// SyncVercelDestinationArrayInput is an input type that accepts SyncVercelDestinationArray and SyncVercelDestinationArrayOutput values. +// You can construct a concrete instance of `SyncVercelDestinationArrayInput` via: +// +// SyncVercelDestinationArray{ SyncVercelDestinationArgs{...} } +type SyncVercelDestinationArrayInput interface { + pulumi.Input + + ToSyncVercelDestinationArrayOutput() SyncVercelDestinationArrayOutput + ToSyncVercelDestinationArrayOutputWithContext(context.Context) SyncVercelDestinationArrayOutput +} + +type SyncVercelDestinationArray []SyncVercelDestinationInput + +func (SyncVercelDestinationArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SyncVercelDestination)(nil)).Elem() +} + +func (i SyncVercelDestinationArray) ToSyncVercelDestinationArrayOutput() SyncVercelDestinationArrayOutput { + return i.ToSyncVercelDestinationArrayOutputWithContext(context.Background()) +} + +func (i SyncVercelDestinationArray) ToSyncVercelDestinationArrayOutputWithContext(ctx context.Context) SyncVercelDestinationArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(SyncVercelDestinationArrayOutput) +} + +// SyncVercelDestinationMapInput is an input type that accepts SyncVercelDestinationMap and SyncVercelDestinationMapOutput values. +// You can construct a concrete instance of `SyncVercelDestinationMapInput` via: +// +// SyncVercelDestinationMap{ "key": SyncVercelDestinationArgs{...} } +type SyncVercelDestinationMapInput interface { + pulumi.Input + + ToSyncVercelDestinationMapOutput() SyncVercelDestinationMapOutput + ToSyncVercelDestinationMapOutputWithContext(context.Context) SyncVercelDestinationMapOutput +} + +type SyncVercelDestinationMap map[string]SyncVercelDestinationInput + +func (SyncVercelDestinationMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SyncVercelDestination)(nil)).Elem() +} + +func (i SyncVercelDestinationMap) ToSyncVercelDestinationMapOutput() SyncVercelDestinationMapOutput { + return i.ToSyncVercelDestinationMapOutputWithContext(context.Background()) +} + +func (i SyncVercelDestinationMap) ToSyncVercelDestinationMapOutputWithContext(ctx context.Context) SyncVercelDestinationMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(SyncVercelDestinationMapOutput) +} + +type SyncVercelDestinationOutput struct{ *pulumi.OutputState } + +func (SyncVercelDestinationOutput) ElementType() reflect.Type { + return reflect.TypeOf((**SyncVercelDestination)(nil)).Elem() +} + +func (o SyncVercelDestinationOutput) ToSyncVercelDestinationOutput() SyncVercelDestinationOutput { + return o +} + +func (o SyncVercelDestinationOutput) ToSyncVercelDestinationOutputWithContext(ctx context.Context) SyncVercelDestinationOutput { + return o +} + +// Vercel API access token with the permissions to manage environment +// variables. +func (o SyncVercelDestinationOutput) AccessToken() pulumi.StringOutput { + return o.ApplyT(func(v *SyncVercelDestination) pulumi.StringOutput { return v.AccessToken }).(pulumi.StringOutput) +} + +// Deployment environments where the environment variables +// are available. Accepts `development`, `preview` and `production`. +func (o SyncVercelDestinationOutput) DeploymentEnvironments() pulumi.StringArrayOutput { + return o.ApplyT(func(v *SyncVercelDestination) pulumi.StringArrayOutput { return v.DeploymentEnvironments }).(pulumi.StringArrayOutput) +} + +// Unique name of the GitHub destination. +func (o SyncVercelDestinationOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v *SyncVercelDestination) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) +} + +// The namespace to provision the resource in. +// The value should not contain leading or trailing forward slashes. +// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). +func (o SyncVercelDestinationOutput) Namespace() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SyncVercelDestination) pulumi.StringPtrOutput { return v.Namespace }).(pulumi.StringPtrOutput) +} + +// Project ID where to manage environment variables. +func (o SyncVercelDestinationOutput) ProjectId() pulumi.StringOutput { + return o.ApplyT(func(v *SyncVercelDestination) pulumi.StringOutput { return v.ProjectId }).(pulumi.StringOutput) +} + +// Template describing how to generate external secret names. +// Supports a subset of the Go Template syntax. +func (o SyncVercelDestinationOutput) SecretNameTemplate() pulumi.StringOutput { + return o.ApplyT(func(v *SyncVercelDestination) pulumi.StringOutput { return v.SecretNameTemplate }).(pulumi.StringOutput) +} + +// Team ID where to manage environment variables. +func (o SyncVercelDestinationOutput) TeamId() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SyncVercelDestination) pulumi.StringPtrOutput { return v.TeamId }).(pulumi.StringPtrOutput) +} + +// The type of the secrets destination (`vercel-project`). +func (o SyncVercelDestinationOutput) Type() pulumi.StringOutput { + return o.ApplyT(func(v *SyncVercelDestination) pulumi.StringOutput { return v.Type }).(pulumi.StringOutput) +} + +type SyncVercelDestinationArrayOutput struct{ *pulumi.OutputState } + +func (SyncVercelDestinationArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SyncVercelDestination)(nil)).Elem() +} + +func (o SyncVercelDestinationArrayOutput) ToSyncVercelDestinationArrayOutput() SyncVercelDestinationArrayOutput { + return o +} + +func (o SyncVercelDestinationArrayOutput) ToSyncVercelDestinationArrayOutputWithContext(ctx context.Context) SyncVercelDestinationArrayOutput { + return o +} + +func (o SyncVercelDestinationArrayOutput) Index(i pulumi.IntInput) SyncVercelDestinationOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *SyncVercelDestination { + return vs[0].([]*SyncVercelDestination)[vs[1].(int)] + }).(SyncVercelDestinationOutput) +} + +type SyncVercelDestinationMapOutput struct{ *pulumi.OutputState } + +func (SyncVercelDestinationMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SyncVercelDestination)(nil)).Elem() +} + +func (o SyncVercelDestinationMapOutput) ToSyncVercelDestinationMapOutput() SyncVercelDestinationMapOutput { + return o +} + +func (o SyncVercelDestinationMapOutput) ToSyncVercelDestinationMapOutputWithContext(ctx context.Context) SyncVercelDestinationMapOutput { + return o +} + +func (o SyncVercelDestinationMapOutput) MapIndex(k pulumi.StringInput) SyncVercelDestinationOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *SyncVercelDestination { + return vs[0].(map[string]*SyncVercelDestination)[vs[1].(string)] + }).(SyncVercelDestinationOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*SyncVercelDestinationInput)(nil)).Elem(), &SyncVercelDestination{}) + pulumi.RegisterInputType(reflect.TypeOf((*SyncVercelDestinationArrayInput)(nil)).Elem(), SyncVercelDestinationArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*SyncVercelDestinationMapInput)(nil)).Elem(), SyncVercelDestinationMap{}) + pulumi.RegisterOutputType(SyncVercelDestinationOutput{}) + pulumi.RegisterOutputType(SyncVercelDestinationArrayOutput{}) + pulumi.RegisterOutputType(SyncVercelDestinationMapOutput{}) +} diff --git a/sdk/java/src/main/java/com/pulumi/vault/aws/SecretBackend.java b/sdk/java/src/main/java/com/pulumi/vault/aws/SecretBackend.java index 9585d6ec7..5ad0e710a 100644 --- a/sdk/java/src/main/java/com/pulumi/vault/aws/SecretBackend.java +++ b/sdk/java/src/main/java/com/pulumi/vault/aws/SecretBackend.java @@ -105,6 +105,48 @@ public Output> disableRemount() { public Output> iamEndpoint() { return Codegen.optional(this.iamEndpoint); } + /** + * The audience claim value. Requires Vault 1.16+. + * + */ + @Export(name="identityTokenAudience", refs={String.class}, tree="[0]") + private Output identityTokenAudience; + + /** + * @return The audience claim value. Requires Vault 1.16+. + * + */ + public Output> identityTokenAudience() { + return Codegen.optional(this.identityTokenAudience); + } + /** + * The key to use for signing identity tokens. Requires Vault 1.16+. + * + */ + @Export(name="identityTokenKey", refs={String.class}, tree="[0]") + private Output identityTokenKey; + + /** + * @return The key to use for signing identity tokens. Requires Vault 1.16+. + * + */ + public Output> identityTokenKey() { + return Codegen.optional(this.identityTokenKey); + } + /** + * The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + * + */ + @Export(name="identityTokenTtl", refs={Integer.class}, tree="[0]") + private Output identityTokenTtl; + + /** + * @return The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + * + */ + public Output identityTokenTtl() { + return this.identityTokenTtl; + } /** * Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. * @@ -185,6 +227,20 @@ public Output> path() { public Output region() { return this.region; } + /** + * Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + * + */ + @Export(name="roleArn", refs={String.class}, tree="[0]") + private Output roleArn; + + /** + * @return Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + * + */ + public Output> roleArn() { + return Codegen.optional(this.roleArn); + } /** * The AWS Secret Access Key to use when generating new credentials. * diff --git a/sdk/java/src/main/java/com/pulumi/vault/aws/SecretBackendArgs.java b/sdk/java/src/main/java/com/pulumi/vault/aws/SecretBackendArgs.java index 514aed9fe..5edb2a010 100644 --- a/sdk/java/src/main/java/com/pulumi/vault/aws/SecretBackendArgs.java +++ b/sdk/java/src/main/java/com/pulumi/vault/aws/SecretBackendArgs.java @@ -98,6 +98,51 @@ public Optional> iamEndpoint() { return Optional.ofNullable(this.iamEndpoint); } + /** + * The audience claim value. Requires Vault 1.16+. + * + */ + @Import(name="identityTokenAudience") + private @Nullable Output identityTokenAudience; + + /** + * @return The audience claim value. Requires Vault 1.16+. + * + */ + public Optional> identityTokenAudience() { + return Optional.ofNullable(this.identityTokenAudience); + } + + /** + * The key to use for signing identity tokens. Requires Vault 1.16+. + * + */ + @Import(name="identityTokenKey") + private @Nullable Output identityTokenKey; + + /** + * @return The key to use for signing identity tokens. Requires Vault 1.16+. + * + */ + public Optional> identityTokenKey() { + return Optional.ofNullable(this.identityTokenKey); + } + + /** + * The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + * + */ + @Import(name="identityTokenTtl") + private @Nullable Output identityTokenTtl; + + /** + * @return The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + * + */ + public Optional> identityTokenTtl() { + return Optional.ofNullable(this.identityTokenTtl); + } + /** * Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. * @@ -183,6 +228,21 @@ public Optional> region() { return Optional.ofNullable(this.region); } + /** + * Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + * + */ + @Import(name="roleArn") + private @Nullable Output roleArn; + + /** + * @return Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + * + */ + public Optional> roleArn() { + return Optional.ofNullable(this.roleArn); + } + /** * The AWS Secret Access Key to use when generating new credentials. * @@ -236,11 +296,15 @@ private SecretBackendArgs(SecretBackendArgs $) { this.description = $.description; this.disableRemount = $.disableRemount; this.iamEndpoint = $.iamEndpoint; + this.identityTokenAudience = $.identityTokenAudience; + this.identityTokenKey = $.identityTokenKey; + this.identityTokenTtl = $.identityTokenTtl; this.local = $.local; this.maxLeaseTtlSeconds = $.maxLeaseTtlSeconds; this.namespace = $.namespace; this.path = $.path; this.region = $.region; + this.roleArn = $.roleArn; this.secretKey = $.secretKey; this.stsEndpoint = $.stsEndpoint; this.usernameTemplate = $.usernameTemplate; @@ -375,6 +439,69 @@ public Builder iamEndpoint(String iamEndpoint) { return iamEndpoint(Output.of(iamEndpoint)); } + /** + * @param identityTokenAudience The audience claim value. Requires Vault 1.16+. + * + * @return builder + * + */ + public Builder identityTokenAudience(@Nullable Output identityTokenAudience) { + $.identityTokenAudience = identityTokenAudience; + return this; + } + + /** + * @param identityTokenAudience The audience claim value. Requires Vault 1.16+. + * + * @return builder + * + */ + public Builder identityTokenAudience(String identityTokenAudience) { + return identityTokenAudience(Output.of(identityTokenAudience)); + } + + /** + * @param identityTokenKey The key to use for signing identity tokens. Requires Vault 1.16+. + * + * @return builder + * + */ + public Builder identityTokenKey(@Nullable Output identityTokenKey) { + $.identityTokenKey = identityTokenKey; + return this; + } + + /** + * @param identityTokenKey The key to use for signing identity tokens. Requires Vault 1.16+. + * + * @return builder + * + */ + public Builder identityTokenKey(String identityTokenKey) { + return identityTokenKey(Output.of(identityTokenKey)); + } + + /** + * @param identityTokenTtl The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + * + * @return builder + * + */ + public Builder identityTokenTtl(@Nullable Output identityTokenTtl) { + $.identityTokenTtl = identityTokenTtl; + return this; + } + + /** + * @param identityTokenTtl The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + * + * @return builder + * + */ + public Builder identityTokenTtl(Integer identityTokenTtl) { + return identityTokenTtl(Output.of(identityTokenTtl)); + } + /** * @param local Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. * @@ -490,6 +617,27 @@ public Builder region(String region) { return region(Output.of(region)); } + /** + * @param roleArn Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + * + * @return builder + * + */ + public Builder roleArn(@Nullable Output roleArn) { + $.roleArn = roleArn; + return this; + } + + /** + * @param roleArn Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + * + * @return builder + * + */ + public Builder roleArn(String roleArn) { + return roleArn(Output.of(roleArn)); + } + /** * @param secretKey The AWS Secret Access Key to use when generating new credentials. * diff --git a/sdk/java/src/main/java/com/pulumi/vault/aws/inputs/SecretBackendState.java b/sdk/java/src/main/java/com/pulumi/vault/aws/inputs/SecretBackendState.java index 6f17e1984..75c6d540a 100644 --- a/sdk/java/src/main/java/com/pulumi/vault/aws/inputs/SecretBackendState.java +++ b/sdk/java/src/main/java/com/pulumi/vault/aws/inputs/SecretBackendState.java @@ -98,6 +98,51 @@ public Optional> iamEndpoint() { return Optional.ofNullable(this.iamEndpoint); } + /** + * The audience claim value. Requires Vault 1.16+. + * + */ + @Import(name="identityTokenAudience") + private @Nullable Output identityTokenAudience; + + /** + * @return The audience claim value. Requires Vault 1.16+. + * + */ + public Optional> identityTokenAudience() { + return Optional.ofNullable(this.identityTokenAudience); + } + + /** + * The key to use for signing identity tokens. Requires Vault 1.16+. + * + */ + @Import(name="identityTokenKey") + private @Nullable Output identityTokenKey; + + /** + * @return The key to use for signing identity tokens. Requires Vault 1.16+. + * + */ + public Optional> identityTokenKey() { + return Optional.ofNullable(this.identityTokenKey); + } + + /** + * The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + * + */ + @Import(name="identityTokenTtl") + private @Nullable Output identityTokenTtl; + + /** + * @return The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + * + */ + public Optional> identityTokenTtl() { + return Optional.ofNullable(this.identityTokenTtl); + } + /** * Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. * @@ -183,6 +228,21 @@ public Optional> region() { return Optional.ofNullable(this.region); } + /** + * Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + * + */ + @Import(name="roleArn") + private @Nullable Output roleArn; + + /** + * @return Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + * + */ + public Optional> roleArn() { + return Optional.ofNullable(this.roleArn); + } + /** * The AWS Secret Access Key to use when generating new credentials. * @@ -236,11 +296,15 @@ private SecretBackendState(SecretBackendState $) { this.description = $.description; this.disableRemount = $.disableRemount; this.iamEndpoint = $.iamEndpoint; + this.identityTokenAudience = $.identityTokenAudience; + this.identityTokenKey = $.identityTokenKey; + this.identityTokenTtl = $.identityTokenTtl; this.local = $.local; this.maxLeaseTtlSeconds = $.maxLeaseTtlSeconds; this.namespace = $.namespace; this.path = $.path; this.region = $.region; + this.roleArn = $.roleArn; this.secretKey = $.secretKey; this.stsEndpoint = $.stsEndpoint; this.usernameTemplate = $.usernameTemplate; @@ -375,6 +439,69 @@ public Builder iamEndpoint(String iamEndpoint) { return iamEndpoint(Output.of(iamEndpoint)); } + /** + * @param identityTokenAudience The audience claim value. Requires Vault 1.16+. + * + * @return builder + * + */ + public Builder identityTokenAudience(@Nullable Output identityTokenAudience) { + $.identityTokenAudience = identityTokenAudience; + return this; + } + + /** + * @param identityTokenAudience The audience claim value. Requires Vault 1.16+. + * + * @return builder + * + */ + public Builder identityTokenAudience(String identityTokenAudience) { + return identityTokenAudience(Output.of(identityTokenAudience)); + } + + /** + * @param identityTokenKey The key to use for signing identity tokens. Requires Vault 1.16+. + * + * @return builder + * + */ + public Builder identityTokenKey(@Nullable Output identityTokenKey) { + $.identityTokenKey = identityTokenKey; + return this; + } + + /** + * @param identityTokenKey The key to use for signing identity tokens. Requires Vault 1.16+. + * + * @return builder + * + */ + public Builder identityTokenKey(String identityTokenKey) { + return identityTokenKey(Output.of(identityTokenKey)); + } + + /** + * @param identityTokenTtl The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + * + * @return builder + * + */ + public Builder identityTokenTtl(@Nullable Output identityTokenTtl) { + $.identityTokenTtl = identityTokenTtl; + return this; + } + + /** + * @param identityTokenTtl The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + * + * @return builder + * + */ + public Builder identityTokenTtl(Integer identityTokenTtl) { + return identityTokenTtl(Output.of(identityTokenTtl)); + } + /** * @param local Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. * @@ -490,6 +617,27 @@ public Builder region(String region) { return region(Output.of(region)); } + /** + * @param roleArn Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + * + * @return builder + * + */ + public Builder roleArn(@Nullable Output roleArn) { + $.roleArn = roleArn; + return this; + } + + /** + * @param roleArn Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + * + * @return builder + * + */ + public Builder roleArn(String roleArn) { + return roleArn(Output.of(roleArn)); + } + /** * @param secretKey The AWS Secret Access Key to use when generating new credentials. * diff --git a/sdk/java/src/main/java/com/pulumi/vault/database/inputs/SecretBackendConnectionOracleArgs.java b/sdk/java/src/main/java/com/pulumi/vault/database/inputs/SecretBackendConnectionOracleArgs.java index 72ccc0993..f55a27711 100644 --- a/sdk/java/src/main/java/com/pulumi/vault/database/inputs/SecretBackendConnectionOracleArgs.java +++ b/sdk/java/src/main/java/com/pulumi/vault/database/inputs/SecretBackendConnectionOracleArgs.java @@ -5,6 +5,7 @@ import com.pulumi.core.Output; import com.pulumi.core.annotations.Import; +import java.lang.Boolean; import java.lang.Integer; import java.lang.String; import java.util.Objects; @@ -37,6 +38,21 @@ public Optional> connectionUrl() { return Optional.ofNullable(this.connectionUrl); } + /** + * Enable the built-in session disconnect mechanism. + * + */ + @Import(name="disconnectSessions") + private @Nullable Output disconnectSessions; + + /** + * @return Enable the built-in session disconnect mechanism. + * + */ + public Optional> disconnectSessions() { + return Optional.ofNullable(this.disconnectSessions); + } + /** * The maximum number of seconds to keep * a connection alive for. @@ -103,6 +119,21 @@ public Optional> password() { return Optional.ofNullable(this.password); } + /** + * Enable spliting statements after semi-colons. + * + */ + @Import(name="splitStatements") + private @Nullable Output splitStatements; + + /** + * @return Enable spliting statements after semi-colons. + * + */ + public Optional> splitStatements() { + return Optional.ofNullable(this.splitStatements); + } + /** * The username to authenticate with. * @@ -137,10 +168,12 @@ private SecretBackendConnectionOracleArgs() {} private SecretBackendConnectionOracleArgs(SecretBackendConnectionOracleArgs $) { this.connectionUrl = $.connectionUrl; + this.disconnectSessions = $.disconnectSessions; this.maxConnectionLifetime = $.maxConnectionLifetime; this.maxIdleConnections = $.maxIdleConnections; this.maxOpenConnections = $.maxOpenConnections; this.password = $.password; + this.splitStatements = $.splitStatements; this.username = $.username; this.usernameTemplate = $.usernameTemplate; } @@ -190,6 +223,27 @@ public Builder connectionUrl(String connectionUrl) { return connectionUrl(Output.of(connectionUrl)); } + /** + * @param disconnectSessions Enable the built-in session disconnect mechanism. + * + * @return builder + * + */ + public Builder disconnectSessions(@Nullable Output disconnectSessions) { + $.disconnectSessions = disconnectSessions; + return this; + } + + /** + * @param disconnectSessions Enable the built-in session disconnect mechanism. + * + * @return builder + * + */ + public Builder disconnectSessions(Boolean disconnectSessions) { + return disconnectSessions(Output.of(disconnectSessions)); + } + /** * @param maxConnectionLifetime The maximum number of seconds to keep * a connection alive for. @@ -280,6 +334,27 @@ public Builder password(String password) { return password(Output.of(password)); } + /** + * @param splitStatements Enable spliting statements after semi-colons. + * + * @return builder + * + */ + public Builder splitStatements(@Nullable Output splitStatements) { + $.splitStatements = splitStatements; + return this; + } + + /** + * @param splitStatements Enable spliting statements after semi-colons. + * + * @return builder + * + */ + public Builder splitStatements(Boolean splitStatements) { + return splitStatements(Output.of(splitStatements)); + } + /** * @param username The username to authenticate with. * diff --git a/sdk/java/src/main/java/com/pulumi/vault/database/inputs/SecretsMountOracleArgs.java b/sdk/java/src/main/java/com/pulumi/vault/database/inputs/SecretsMountOracleArgs.java index e1f8db000..0fe25c705 100644 --- a/sdk/java/src/main/java/com/pulumi/vault/database/inputs/SecretsMountOracleArgs.java +++ b/sdk/java/src/main/java/com/pulumi/vault/database/inputs/SecretsMountOracleArgs.java @@ -74,6 +74,21 @@ public Optional>> data() { return Optional.ofNullable(this.data); } + /** + * Set to true to disconnect any open sessions prior to running the revocation statements. + * + */ + @Import(name="disconnectSessions") + private @Nullable Output disconnectSessions; + + /** + * @return Set to true to disconnect any open sessions prior to running the revocation statements. + * + */ + public Optional> disconnectSessions() { + return Optional.ofNullable(this.disconnectSessions); + } + /** * The maximum amount of time a connection may be reused. * @@ -183,6 +198,21 @@ public Optional>> rootRotationStatements() { return Optional.ofNullable(this.rootRotationStatements); } + /** + * Set to true in order to split statements after semi-colons. + * + */ + @Import(name="splitStatements") + private @Nullable Output splitStatements; + + /** + * @return Set to true in order to split statements after semi-colons. + * + */ + public Optional> splitStatements() { + return Optional.ofNullable(this.splitStatements); + } + /** * The root credential username used in the connection URL. * @@ -236,6 +266,7 @@ private SecretsMountOracleArgs(SecretsMountOracleArgs $) { this.allowedRoles = $.allowedRoles; this.connectionUrl = $.connectionUrl; this.data = $.data; + this.disconnectSessions = $.disconnectSessions; this.maxConnectionLifetime = $.maxConnectionLifetime; this.maxIdleConnections = $.maxIdleConnections; this.maxOpenConnections = $.maxOpenConnections; @@ -243,6 +274,7 @@ private SecretsMountOracleArgs(SecretsMountOracleArgs $) { this.password = $.password; this.pluginName = $.pluginName; this.rootRotationStatements = $.rootRotationStatements; + this.splitStatements = $.splitStatements; this.username = $.username; this.usernameTemplate = $.usernameTemplate; this.verifyConnection = $.verifyConnection; @@ -348,6 +380,27 @@ public Builder data(Map data) { return data(Output.of(data)); } + /** + * @param disconnectSessions Set to true to disconnect any open sessions prior to running the revocation statements. + * + * @return builder + * + */ + public Builder disconnectSessions(@Nullable Output disconnectSessions) { + $.disconnectSessions = disconnectSessions; + return this; + } + + /** + * @param disconnectSessions Set to true to disconnect any open sessions prior to running the revocation statements. + * + * @return builder + * + */ + public Builder disconnectSessions(Boolean disconnectSessions) { + return disconnectSessions(Output.of(disconnectSessions)); + } + /** * @param maxConnectionLifetime The maximum amount of time a connection may be reused. * @@ -509,6 +562,27 @@ public Builder rootRotationStatements(String... rootRotationStatements) { return rootRotationStatements(List.of(rootRotationStatements)); } + /** + * @param splitStatements Set to true in order to split statements after semi-colons. + * + * @return builder + * + */ + public Builder splitStatements(@Nullable Output splitStatements) { + $.splitStatements = splitStatements; + return this; + } + + /** + * @param splitStatements Set to true in order to split statements after semi-colons. + * + * @return builder + * + */ + public Builder splitStatements(Boolean splitStatements) { + return splitStatements(Output.of(splitStatements)); + } + /** * @param username The root credential username used in the connection URL. * diff --git a/sdk/java/src/main/java/com/pulumi/vault/database/outputs/SecretBackendConnectionOracle.java b/sdk/java/src/main/java/com/pulumi/vault/database/outputs/SecretBackendConnectionOracle.java index c96968c84..1f39144cc 100644 --- a/sdk/java/src/main/java/com/pulumi/vault/database/outputs/SecretBackendConnectionOracle.java +++ b/sdk/java/src/main/java/com/pulumi/vault/database/outputs/SecretBackendConnectionOracle.java @@ -4,6 +4,7 @@ package com.pulumi.vault.database.outputs; import com.pulumi.core.annotations.CustomType; +import java.lang.Boolean; import java.lang.Integer; import java.lang.String; import java.util.Objects; @@ -20,6 +21,11 @@ public final class SecretBackendConnectionOracle { * */ private @Nullable String connectionUrl; + /** + * @return Enable the built-in session disconnect mechanism. + * + */ + private @Nullable Boolean disconnectSessions; /** * @return The maximum number of seconds to keep * a connection alive for. @@ -43,6 +49,11 @@ public final class SecretBackendConnectionOracle { * */ private @Nullable String password; + /** + * @return Enable spliting statements after semi-colons. + * + */ + private @Nullable Boolean splitStatements; /** * @return The username to authenticate with. * @@ -65,6 +76,13 @@ private SecretBackendConnectionOracle() {} public Optional connectionUrl() { return Optional.ofNullable(this.connectionUrl); } + /** + * @return Enable the built-in session disconnect mechanism. + * + */ + public Optional disconnectSessions() { + return Optional.ofNullable(this.disconnectSessions); + } /** * @return The maximum number of seconds to keep * a connection alive for. @@ -96,6 +114,13 @@ public Optional maxOpenConnections() { public Optional password() { return Optional.ofNullable(this.password); } + /** + * @return Enable spliting statements after semi-colons. + * + */ + public Optional splitStatements() { + return Optional.ofNullable(this.splitStatements); + } /** * @return The username to authenticate with. * @@ -121,20 +146,24 @@ public static Builder builder(SecretBackendConnectionOracle defaults) { @CustomType.Builder public static final class Builder { private @Nullable String connectionUrl; + private @Nullable Boolean disconnectSessions; private @Nullable Integer maxConnectionLifetime; private @Nullable Integer maxIdleConnections; private @Nullable Integer maxOpenConnections; private @Nullable String password; + private @Nullable Boolean splitStatements; private @Nullable String username; private @Nullable String usernameTemplate; public Builder() {} public Builder(SecretBackendConnectionOracle defaults) { Objects.requireNonNull(defaults); this.connectionUrl = defaults.connectionUrl; + this.disconnectSessions = defaults.disconnectSessions; this.maxConnectionLifetime = defaults.maxConnectionLifetime; this.maxIdleConnections = defaults.maxIdleConnections; this.maxOpenConnections = defaults.maxOpenConnections; this.password = defaults.password; + this.splitStatements = defaults.splitStatements; this.username = defaults.username; this.usernameTemplate = defaults.usernameTemplate; } @@ -146,6 +175,12 @@ public Builder connectionUrl(@Nullable String connectionUrl) { return this; } @CustomType.Setter + public Builder disconnectSessions(@Nullable Boolean disconnectSessions) { + + this.disconnectSessions = disconnectSessions; + return this; + } + @CustomType.Setter public Builder maxConnectionLifetime(@Nullable Integer maxConnectionLifetime) { this.maxConnectionLifetime = maxConnectionLifetime; @@ -170,6 +205,12 @@ public Builder password(@Nullable String password) { return this; } @CustomType.Setter + public Builder splitStatements(@Nullable Boolean splitStatements) { + + this.splitStatements = splitStatements; + return this; + } + @CustomType.Setter public Builder username(@Nullable String username) { this.username = username; @@ -184,10 +225,12 @@ public Builder usernameTemplate(@Nullable String usernameTemplate) { public SecretBackendConnectionOracle build() { final var _resultValue = new SecretBackendConnectionOracle(); _resultValue.connectionUrl = connectionUrl; + _resultValue.disconnectSessions = disconnectSessions; _resultValue.maxConnectionLifetime = maxConnectionLifetime; _resultValue.maxIdleConnections = maxIdleConnections; _resultValue.maxOpenConnections = maxOpenConnections; _resultValue.password = password; + _resultValue.splitStatements = splitStatements; _resultValue.username = username; _resultValue.usernameTemplate = usernameTemplate; return _resultValue; diff --git a/sdk/java/src/main/java/com/pulumi/vault/database/outputs/SecretsMountOracle.java b/sdk/java/src/main/java/com/pulumi/vault/database/outputs/SecretsMountOracle.java index f36629fb6..d078f3003 100644 --- a/sdk/java/src/main/java/com/pulumi/vault/database/outputs/SecretsMountOracle.java +++ b/sdk/java/src/main/java/com/pulumi/vault/database/outputs/SecretsMountOracle.java @@ -36,6 +36,11 @@ public final class SecretsMountOracle { * */ private @Nullable Map data; + /** + * @return Set to true to disconnect any open sessions prior to running the revocation statements. + * + */ + private @Nullable Boolean disconnectSessions; /** * @return The maximum amount of time a connection may be reused. * @@ -73,6 +78,11 @@ public final class SecretsMountOracle { * */ private @Nullable List rootRotationStatements; + /** + * @return Set to true in order to split statements after semi-colons. + * + */ + private @Nullable Boolean splitStatements; /** * @return The root credential username used in the connection URL. * @@ -116,6 +126,13 @@ public Optional connectionUrl() { public Map data() { return this.data == null ? Map.of() : this.data; } + /** + * @return Set to true to disconnect any open sessions prior to running the revocation statements. + * + */ + public Optional disconnectSessions() { + return Optional.ofNullable(this.disconnectSessions); + } /** * @return The maximum amount of time a connection may be reused. * @@ -167,6 +184,13 @@ public Optional pluginName() { public List rootRotationStatements() { return this.rootRotationStatements == null ? List.of() : this.rootRotationStatements; } + /** + * @return Set to true in order to split statements after semi-colons. + * + */ + public Optional splitStatements() { + return Optional.ofNullable(this.splitStatements); + } /** * @return The root credential username used in the connection URL. * @@ -202,6 +226,7 @@ public static final class Builder { private @Nullable List allowedRoles; private @Nullable String connectionUrl; private @Nullable Map data; + private @Nullable Boolean disconnectSessions; private @Nullable Integer maxConnectionLifetime; private @Nullable Integer maxIdleConnections; private @Nullable Integer maxOpenConnections; @@ -209,6 +234,7 @@ public static final class Builder { private @Nullable String password; private @Nullable String pluginName; private @Nullable List rootRotationStatements; + private @Nullable Boolean splitStatements; private @Nullable String username; private @Nullable String usernameTemplate; private @Nullable Boolean verifyConnection; @@ -218,6 +244,7 @@ public Builder(SecretsMountOracle defaults) { this.allowedRoles = defaults.allowedRoles; this.connectionUrl = defaults.connectionUrl; this.data = defaults.data; + this.disconnectSessions = defaults.disconnectSessions; this.maxConnectionLifetime = defaults.maxConnectionLifetime; this.maxIdleConnections = defaults.maxIdleConnections; this.maxOpenConnections = defaults.maxOpenConnections; @@ -225,6 +252,7 @@ public Builder(SecretsMountOracle defaults) { this.password = defaults.password; this.pluginName = defaults.pluginName; this.rootRotationStatements = defaults.rootRotationStatements; + this.splitStatements = defaults.splitStatements; this.username = defaults.username; this.usernameTemplate = defaults.usernameTemplate; this.verifyConnection = defaults.verifyConnection; @@ -252,6 +280,12 @@ public Builder data(@Nullable Map data) { return this; } @CustomType.Setter + public Builder disconnectSessions(@Nullable Boolean disconnectSessions) { + + this.disconnectSessions = disconnectSessions; + return this; + } + @CustomType.Setter public Builder maxConnectionLifetime(@Nullable Integer maxConnectionLifetime) { this.maxConnectionLifetime = maxConnectionLifetime; @@ -299,6 +333,12 @@ public Builder rootRotationStatements(String... rootRotationStatements) { return rootRotationStatements(List.of(rootRotationStatements)); } @CustomType.Setter + public Builder splitStatements(@Nullable Boolean splitStatements) { + + this.splitStatements = splitStatements; + return this; + } + @CustomType.Setter public Builder username(@Nullable String username) { this.username = username; @@ -321,6 +361,7 @@ public SecretsMountOracle build() { _resultValue.allowedRoles = allowedRoles; _resultValue.connectionUrl = connectionUrl; _resultValue.data = data; + _resultValue.disconnectSessions = disconnectSessions; _resultValue.maxConnectionLifetime = maxConnectionLifetime; _resultValue.maxIdleConnections = maxIdleConnections; _resultValue.maxOpenConnections = maxOpenConnections; @@ -328,6 +369,7 @@ public SecretsMountOracle build() { _resultValue.password = password; _resultValue.pluginName = pluginName; _resultValue.rootRotationStatements = rootRotationStatements; + _resultValue.splitStatements = splitStatements; _resultValue.username = username; _resultValue.usernameTemplate = usernameTemplate; _resultValue.verifyConnection = verifyConnection; diff --git a/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncAssociation.java b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncAssociation.java new file mode 100644 index 000000000..d69fcf46a --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncAssociation.java @@ -0,0 +1,234 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.vault.secrets; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import com.pulumi.vault.Utilities; +import com.pulumi.vault.secrets.SyncAssociationArgs; +import com.pulumi.vault.secrets.inputs.SyncAssociationState; +import java.lang.String; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * ## Example Usage + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.vault.Mount; + * import com.pulumi.vault.MountArgs; + * import com.pulumi.vault.kv.SecretV2; + * import com.pulumi.vault.kv.SecretV2Args; + * import com.pulumi.vault.secrets.SyncGhDestination; + * import com.pulumi.vault.secrets.SyncGhDestinationArgs; + * import com.pulumi.vault.secrets.SyncAssociation; + * import com.pulumi.vault.secrets.SyncAssociationArgs; + * import static com.pulumi.codegen.internal.Serialization.*; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var kvv2 = new Mount("kvv2", MountArgs.builder() + * .path("kvv2") + * .type("kv") + * .options(Map.of("version", "2")) + * .description("KV Version 2 secret engine mount") + * .build()); + * + * var token = new SecretV2("token", SecretV2Args.builder() + * .mount(kvv2.path()) + * .dataJson(serializeJson( + * jsonObject( + * jsonProperty("dev", "B!gS3cr3t"), + * jsonProperty("prod", "S3cureP4$$") + * ))) + * .build()); + * + * var gh = new SyncGhDestination("gh", SyncGhDestinationArgs.builder() + * .accessToken(var_.access_token()) + * .repositoryOwner(var_.repo_owner()) + * .repositoryName("repo-name-example") + * .secretNameTemplate("vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}") + * .build()); + * + * var ghToken = new SyncAssociation("ghToken", SyncAssociationArgs.builder() + * .type(gh.type()) + * .mount(kvv2.path()) + * .secretName(token.name()) + * .build()); + * + * } + * } + * ``` + * + */ +@ResourceType(type="vault:secrets/syncAssociation:SyncAssociation") +public class SyncAssociation extends com.pulumi.resources.CustomResource { + /** + * Specifies the mount where the secret is located. + * + */ + @Export(name="mount", refs={String.class}, tree="[0]") + private Output mount; + + /** + * @return Specifies the mount where the secret is located. + * + */ + public Output mount() { + return this.mount; + } + /** + * Specifies the name of the destination. + * + */ + @Export(name="name", refs={String.class}, tree="[0]") + private Output name; + + /** + * @return Specifies the name of the destination. + * + */ + public Output name() { + return this.name; + } + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + @Export(name="namespace", refs={String.class}, tree="[0]") + private Output namespace; + + /** + * @return The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + public Output> namespace() { + return Codegen.optional(this.namespace); + } + /** + * Specifies the name of the secret to synchronize. + * + */ + @Export(name="secretName", refs={String.class}, tree="[0]") + private Output secretName; + + /** + * @return Specifies the name of the secret to synchronize. + * + */ + public Output secretName() { + return this.secretName; + } + /** + * Specifies the status of the association (for eg. `SYNCED`). + * + */ + @Export(name="syncStatus", refs={String.class}, tree="[0]") + private Output syncStatus; + + /** + * @return Specifies the status of the association (for eg. `SYNCED`). + * + */ + public Output syncStatus() { + return this.syncStatus; + } + /** + * Specifies the destination type. + * + */ + @Export(name="type", refs={String.class}, tree="[0]") + private Output type; + + /** + * @return Specifies the destination type. + * + */ + public Output type() { + return this.type; + } + /** + * Duration string specifying when the secret was last updated. + * + */ + @Export(name="updatedAt", refs={String.class}, tree="[0]") + private Output updatedAt; + + /** + * @return Duration string specifying when the secret was last updated. + * + */ + public Output updatedAt() { + return this.updatedAt; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public SyncAssociation(String name) { + this(name, SyncAssociationArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public SyncAssociation(String name, SyncAssociationArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public SyncAssociation(String name, SyncAssociationArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("vault:secrets/syncAssociation:SyncAssociation", name, args == null ? SyncAssociationArgs.Empty : args, makeResourceOptions(options, Codegen.empty())); + } + + private SyncAssociation(String name, Output id, @Nullable SyncAssociationState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("vault:secrets/syncAssociation:SyncAssociation", name, state, makeResourceOptions(options, id)); + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static SyncAssociation get(String name, Output id, @Nullable SyncAssociationState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new SyncAssociation(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncAssociationArgs.java b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncAssociationArgs.java new file mode 100644 index 000000000..6a89177bd --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncAssociationArgs.java @@ -0,0 +1,249 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.vault.secrets; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class SyncAssociationArgs extends com.pulumi.resources.ResourceArgs { + + public static final SyncAssociationArgs Empty = new SyncAssociationArgs(); + + /** + * Specifies the mount where the secret is located. + * + */ + @Import(name="mount", required=true) + private Output mount; + + /** + * @return Specifies the mount where the secret is located. + * + */ + public Output mount() { + return this.mount; + } + + /** + * Specifies the name of the destination. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Specifies the name of the destination. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + @Import(name="namespace") + private @Nullable Output namespace; + + /** + * @return The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + public Optional> namespace() { + return Optional.ofNullable(this.namespace); + } + + /** + * Specifies the name of the secret to synchronize. + * + */ + @Import(name="secretName", required=true) + private Output secretName; + + /** + * @return Specifies the name of the secret to synchronize. + * + */ + public Output secretName() { + return this.secretName; + } + + /** + * Specifies the destination type. + * + */ + @Import(name="type", required=true) + private Output type; + + /** + * @return Specifies the destination type. + * + */ + public Output type() { + return this.type; + } + + private SyncAssociationArgs() {} + + private SyncAssociationArgs(SyncAssociationArgs $) { + this.mount = $.mount; + this.name = $.name; + this.namespace = $.namespace; + this.secretName = $.secretName; + this.type = $.type; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SyncAssociationArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SyncAssociationArgs $; + + public Builder() { + $ = new SyncAssociationArgs(); + } + + public Builder(SyncAssociationArgs defaults) { + $ = new SyncAssociationArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param mount Specifies the mount where the secret is located. + * + * @return builder + * + */ + public Builder mount(Output mount) { + $.mount = mount; + return this; + } + + /** + * @param mount Specifies the mount where the secret is located. + * + * @return builder + * + */ + public Builder mount(String mount) { + return mount(Output.of(mount)); + } + + /** + * @param name Specifies the name of the destination. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Specifies the name of the destination. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(@Nullable Output namespace) { + $.namespace = namespace; + return this; + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(String namespace) { + return namespace(Output.of(namespace)); + } + + /** + * @param secretName Specifies the name of the secret to synchronize. + * + * @return builder + * + */ + public Builder secretName(Output secretName) { + $.secretName = secretName; + return this; + } + + /** + * @param secretName Specifies the name of the secret to synchronize. + * + * @return builder + * + */ + public Builder secretName(String secretName) { + return secretName(Output.of(secretName)); + } + + /** + * @param type Specifies the destination type. + * + * @return builder + * + */ + public Builder type(Output type) { + $.type = type; + return this; + } + + /** + * @param type Specifies the destination type. + * + * @return builder + * + */ + public Builder type(String type) { + return type(Output.of(type)); + } + + public SyncAssociationArgs build() { + if ($.mount == null) { + throw new MissingRequiredPropertyException("SyncAssociationArgs", "mount"); + } + if ($.secretName == null) { + throw new MissingRequiredPropertyException("SyncAssociationArgs", "secretName"); + } + if ($.type == null) { + throw new MissingRequiredPropertyException("SyncAssociationArgs", "type"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncAwsDestination.java b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncAwsDestination.java new file mode 100644 index 000000000..82a2d25a9 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncAwsDestination.java @@ -0,0 +1,248 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.vault.secrets; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import com.pulumi.vault.Utilities; +import com.pulumi.vault.secrets.SyncAwsDestinationArgs; +import com.pulumi.vault.secrets.inputs.SyncAwsDestinationState; +import java.lang.Object; +import java.lang.String; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * ## Example Usage + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.vault.secrets.SyncAwsDestination; + * import com.pulumi.vault.secrets.SyncAwsDestinationArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var aws = new SyncAwsDestination("aws", SyncAwsDestinationArgs.builder() + * .accessKeyId(var_.access_key_id()) + * .secretAccessKey(var_.secret_access_key()) + * .region("us-east-1") + * .secretNameTemplate("vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}") + * .customTags(Map.of("foo", "bar")) + * .build()); + * + * } + * } + * ``` + * + * ## Import + * + * AWS Secrets sync destinations can be imported using the `name`, e.g. + * + * ```sh + * $ pulumi import vault:secrets/syncAwsDestination:SyncAwsDestination aws aws-dest + * ``` + * + */ +@ResourceType(type="vault:secrets/syncAwsDestination:SyncAwsDestination") +public class SyncAwsDestination extends com.pulumi.resources.CustomResource { + /** + * Access key id to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + * variable. + * + */ + @Export(name="accessKeyId", refs={String.class}, tree="[0]") + private Output accessKeyId; + + /** + * @return Access key id to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + * variable. + * + */ + public Output> accessKeyId() { + return Codegen.optional(this.accessKeyId); + } + /** + * Custom tags to set on the secret managed at the destination. + * + */ + @Export(name="customTags", refs={Map.class,String.class,Object.class}, tree="[0,1,2]") + private Output> customTags; + + /** + * @return Custom tags to set on the secret managed at the destination. + * + */ + public Output>> customTags() { + return Codegen.optional(this.customTags); + } + /** + * Unique name of the AWS destination. + * + */ + @Export(name="name", refs={String.class}, tree="[0]") + private Output name; + + /** + * @return Unique name of the AWS destination. + * + */ + public Output name() { + return this.name; + } + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + @Export(name="namespace", refs={String.class}, tree="[0]") + private Output namespace; + + /** + * @return The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + public Output> namespace() { + return Codegen.optional(this.namespace); + } + /** + * Region where to manage the secrets manager entries. + * Can be omitted and directly provided to Vault using the `AWS_REGION` environment + * variable. + * + */ + @Export(name="region", refs={String.class}, tree="[0]") + private Output region; + + /** + * @return Region where to manage the secrets manager entries. + * Can be omitted and directly provided to Vault using the `AWS_REGION` environment + * variable. + * + */ + public Output> region() { + return Codegen.optional(this.region); + } + /** + * Secret access key to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + * variable. + * + */ + @Export(name="secretAccessKey", refs={String.class}, tree="[0]") + private Output secretAccessKey; + + /** + * @return Secret access key to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + * variable. + * + */ + public Output> secretAccessKey() { + return Codegen.optional(this.secretAccessKey); + } + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + @Export(name="secretNameTemplate", refs={String.class}, tree="[0]") + private Output secretNameTemplate; + + /** + * @return Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + public Output secretNameTemplate() { + return this.secretNameTemplate; + } + /** + * The type of the secrets destination (`aws-sm`). + * + */ + @Export(name="type", refs={String.class}, tree="[0]") + private Output type; + + /** + * @return The type of the secrets destination (`aws-sm`). + * + */ + public Output type() { + return this.type; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public SyncAwsDestination(String name) { + this(name, SyncAwsDestinationArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public SyncAwsDestination(String name, @Nullable SyncAwsDestinationArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public SyncAwsDestination(String name, @Nullable SyncAwsDestinationArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("vault:secrets/syncAwsDestination:SyncAwsDestination", name, args == null ? SyncAwsDestinationArgs.Empty : args, makeResourceOptions(options, Codegen.empty())); + } + + private SyncAwsDestination(String name, Output id, @Nullable SyncAwsDestinationState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("vault:secrets/syncAwsDestination:SyncAwsDestination", name, state, makeResourceOptions(options, id)); + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .additionalSecretOutputs(List.of( + "secretAccessKey" + )) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static SyncAwsDestination get(String name, Output id, @Nullable SyncAwsDestinationState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new SyncAwsDestination(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncAwsDestinationArgs.java b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncAwsDestinationArgs.java new file mode 100644 index 000000000..ea61cbd93 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncAwsDestinationArgs.java @@ -0,0 +1,343 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.vault.secrets; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Object; +import java.lang.String; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class SyncAwsDestinationArgs extends com.pulumi.resources.ResourceArgs { + + public static final SyncAwsDestinationArgs Empty = new SyncAwsDestinationArgs(); + + /** + * Access key id to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + * variable. + * + */ + @Import(name="accessKeyId") + private @Nullable Output accessKeyId; + + /** + * @return Access key id to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + * variable. + * + */ + public Optional> accessKeyId() { + return Optional.ofNullable(this.accessKeyId); + } + + /** + * Custom tags to set on the secret managed at the destination. + * + */ + @Import(name="customTags") + private @Nullable Output> customTags; + + /** + * @return Custom tags to set on the secret managed at the destination. + * + */ + public Optional>> customTags() { + return Optional.ofNullable(this.customTags); + } + + /** + * Unique name of the AWS destination. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Unique name of the AWS destination. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + @Import(name="namespace") + private @Nullable Output namespace; + + /** + * @return The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + public Optional> namespace() { + return Optional.ofNullable(this.namespace); + } + + /** + * Region where to manage the secrets manager entries. + * Can be omitted and directly provided to Vault using the `AWS_REGION` environment + * variable. + * + */ + @Import(name="region") + private @Nullable Output region; + + /** + * @return Region where to manage the secrets manager entries. + * Can be omitted and directly provided to Vault using the `AWS_REGION` environment + * variable. + * + */ + public Optional> region() { + return Optional.ofNullable(this.region); + } + + /** + * Secret access key to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + * variable. + * + */ + @Import(name="secretAccessKey") + private @Nullable Output secretAccessKey; + + /** + * @return Secret access key to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + * variable. + * + */ + public Optional> secretAccessKey() { + return Optional.ofNullable(this.secretAccessKey); + } + + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + @Import(name="secretNameTemplate") + private @Nullable Output secretNameTemplate; + + /** + * @return Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + public Optional> secretNameTemplate() { + return Optional.ofNullable(this.secretNameTemplate); + } + + private SyncAwsDestinationArgs() {} + + private SyncAwsDestinationArgs(SyncAwsDestinationArgs $) { + this.accessKeyId = $.accessKeyId; + this.customTags = $.customTags; + this.name = $.name; + this.namespace = $.namespace; + this.region = $.region; + this.secretAccessKey = $.secretAccessKey; + this.secretNameTemplate = $.secretNameTemplate; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SyncAwsDestinationArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SyncAwsDestinationArgs $; + + public Builder() { + $ = new SyncAwsDestinationArgs(); + } + + public Builder(SyncAwsDestinationArgs defaults) { + $ = new SyncAwsDestinationArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param accessKeyId Access key id to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + * variable. + * + * @return builder + * + */ + public Builder accessKeyId(@Nullable Output accessKeyId) { + $.accessKeyId = accessKeyId; + return this; + } + + /** + * @param accessKeyId Access key id to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + * variable. + * + * @return builder + * + */ + public Builder accessKeyId(String accessKeyId) { + return accessKeyId(Output.of(accessKeyId)); + } + + /** + * @param customTags Custom tags to set on the secret managed at the destination. + * + * @return builder + * + */ + public Builder customTags(@Nullable Output> customTags) { + $.customTags = customTags; + return this; + } + + /** + * @param customTags Custom tags to set on the secret managed at the destination. + * + * @return builder + * + */ + public Builder customTags(Map customTags) { + return customTags(Output.of(customTags)); + } + + /** + * @param name Unique name of the AWS destination. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Unique name of the AWS destination. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(@Nullable Output namespace) { + $.namespace = namespace; + return this; + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(String namespace) { + return namespace(Output.of(namespace)); + } + + /** + * @param region Region where to manage the secrets manager entries. + * Can be omitted and directly provided to Vault using the `AWS_REGION` environment + * variable. + * + * @return builder + * + */ + public Builder region(@Nullable Output region) { + $.region = region; + return this; + } + + /** + * @param region Region where to manage the secrets manager entries. + * Can be omitted and directly provided to Vault using the `AWS_REGION` environment + * variable. + * + * @return builder + * + */ + public Builder region(String region) { + return region(Output.of(region)); + } + + /** + * @param secretAccessKey Secret access key to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + * variable. + * + * @return builder + * + */ + public Builder secretAccessKey(@Nullable Output secretAccessKey) { + $.secretAccessKey = secretAccessKey; + return this; + } + + /** + * @param secretAccessKey Secret access key to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + * variable. + * + * @return builder + * + */ + public Builder secretAccessKey(String secretAccessKey) { + return secretAccessKey(Output.of(secretAccessKey)); + } + + /** + * @param secretNameTemplate Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + * @return builder + * + */ + public Builder secretNameTemplate(@Nullable Output secretNameTemplate) { + $.secretNameTemplate = secretNameTemplate; + return this; + } + + /** + * @param secretNameTemplate Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + * @return builder + * + */ + public Builder secretNameTemplate(String secretNameTemplate) { + return secretNameTemplate(Output.of(secretNameTemplate)); + } + + public SyncAwsDestinationArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncAzureDestination.java b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncAzureDestination.java new file mode 100644 index 000000000..5d6b9e6ae --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncAzureDestination.java @@ -0,0 +1,281 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.vault.secrets; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import com.pulumi.vault.Utilities; +import com.pulumi.vault.secrets.SyncAzureDestinationArgs; +import com.pulumi.vault.secrets.inputs.SyncAzureDestinationState; +import java.lang.Object; +import java.lang.String; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * ## Example Usage + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.vault.secrets.SyncAzureDestination; + * import com.pulumi.vault.secrets.SyncAzureDestinationArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var az = new SyncAzureDestination("az", SyncAzureDestinationArgs.builder() + * .keyVaultUri(var_.key_vault_uri()) + * .clientId(var_.client_id()) + * .clientSecret(var_.client_secret()) + * .tenantId(var_.tenant_id()) + * .secretNameTemplate("vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}") + * .customTags(Map.of("foo", "bar")) + * .build()); + * + * } + * } + * ``` + * + * ## Import + * + * Azure Secrets sync destinations can be imported using the `name`, e.g. + * + * ```sh + * $ pulumi import vault:secrets/syncAzureDestination:SyncAzureDestination az az-dest + * ``` + * + */ +@ResourceType(type="vault:secrets/syncAzureDestination:SyncAzureDestination") +public class SyncAzureDestination extends com.pulumi.resources.CustomResource { + /** + * Client ID of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + * variable. + * + */ + @Export(name="clientId", refs={String.class}, tree="[0]") + private Output clientId; + + /** + * @return Client ID of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + * variable. + * + */ + public Output> clientId() { + return Codegen.optional(this.clientId); + } + /** + * Client Secret of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + * variable. + * + */ + @Export(name="clientSecret", refs={String.class}, tree="[0]") + private Output clientSecret; + + /** + * @return Client Secret of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + * variable. + * + */ + public Output> clientSecret() { + return Codegen.optional(this.clientSecret); + } + /** + * Specifies a cloud for the client. The default is Azure Public Cloud. + * + */ + @Export(name="cloud", refs={String.class}, tree="[0]") + private Output cloud; + + /** + * @return Specifies a cloud for the client. The default is Azure Public Cloud. + * + */ + public Output> cloud() { + return Codegen.optional(this.cloud); + } + /** + * Custom tags to set on the secret managed at the destination. + * + */ + @Export(name="customTags", refs={Map.class,String.class,Object.class}, tree="[0,1,2]") + private Output> customTags; + + /** + * @return Custom tags to set on the secret managed at the destination. + * + */ + public Output>> customTags() { + return Codegen.optional(this.customTags); + } + /** + * URI of an existing Azure Key Vault instance. + * Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + * variable. + * + */ + @Export(name="keyVaultUri", refs={String.class}, tree="[0]") + private Output keyVaultUri; + + /** + * @return URI of an existing Azure Key Vault instance. + * Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + * variable. + * + */ + public Output> keyVaultUri() { + return Codegen.optional(this.keyVaultUri); + } + /** + * Unique name of the Azure destination. + * + */ + @Export(name="name", refs={String.class}, tree="[0]") + private Output name; + + /** + * @return Unique name of the Azure destination. + * + */ + public Output name() { + return this.name; + } + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + @Export(name="namespace", refs={String.class}, tree="[0]") + private Output namespace; + + /** + * @return The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + public Output> namespace() { + return Codegen.optional(this.namespace); + } + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + @Export(name="secretNameTemplate", refs={String.class}, tree="[0]") + private Output secretNameTemplate; + + /** + * @return Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + public Output secretNameTemplate() { + return this.secretNameTemplate; + } + /** + * ID of the target Azure tenant. + * Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + * variable. + * + */ + @Export(name="tenantId", refs={String.class}, tree="[0]") + private Output tenantId; + + /** + * @return ID of the target Azure tenant. + * Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + * variable. + * + */ + public Output> tenantId() { + return Codegen.optional(this.tenantId); + } + /** + * The type of the secrets destination (`azure-kv`). + * + */ + @Export(name="type", refs={String.class}, tree="[0]") + private Output type; + + /** + * @return The type of the secrets destination (`azure-kv`). + * + */ + public Output type() { + return this.type; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public SyncAzureDestination(String name) { + this(name, SyncAzureDestinationArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public SyncAzureDestination(String name, @Nullable SyncAzureDestinationArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public SyncAzureDestination(String name, @Nullable SyncAzureDestinationArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("vault:secrets/syncAzureDestination:SyncAzureDestination", name, args == null ? SyncAzureDestinationArgs.Empty : args, makeResourceOptions(options, Codegen.empty())); + } + + private SyncAzureDestination(String name, Output id, @Nullable SyncAzureDestinationState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("vault:secrets/syncAzureDestination:SyncAzureDestination", name, state, makeResourceOptions(options, id)); + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .additionalSecretOutputs(List.of( + "clientSecret" + )) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static SyncAzureDestination get(String name, Output id, @Nullable SyncAzureDestinationState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new SyncAzureDestination(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncAzureDestinationArgs.java b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncAzureDestinationArgs.java new file mode 100644 index 000000000..9c8ef3356 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncAzureDestinationArgs.java @@ -0,0 +1,425 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.vault.secrets; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Object; +import java.lang.String; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class SyncAzureDestinationArgs extends com.pulumi.resources.ResourceArgs { + + public static final SyncAzureDestinationArgs Empty = new SyncAzureDestinationArgs(); + + /** + * Client ID of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + * variable. + * + */ + @Import(name="clientId") + private @Nullable Output clientId; + + /** + * @return Client ID of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + * variable. + * + */ + public Optional> clientId() { + return Optional.ofNullable(this.clientId); + } + + /** + * Client Secret of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + * variable. + * + */ + @Import(name="clientSecret") + private @Nullable Output clientSecret; + + /** + * @return Client Secret of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + * variable. + * + */ + public Optional> clientSecret() { + return Optional.ofNullable(this.clientSecret); + } + + /** + * Specifies a cloud for the client. The default is Azure Public Cloud. + * + */ + @Import(name="cloud") + private @Nullable Output cloud; + + /** + * @return Specifies a cloud for the client. The default is Azure Public Cloud. + * + */ + public Optional> cloud() { + return Optional.ofNullable(this.cloud); + } + + /** + * Custom tags to set on the secret managed at the destination. + * + */ + @Import(name="customTags") + private @Nullable Output> customTags; + + /** + * @return Custom tags to set on the secret managed at the destination. + * + */ + public Optional>> customTags() { + return Optional.ofNullable(this.customTags); + } + + /** + * URI of an existing Azure Key Vault instance. + * Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + * variable. + * + */ + @Import(name="keyVaultUri") + private @Nullable Output keyVaultUri; + + /** + * @return URI of an existing Azure Key Vault instance. + * Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + * variable. + * + */ + public Optional> keyVaultUri() { + return Optional.ofNullable(this.keyVaultUri); + } + + /** + * Unique name of the Azure destination. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Unique name of the Azure destination. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + @Import(name="namespace") + private @Nullable Output namespace; + + /** + * @return The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + public Optional> namespace() { + return Optional.ofNullable(this.namespace); + } + + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + @Import(name="secretNameTemplate") + private @Nullable Output secretNameTemplate; + + /** + * @return Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + public Optional> secretNameTemplate() { + return Optional.ofNullable(this.secretNameTemplate); + } + + /** + * ID of the target Azure tenant. + * Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + * variable. + * + */ + @Import(name="tenantId") + private @Nullable Output tenantId; + + /** + * @return ID of the target Azure tenant. + * Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + * variable. + * + */ + public Optional> tenantId() { + return Optional.ofNullable(this.tenantId); + } + + private SyncAzureDestinationArgs() {} + + private SyncAzureDestinationArgs(SyncAzureDestinationArgs $) { + this.clientId = $.clientId; + this.clientSecret = $.clientSecret; + this.cloud = $.cloud; + this.customTags = $.customTags; + this.keyVaultUri = $.keyVaultUri; + this.name = $.name; + this.namespace = $.namespace; + this.secretNameTemplate = $.secretNameTemplate; + this.tenantId = $.tenantId; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SyncAzureDestinationArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SyncAzureDestinationArgs $; + + public Builder() { + $ = new SyncAzureDestinationArgs(); + } + + public Builder(SyncAzureDestinationArgs defaults) { + $ = new SyncAzureDestinationArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param clientId Client ID of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + * variable. + * + * @return builder + * + */ + public Builder clientId(@Nullable Output clientId) { + $.clientId = clientId; + return this; + } + + /** + * @param clientId Client ID of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + * variable. + * + * @return builder + * + */ + public Builder clientId(String clientId) { + return clientId(Output.of(clientId)); + } + + /** + * @param clientSecret Client Secret of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + * variable. + * + * @return builder + * + */ + public Builder clientSecret(@Nullable Output clientSecret) { + $.clientSecret = clientSecret; + return this; + } + + /** + * @param clientSecret Client Secret of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + * variable. + * + * @return builder + * + */ + public Builder clientSecret(String clientSecret) { + return clientSecret(Output.of(clientSecret)); + } + + /** + * @param cloud Specifies a cloud for the client. The default is Azure Public Cloud. + * + * @return builder + * + */ + public Builder cloud(@Nullable Output cloud) { + $.cloud = cloud; + return this; + } + + /** + * @param cloud Specifies a cloud for the client. The default is Azure Public Cloud. + * + * @return builder + * + */ + public Builder cloud(String cloud) { + return cloud(Output.of(cloud)); + } + + /** + * @param customTags Custom tags to set on the secret managed at the destination. + * + * @return builder + * + */ + public Builder customTags(@Nullable Output> customTags) { + $.customTags = customTags; + return this; + } + + /** + * @param customTags Custom tags to set on the secret managed at the destination. + * + * @return builder + * + */ + public Builder customTags(Map customTags) { + return customTags(Output.of(customTags)); + } + + /** + * @param keyVaultUri URI of an existing Azure Key Vault instance. + * Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + * variable. + * + * @return builder + * + */ + public Builder keyVaultUri(@Nullable Output keyVaultUri) { + $.keyVaultUri = keyVaultUri; + return this; + } + + /** + * @param keyVaultUri URI of an existing Azure Key Vault instance. + * Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + * variable. + * + * @return builder + * + */ + public Builder keyVaultUri(String keyVaultUri) { + return keyVaultUri(Output.of(keyVaultUri)); + } + + /** + * @param name Unique name of the Azure destination. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Unique name of the Azure destination. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(@Nullable Output namespace) { + $.namespace = namespace; + return this; + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(String namespace) { + return namespace(Output.of(namespace)); + } + + /** + * @param secretNameTemplate Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + * @return builder + * + */ + public Builder secretNameTemplate(@Nullable Output secretNameTemplate) { + $.secretNameTemplate = secretNameTemplate; + return this; + } + + /** + * @param secretNameTemplate Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + * @return builder + * + */ + public Builder secretNameTemplate(String secretNameTemplate) { + return secretNameTemplate(Output.of(secretNameTemplate)); + } + + /** + * @param tenantId ID of the target Azure tenant. + * Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + * variable. + * + * @return builder + * + */ + public Builder tenantId(@Nullable Output tenantId) { + $.tenantId = tenantId; + return this; + } + + /** + * @param tenantId ID of the target Azure tenant. + * Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + * variable. + * + * @return builder + * + */ + public Builder tenantId(String tenantId) { + return tenantId(Output.of(tenantId)); + } + + public SyncAzureDestinationArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncConfig.java b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncConfig.java new file mode 100644 index 000000000..7d0eebbb3 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncConfig.java @@ -0,0 +1,162 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.vault.secrets; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import com.pulumi.vault.Utilities; +import com.pulumi.vault.secrets.SyncConfigArgs; +import com.pulumi.vault.secrets.inputs.SyncConfigState; +import java.lang.Boolean; +import java.lang.Integer; +import java.lang.String; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * Configures the secret sync global config. + * The config is global and can only be managed in the root namespace. + * + * > **Important** The config is global so the vault.secrets.SyncConfig resource must not be defined + * multiple times for the same Vault server. If multiple definition exists, the last one applied will be + * effective. + * + * ## Example Usage + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.vault.secrets.SyncConfig; + * import com.pulumi.vault.secrets.SyncConfigArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var globalConfig = new SyncConfig("globalConfig", SyncConfigArgs.builder() + * .disabled(true) + * .queueCapacity(500000) + * .build()); + * + * } + * } + * ``` + * + * ## Import + * + * ```sh + * $ pulumi import vault:secrets/syncConfig:SyncConfig config global_config + * ``` + * + */ +@ResourceType(type="vault:secrets/syncConfig:SyncConfig") +public class SyncConfig extends com.pulumi.resources.CustomResource { + /** + * Disables the syncing process between Vault and external destinations. Defaults to `false`. + * + */ + @Export(name="disabled", refs={Boolean.class}, tree="[0]") + private Output disabled; + + /** + * @return Disables the syncing process between Vault and external destinations. Defaults to `false`. + * + */ + public Output> disabled() { + return Codegen.optional(this.disabled); + } + /** + * The namespace to provision the resource in. + * This resource can only be configured in the root namespace. + * *Available only for Vault Enterprise*. + * + */ + @Export(name="namespace", refs={String.class}, tree="[0]") + private Output namespace; + + /** + * @return The namespace to provision the resource in. + * This resource can only be configured in the root namespace. + * *Available only for Vault Enterprise*. + * + */ + public Output> namespace() { + return Codegen.optional(this.namespace); + } + /** + * Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + * + */ + @Export(name="queueCapacity", refs={Integer.class}, tree="[0]") + private Output queueCapacity; + + /** + * @return Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + * + */ + public Output> queueCapacity() { + return Codegen.optional(this.queueCapacity); + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public SyncConfig(String name) { + this(name, SyncConfigArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public SyncConfig(String name, @Nullable SyncConfigArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public SyncConfig(String name, @Nullable SyncConfigArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("vault:secrets/syncConfig:SyncConfig", name, args == null ? SyncConfigArgs.Empty : args, makeResourceOptions(options, Codegen.empty())); + } + + private SyncConfig(String name, Output id, @Nullable SyncConfigState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("vault:secrets/syncConfig:SyncConfig", name, state, makeResourceOptions(options, id)); + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static SyncConfig get(String name, Output id, @Nullable SyncConfigState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new SyncConfig(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncConfigArgs.java b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncConfigArgs.java new file mode 100644 index 000000000..84923e513 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncConfigArgs.java @@ -0,0 +1,167 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.vault.secrets; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Boolean; +import java.lang.Integer; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class SyncConfigArgs extends com.pulumi.resources.ResourceArgs { + + public static final SyncConfigArgs Empty = new SyncConfigArgs(); + + /** + * Disables the syncing process between Vault and external destinations. Defaults to `false`. + * + */ + @Import(name="disabled") + private @Nullable Output disabled; + + /** + * @return Disables the syncing process between Vault and external destinations. Defaults to `false`. + * + */ + public Optional> disabled() { + return Optional.ofNullable(this.disabled); + } + + /** + * The namespace to provision the resource in. + * This resource can only be configured in the root namespace. + * *Available only for Vault Enterprise*. + * + */ + @Import(name="namespace") + private @Nullable Output namespace; + + /** + * @return The namespace to provision the resource in. + * This resource can only be configured in the root namespace. + * *Available only for Vault Enterprise*. + * + */ + public Optional> namespace() { + return Optional.ofNullable(this.namespace); + } + + /** + * Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + * + */ + @Import(name="queueCapacity") + private @Nullable Output queueCapacity; + + /** + * @return Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + * + */ + public Optional> queueCapacity() { + return Optional.ofNullable(this.queueCapacity); + } + + private SyncConfigArgs() {} + + private SyncConfigArgs(SyncConfigArgs $) { + this.disabled = $.disabled; + this.namespace = $.namespace; + this.queueCapacity = $.queueCapacity; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SyncConfigArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SyncConfigArgs $; + + public Builder() { + $ = new SyncConfigArgs(); + } + + public Builder(SyncConfigArgs defaults) { + $ = new SyncConfigArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param disabled Disables the syncing process between Vault and external destinations. Defaults to `false`. + * + * @return builder + * + */ + public Builder disabled(@Nullable Output disabled) { + $.disabled = disabled; + return this; + } + + /** + * @param disabled Disables the syncing process between Vault and external destinations. Defaults to `false`. + * + * @return builder + * + */ + public Builder disabled(Boolean disabled) { + return disabled(Output.of(disabled)); + } + + /** + * @param namespace The namespace to provision the resource in. + * This resource can only be configured in the root namespace. + * *Available only for Vault Enterprise*. + * + * @return builder + * + */ + public Builder namespace(@Nullable Output namespace) { + $.namespace = namespace; + return this; + } + + /** + * @param namespace The namespace to provision the resource in. + * This resource can only be configured in the root namespace. + * *Available only for Vault Enterprise*. + * + * @return builder + * + */ + public Builder namespace(String namespace) { + return namespace(Output.of(namespace)); + } + + /** + * @param queueCapacity Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + * + * @return builder + * + */ + public Builder queueCapacity(@Nullable Output queueCapacity) { + $.queueCapacity = queueCapacity; + return this; + } + + /** + * @param queueCapacity Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + * + * @return builder + * + */ + public Builder queueCapacity(Integer queueCapacity) { + return queueCapacity(Output.of(queueCapacity)); + } + + public SyncConfigArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncGcpDestination.java b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncGcpDestination.java new file mode 100644 index 000000000..25969da4f --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncGcpDestination.java @@ -0,0 +1,210 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.vault.secrets; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import com.pulumi.vault.Utilities; +import com.pulumi.vault.secrets.SyncGcpDestinationArgs; +import com.pulumi.vault.secrets.inputs.SyncGcpDestinationState; +import java.lang.Object; +import java.lang.String; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * ## Example Usage + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.vault.secrets.SyncGcpDestination; + * import com.pulumi.vault.secrets.SyncGcpDestinationArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var gcp = new SyncGcpDestination("gcp", SyncGcpDestinationArgs.builder() + * .credentials(Files.readString(Paths.get(var_.credentials_file()))) + * .secretNameTemplate("vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}") + * .customTags(Map.of("foo", "bar")) + * .build()); + * + * } + * } + * ``` + * + * ## Import + * + * GCP Secrets sync destinations can be imported using the `name`, e.g. + * + * ```sh + * $ pulumi import vault:secrets/syncGcpDestination:SyncGcpDestination gcp gcp-dest + * ``` + * + */ +@ResourceType(type="vault:secrets/syncGcpDestination:SyncGcpDestination") +public class SyncGcpDestination extends com.pulumi.resources.CustomResource { + /** + * JSON-encoded credentials to use to connect to GCP. + * Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + * variable. + * + */ + @Export(name="credentials", refs={String.class}, tree="[0]") + private Output credentials; + + /** + * @return JSON-encoded credentials to use to connect to GCP. + * Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + * variable. + * + */ + public Output> credentials() { + return Codegen.optional(this.credentials); + } + /** + * Custom tags to set on the secret managed at the destination. + * + */ + @Export(name="customTags", refs={Map.class,String.class,Object.class}, tree="[0,1,2]") + private Output> customTags; + + /** + * @return Custom tags to set on the secret managed at the destination. + * + */ + public Output>> customTags() { + return Codegen.optional(this.customTags); + } + /** + * Unique name of the GCP destination. + * + */ + @Export(name="name", refs={String.class}, tree="[0]") + private Output name; + + /** + * @return Unique name of the GCP destination. + * + */ + public Output name() { + return this.name; + } + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + @Export(name="namespace", refs={String.class}, tree="[0]") + private Output namespace; + + /** + * @return The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + public Output> namespace() { + return Codegen.optional(this.namespace); + } + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + @Export(name="secretNameTemplate", refs={String.class}, tree="[0]") + private Output secretNameTemplate; + + /** + * @return Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + public Output secretNameTemplate() { + return this.secretNameTemplate; + } + /** + * The type of the secrets destination (`gcp-sm`). + * + */ + @Export(name="type", refs={String.class}, tree="[0]") + private Output type; + + /** + * @return The type of the secrets destination (`gcp-sm`). + * + */ + public Output type() { + return this.type; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public SyncGcpDestination(String name) { + this(name, SyncGcpDestinationArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public SyncGcpDestination(String name, @Nullable SyncGcpDestinationArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public SyncGcpDestination(String name, @Nullable SyncGcpDestinationArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("vault:secrets/syncGcpDestination:SyncGcpDestination", name, args == null ? SyncGcpDestinationArgs.Empty : args, makeResourceOptions(options, Codegen.empty())); + } + + private SyncGcpDestination(String name, Output id, @Nullable SyncGcpDestinationState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("vault:secrets/syncGcpDestination:SyncGcpDestination", name, state, makeResourceOptions(options, id)); + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .additionalSecretOutputs(List.of( + "credentials" + )) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static SyncGcpDestination get(String name, Output id, @Nullable SyncGcpDestinationState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new SyncGcpDestination(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncGcpDestinationArgs.java b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncGcpDestinationArgs.java new file mode 100644 index 000000000..caff34f48 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncGcpDestinationArgs.java @@ -0,0 +1,253 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.vault.secrets; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Object; +import java.lang.String; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class SyncGcpDestinationArgs extends com.pulumi.resources.ResourceArgs { + + public static final SyncGcpDestinationArgs Empty = new SyncGcpDestinationArgs(); + + /** + * JSON-encoded credentials to use to connect to GCP. + * Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + * variable. + * + */ + @Import(name="credentials") + private @Nullable Output credentials; + + /** + * @return JSON-encoded credentials to use to connect to GCP. + * Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + * variable. + * + */ + public Optional> credentials() { + return Optional.ofNullable(this.credentials); + } + + /** + * Custom tags to set on the secret managed at the destination. + * + */ + @Import(name="customTags") + private @Nullable Output> customTags; + + /** + * @return Custom tags to set on the secret managed at the destination. + * + */ + public Optional>> customTags() { + return Optional.ofNullable(this.customTags); + } + + /** + * Unique name of the GCP destination. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Unique name of the GCP destination. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + @Import(name="namespace") + private @Nullable Output namespace; + + /** + * @return The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + public Optional> namespace() { + return Optional.ofNullable(this.namespace); + } + + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + @Import(name="secretNameTemplate") + private @Nullable Output secretNameTemplate; + + /** + * @return Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + public Optional> secretNameTemplate() { + return Optional.ofNullable(this.secretNameTemplate); + } + + private SyncGcpDestinationArgs() {} + + private SyncGcpDestinationArgs(SyncGcpDestinationArgs $) { + this.credentials = $.credentials; + this.customTags = $.customTags; + this.name = $.name; + this.namespace = $.namespace; + this.secretNameTemplate = $.secretNameTemplate; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SyncGcpDestinationArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SyncGcpDestinationArgs $; + + public Builder() { + $ = new SyncGcpDestinationArgs(); + } + + public Builder(SyncGcpDestinationArgs defaults) { + $ = new SyncGcpDestinationArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param credentials JSON-encoded credentials to use to connect to GCP. + * Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + * variable. + * + * @return builder + * + */ + public Builder credentials(@Nullable Output credentials) { + $.credentials = credentials; + return this; + } + + /** + * @param credentials JSON-encoded credentials to use to connect to GCP. + * Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + * variable. + * + * @return builder + * + */ + public Builder credentials(String credentials) { + return credentials(Output.of(credentials)); + } + + /** + * @param customTags Custom tags to set on the secret managed at the destination. + * + * @return builder + * + */ + public Builder customTags(@Nullable Output> customTags) { + $.customTags = customTags; + return this; + } + + /** + * @param customTags Custom tags to set on the secret managed at the destination. + * + * @return builder + * + */ + public Builder customTags(Map customTags) { + return customTags(Output.of(customTags)); + } + + /** + * @param name Unique name of the GCP destination. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Unique name of the GCP destination. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(@Nullable Output namespace) { + $.namespace = namespace; + return this; + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(String namespace) { + return namespace(Output.of(namespace)); + } + + /** + * @param secretNameTemplate Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + * @return builder + * + */ + public Builder secretNameTemplate(@Nullable Output secretNameTemplate) { + $.secretNameTemplate = secretNameTemplate; + return this; + } + + /** + * @param secretNameTemplate Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + * @return builder + * + */ + public Builder secretNameTemplate(String secretNameTemplate) { + return secretNameTemplate(Output.of(secretNameTemplate)); + } + + public SyncGcpDestinationArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncGhDestination.java b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncGhDestination.java new file mode 100644 index 000000000..8cbcb678b --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncGhDestination.java @@ -0,0 +1,231 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.vault.secrets; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import com.pulumi.vault.Utilities; +import com.pulumi.vault.secrets.SyncGhDestinationArgs; +import com.pulumi.vault.secrets.inputs.SyncGhDestinationState; +import java.lang.String; +import java.util.List; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * ## Example Usage + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.vault.secrets.SyncGhDestination; + * import com.pulumi.vault.secrets.SyncGhDestinationArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var gh = new SyncGhDestination("gh", SyncGhDestinationArgs.builder() + * .accessToken(var_.access_token()) + * .repositoryOwner(var_.repo_owner()) + * .repositoryName("repo-name-example") + * .secretNameTemplate("vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}") + * .build()); + * + * } + * } + * ``` + * + * ## Import + * + * GitHub Secrets sync destinations can be imported using the `name`, e.g. + * + * ```sh + * $ pulumi import vault:secrets/syncGhDestination:SyncGhDestination gh gh-dest + * ``` + * + */ +@ResourceType(type="vault:secrets/syncGhDestination:SyncGhDestination") +public class SyncGhDestination extends com.pulumi.resources.CustomResource { + /** + * Fine-grained or personal access token. + * Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + * variable. + * + */ + @Export(name="accessToken", refs={String.class}, tree="[0]") + private Output accessToken; + + /** + * @return Fine-grained or personal access token. + * Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + * variable. + * + */ + public Output> accessToken() { + return Codegen.optional(this.accessToken); + } + /** + * Unique name of the GitHub destination. + * + */ + @Export(name="name", refs={String.class}, tree="[0]") + private Output name; + + /** + * @return Unique name of the GitHub destination. + * + */ + public Output name() { + return this.name; + } + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + @Export(name="namespace", refs={String.class}, tree="[0]") + private Output namespace; + + /** + * @return The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + public Output> namespace() { + return Codegen.optional(this.namespace); + } + /** + * Name of the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + * variable. + * + */ + @Export(name="repositoryName", refs={String.class}, tree="[0]") + private Output repositoryName; + + /** + * @return Name of the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + * variable. + * + */ + public Output> repositoryName() { + return Codegen.optional(this.repositoryName); + } + /** + * GitHub organization or username that owns the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + * variable. + * + */ + @Export(name="repositoryOwner", refs={String.class}, tree="[0]") + private Output repositoryOwner; + + /** + * @return GitHub organization or username that owns the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + * variable. + * + */ + public Output> repositoryOwner() { + return Codegen.optional(this.repositoryOwner); + } + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + @Export(name="secretNameTemplate", refs={String.class}, tree="[0]") + private Output secretNameTemplate; + + /** + * @return Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + public Output secretNameTemplate() { + return this.secretNameTemplate; + } + /** + * The type of the secrets destination (`gh`). + * + */ + @Export(name="type", refs={String.class}, tree="[0]") + private Output type; + + /** + * @return The type of the secrets destination (`gh`). + * + */ + public Output type() { + return this.type; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public SyncGhDestination(String name) { + this(name, SyncGhDestinationArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public SyncGhDestination(String name, @Nullable SyncGhDestinationArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public SyncGhDestination(String name, @Nullable SyncGhDestinationArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("vault:secrets/syncGhDestination:SyncGhDestination", name, args == null ? SyncGhDestinationArgs.Empty : args, makeResourceOptions(options, Codegen.empty())); + } + + private SyncGhDestination(String name, Output id, @Nullable SyncGhDestinationState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("vault:secrets/syncGhDestination:SyncGhDestination", name, state, makeResourceOptions(options, id)); + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .additionalSecretOutputs(List.of( + "accessToken" + )) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static SyncGhDestination get(String name, Output id, @Nullable SyncGhDestinationState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new SyncGhDestination(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncGhDestinationArgs.java b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncGhDestinationArgs.java new file mode 100644 index 000000000..e9e272ccd --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncGhDestinationArgs.java @@ -0,0 +1,304 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.vault.secrets; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class SyncGhDestinationArgs extends com.pulumi.resources.ResourceArgs { + + public static final SyncGhDestinationArgs Empty = new SyncGhDestinationArgs(); + + /** + * Fine-grained or personal access token. + * Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + * variable. + * + */ + @Import(name="accessToken") + private @Nullable Output accessToken; + + /** + * @return Fine-grained or personal access token. + * Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + * variable. + * + */ + public Optional> accessToken() { + return Optional.ofNullable(this.accessToken); + } + + /** + * Unique name of the GitHub destination. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Unique name of the GitHub destination. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + @Import(name="namespace") + private @Nullable Output namespace; + + /** + * @return The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + public Optional> namespace() { + return Optional.ofNullable(this.namespace); + } + + /** + * Name of the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + * variable. + * + */ + @Import(name="repositoryName") + private @Nullable Output repositoryName; + + /** + * @return Name of the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + * variable. + * + */ + public Optional> repositoryName() { + return Optional.ofNullable(this.repositoryName); + } + + /** + * GitHub organization or username that owns the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + * variable. + * + */ + @Import(name="repositoryOwner") + private @Nullable Output repositoryOwner; + + /** + * @return GitHub organization or username that owns the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + * variable. + * + */ + public Optional> repositoryOwner() { + return Optional.ofNullable(this.repositoryOwner); + } + + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + @Import(name="secretNameTemplate") + private @Nullable Output secretNameTemplate; + + /** + * @return Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + public Optional> secretNameTemplate() { + return Optional.ofNullable(this.secretNameTemplate); + } + + private SyncGhDestinationArgs() {} + + private SyncGhDestinationArgs(SyncGhDestinationArgs $) { + this.accessToken = $.accessToken; + this.name = $.name; + this.namespace = $.namespace; + this.repositoryName = $.repositoryName; + this.repositoryOwner = $.repositoryOwner; + this.secretNameTemplate = $.secretNameTemplate; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SyncGhDestinationArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SyncGhDestinationArgs $; + + public Builder() { + $ = new SyncGhDestinationArgs(); + } + + public Builder(SyncGhDestinationArgs defaults) { + $ = new SyncGhDestinationArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param accessToken Fine-grained or personal access token. + * Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + * variable. + * + * @return builder + * + */ + public Builder accessToken(@Nullable Output accessToken) { + $.accessToken = accessToken; + return this; + } + + /** + * @param accessToken Fine-grained or personal access token. + * Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + * variable. + * + * @return builder + * + */ + public Builder accessToken(String accessToken) { + return accessToken(Output.of(accessToken)); + } + + /** + * @param name Unique name of the GitHub destination. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Unique name of the GitHub destination. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(@Nullable Output namespace) { + $.namespace = namespace; + return this; + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(String namespace) { + return namespace(Output.of(namespace)); + } + + /** + * @param repositoryName Name of the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + * variable. + * + * @return builder + * + */ + public Builder repositoryName(@Nullable Output repositoryName) { + $.repositoryName = repositoryName; + return this; + } + + /** + * @param repositoryName Name of the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + * variable. + * + * @return builder + * + */ + public Builder repositoryName(String repositoryName) { + return repositoryName(Output.of(repositoryName)); + } + + /** + * @param repositoryOwner GitHub organization or username that owns the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + * variable. + * + * @return builder + * + */ + public Builder repositoryOwner(@Nullable Output repositoryOwner) { + $.repositoryOwner = repositoryOwner; + return this; + } + + /** + * @param repositoryOwner GitHub organization or username that owns the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + * variable. + * + * @return builder + * + */ + public Builder repositoryOwner(String repositoryOwner) { + return repositoryOwner(Output.of(repositoryOwner)); + } + + /** + * @param secretNameTemplate Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + * @return builder + * + */ + public Builder secretNameTemplate(@Nullable Output secretNameTemplate) { + $.secretNameTemplate = secretNameTemplate; + return this; + } + + /** + * @param secretNameTemplate Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + * @return builder + * + */ + public Builder secretNameTemplate(String secretNameTemplate) { + return secretNameTemplate(Output.of(secretNameTemplate)); + } + + public SyncGhDestinationArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncVercelDestination.java b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncVercelDestination.java new file mode 100644 index 000000000..ae9866e35 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncVercelDestination.java @@ -0,0 +1,240 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.vault.secrets; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import com.pulumi.vault.Utilities; +import com.pulumi.vault.secrets.SyncVercelDestinationArgs; +import com.pulumi.vault.secrets.inputs.SyncVercelDestinationState; +import java.lang.String; +import java.util.List; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * ## Example Usage + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.vault.secrets.SyncVercelDestination; + * import com.pulumi.vault.secrets.SyncVercelDestinationArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var vercel = new SyncVercelDestination("vercel", SyncVercelDestinationArgs.builder() + * .accessToken(var_.access_token()) + * .projectId(var_.project_id()) + * .deploymentEnvironments( + * "development", + * "preview", + * "production") + * .secretNameTemplate("vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}") + * .build()); + * + * } + * } + * ``` + * + * ## Import + * + * GitHub Secrets sync destinations can be imported using the `name`, e.g. + * + * ```sh + * $ pulumi import vault:secrets/syncVercelDestination:SyncVercelDestination vercel vercel-dest + * ``` + * + */ +@ResourceType(type="vault:secrets/syncVercelDestination:SyncVercelDestination") +public class SyncVercelDestination extends com.pulumi.resources.CustomResource { + /** + * Vercel API access token with the permissions to manage environment + * variables. + * + */ + @Export(name="accessToken", refs={String.class}, tree="[0]") + private Output accessToken; + + /** + * @return Vercel API access token with the permissions to manage environment + * variables. + * + */ + public Output accessToken() { + return this.accessToken; + } + /** + * Deployment environments where the environment variables + * are available. Accepts `development`, `preview` and `production`. + * + */ + @Export(name="deploymentEnvironments", refs={List.class,String.class}, tree="[0,1]") + private Output> deploymentEnvironments; + + /** + * @return Deployment environments where the environment variables + * are available. Accepts `development`, `preview` and `production`. + * + */ + public Output> deploymentEnvironments() { + return this.deploymentEnvironments; + } + /** + * Unique name of the GitHub destination. + * + */ + @Export(name="name", refs={String.class}, tree="[0]") + private Output name; + + /** + * @return Unique name of the GitHub destination. + * + */ + public Output name() { + return this.name; + } + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + @Export(name="namespace", refs={String.class}, tree="[0]") + private Output namespace; + + /** + * @return The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + public Output> namespace() { + return Codegen.optional(this.namespace); + } + /** + * Project ID where to manage environment variables. + * + */ + @Export(name="projectId", refs={String.class}, tree="[0]") + private Output projectId; + + /** + * @return Project ID where to manage environment variables. + * + */ + public Output projectId() { + return this.projectId; + } + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + @Export(name="secretNameTemplate", refs={String.class}, tree="[0]") + private Output secretNameTemplate; + + /** + * @return Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + public Output secretNameTemplate() { + return this.secretNameTemplate; + } + /** + * Team ID where to manage environment variables. + * + */ + @Export(name="teamId", refs={String.class}, tree="[0]") + private Output teamId; + + /** + * @return Team ID where to manage environment variables. + * + */ + public Output> teamId() { + return Codegen.optional(this.teamId); + } + /** + * The type of the secrets destination (`vercel-project`). + * + */ + @Export(name="type", refs={String.class}, tree="[0]") + private Output type; + + /** + * @return The type of the secrets destination (`vercel-project`). + * + */ + public Output type() { + return this.type; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public SyncVercelDestination(String name) { + this(name, SyncVercelDestinationArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public SyncVercelDestination(String name, SyncVercelDestinationArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public SyncVercelDestination(String name, SyncVercelDestinationArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("vault:secrets/syncVercelDestination:SyncVercelDestination", name, args == null ? SyncVercelDestinationArgs.Empty : args, makeResourceOptions(options, Codegen.empty())); + } + + private SyncVercelDestination(String name, Output id, @Nullable SyncVercelDestinationState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("vault:secrets/syncVercelDestination:SyncVercelDestination", name, state, makeResourceOptions(options, id)); + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .additionalSecretOutputs(List.of( + "accessToken" + )) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static SyncVercelDestination get(String name, Output id, @Nullable SyncVercelDestinationState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new SyncVercelDestination(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncVercelDestinationArgs.java b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncVercelDestinationArgs.java new file mode 100644 index 000000000..cd11d99b2 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/vault/secrets/SyncVercelDestinationArgs.java @@ -0,0 +1,347 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.vault.secrets; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class SyncVercelDestinationArgs extends com.pulumi.resources.ResourceArgs { + + public static final SyncVercelDestinationArgs Empty = new SyncVercelDestinationArgs(); + + /** + * Vercel API access token with the permissions to manage environment + * variables. + * + */ + @Import(name="accessToken", required=true) + private Output accessToken; + + /** + * @return Vercel API access token with the permissions to manage environment + * variables. + * + */ + public Output accessToken() { + return this.accessToken; + } + + /** + * Deployment environments where the environment variables + * are available. Accepts `development`, `preview` and `production`. + * + */ + @Import(name="deploymentEnvironments", required=true) + private Output> deploymentEnvironments; + + /** + * @return Deployment environments where the environment variables + * are available. Accepts `development`, `preview` and `production`. + * + */ + public Output> deploymentEnvironments() { + return this.deploymentEnvironments; + } + + /** + * Unique name of the GitHub destination. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Unique name of the GitHub destination. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + @Import(name="namespace") + private @Nullable Output namespace; + + /** + * @return The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + public Optional> namespace() { + return Optional.ofNullable(this.namespace); + } + + /** + * Project ID where to manage environment variables. + * + */ + @Import(name="projectId", required=true) + private Output projectId; + + /** + * @return Project ID where to manage environment variables. + * + */ + public Output projectId() { + return this.projectId; + } + + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + @Import(name="secretNameTemplate") + private @Nullable Output secretNameTemplate; + + /** + * @return Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + public Optional> secretNameTemplate() { + return Optional.ofNullable(this.secretNameTemplate); + } + + /** + * Team ID where to manage environment variables. + * + */ + @Import(name="teamId") + private @Nullable Output teamId; + + /** + * @return Team ID where to manage environment variables. + * + */ + public Optional> teamId() { + return Optional.ofNullable(this.teamId); + } + + private SyncVercelDestinationArgs() {} + + private SyncVercelDestinationArgs(SyncVercelDestinationArgs $) { + this.accessToken = $.accessToken; + this.deploymentEnvironments = $.deploymentEnvironments; + this.name = $.name; + this.namespace = $.namespace; + this.projectId = $.projectId; + this.secretNameTemplate = $.secretNameTemplate; + this.teamId = $.teamId; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SyncVercelDestinationArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SyncVercelDestinationArgs $; + + public Builder() { + $ = new SyncVercelDestinationArgs(); + } + + public Builder(SyncVercelDestinationArgs defaults) { + $ = new SyncVercelDestinationArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param accessToken Vercel API access token with the permissions to manage environment + * variables. + * + * @return builder + * + */ + public Builder accessToken(Output accessToken) { + $.accessToken = accessToken; + return this; + } + + /** + * @param accessToken Vercel API access token with the permissions to manage environment + * variables. + * + * @return builder + * + */ + public Builder accessToken(String accessToken) { + return accessToken(Output.of(accessToken)); + } + + /** + * @param deploymentEnvironments Deployment environments where the environment variables + * are available. Accepts `development`, `preview` and `production`. + * + * @return builder + * + */ + public Builder deploymentEnvironments(Output> deploymentEnvironments) { + $.deploymentEnvironments = deploymentEnvironments; + return this; + } + + /** + * @param deploymentEnvironments Deployment environments where the environment variables + * are available. Accepts `development`, `preview` and `production`. + * + * @return builder + * + */ + public Builder deploymentEnvironments(List deploymentEnvironments) { + return deploymentEnvironments(Output.of(deploymentEnvironments)); + } + + /** + * @param deploymentEnvironments Deployment environments where the environment variables + * are available. Accepts `development`, `preview` and `production`. + * + * @return builder + * + */ + public Builder deploymentEnvironments(String... deploymentEnvironments) { + return deploymentEnvironments(List.of(deploymentEnvironments)); + } + + /** + * @param name Unique name of the GitHub destination. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Unique name of the GitHub destination. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(@Nullable Output namespace) { + $.namespace = namespace; + return this; + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(String namespace) { + return namespace(Output.of(namespace)); + } + + /** + * @param projectId Project ID where to manage environment variables. + * + * @return builder + * + */ + public Builder projectId(Output projectId) { + $.projectId = projectId; + return this; + } + + /** + * @param projectId Project ID where to manage environment variables. + * + * @return builder + * + */ + public Builder projectId(String projectId) { + return projectId(Output.of(projectId)); + } + + /** + * @param secretNameTemplate Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + * @return builder + * + */ + public Builder secretNameTemplate(@Nullable Output secretNameTemplate) { + $.secretNameTemplate = secretNameTemplate; + return this; + } + + /** + * @param secretNameTemplate Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + * @return builder + * + */ + public Builder secretNameTemplate(String secretNameTemplate) { + return secretNameTemplate(Output.of(secretNameTemplate)); + } + + /** + * @param teamId Team ID where to manage environment variables. + * + * @return builder + * + */ + public Builder teamId(@Nullable Output teamId) { + $.teamId = teamId; + return this; + } + + /** + * @param teamId Team ID where to manage environment variables. + * + * @return builder + * + */ + public Builder teamId(String teamId) { + return teamId(Output.of(teamId)); + } + + public SyncVercelDestinationArgs build() { + if ($.accessToken == null) { + throw new MissingRequiredPropertyException("SyncVercelDestinationArgs", "accessToken"); + } + if ($.deploymentEnvironments == null) { + throw new MissingRequiredPropertyException("SyncVercelDestinationArgs", "deploymentEnvironments"); + } + if ($.projectId == null) { + throw new MissingRequiredPropertyException("SyncVercelDestinationArgs", "projectId"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/vault/secrets/inputs/SyncAssociationState.java b/sdk/java/src/main/java/com/pulumi/vault/secrets/inputs/SyncAssociationState.java new file mode 100644 index 000000000..85b02032b --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/vault/secrets/inputs/SyncAssociationState.java @@ -0,0 +1,313 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.vault.secrets.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class SyncAssociationState extends com.pulumi.resources.ResourceArgs { + + public static final SyncAssociationState Empty = new SyncAssociationState(); + + /** + * Specifies the mount where the secret is located. + * + */ + @Import(name="mount") + private @Nullable Output mount; + + /** + * @return Specifies the mount where the secret is located. + * + */ + public Optional> mount() { + return Optional.ofNullable(this.mount); + } + + /** + * Specifies the name of the destination. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Specifies the name of the destination. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + @Import(name="namespace") + private @Nullable Output namespace; + + /** + * @return The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + public Optional> namespace() { + return Optional.ofNullable(this.namespace); + } + + /** + * Specifies the name of the secret to synchronize. + * + */ + @Import(name="secretName") + private @Nullable Output secretName; + + /** + * @return Specifies the name of the secret to synchronize. + * + */ + public Optional> secretName() { + return Optional.ofNullable(this.secretName); + } + + /** + * Specifies the status of the association (for eg. `SYNCED`). + * + */ + @Import(name="syncStatus") + private @Nullable Output syncStatus; + + /** + * @return Specifies the status of the association (for eg. `SYNCED`). + * + */ + public Optional> syncStatus() { + return Optional.ofNullable(this.syncStatus); + } + + /** + * Specifies the destination type. + * + */ + @Import(name="type") + private @Nullable Output type; + + /** + * @return Specifies the destination type. + * + */ + public Optional> type() { + return Optional.ofNullable(this.type); + } + + /** + * Duration string specifying when the secret was last updated. + * + */ + @Import(name="updatedAt") + private @Nullable Output updatedAt; + + /** + * @return Duration string specifying when the secret was last updated. + * + */ + public Optional> updatedAt() { + return Optional.ofNullable(this.updatedAt); + } + + private SyncAssociationState() {} + + private SyncAssociationState(SyncAssociationState $) { + this.mount = $.mount; + this.name = $.name; + this.namespace = $.namespace; + this.secretName = $.secretName; + this.syncStatus = $.syncStatus; + this.type = $.type; + this.updatedAt = $.updatedAt; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SyncAssociationState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SyncAssociationState $; + + public Builder() { + $ = new SyncAssociationState(); + } + + public Builder(SyncAssociationState defaults) { + $ = new SyncAssociationState(Objects.requireNonNull(defaults)); + } + + /** + * @param mount Specifies the mount where the secret is located. + * + * @return builder + * + */ + public Builder mount(@Nullable Output mount) { + $.mount = mount; + return this; + } + + /** + * @param mount Specifies the mount where the secret is located. + * + * @return builder + * + */ + public Builder mount(String mount) { + return mount(Output.of(mount)); + } + + /** + * @param name Specifies the name of the destination. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Specifies the name of the destination. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(@Nullable Output namespace) { + $.namespace = namespace; + return this; + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(String namespace) { + return namespace(Output.of(namespace)); + } + + /** + * @param secretName Specifies the name of the secret to synchronize. + * + * @return builder + * + */ + public Builder secretName(@Nullable Output secretName) { + $.secretName = secretName; + return this; + } + + /** + * @param secretName Specifies the name of the secret to synchronize. + * + * @return builder + * + */ + public Builder secretName(String secretName) { + return secretName(Output.of(secretName)); + } + + /** + * @param syncStatus Specifies the status of the association (for eg. `SYNCED`). + * + * @return builder + * + */ + public Builder syncStatus(@Nullable Output syncStatus) { + $.syncStatus = syncStatus; + return this; + } + + /** + * @param syncStatus Specifies the status of the association (for eg. `SYNCED`). + * + * @return builder + * + */ + public Builder syncStatus(String syncStatus) { + return syncStatus(Output.of(syncStatus)); + } + + /** + * @param type Specifies the destination type. + * + * @return builder + * + */ + public Builder type(@Nullable Output type) { + $.type = type; + return this; + } + + /** + * @param type Specifies the destination type. + * + * @return builder + * + */ + public Builder type(String type) { + return type(Output.of(type)); + } + + /** + * @param updatedAt Duration string specifying when the secret was last updated. + * + * @return builder + * + */ + public Builder updatedAt(@Nullable Output updatedAt) { + $.updatedAt = updatedAt; + return this; + } + + /** + * @param updatedAt Duration string specifying when the secret was last updated. + * + * @return builder + * + */ + public Builder updatedAt(String updatedAt) { + return updatedAt(Output.of(updatedAt)); + } + + public SyncAssociationState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/vault/secrets/inputs/SyncAwsDestinationState.java b/sdk/java/src/main/java/com/pulumi/vault/secrets/inputs/SyncAwsDestinationState.java new file mode 100644 index 000000000..43abe7224 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/vault/secrets/inputs/SyncAwsDestinationState.java @@ -0,0 +1,380 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.vault.secrets.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Object; +import java.lang.String; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class SyncAwsDestinationState extends com.pulumi.resources.ResourceArgs { + + public static final SyncAwsDestinationState Empty = new SyncAwsDestinationState(); + + /** + * Access key id to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + * variable. + * + */ + @Import(name="accessKeyId") + private @Nullable Output accessKeyId; + + /** + * @return Access key id to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + * variable. + * + */ + public Optional> accessKeyId() { + return Optional.ofNullable(this.accessKeyId); + } + + /** + * Custom tags to set on the secret managed at the destination. + * + */ + @Import(name="customTags") + private @Nullable Output> customTags; + + /** + * @return Custom tags to set on the secret managed at the destination. + * + */ + public Optional>> customTags() { + return Optional.ofNullable(this.customTags); + } + + /** + * Unique name of the AWS destination. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Unique name of the AWS destination. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + @Import(name="namespace") + private @Nullable Output namespace; + + /** + * @return The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + public Optional> namespace() { + return Optional.ofNullable(this.namespace); + } + + /** + * Region where to manage the secrets manager entries. + * Can be omitted and directly provided to Vault using the `AWS_REGION` environment + * variable. + * + */ + @Import(name="region") + private @Nullable Output region; + + /** + * @return Region where to manage the secrets manager entries. + * Can be omitted and directly provided to Vault using the `AWS_REGION` environment + * variable. + * + */ + public Optional> region() { + return Optional.ofNullable(this.region); + } + + /** + * Secret access key to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + * variable. + * + */ + @Import(name="secretAccessKey") + private @Nullable Output secretAccessKey; + + /** + * @return Secret access key to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + * variable. + * + */ + public Optional> secretAccessKey() { + return Optional.ofNullable(this.secretAccessKey); + } + + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + @Import(name="secretNameTemplate") + private @Nullable Output secretNameTemplate; + + /** + * @return Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + public Optional> secretNameTemplate() { + return Optional.ofNullable(this.secretNameTemplate); + } + + /** + * The type of the secrets destination (`aws-sm`). + * + */ + @Import(name="type") + private @Nullable Output type; + + /** + * @return The type of the secrets destination (`aws-sm`). + * + */ + public Optional> type() { + return Optional.ofNullable(this.type); + } + + private SyncAwsDestinationState() {} + + private SyncAwsDestinationState(SyncAwsDestinationState $) { + this.accessKeyId = $.accessKeyId; + this.customTags = $.customTags; + this.name = $.name; + this.namespace = $.namespace; + this.region = $.region; + this.secretAccessKey = $.secretAccessKey; + this.secretNameTemplate = $.secretNameTemplate; + this.type = $.type; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SyncAwsDestinationState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SyncAwsDestinationState $; + + public Builder() { + $ = new SyncAwsDestinationState(); + } + + public Builder(SyncAwsDestinationState defaults) { + $ = new SyncAwsDestinationState(Objects.requireNonNull(defaults)); + } + + /** + * @param accessKeyId Access key id to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + * variable. + * + * @return builder + * + */ + public Builder accessKeyId(@Nullable Output accessKeyId) { + $.accessKeyId = accessKeyId; + return this; + } + + /** + * @param accessKeyId Access key id to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + * variable. + * + * @return builder + * + */ + public Builder accessKeyId(String accessKeyId) { + return accessKeyId(Output.of(accessKeyId)); + } + + /** + * @param customTags Custom tags to set on the secret managed at the destination. + * + * @return builder + * + */ + public Builder customTags(@Nullable Output> customTags) { + $.customTags = customTags; + return this; + } + + /** + * @param customTags Custom tags to set on the secret managed at the destination. + * + * @return builder + * + */ + public Builder customTags(Map customTags) { + return customTags(Output.of(customTags)); + } + + /** + * @param name Unique name of the AWS destination. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Unique name of the AWS destination. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(@Nullable Output namespace) { + $.namespace = namespace; + return this; + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(String namespace) { + return namespace(Output.of(namespace)); + } + + /** + * @param region Region where to manage the secrets manager entries. + * Can be omitted and directly provided to Vault using the `AWS_REGION` environment + * variable. + * + * @return builder + * + */ + public Builder region(@Nullable Output region) { + $.region = region; + return this; + } + + /** + * @param region Region where to manage the secrets manager entries. + * Can be omitted and directly provided to Vault using the `AWS_REGION` environment + * variable. + * + * @return builder + * + */ + public Builder region(String region) { + return region(Output.of(region)); + } + + /** + * @param secretAccessKey Secret access key to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + * variable. + * + * @return builder + * + */ + public Builder secretAccessKey(@Nullable Output secretAccessKey) { + $.secretAccessKey = secretAccessKey; + return this; + } + + /** + * @param secretAccessKey Secret access key to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + * variable. + * + * @return builder + * + */ + public Builder secretAccessKey(String secretAccessKey) { + return secretAccessKey(Output.of(secretAccessKey)); + } + + /** + * @param secretNameTemplate Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + * @return builder + * + */ + public Builder secretNameTemplate(@Nullable Output secretNameTemplate) { + $.secretNameTemplate = secretNameTemplate; + return this; + } + + /** + * @param secretNameTemplate Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + * @return builder + * + */ + public Builder secretNameTemplate(String secretNameTemplate) { + return secretNameTemplate(Output.of(secretNameTemplate)); + } + + /** + * @param type The type of the secrets destination (`aws-sm`). + * + * @return builder + * + */ + public Builder type(@Nullable Output type) { + $.type = type; + return this; + } + + /** + * @param type The type of the secrets destination (`aws-sm`). + * + * @return builder + * + */ + public Builder type(String type) { + return type(Output.of(type)); + } + + public SyncAwsDestinationState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/vault/secrets/inputs/SyncAzureDestinationState.java b/sdk/java/src/main/java/com/pulumi/vault/secrets/inputs/SyncAzureDestinationState.java new file mode 100644 index 000000000..2b40e4932 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/vault/secrets/inputs/SyncAzureDestinationState.java @@ -0,0 +1,462 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.vault.secrets.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Object; +import java.lang.String; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class SyncAzureDestinationState extends com.pulumi.resources.ResourceArgs { + + public static final SyncAzureDestinationState Empty = new SyncAzureDestinationState(); + + /** + * Client ID of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + * variable. + * + */ + @Import(name="clientId") + private @Nullable Output clientId; + + /** + * @return Client ID of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + * variable. + * + */ + public Optional> clientId() { + return Optional.ofNullable(this.clientId); + } + + /** + * Client Secret of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + * variable. + * + */ + @Import(name="clientSecret") + private @Nullable Output clientSecret; + + /** + * @return Client Secret of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + * variable. + * + */ + public Optional> clientSecret() { + return Optional.ofNullable(this.clientSecret); + } + + /** + * Specifies a cloud for the client. The default is Azure Public Cloud. + * + */ + @Import(name="cloud") + private @Nullable Output cloud; + + /** + * @return Specifies a cloud for the client. The default is Azure Public Cloud. + * + */ + public Optional> cloud() { + return Optional.ofNullable(this.cloud); + } + + /** + * Custom tags to set on the secret managed at the destination. + * + */ + @Import(name="customTags") + private @Nullable Output> customTags; + + /** + * @return Custom tags to set on the secret managed at the destination. + * + */ + public Optional>> customTags() { + return Optional.ofNullable(this.customTags); + } + + /** + * URI of an existing Azure Key Vault instance. + * Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + * variable. + * + */ + @Import(name="keyVaultUri") + private @Nullable Output keyVaultUri; + + /** + * @return URI of an existing Azure Key Vault instance. + * Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + * variable. + * + */ + public Optional> keyVaultUri() { + return Optional.ofNullable(this.keyVaultUri); + } + + /** + * Unique name of the Azure destination. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Unique name of the Azure destination. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + @Import(name="namespace") + private @Nullable Output namespace; + + /** + * @return The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + public Optional> namespace() { + return Optional.ofNullable(this.namespace); + } + + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + @Import(name="secretNameTemplate") + private @Nullable Output secretNameTemplate; + + /** + * @return Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + public Optional> secretNameTemplate() { + return Optional.ofNullable(this.secretNameTemplate); + } + + /** + * ID of the target Azure tenant. + * Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + * variable. + * + */ + @Import(name="tenantId") + private @Nullable Output tenantId; + + /** + * @return ID of the target Azure tenant. + * Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + * variable. + * + */ + public Optional> tenantId() { + return Optional.ofNullable(this.tenantId); + } + + /** + * The type of the secrets destination (`azure-kv`). + * + */ + @Import(name="type") + private @Nullable Output type; + + /** + * @return The type of the secrets destination (`azure-kv`). + * + */ + public Optional> type() { + return Optional.ofNullable(this.type); + } + + private SyncAzureDestinationState() {} + + private SyncAzureDestinationState(SyncAzureDestinationState $) { + this.clientId = $.clientId; + this.clientSecret = $.clientSecret; + this.cloud = $.cloud; + this.customTags = $.customTags; + this.keyVaultUri = $.keyVaultUri; + this.name = $.name; + this.namespace = $.namespace; + this.secretNameTemplate = $.secretNameTemplate; + this.tenantId = $.tenantId; + this.type = $.type; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SyncAzureDestinationState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SyncAzureDestinationState $; + + public Builder() { + $ = new SyncAzureDestinationState(); + } + + public Builder(SyncAzureDestinationState defaults) { + $ = new SyncAzureDestinationState(Objects.requireNonNull(defaults)); + } + + /** + * @param clientId Client ID of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + * variable. + * + * @return builder + * + */ + public Builder clientId(@Nullable Output clientId) { + $.clientId = clientId; + return this; + } + + /** + * @param clientId Client ID of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + * variable. + * + * @return builder + * + */ + public Builder clientId(String clientId) { + return clientId(Output.of(clientId)); + } + + /** + * @param clientSecret Client Secret of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + * variable. + * + * @return builder + * + */ + public Builder clientSecret(@Nullable Output clientSecret) { + $.clientSecret = clientSecret; + return this; + } + + /** + * @param clientSecret Client Secret of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + * variable. + * + * @return builder + * + */ + public Builder clientSecret(String clientSecret) { + return clientSecret(Output.of(clientSecret)); + } + + /** + * @param cloud Specifies a cloud for the client. The default is Azure Public Cloud. + * + * @return builder + * + */ + public Builder cloud(@Nullable Output cloud) { + $.cloud = cloud; + return this; + } + + /** + * @param cloud Specifies a cloud for the client. The default is Azure Public Cloud. + * + * @return builder + * + */ + public Builder cloud(String cloud) { + return cloud(Output.of(cloud)); + } + + /** + * @param customTags Custom tags to set on the secret managed at the destination. + * + * @return builder + * + */ + public Builder customTags(@Nullable Output> customTags) { + $.customTags = customTags; + return this; + } + + /** + * @param customTags Custom tags to set on the secret managed at the destination. + * + * @return builder + * + */ + public Builder customTags(Map customTags) { + return customTags(Output.of(customTags)); + } + + /** + * @param keyVaultUri URI of an existing Azure Key Vault instance. + * Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + * variable. + * + * @return builder + * + */ + public Builder keyVaultUri(@Nullable Output keyVaultUri) { + $.keyVaultUri = keyVaultUri; + return this; + } + + /** + * @param keyVaultUri URI of an existing Azure Key Vault instance. + * Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + * variable. + * + * @return builder + * + */ + public Builder keyVaultUri(String keyVaultUri) { + return keyVaultUri(Output.of(keyVaultUri)); + } + + /** + * @param name Unique name of the Azure destination. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Unique name of the Azure destination. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(@Nullable Output namespace) { + $.namespace = namespace; + return this; + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(String namespace) { + return namespace(Output.of(namespace)); + } + + /** + * @param secretNameTemplate Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + * @return builder + * + */ + public Builder secretNameTemplate(@Nullable Output secretNameTemplate) { + $.secretNameTemplate = secretNameTemplate; + return this; + } + + /** + * @param secretNameTemplate Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + * @return builder + * + */ + public Builder secretNameTemplate(String secretNameTemplate) { + return secretNameTemplate(Output.of(secretNameTemplate)); + } + + /** + * @param tenantId ID of the target Azure tenant. + * Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + * variable. + * + * @return builder + * + */ + public Builder tenantId(@Nullable Output tenantId) { + $.tenantId = tenantId; + return this; + } + + /** + * @param tenantId ID of the target Azure tenant. + * Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + * variable. + * + * @return builder + * + */ + public Builder tenantId(String tenantId) { + return tenantId(Output.of(tenantId)); + } + + /** + * @param type The type of the secrets destination (`azure-kv`). + * + * @return builder + * + */ + public Builder type(@Nullable Output type) { + $.type = type; + return this; + } + + /** + * @param type The type of the secrets destination (`azure-kv`). + * + * @return builder + * + */ + public Builder type(String type) { + return type(Output.of(type)); + } + + public SyncAzureDestinationState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/vault/secrets/inputs/SyncConfigState.java b/sdk/java/src/main/java/com/pulumi/vault/secrets/inputs/SyncConfigState.java new file mode 100644 index 000000000..b461ef984 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/vault/secrets/inputs/SyncConfigState.java @@ -0,0 +1,167 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.vault.secrets.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Boolean; +import java.lang.Integer; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class SyncConfigState extends com.pulumi.resources.ResourceArgs { + + public static final SyncConfigState Empty = new SyncConfigState(); + + /** + * Disables the syncing process between Vault and external destinations. Defaults to `false`. + * + */ + @Import(name="disabled") + private @Nullable Output disabled; + + /** + * @return Disables the syncing process between Vault and external destinations. Defaults to `false`. + * + */ + public Optional> disabled() { + return Optional.ofNullable(this.disabled); + } + + /** + * The namespace to provision the resource in. + * This resource can only be configured in the root namespace. + * *Available only for Vault Enterprise*. + * + */ + @Import(name="namespace") + private @Nullable Output namespace; + + /** + * @return The namespace to provision the resource in. + * This resource can only be configured in the root namespace. + * *Available only for Vault Enterprise*. + * + */ + public Optional> namespace() { + return Optional.ofNullable(this.namespace); + } + + /** + * Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + * + */ + @Import(name="queueCapacity") + private @Nullable Output queueCapacity; + + /** + * @return Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + * + */ + public Optional> queueCapacity() { + return Optional.ofNullable(this.queueCapacity); + } + + private SyncConfigState() {} + + private SyncConfigState(SyncConfigState $) { + this.disabled = $.disabled; + this.namespace = $.namespace; + this.queueCapacity = $.queueCapacity; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SyncConfigState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SyncConfigState $; + + public Builder() { + $ = new SyncConfigState(); + } + + public Builder(SyncConfigState defaults) { + $ = new SyncConfigState(Objects.requireNonNull(defaults)); + } + + /** + * @param disabled Disables the syncing process between Vault and external destinations. Defaults to `false`. + * + * @return builder + * + */ + public Builder disabled(@Nullable Output disabled) { + $.disabled = disabled; + return this; + } + + /** + * @param disabled Disables the syncing process between Vault and external destinations. Defaults to `false`. + * + * @return builder + * + */ + public Builder disabled(Boolean disabled) { + return disabled(Output.of(disabled)); + } + + /** + * @param namespace The namespace to provision the resource in. + * This resource can only be configured in the root namespace. + * *Available only for Vault Enterprise*. + * + * @return builder + * + */ + public Builder namespace(@Nullable Output namespace) { + $.namespace = namespace; + return this; + } + + /** + * @param namespace The namespace to provision the resource in. + * This resource can only be configured in the root namespace. + * *Available only for Vault Enterprise*. + * + * @return builder + * + */ + public Builder namespace(String namespace) { + return namespace(Output.of(namespace)); + } + + /** + * @param queueCapacity Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + * + * @return builder + * + */ + public Builder queueCapacity(@Nullable Output queueCapacity) { + $.queueCapacity = queueCapacity; + return this; + } + + /** + * @param queueCapacity Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + * + * @return builder + * + */ + public Builder queueCapacity(Integer queueCapacity) { + return queueCapacity(Output.of(queueCapacity)); + } + + public SyncConfigState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/vault/secrets/inputs/SyncGcpDestinationState.java b/sdk/java/src/main/java/com/pulumi/vault/secrets/inputs/SyncGcpDestinationState.java new file mode 100644 index 000000000..5ece3b02d --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/vault/secrets/inputs/SyncGcpDestinationState.java @@ -0,0 +1,290 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.vault.secrets.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Object; +import java.lang.String; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class SyncGcpDestinationState extends com.pulumi.resources.ResourceArgs { + + public static final SyncGcpDestinationState Empty = new SyncGcpDestinationState(); + + /** + * JSON-encoded credentials to use to connect to GCP. + * Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + * variable. + * + */ + @Import(name="credentials") + private @Nullable Output credentials; + + /** + * @return JSON-encoded credentials to use to connect to GCP. + * Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + * variable. + * + */ + public Optional> credentials() { + return Optional.ofNullable(this.credentials); + } + + /** + * Custom tags to set on the secret managed at the destination. + * + */ + @Import(name="customTags") + private @Nullable Output> customTags; + + /** + * @return Custom tags to set on the secret managed at the destination. + * + */ + public Optional>> customTags() { + return Optional.ofNullable(this.customTags); + } + + /** + * Unique name of the GCP destination. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Unique name of the GCP destination. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + @Import(name="namespace") + private @Nullable Output namespace; + + /** + * @return The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + public Optional> namespace() { + return Optional.ofNullable(this.namespace); + } + + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + @Import(name="secretNameTemplate") + private @Nullable Output secretNameTemplate; + + /** + * @return Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + public Optional> secretNameTemplate() { + return Optional.ofNullable(this.secretNameTemplate); + } + + /** + * The type of the secrets destination (`gcp-sm`). + * + */ + @Import(name="type") + private @Nullable Output type; + + /** + * @return The type of the secrets destination (`gcp-sm`). + * + */ + public Optional> type() { + return Optional.ofNullable(this.type); + } + + private SyncGcpDestinationState() {} + + private SyncGcpDestinationState(SyncGcpDestinationState $) { + this.credentials = $.credentials; + this.customTags = $.customTags; + this.name = $.name; + this.namespace = $.namespace; + this.secretNameTemplate = $.secretNameTemplate; + this.type = $.type; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SyncGcpDestinationState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SyncGcpDestinationState $; + + public Builder() { + $ = new SyncGcpDestinationState(); + } + + public Builder(SyncGcpDestinationState defaults) { + $ = new SyncGcpDestinationState(Objects.requireNonNull(defaults)); + } + + /** + * @param credentials JSON-encoded credentials to use to connect to GCP. + * Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + * variable. + * + * @return builder + * + */ + public Builder credentials(@Nullable Output credentials) { + $.credentials = credentials; + return this; + } + + /** + * @param credentials JSON-encoded credentials to use to connect to GCP. + * Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + * variable. + * + * @return builder + * + */ + public Builder credentials(String credentials) { + return credentials(Output.of(credentials)); + } + + /** + * @param customTags Custom tags to set on the secret managed at the destination. + * + * @return builder + * + */ + public Builder customTags(@Nullable Output> customTags) { + $.customTags = customTags; + return this; + } + + /** + * @param customTags Custom tags to set on the secret managed at the destination. + * + * @return builder + * + */ + public Builder customTags(Map customTags) { + return customTags(Output.of(customTags)); + } + + /** + * @param name Unique name of the GCP destination. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Unique name of the GCP destination. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(@Nullable Output namespace) { + $.namespace = namespace; + return this; + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(String namespace) { + return namespace(Output.of(namespace)); + } + + /** + * @param secretNameTemplate Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + * @return builder + * + */ + public Builder secretNameTemplate(@Nullable Output secretNameTemplate) { + $.secretNameTemplate = secretNameTemplate; + return this; + } + + /** + * @param secretNameTemplate Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + * @return builder + * + */ + public Builder secretNameTemplate(String secretNameTemplate) { + return secretNameTemplate(Output.of(secretNameTemplate)); + } + + /** + * @param type The type of the secrets destination (`gcp-sm`). + * + * @return builder + * + */ + public Builder type(@Nullable Output type) { + $.type = type; + return this; + } + + /** + * @param type The type of the secrets destination (`gcp-sm`). + * + * @return builder + * + */ + public Builder type(String type) { + return type(Output.of(type)); + } + + public SyncGcpDestinationState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/vault/secrets/inputs/SyncGhDestinationState.java b/sdk/java/src/main/java/com/pulumi/vault/secrets/inputs/SyncGhDestinationState.java new file mode 100644 index 000000000..31d00865f --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/vault/secrets/inputs/SyncGhDestinationState.java @@ -0,0 +1,341 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.vault.secrets.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class SyncGhDestinationState extends com.pulumi.resources.ResourceArgs { + + public static final SyncGhDestinationState Empty = new SyncGhDestinationState(); + + /** + * Fine-grained or personal access token. + * Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + * variable. + * + */ + @Import(name="accessToken") + private @Nullable Output accessToken; + + /** + * @return Fine-grained or personal access token. + * Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + * variable. + * + */ + public Optional> accessToken() { + return Optional.ofNullable(this.accessToken); + } + + /** + * Unique name of the GitHub destination. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Unique name of the GitHub destination. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + @Import(name="namespace") + private @Nullable Output namespace; + + /** + * @return The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + public Optional> namespace() { + return Optional.ofNullable(this.namespace); + } + + /** + * Name of the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + * variable. + * + */ + @Import(name="repositoryName") + private @Nullable Output repositoryName; + + /** + * @return Name of the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + * variable. + * + */ + public Optional> repositoryName() { + return Optional.ofNullable(this.repositoryName); + } + + /** + * GitHub organization or username that owns the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + * variable. + * + */ + @Import(name="repositoryOwner") + private @Nullable Output repositoryOwner; + + /** + * @return GitHub organization or username that owns the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + * variable. + * + */ + public Optional> repositoryOwner() { + return Optional.ofNullable(this.repositoryOwner); + } + + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + @Import(name="secretNameTemplate") + private @Nullable Output secretNameTemplate; + + /** + * @return Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + public Optional> secretNameTemplate() { + return Optional.ofNullable(this.secretNameTemplate); + } + + /** + * The type of the secrets destination (`gh`). + * + */ + @Import(name="type") + private @Nullable Output type; + + /** + * @return The type of the secrets destination (`gh`). + * + */ + public Optional> type() { + return Optional.ofNullable(this.type); + } + + private SyncGhDestinationState() {} + + private SyncGhDestinationState(SyncGhDestinationState $) { + this.accessToken = $.accessToken; + this.name = $.name; + this.namespace = $.namespace; + this.repositoryName = $.repositoryName; + this.repositoryOwner = $.repositoryOwner; + this.secretNameTemplate = $.secretNameTemplate; + this.type = $.type; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SyncGhDestinationState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SyncGhDestinationState $; + + public Builder() { + $ = new SyncGhDestinationState(); + } + + public Builder(SyncGhDestinationState defaults) { + $ = new SyncGhDestinationState(Objects.requireNonNull(defaults)); + } + + /** + * @param accessToken Fine-grained or personal access token. + * Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + * variable. + * + * @return builder + * + */ + public Builder accessToken(@Nullable Output accessToken) { + $.accessToken = accessToken; + return this; + } + + /** + * @param accessToken Fine-grained or personal access token. + * Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + * variable. + * + * @return builder + * + */ + public Builder accessToken(String accessToken) { + return accessToken(Output.of(accessToken)); + } + + /** + * @param name Unique name of the GitHub destination. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Unique name of the GitHub destination. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(@Nullable Output namespace) { + $.namespace = namespace; + return this; + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(String namespace) { + return namespace(Output.of(namespace)); + } + + /** + * @param repositoryName Name of the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + * variable. + * + * @return builder + * + */ + public Builder repositoryName(@Nullable Output repositoryName) { + $.repositoryName = repositoryName; + return this; + } + + /** + * @param repositoryName Name of the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + * variable. + * + * @return builder + * + */ + public Builder repositoryName(String repositoryName) { + return repositoryName(Output.of(repositoryName)); + } + + /** + * @param repositoryOwner GitHub organization or username that owns the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + * variable. + * + * @return builder + * + */ + public Builder repositoryOwner(@Nullable Output repositoryOwner) { + $.repositoryOwner = repositoryOwner; + return this; + } + + /** + * @param repositoryOwner GitHub organization or username that owns the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + * variable. + * + * @return builder + * + */ + public Builder repositoryOwner(String repositoryOwner) { + return repositoryOwner(Output.of(repositoryOwner)); + } + + /** + * @param secretNameTemplate Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + * @return builder + * + */ + public Builder secretNameTemplate(@Nullable Output secretNameTemplate) { + $.secretNameTemplate = secretNameTemplate; + return this; + } + + /** + * @param secretNameTemplate Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + * @return builder + * + */ + public Builder secretNameTemplate(String secretNameTemplate) { + return secretNameTemplate(Output.of(secretNameTemplate)); + } + + /** + * @param type The type of the secrets destination (`gh`). + * + * @return builder + * + */ + public Builder type(@Nullable Output type) { + $.type = type; + return this; + } + + /** + * @param type The type of the secrets destination (`gh`). + * + * @return builder + * + */ + public Builder type(String type) { + return type(Output.of(type)); + } + + public SyncGhDestinationState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/vault/secrets/inputs/SyncVercelDestinationState.java b/sdk/java/src/main/java/com/pulumi/vault/secrets/inputs/SyncVercelDestinationState.java new file mode 100644 index 000000000..0b0c43e9e --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/vault/secrets/inputs/SyncVercelDestinationState.java @@ -0,0 +1,374 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.vault.secrets.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class SyncVercelDestinationState extends com.pulumi.resources.ResourceArgs { + + public static final SyncVercelDestinationState Empty = new SyncVercelDestinationState(); + + /** + * Vercel API access token with the permissions to manage environment + * variables. + * + */ + @Import(name="accessToken") + private @Nullable Output accessToken; + + /** + * @return Vercel API access token with the permissions to manage environment + * variables. + * + */ + public Optional> accessToken() { + return Optional.ofNullable(this.accessToken); + } + + /** + * Deployment environments where the environment variables + * are available. Accepts `development`, `preview` and `production`. + * + */ + @Import(name="deploymentEnvironments") + private @Nullable Output> deploymentEnvironments; + + /** + * @return Deployment environments where the environment variables + * are available. Accepts `development`, `preview` and `production`. + * + */ + public Optional>> deploymentEnvironments() { + return Optional.ofNullable(this.deploymentEnvironments); + } + + /** + * Unique name of the GitHub destination. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Unique name of the GitHub destination. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + @Import(name="namespace") + private @Nullable Output namespace; + + /** + * @return The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + */ + public Optional> namespace() { + return Optional.ofNullable(this.namespace); + } + + /** + * Project ID where to manage environment variables. + * + */ + @Import(name="projectId") + private @Nullable Output projectId; + + /** + * @return Project ID where to manage environment variables. + * + */ + public Optional> projectId() { + return Optional.ofNullable(this.projectId); + } + + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + @Import(name="secretNameTemplate") + private @Nullable Output secretNameTemplate; + + /** + * @return Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + */ + public Optional> secretNameTemplate() { + return Optional.ofNullable(this.secretNameTemplate); + } + + /** + * Team ID where to manage environment variables. + * + */ + @Import(name="teamId") + private @Nullable Output teamId; + + /** + * @return Team ID where to manage environment variables. + * + */ + public Optional> teamId() { + return Optional.ofNullable(this.teamId); + } + + /** + * The type of the secrets destination (`vercel-project`). + * + */ + @Import(name="type") + private @Nullable Output type; + + /** + * @return The type of the secrets destination (`vercel-project`). + * + */ + public Optional> type() { + return Optional.ofNullable(this.type); + } + + private SyncVercelDestinationState() {} + + private SyncVercelDestinationState(SyncVercelDestinationState $) { + this.accessToken = $.accessToken; + this.deploymentEnvironments = $.deploymentEnvironments; + this.name = $.name; + this.namespace = $.namespace; + this.projectId = $.projectId; + this.secretNameTemplate = $.secretNameTemplate; + this.teamId = $.teamId; + this.type = $.type; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SyncVercelDestinationState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SyncVercelDestinationState $; + + public Builder() { + $ = new SyncVercelDestinationState(); + } + + public Builder(SyncVercelDestinationState defaults) { + $ = new SyncVercelDestinationState(Objects.requireNonNull(defaults)); + } + + /** + * @param accessToken Vercel API access token with the permissions to manage environment + * variables. + * + * @return builder + * + */ + public Builder accessToken(@Nullable Output accessToken) { + $.accessToken = accessToken; + return this; + } + + /** + * @param accessToken Vercel API access token with the permissions to manage environment + * variables. + * + * @return builder + * + */ + public Builder accessToken(String accessToken) { + return accessToken(Output.of(accessToken)); + } + + /** + * @param deploymentEnvironments Deployment environments where the environment variables + * are available. Accepts `development`, `preview` and `production`. + * + * @return builder + * + */ + public Builder deploymentEnvironments(@Nullable Output> deploymentEnvironments) { + $.deploymentEnvironments = deploymentEnvironments; + return this; + } + + /** + * @param deploymentEnvironments Deployment environments where the environment variables + * are available. Accepts `development`, `preview` and `production`. + * + * @return builder + * + */ + public Builder deploymentEnvironments(List deploymentEnvironments) { + return deploymentEnvironments(Output.of(deploymentEnvironments)); + } + + /** + * @param deploymentEnvironments Deployment environments where the environment variables + * are available. Accepts `development`, `preview` and `production`. + * + * @return builder + * + */ + public Builder deploymentEnvironments(String... deploymentEnvironments) { + return deploymentEnvironments(List.of(deploymentEnvironments)); + } + + /** + * @param name Unique name of the GitHub destination. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Unique name of the GitHub destination. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(@Nullable Output namespace) { + $.namespace = namespace; + return this; + } + + /** + * @param namespace The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + * + * @return builder + * + */ + public Builder namespace(String namespace) { + return namespace(Output.of(namespace)); + } + + /** + * @param projectId Project ID where to manage environment variables. + * + * @return builder + * + */ + public Builder projectId(@Nullable Output projectId) { + $.projectId = projectId; + return this; + } + + /** + * @param projectId Project ID where to manage environment variables. + * + * @return builder + * + */ + public Builder projectId(String projectId) { + return projectId(Output.of(projectId)); + } + + /** + * @param secretNameTemplate Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + * @return builder + * + */ + public Builder secretNameTemplate(@Nullable Output secretNameTemplate) { + $.secretNameTemplate = secretNameTemplate; + return this; + } + + /** + * @param secretNameTemplate Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + * + * @return builder + * + */ + public Builder secretNameTemplate(String secretNameTemplate) { + return secretNameTemplate(Output.of(secretNameTemplate)); + } + + /** + * @param teamId Team ID where to manage environment variables. + * + * @return builder + * + */ + public Builder teamId(@Nullable Output teamId) { + $.teamId = teamId; + return this; + } + + /** + * @param teamId Team ID where to manage environment variables. + * + * @return builder + * + */ + public Builder teamId(String teamId) { + return teamId(Output.of(teamId)); + } + + /** + * @param type The type of the secrets destination (`vercel-project`). + * + * @return builder + * + */ + public Builder type(@Nullable Output type) { + $.type = type; + return this; + } + + /** + * @param type The type of the secrets destination (`vercel-project`). + * + * @return builder + * + */ + public Builder type(String type) { + return type(Output.of(type)); + } + + public SyncVercelDestinationState build() { + return $; + } + } + +} diff --git a/sdk/nodejs/aws/secretBackend.ts b/sdk/nodejs/aws/secretBackend.ts index 02ed1c4a0..7747ada4b 100644 --- a/sdk/nodejs/aws/secretBackend.ts +++ b/sdk/nodejs/aws/secretBackend.ts @@ -64,6 +64,18 @@ export class SecretBackend extends pulumi.CustomResource { * Specifies a custom HTTP IAM endpoint to use. */ public readonly iamEndpoint!: pulumi.Output; + /** + * The audience claim value. Requires Vault 1.16+. + */ + public readonly identityTokenAudience!: pulumi.Output; + /** + * The key to use for signing identity tokens. Requires Vault 1.16+. + */ + public readonly identityTokenKey!: pulumi.Output; + /** + * The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + */ + public readonly identityTokenTtl!: pulumi.Output; /** * Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. */ @@ -89,6 +101,10 @@ export class SecretBackend extends pulumi.CustomResource { * The AWS region to make API calls against. Defaults to us-east-1. */ public readonly region!: pulumi.Output; + /** + * Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + */ + public readonly roleArn!: pulumi.Output; /** * The AWS Secret Access Key to use when generating new credentials. */ @@ -120,11 +136,15 @@ export class SecretBackend extends pulumi.CustomResource { resourceInputs["description"] = state ? state.description : undefined; resourceInputs["disableRemount"] = state ? state.disableRemount : undefined; resourceInputs["iamEndpoint"] = state ? state.iamEndpoint : undefined; + resourceInputs["identityTokenAudience"] = state ? state.identityTokenAudience : undefined; + resourceInputs["identityTokenKey"] = state ? state.identityTokenKey : undefined; + resourceInputs["identityTokenTtl"] = state ? state.identityTokenTtl : undefined; resourceInputs["local"] = state ? state.local : undefined; resourceInputs["maxLeaseTtlSeconds"] = state ? state.maxLeaseTtlSeconds : undefined; resourceInputs["namespace"] = state ? state.namespace : undefined; resourceInputs["path"] = state ? state.path : undefined; resourceInputs["region"] = state ? state.region : undefined; + resourceInputs["roleArn"] = state ? state.roleArn : undefined; resourceInputs["secretKey"] = state ? state.secretKey : undefined; resourceInputs["stsEndpoint"] = state ? state.stsEndpoint : undefined; resourceInputs["usernameTemplate"] = state ? state.usernameTemplate : undefined; @@ -135,11 +155,15 @@ export class SecretBackend extends pulumi.CustomResource { resourceInputs["description"] = args ? args.description : undefined; resourceInputs["disableRemount"] = args ? args.disableRemount : undefined; resourceInputs["iamEndpoint"] = args ? args.iamEndpoint : undefined; + resourceInputs["identityTokenAudience"] = args ? args.identityTokenAudience : undefined; + resourceInputs["identityTokenKey"] = args ? args.identityTokenKey : undefined; + resourceInputs["identityTokenTtl"] = args ? args.identityTokenTtl : undefined; resourceInputs["local"] = args ? args.local : undefined; resourceInputs["maxLeaseTtlSeconds"] = args ? args.maxLeaseTtlSeconds : undefined; resourceInputs["namespace"] = args ? args.namespace : undefined; resourceInputs["path"] = args ? args.path : undefined; resourceInputs["region"] = args ? args.region : undefined; + resourceInputs["roleArn"] = args ? args.roleArn : undefined; resourceInputs["secretKey"] = args?.secretKey ? pulumi.secret(args.secretKey) : undefined; resourceInputs["stsEndpoint"] = args ? args.stsEndpoint : undefined; resourceInputs["usernameTemplate"] = args ? args.usernameTemplate : undefined; @@ -178,6 +202,18 @@ export interface SecretBackendState { * Specifies a custom HTTP IAM endpoint to use. */ iamEndpoint?: pulumi.Input; + /** + * The audience claim value. Requires Vault 1.16+. + */ + identityTokenAudience?: pulumi.Input; + /** + * The key to use for signing identity tokens. Requires Vault 1.16+. + */ + identityTokenKey?: pulumi.Input; + /** + * The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + */ + identityTokenTtl?: pulumi.Input; /** * Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. */ @@ -203,6 +239,10 @@ export interface SecretBackendState { * The AWS region to make API calls against. Defaults to us-east-1. */ region?: pulumi.Input; + /** + * Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + */ + roleArn?: pulumi.Input; /** * The AWS Secret Access Key to use when generating new credentials. */ @@ -244,6 +284,18 @@ export interface SecretBackendArgs { * Specifies a custom HTTP IAM endpoint to use. */ iamEndpoint?: pulumi.Input; + /** + * The audience claim value. Requires Vault 1.16+. + */ + identityTokenAudience?: pulumi.Input; + /** + * The key to use for signing identity tokens. Requires Vault 1.16+. + */ + identityTokenKey?: pulumi.Input; + /** + * The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + */ + identityTokenTtl?: pulumi.Input; /** * Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. */ @@ -269,6 +321,10 @@ export interface SecretBackendArgs { * The AWS region to make API calls against. Defaults to us-east-1. */ region?: pulumi.Input; + /** + * Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + */ + roleArn?: pulumi.Input; /** * The AWS Secret Access Key to use when generating new credentials. */ diff --git a/sdk/nodejs/index.ts b/sdk/nodejs/index.ts index a67383778..b2c53bbea 100644 --- a/sdk/nodejs/index.ts +++ b/sdk/nodejs/index.ts @@ -165,6 +165,7 @@ import * as okta from "./okta"; import * as pkisecret from "./pkisecret"; import * as rabbitmq from "./rabbitmq"; import * as saml from "./saml"; +import * as secrets from "./secrets"; import * as ssh from "./ssh"; import * as terraformcloud from "./terraformcloud"; import * as tokenauth from "./tokenauth"; @@ -196,6 +197,7 @@ export { pkisecret, rabbitmq, saml, + secrets, ssh, terraformcloud, tokenauth, diff --git a/sdk/nodejs/secrets/index.ts b/sdk/nodejs/secrets/index.ts new file mode 100644 index 000000000..9f928eee8 --- /dev/null +++ b/sdk/nodejs/secrets/index.ts @@ -0,0 +1,73 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "../utilities"; + +// Export members: +export { SyncAssociationArgs, SyncAssociationState } from "./syncAssociation"; +export type SyncAssociation = import("./syncAssociation").SyncAssociation; +export const SyncAssociation: typeof import("./syncAssociation").SyncAssociation = null as any; +utilities.lazyLoad(exports, ["SyncAssociation"], () => require("./syncAssociation")); + +export { SyncAwsDestinationArgs, SyncAwsDestinationState } from "./syncAwsDestination"; +export type SyncAwsDestination = import("./syncAwsDestination").SyncAwsDestination; +export const SyncAwsDestination: typeof import("./syncAwsDestination").SyncAwsDestination = null as any; +utilities.lazyLoad(exports, ["SyncAwsDestination"], () => require("./syncAwsDestination")); + +export { SyncAzureDestinationArgs, SyncAzureDestinationState } from "./syncAzureDestination"; +export type SyncAzureDestination = import("./syncAzureDestination").SyncAzureDestination; +export const SyncAzureDestination: typeof import("./syncAzureDestination").SyncAzureDestination = null as any; +utilities.lazyLoad(exports, ["SyncAzureDestination"], () => require("./syncAzureDestination")); + +export { SyncConfigArgs, SyncConfigState } from "./syncConfig"; +export type SyncConfig = import("./syncConfig").SyncConfig; +export const SyncConfig: typeof import("./syncConfig").SyncConfig = null as any; +utilities.lazyLoad(exports, ["SyncConfig"], () => require("./syncConfig")); + +export { SyncGcpDestinationArgs, SyncGcpDestinationState } from "./syncGcpDestination"; +export type SyncGcpDestination = import("./syncGcpDestination").SyncGcpDestination; +export const SyncGcpDestination: typeof import("./syncGcpDestination").SyncGcpDestination = null as any; +utilities.lazyLoad(exports, ["SyncGcpDestination"], () => require("./syncGcpDestination")); + +export { SyncGhDestinationArgs, SyncGhDestinationState } from "./syncGhDestination"; +export type SyncGhDestination = import("./syncGhDestination").SyncGhDestination; +export const SyncGhDestination: typeof import("./syncGhDestination").SyncGhDestination = null as any; +utilities.lazyLoad(exports, ["SyncGhDestination"], () => require("./syncGhDestination")); + +export { SyncVercelDestinationArgs, SyncVercelDestinationState } from "./syncVercelDestination"; +export type SyncVercelDestination = import("./syncVercelDestination").SyncVercelDestination; +export const SyncVercelDestination: typeof import("./syncVercelDestination").SyncVercelDestination = null as any; +utilities.lazyLoad(exports, ["SyncVercelDestination"], () => require("./syncVercelDestination")); + + +const _module = { + version: utilities.getVersion(), + construct: (name: string, type: string, urn: string): pulumi.Resource => { + switch (type) { + case "vault:secrets/syncAssociation:SyncAssociation": + return new SyncAssociation(name, undefined, { urn }) + case "vault:secrets/syncAwsDestination:SyncAwsDestination": + return new SyncAwsDestination(name, undefined, { urn }) + case "vault:secrets/syncAzureDestination:SyncAzureDestination": + return new SyncAzureDestination(name, undefined, { urn }) + case "vault:secrets/syncConfig:SyncConfig": + return new SyncConfig(name, undefined, { urn }) + case "vault:secrets/syncGcpDestination:SyncGcpDestination": + return new SyncGcpDestination(name, undefined, { urn }) + case "vault:secrets/syncGhDestination:SyncGhDestination": + return new SyncGhDestination(name, undefined, { urn }) + case "vault:secrets/syncVercelDestination:SyncVercelDestination": + return new SyncVercelDestination(name, undefined, { urn }) + default: + throw new Error(`unknown resource type ${type}`); + } + }, +}; +pulumi.runtime.registerResourceModule("vault", "secrets/syncAssociation", _module) +pulumi.runtime.registerResourceModule("vault", "secrets/syncAwsDestination", _module) +pulumi.runtime.registerResourceModule("vault", "secrets/syncAzureDestination", _module) +pulumi.runtime.registerResourceModule("vault", "secrets/syncConfig", _module) +pulumi.runtime.registerResourceModule("vault", "secrets/syncGcpDestination", _module) +pulumi.runtime.registerResourceModule("vault", "secrets/syncGhDestination", _module) +pulumi.runtime.registerResourceModule("vault", "secrets/syncVercelDestination", _module) diff --git a/sdk/nodejs/secrets/syncAssociation.ts b/sdk/nodejs/secrets/syncAssociation.ts new file mode 100644 index 000000000..146147e6c --- /dev/null +++ b/sdk/nodejs/secrets/syncAssociation.ts @@ -0,0 +1,207 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "../utilities"; + +/** + * ## Example Usage + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as vault from "@pulumi/vault"; + * + * const kvv2 = new vault.Mount("kvv2", { + * path: "kvv2", + * type: "kv", + * options: { + * version: "2", + * }, + * description: "KV Version 2 secret engine mount", + * }); + * const token = new vault.kv.SecretV2("token", { + * mount: kvv2.path, + * dataJson: JSON.stringify({ + * dev: "B!gS3cr3t", + * prod: "S3cureP4$$", + * }), + * }); + * const gh = new vault.secrets.SyncGhDestination("gh", { + * accessToken: _var.access_token, + * repositoryOwner: _var.repo_owner, + * repositoryName: "repo-name-example", + * secretNameTemplate: "vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}", + * }); + * const ghToken = new vault.secrets.SyncAssociation("ghToken", { + * type: gh.type, + * mount: kvv2.path, + * secretName: token.name, + * }); + * ``` + */ +export class SyncAssociation extends pulumi.CustomResource { + /** + * Get an existing SyncAssociation resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: SyncAssociationState, opts?: pulumi.CustomResourceOptions): SyncAssociation { + return new SyncAssociation(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'vault:secrets/syncAssociation:SyncAssociation'; + + /** + * Returns true if the given object is an instance of SyncAssociation. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is SyncAssociation { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === SyncAssociation.__pulumiType; + } + + /** + * Specifies the mount where the secret is located. + */ + public readonly mount!: pulumi.Output; + /** + * Specifies the name of the destination. + */ + public readonly name!: pulumi.Output; + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + */ + public readonly namespace!: pulumi.Output; + /** + * Specifies the name of the secret to synchronize. + */ + public readonly secretName!: pulumi.Output; + /** + * Specifies the status of the association (for eg. `SYNCED`). + */ + public /*out*/ readonly syncStatus!: pulumi.Output; + /** + * Specifies the destination type. + */ + public readonly type!: pulumi.Output; + /** + * Duration string specifying when the secret was last updated. + */ + public /*out*/ readonly updatedAt!: pulumi.Output; + + /** + * Create a SyncAssociation resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: SyncAssociationArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: SyncAssociationArgs | SyncAssociationState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as SyncAssociationState | undefined; + resourceInputs["mount"] = state ? state.mount : undefined; + resourceInputs["name"] = state ? state.name : undefined; + resourceInputs["namespace"] = state ? state.namespace : undefined; + resourceInputs["secretName"] = state ? state.secretName : undefined; + resourceInputs["syncStatus"] = state ? state.syncStatus : undefined; + resourceInputs["type"] = state ? state.type : undefined; + resourceInputs["updatedAt"] = state ? state.updatedAt : undefined; + } else { + const args = argsOrState as SyncAssociationArgs | undefined; + if ((!args || args.mount === undefined) && !opts.urn) { + throw new Error("Missing required property 'mount'"); + } + if ((!args || args.secretName === undefined) && !opts.urn) { + throw new Error("Missing required property 'secretName'"); + } + if ((!args || args.type === undefined) && !opts.urn) { + throw new Error("Missing required property 'type'"); + } + resourceInputs["mount"] = args ? args.mount : undefined; + resourceInputs["name"] = args ? args.name : undefined; + resourceInputs["namespace"] = args ? args.namespace : undefined; + resourceInputs["secretName"] = args ? args.secretName : undefined; + resourceInputs["type"] = args ? args.type : undefined; + resourceInputs["syncStatus"] = undefined /*out*/; + resourceInputs["updatedAt"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(SyncAssociation.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering SyncAssociation resources. + */ +export interface SyncAssociationState { + /** + * Specifies the mount where the secret is located. + */ + mount?: pulumi.Input; + /** + * Specifies the name of the destination. + */ + name?: pulumi.Input; + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + */ + namespace?: pulumi.Input; + /** + * Specifies the name of the secret to synchronize. + */ + secretName?: pulumi.Input; + /** + * Specifies the status of the association (for eg. `SYNCED`). + */ + syncStatus?: pulumi.Input; + /** + * Specifies the destination type. + */ + type?: pulumi.Input; + /** + * Duration string specifying when the secret was last updated. + */ + updatedAt?: pulumi.Input; +} + +/** + * The set of arguments for constructing a SyncAssociation resource. + */ +export interface SyncAssociationArgs { + /** + * Specifies the mount where the secret is located. + */ + mount: pulumi.Input; + /** + * Specifies the name of the destination. + */ + name?: pulumi.Input; + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + */ + namespace?: pulumi.Input; + /** + * Specifies the name of the secret to synchronize. + */ + secretName: pulumi.Input; + /** + * Specifies the destination type. + */ + type: pulumi.Input; +} diff --git a/sdk/nodejs/secrets/syncAwsDestination.ts b/sdk/nodejs/secrets/syncAwsDestination.ts new file mode 100644 index 000000000..7f8b30189 --- /dev/null +++ b/sdk/nodejs/secrets/syncAwsDestination.ts @@ -0,0 +1,230 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "../utilities"; + +/** + * ## Example Usage + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as vault from "@pulumi/vault"; + * + * const aws = new vault.secrets.SyncAwsDestination("aws", { + * accessKeyId: _var.access_key_id, + * secretAccessKey: _var.secret_access_key, + * region: "us-east-1", + * secretNameTemplate: "vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}", + * customTags: { + * foo: "bar", + * }, + * }); + * ``` + * + * ## Import + * + * AWS Secrets sync destinations can be imported using the `name`, e.g. + * + * ```sh + * $ pulumi import vault:secrets/syncAwsDestination:SyncAwsDestination aws aws-dest + * ``` + */ +export class SyncAwsDestination extends pulumi.CustomResource { + /** + * Get an existing SyncAwsDestination resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: SyncAwsDestinationState, opts?: pulumi.CustomResourceOptions): SyncAwsDestination { + return new SyncAwsDestination(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'vault:secrets/syncAwsDestination:SyncAwsDestination'; + + /** + * Returns true if the given object is an instance of SyncAwsDestination. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is SyncAwsDestination { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === SyncAwsDestination.__pulumiType; + } + + /** + * Access key id to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + * variable. + */ + public readonly accessKeyId!: pulumi.Output; + /** + * Custom tags to set on the secret managed at the destination. + */ + public readonly customTags!: pulumi.Output<{[key: string]: any} | undefined>; + /** + * Unique name of the AWS destination. + */ + public readonly name!: pulumi.Output; + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + */ + public readonly namespace!: pulumi.Output; + /** + * Region where to manage the secrets manager entries. + * Can be omitted and directly provided to Vault using the `AWS_REGION` environment + * variable. + */ + public readonly region!: pulumi.Output; + /** + * Secret access key to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + * variable. + */ + public readonly secretAccessKey!: pulumi.Output; + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + */ + public readonly secretNameTemplate!: pulumi.Output; + /** + * The type of the secrets destination (`aws-sm`). + */ + public /*out*/ readonly type!: pulumi.Output; + + /** + * Create a SyncAwsDestination resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args?: SyncAwsDestinationArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: SyncAwsDestinationArgs | SyncAwsDestinationState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as SyncAwsDestinationState | undefined; + resourceInputs["accessKeyId"] = state ? state.accessKeyId : undefined; + resourceInputs["customTags"] = state ? state.customTags : undefined; + resourceInputs["name"] = state ? state.name : undefined; + resourceInputs["namespace"] = state ? state.namespace : undefined; + resourceInputs["region"] = state ? state.region : undefined; + resourceInputs["secretAccessKey"] = state ? state.secretAccessKey : undefined; + resourceInputs["secretNameTemplate"] = state ? state.secretNameTemplate : undefined; + resourceInputs["type"] = state ? state.type : undefined; + } else { + const args = argsOrState as SyncAwsDestinationArgs | undefined; + resourceInputs["accessKeyId"] = args ? args.accessKeyId : undefined; + resourceInputs["customTags"] = args ? args.customTags : undefined; + resourceInputs["name"] = args ? args.name : undefined; + resourceInputs["namespace"] = args ? args.namespace : undefined; + resourceInputs["region"] = args ? args.region : undefined; + resourceInputs["secretAccessKey"] = args?.secretAccessKey ? pulumi.secret(args.secretAccessKey) : undefined; + resourceInputs["secretNameTemplate"] = args ? args.secretNameTemplate : undefined; + resourceInputs["type"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + const secretOpts = { additionalSecretOutputs: ["secretAccessKey"] }; + opts = pulumi.mergeOptions(opts, secretOpts); + super(SyncAwsDestination.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering SyncAwsDestination resources. + */ +export interface SyncAwsDestinationState { + /** + * Access key id to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + * variable. + */ + accessKeyId?: pulumi.Input; + /** + * Custom tags to set on the secret managed at the destination. + */ + customTags?: pulumi.Input<{[key: string]: any}>; + /** + * Unique name of the AWS destination. + */ + name?: pulumi.Input; + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + */ + namespace?: pulumi.Input; + /** + * Region where to manage the secrets manager entries. + * Can be omitted and directly provided to Vault using the `AWS_REGION` environment + * variable. + */ + region?: pulumi.Input; + /** + * Secret access key to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + * variable. + */ + secretAccessKey?: pulumi.Input; + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + */ + secretNameTemplate?: pulumi.Input; + /** + * The type of the secrets destination (`aws-sm`). + */ + type?: pulumi.Input; +} + +/** + * The set of arguments for constructing a SyncAwsDestination resource. + */ +export interface SyncAwsDestinationArgs { + /** + * Access key id to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + * variable. + */ + accessKeyId?: pulumi.Input; + /** + * Custom tags to set on the secret managed at the destination. + */ + customTags?: pulumi.Input<{[key: string]: any}>; + /** + * Unique name of the AWS destination. + */ + name?: pulumi.Input; + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + */ + namespace?: pulumi.Input; + /** + * Region where to manage the secrets manager entries. + * Can be omitted and directly provided to Vault using the `AWS_REGION` environment + * variable. + */ + region?: pulumi.Input; + /** + * Secret access key to authenticate against the AWS secrets manager. + * Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + * variable. + */ + secretAccessKey?: pulumi.Input; + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + */ + secretNameTemplate?: pulumi.Input; +} diff --git a/sdk/nodejs/secrets/syncAzureDestination.ts b/sdk/nodejs/secrets/syncAzureDestination.ts new file mode 100644 index 000000000..892aa783f --- /dev/null +++ b/sdk/nodejs/secrets/syncAzureDestination.ts @@ -0,0 +1,265 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "../utilities"; + +/** + * ## Example Usage + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as vault from "@pulumi/vault"; + * + * const az = new vault.secrets.SyncAzureDestination("az", { + * keyVaultUri: _var.key_vault_uri, + * clientId: _var.client_id, + * clientSecret: _var.client_secret, + * tenantId: _var.tenant_id, + * secretNameTemplate: "vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}", + * customTags: { + * foo: "bar", + * }, + * }); + * ``` + * + * ## Import + * + * Azure Secrets sync destinations can be imported using the `name`, e.g. + * + * ```sh + * $ pulumi import vault:secrets/syncAzureDestination:SyncAzureDestination az az-dest + * ``` + */ +export class SyncAzureDestination extends pulumi.CustomResource { + /** + * Get an existing SyncAzureDestination resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: SyncAzureDestinationState, opts?: pulumi.CustomResourceOptions): SyncAzureDestination { + return new SyncAzureDestination(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'vault:secrets/syncAzureDestination:SyncAzureDestination'; + + /** + * Returns true if the given object is an instance of SyncAzureDestination. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is SyncAzureDestination { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === SyncAzureDestination.__pulumiType; + } + + /** + * Client ID of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + * variable. + */ + public readonly clientId!: pulumi.Output; + /** + * Client Secret of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + * variable. + */ + public readonly clientSecret!: pulumi.Output; + /** + * Specifies a cloud for the client. The default is Azure Public Cloud. + */ + public readonly cloud!: pulumi.Output; + /** + * Custom tags to set on the secret managed at the destination. + */ + public readonly customTags!: pulumi.Output<{[key: string]: any} | undefined>; + /** + * URI of an existing Azure Key Vault instance. + * Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + * variable. + */ + public readonly keyVaultUri!: pulumi.Output; + /** + * Unique name of the Azure destination. + */ + public readonly name!: pulumi.Output; + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + */ + public readonly namespace!: pulumi.Output; + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + */ + public readonly secretNameTemplate!: pulumi.Output; + /** + * ID of the target Azure tenant. + * Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + * variable. + */ + public readonly tenantId!: pulumi.Output; + /** + * The type of the secrets destination (`azure-kv`). + */ + public /*out*/ readonly type!: pulumi.Output; + + /** + * Create a SyncAzureDestination resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args?: SyncAzureDestinationArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: SyncAzureDestinationArgs | SyncAzureDestinationState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as SyncAzureDestinationState | undefined; + resourceInputs["clientId"] = state ? state.clientId : undefined; + resourceInputs["clientSecret"] = state ? state.clientSecret : undefined; + resourceInputs["cloud"] = state ? state.cloud : undefined; + resourceInputs["customTags"] = state ? state.customTags : undefined; + resourceInputs["keyVaultUri"] = state ? state.keyVaultUri : undefined; + resourceInputs["name"] = state ? state.name : undefined; + resourceInputs["namespace"] = state ? state.namespace : undefined; + resourceInputs["secretNameTemplate"] = state ? state.secretNameTemplate : undefined; + resourceInputs["tenantId"] = state ? state.tenantId : undefined; + resourceInputs["type"] = state ? state.type : undefined; + } else { + const args = argsOrState as SyncAzureDestinationArgs | undefined; + resourceInputs["clientId"] = args ? args.clientId : undefined; + resourceInputs["clientSecret"] = args?.clientSecret ? pulumi.secret(args.clientSecret) : undefined; + resourceInputs["cloud"] = args ? args.cloud : undefined; + resourceInputs["customTags"] = args ? args.customTags : undefined; + resourceInputs["keyVaultUri"] = args ? args.keyVaultUri : undefined; + resourceInputs["name"] = args ? args.name : undefined; + resourceInputs["namespace"] = args ? args.namespace : undefined; + resourceInputs["secretNameTemplate"] = args ? args.secretNameTemplate : undefined; + resourceInputs["tenantId"] = args ? args.tenantId : undefined; + resourceInputs["type"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + const secretOpts = { additionalSecretOutputs: ["clientSecret"] }; + opts = pulumi.mergeOptions(opts, secretOpts); + super(SyncAzureDestination.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering SyncAzureDestination resources. + */ +export interface SyncAzureDestinationState { + /** + * Client ID of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + * variable. + */ + clientId?: pulumi.Input; + /** + * Client Secret of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + * variable. + */ + clientSecret?: pulumi.Input; + /** + * Specifies a cloud for the client. The default is Azure Public Cloud. + */ + cloud?: pulumi.Input; + /** + * Custom tags to set on the secret managed at the destination. + */ + customTags?: pulumi.Input<{[key: string]: any}>; + /** + * URI of an existing Azure Key Vault instance. + * Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + * variable. + */ + keyVaultUri?: pulumi.Input; + /** + * Unique name of the Azure destination. + */ + name?: pulumi.Input; + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + */ + namespace?: pulumi.Input; + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + */ + secretNameTemplate?: pulumi.Input; + /** + * ID of the target Azure tenant. + * Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + * variable. + */ + tenantId?: pulumi.Input; + /** + * The type of the secrets destination (`azure-kv`). + */ + type?: pulumi.Input; +} + +/** + * The set of arguments for constructing a SyncAzureDestination resource. + */ +export interface SyncAzureDestinationArgs { + /** + * Client ID of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + * variable. + */ + clientId?: pulumi.Input; + /** + * Client Secret of an Azure app registration. + * Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + * variable. + */ + clientSecret?: pulumi.Input; + /** + * Specifies a cloud for the client. The default is Azure Public Cloud. + */ + cloud?: pulumi.Input; + /** + * Custom tags to set on the secret managed at the destination. + */ + customTags?: pulumi.Input<{[key: string]: any}>; + /** + * URI of an existing Azure Key Vault instance. + * Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + * variable. + */ + keyVaultUri?: pulumi.Input; + /** + * Unique name of the Azure destination. + */ + name?: pulumi.Input; + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + */ + namespace?: pulumi.Input; + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + */ + secretNameTemplate?: pulumi.Input; + /** + * ID of the target Azure tenant. + * Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + * variable. + */ + tenantId?: pulumi.Input; +} diff --git a/sdk/nodejs/secrets/syncConfig.ts b/sdk/nodejs/secrets/syncConfig.ts new file mode 100644 index 000000000..097998a7d --- /dev/null +++ b/sdk/nodejs/secrets/syncConfig.ts @@ -0,0 +1,141 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "../utilities"; + +/** + * Configures the secret sync global config. + * The config is global and can only be managed in the root namespace. + * + * > **Important** The config is global so the vault.secrets.SyncConfig resource must not be defined + * multiple times for the same Vault server. If multiple definition exists, the last one applied will be + * effective. + * + * ## Example Usage + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as vault from "@pulumi/vault"; + * + * const globalConfig = new vault.secrets.SyncConfig("globalConfig", { + * disabled: true, + * queueCapacity: 500000, + * }); + * ``` + * + * ## Import + * + * ```sh + * $ pulumi import vault:secrets/syncConfig:SyncConfig config global_config + * ``` + */ +export class SyncConfig extends pulumi.CustomResource { + /** + * Get an existing SyncConfig resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: SyncConfigState, opts?: pulumi.CustomResourceOptions): SyncConfig { + return new SyncConfig(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'vault:secrets/syncConfig:SyncConfig'; + + /** + * Returns true if the given object is an instance of SyncConfig. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is SyncConfig { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === SyncConfig.__pulumiType; + } + + /** + * Disables the syncing process between Vault and external destinations. Defaults to `false`. + */ + public readonly disabled!: pulumi.Output; + /** + * The namespace to provision the resource in. + * This resource can only be configured in the root namespace. + * *Available only for Vault Enterprise*. + */ + public readonly namespace!: pulumi.Output; + /** + * Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + */ + public readonly queueCapacity!: pulumi.Output; + + /** + * Create a SyncConfig resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args?: SyncConfigArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: SyncConfigArgs | SyncConfigState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as SyncConfigState | undefined; + resourceInputs["disabled"] = state ? state.disabled : undefined; + resourceInputs["namespace"] = state ? state.namespace : undefined; + resourceInputs["queueCapacity"] = state ? state.queueCapacity : undefined; + } else { + const args = argsOrState as SyncConfigArgs | undefined; + resourceInputs["disabled"] = args ? args.disabled : undefined; + resourceInputs["namespace"] = args ? args.namespace : undefined; + resourceInputs["queueCapacity"] = args ? args.queueCapacity : undefined; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(SyncConfig.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering SyncConfig resources. + */ +export interface SyncConfigState { + /** + * Disables the syncing process between Vault and external destinations. Defaults to `false`. + */ + disabled?: pulumi.Input; + /** + * The namespace to provision the resource in. + * This resource can only be configured in the root namespace. + * *Available only for Vault Enterprise*. + */ + namespace?: pulumi.Input; + /** + * Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + */ + queueCapacity?: pulumi.Input; +} + +/** + * The set of arguments for constructing a SyncConfig resource. + */ +export interface SyncConfigArgs { + /** + * Disables the syncing process between Vault and external destinations. Defaults to `false`. + */ + disabled?: pulumi.Input; + /** + * The namespace to provision the resource in. + * This resource can only be configured in the root namespace. + * *Available only for Vault Enterprise*. + */ + namespace?: pulumi.Input; + /** + * Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + */ + queueCapacity?: pulumi.Input; +} diff --git a/sdk/nodejs/secrets/syncGcpDestination.ts b/sdk/nodejs/secrets/syncGcpDestination.ts new file mode 100644 index 000000000..6d7baa680 --- /dev/null +++ b/sdk/nodejs/secrets/syncGcpDestination.ts @@ -0,0 +1,189 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "../utilities"; + +/** + * ## Example Usage + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as fs from "fs"; + * import * as vault from "@pulumi/vault"; + * + * const gcp = new vault.secrets.SyncGcpDestination("gcp", { + * credentials: fs.readFileSync(_var.credentials_file, "utf8"), + * secretNameTemplate: "vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}", + * customTags: { + * foo: "bar", + * }, + * }); + * ``` + * + * ## Import + * + * GCP Secrets sync destinations can be imported using the `name`, e.g. + * + * ```sh + * $ pulumi import vault:secrets/syncGcpDestination:SyncGcpDestination gcp gcp-dest + * ``` + */ +export class SyncGcpDestination extends pulumi.CustomResource { + /** + * Get an existing SyncGcpDestination resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: SyncGcpDestinationState, opts?: pulumi.CustomResourceOptions): SyncGcpDestination { + return new SyncGcpDestination(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'vault:secrets/syncGcpDestination:SyncGcpDestination'; + + /** + * Returns true if the given object is an instance of SyncGcpDestination. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is SyncGcpDestination { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === SyncGcpDestination.__pulumiType; + } + + /** + * JSON-encoded credentials to use to connect to GCP. + * Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + * variable. + */ + public readonly credentials!: pulumi.Output; + /** + * Custom tags to set on the secret managed at the destination. + */ + public readonly customTags!: pulumi.Output<{[key: string]: any} | undefined>; + /** + * Unique name of the GCP destination. + */ + public readonly name!: pulumi.Output; + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + */ + public readonly namespace!: pulumi.Output; + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + */ + public readonly secretNameTemplate!: pulumi.Output; + /** + * The type of the secrets destination (`gcp-sm`). + */ + public /*out*/ readonly type!: pulumi.Output; + + /** + * Create a SyncGcpDestination resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args?: SyncGcpDestinationArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: SyncGcpDestinationArgs | SyncGcpDestinationState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as SyncGcpDestinationState | undefined; + resourceInputs["credentials"] = state ? state.credentials : undefined; + resourceInputs["customTags"] = state ? state.customTags : undefined; + resourceInputs["name"] = state ? state.name : undefined; + resourceInputs["namespace"] = state ? state.namespace : undefined; + resourceInputs["secretNameTemplate"] = state ? state.secretNameTemplate : undefined; + resourceInputs["type"] = state ? state.type : undefined; + } else { + const args = argsOrState as SyncGcpDestinationArgs | undefined; + resourceInputs["credentials"] = args?.credentials ? pulumi.secret(args.credentials) : undefined; + resourceInputs["customTags"] = args ? args.customTags : undefined; + resourceInputs["name"] = args ? args.name : undefined; + resourceInputs["namespace"] = args ? args.namespace : undefined; + resourceInputs["secretNameTemplate"] = args ? args.secretNameTemplate : undefined; + resourceInputs["type"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + const secretOpts = { additionalSecretOutputs: ["credentials"] }; + opts = pulumi.mergeOptions(opts, secretOpts); + super(SyncGcpDestination.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering SyncGcpDestination resources. + */ +export interface SyncGcpDestinationState { + /** + * JSON-encoded credentials to use to connect to GCP. + * Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + * variable. + */ + credentials?: pulumi.Input; + /** + * Custom tags to set on the secret managed at the destination. + */ + customTags?: pulumi.Input<{[key: string]: any}>; + /** + * Unique name of the GCP destination. + */ + name?: pulumi.Input; + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + */ + namespace?: pulumi.Input; + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + */ + secretNameTemplate?: pulumi.Input; + /** + * The type of the secrets destination (`gcp-sm`). + */ + type?: pulumi.Input; +} + +/** + * The set of arguments for constructing a SyncGcpDestination resource. + */ +export interface SyncGcpDestinationArgs { + /** + * JSON-encoded credentials to use to connect to GCP. + * Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + * variable. + */ + credentials?: pulumi.Input; + /** + * Custom tags to set on the secret managed at the destination. + */ + customTags?: pulumi.Input<{[key: string]: any}>; + /** + * Unique name of the GCP destination. + */ + name?: pulumi.Input; + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + */ + namespace?: pulumi.Input; + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + */ + secretNameTemplate?: pulumi.Input; +} diff --git a/sdk/nodejs/secrets/syncGhDestination.ts b/sdk/nodejs/secrets/syncGhDestination.ts new file mode 100644 index 000000000..28d9c6d2d --- /dev/null +++ b/sdk/nodejs/secrets/syncGhDestination.ts @@ -0,0 +1,213 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "../utilities"; + +/** + * ## Example Usage + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as vault from "@pulumi/vault"; + * + * const gh = new vault.secrets.SyncGhDestination("gh", { + * accessToken: _var.access_token, + * repositoryOwner: _var.repo_owner, + * repositoryName: "repo-name-example", + * secretNameTemplate: "vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}", + * }); + * ``` + * + * ## Import + * + * GitHub Secrets sync destinations can be imported using the `name`, e.g. + * + * ```sh + * $ pulumi import vault:secrets/syncGhDestination:SyncGhDestination gh gh-dest + * ``` + */ +export class SyncGhDestination extends pulumi.CustomResource { + /** + * Get an existing SyncGhDestination resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: SyncGhDestinationState, opts?: pulumi.CustomResourceOptions): SyncGhDestination { + return new SyncGhDestination(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'vault:secrets/syncGhDestination:SyncGhDestination'; + + /** + * Returns true if the given object is an instance of SyncGhDestination. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is SyncGhDestination { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === SyncGhDestination.__pulumiType; + } + + /** + * Fine-grained or personal access token. + * Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + * variable. + */ + public readonly accessToken!: pulumi.Output; + /** + * Unique name of the GitHub destination. + */ + public readonly name!: pulumi.Output; + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + */ + public readonly namespace!: pulumi.Output; + /** + * Name of the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + * variable. + */ + public readonly repositoryName!: pulumi.Output; + /** + * GitHub organization or username that owns the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + * variable. + */ + public readonly repositoryOwner!: pulumi.Output; + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + */ + public readonly secretNameTemplate!: pulumi.Output; + /** + * The type of the secrets destination (`gh`). + */ + public /*out*/ readonly type!: pulumi.Output; + + /** + * Create a SyncGhDestination resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args?: SyncGhDestinationArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: SyncGhDestinationArgs | SyncGhDestinationState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as SyncGhDestinationState | undefined; + resourceInputs["accessToken"] = state ? state.accessToken : undefined; + resourceInputs["name"] = state ? state.name : undefined; + resourceInputs["namespace"] = state ? state.namespace : undefined; + resourceInputs["repositoryName"] = state ? state.repositoryName : undefined; + resourceInputs["repositoryOwner"] = state ? state.repositoryOwner : undefined; + resourceInputs["secretNameTemplate"] = state ? state.secretNameTemplate : undefined; + resourceInputs["type"] = state ? state.type : undefined; + } else { + const args = argsOrState as SyncGhDestinationArgs | undefined; + resourceInputs["accessToken"] = args?.accessToken ? pulumi.secret(args.accessToken) : undefined; + resourceInputs["name"] = args ? args.name : undefined; + resourceInputs["namespace"] = args ? args.namespace : undefined; + resourceInputs["repositoryName"] = args ? args.repositoryName : undefined; + resourceInputs["repositoryOwner"] = args ? args.repositoryOwner : undefined; + resourceInputs["secretNameTemplate"] = args ? args.secretNameTemplate : undefined; + resourceInputs["type"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + const secretOpts = { additionalSecretOutputs: ["accessToken"] }; + opts = pulumi.mergeOptions(opts, secretOpts); + super(SyncGhDestination.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering SyncGhDestination resources. + */ +export interface SyncGhDestinationState { + /** + * Fine-grained or personal access token. + * Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + * variable. + */ + accessToken?: pulumi.Input; + /** + * Unique name of the GitHub destination. + */ + name?: pulumi.Input; + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + */ + namespace?: pulumi.Input; + /** + * Name of the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + * variable. + */ + repositoryName?: pulumi.Input; + /** + * GitHub organization or username that owns the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + * variable. + */ + repositoryOwner?: pulumi.Input; + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + */ + secretNameTemplate?: pulumi.Input; + /** + * The type of the secrets destination (`gh`). + */ + type?: pulumi.Input; +} + +/** + * The set of arguments for constructing a SyncGhDestination resource. + */ +export interface SyncGhDestinationArgs { + /** + * Fine-grained or personal access token. + * Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + * variable. + */ + accessToken?: pulumi.Input; + /** + * Unique name of the GitHub destination. + */ + name?: pulumi.Input; + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + */ + namespace?: pulumi.Input; + /** + * Name of the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + * variable. + */ + repositoryName?: pulumi.Input; + /** + * GitHub organization or username that owns the repository. + * Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + * variable. + */ + repositoryOwner?: pulumi.Input; + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + */ + secretNameTemplate?: pulumi.Input; +} diff --git a/sdk/nodejs/secrets/syncVercelDestination.ts b/sdk/nodejs/secrets/syncVercelDestination.ts new file mode 100644 index 000000000..875000523 --- /dev/null +++ b/sdk/nodejs/secrets/syncVercelDestination.ts @@ -0,0 +1,228 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "../utilities"; + +/** + * ## Example Usage + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as vault from "@pulumi/vault"; + * + * const vercel = new vault.secrets.SyncVercelDestination("vercel", { + * accessToken: _var.access_token, + * projectId: _var.project_id, + * deploymentEnvironments: [ + * "development", + * "preview", + * "production", + * ], + * secretNameTemplate: "vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}", + * }); + * ``` + * + * ## Import + * + * GitHub Secrets sync destinations can be imported using the `name`, e.g. + * + * ```sh + * $ pulumi import vault:secrets/syncVercelDestination:SyncVercelDestination vercel vercel-dest + * ``` + */ +export class SyncVercelDestination extends pulumi.CustomResource { + /** + * Get an existing SyncVercelDestination resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: SyncVercelDestinationState, opts?: pulumi.CustomResourceOptions): SyncVercelDestination { + return new SyncVercelDestination(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'vault:secrets/syncVercelDestination:SyncVercelDestination'; + + /** + * Returns true if the given object is an instance of SyncVercelDestination. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is SyncVercelDestination { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === SyncVercelDestination.__pulumiType; + } + + /** + * Vercel API access token with the permissions to manage environment + * variables. + */ + public readonly accessToken!: pulumi.Output; + /** + * Deployment environments where the environment variables + * are available. Accepts `development`, `preview` and `production`. + */ + public readonly deploymentEnvironments!: pulumi.Output; + /** + * Unique name of the GitHub destination. + */ + public readonly name!: pulumi.Output; + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + */ + public readonly namespace!: pulumi.Output; + /** + * Project ID where to manage environment variables. + */ + public readonly projectId!: pulumi.Output; + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + */ + public readonly secretNameTemplate!: pulumi.Output; + /** + * Team ID where to manage environment variables. + */ + public readonly teamId!: pulumi.Output; + /** + * The type of the secrets destination (`vercel-project`). + */ + public /*out*/ readonly type!: pulumi.Output; + + /** + * Create a SyncVercelDestination resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: SyncVercelDestinationArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: SyncVercelDestinationArgs | SyncVercelDestinationState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as SyncVercelDestinationState | undefined; + resourceInputs["accessToken"] = state ? state.accessToken : undefined; + resourceInputs["deploymentEnvironments"] = state ? state.deploymentEnvironments : undefined; + resourceInputs["name"] = state ? state.name : undefined; + resourceInputs["namespace"] = state ? state.namespace : undefined; + resourceInputs["projectId"] = state ? state.projectId : undefined; + resourceInputs["secretNameTemplate"] = state ? state.secretNameTemplate : undefined; + resourceInputs["teamId"] = state ? state.teamId : undefined; + resourceInputs["type"] = state ? state.type : undefined; + } else { + const args = argsOrState as SyncVercelDestinationArgs | undefined; + if ((!args || args.accessToken === undefined) && !opts.urn) { + throw new Error("Missing required property 'accessToken'"); + } + if ((!args || args.deploymentEnvironments === undefined) && !opts.urn) { + throw new Error("Missing required property 'deploymentEnvironments'"); + } + if ((!args || args.projectId === undefined) && !opts.urn) { + throw new Error("Missing required property 'projectId'"); + } + resourceInputs["accessToken"] = args?.accessToken ? pulumi.secret(args.accessToken) : undefined; + resourceInputs["deploymentEnvironments"] = args ? args.deploymentEnvironments : undefined; + resourceInputs["name"] = args ? args.name : undefined; + resourceInputs["namespace"] = args ? args.namespace : undefined; + resourceInputs["projectId"] = args ? args.projectId : undefined; + resourceInputs["secretNameTemplate"] = args ? args.secretNameTemplate : undefined; + resourceInputs["teamId"] = args ? args.teamId : undefined; + resourceInputs["type"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + const secretOpts = { additionalSecretOutputs: ["accessToken"] }; + opts = pulumi.mergeOptions(opts, secretOpts); + super(SyncVercelDestination.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering SyncVercelDestination resources. + */ +export interface SyncVercelDestinationState { + /** + * Vercel API access token with the permissions to manage environment + * variables. + */ + accessToken?: pulumi.Input; + /** + * Deployment environments where the environment variables + * are available. Accepts `development`, `preview` and `production`. + */ + deploymentEnvironments?: pulumi.Input[]>; + /** + * Unique name of the GitHub destination. + */ + name?: pulumi.Input; + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + */ + namespace?: pulumi.Input; + /** + * Project ID where to manage environment variables. + */ + projectId?: pulumi.Input; + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + */ + secretNameTemplate?: pulumi.Input; + /** + * Team ID where to manage environment variables. + */ + teamId?: pulumi.Input; + /** + * The type of the secrets destination (`vercel-project`). + */ + type?: pulumi.Input; +} + +/** + * The set of arguments for constructing a SyncVercelDestination resource. + */ +export interface SyncVercelDestinationArgs { + /** + * Vercel API access token with the permissions to manage environment + * variables. + */ + accessToken: pulumi.Input; + /** + * Deployment environments where the environment variables + * are available. Accepts `development`, `preview` and `production`. + */ + deploymentEnvironments: pulumi.Input[]>; + /** + * Unique name of the GitHub destination. + */ + name?: pulumi.Input; + /** + * The namespace to provision the resource in. + * The value should not contain leading or trailing forward slashes. + * The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + */ + namespace?: pulumi.Input; + /** + * Project ID where to manage environment variables. + */ + projectId: pulumi.Input; + /** + * Template describing how to generate external secret names. + * Supports a subset of the Go Template syntax. + */ + secretNameTemplate?: pulumi.Input; + /** + * Team ID where to manage environment variables. + */ + teamId?: pulumi.Input; +} diff --git a/sdk/nodejs/tsconfig.json b/sdk/nodejs/tsconfig.json index bd6a4585c..9034598a5 100644 --- a/sdk/nodejs/tsconfig.json +++ b/sdk/nodejs/tsconfig.json @@ -193,6 +193,14 @@ "saml/authBackend.ts", "saml/authBackendRole.ts", "saml/index.ts", + "secrets/index.ts", + "secrets/syncAssociation.ts", + "secrets/syncAwsDestination.ts", + "secrets/syncAzureDestination.ts", + "secrets/syncConfig.ts", + "secrets/syncGcpDestination.ts", + "secrets/syncGhDestination.ts", + "secrets/syncVercelDestination.ts", "ssh/index.ts", "ssh/secretBackendCa.ts", "ssh/secretBackendRole.ts", diff --git a/sdk/nodejs/types/input.ts b/sdk/nodejs/types/input.ts index f76467169..def8e53fb 100644 --- a/sdk/nodejs/types/input.ts +++ b/sdk/nodejs/types/input.ts @@ -1108,6 +1108,10 @@ export namespace database { * for an example. */ connectionUrl?: pulumi.Input; + /** + * Enable the built-in session disconnect mechanism. + */ + disconnectSessions?: pulumi.Input; /** * The maximum number of seconds to keep * a connection alive for. @@ -1127,6 +1131,10 @@ export namespace database { * The password to authenticate with. */ password?: pulumi.Input; + /** + * Enable spliting statements after semi-colons. + */ + splitStatements?: pulumi.Input; /** * The username to authenticate with. */ @@ -2171,6 +2179,10 @@ export namespace database { * Supported list of database secrets engines that can be configured: */ data?: pulumi.Input<{[key: string]: any}>; + /** + * Set to true to disconnect any open sessions prior to running the revocation statements. + */ + disconnectSessions?: pulumi.Input; /** * The maximum amount of time a connection may be reused. */ @@ -2201,6 +2213,10 @@ export namespace database { * A list of database statements to be executed to rotate the root user's credentials. */ rootRotationStatements?: pulumi.Input[]>; + /** + * Set to true in order to split statements after semi-colons. + */ + splitStatements?: pulumi.Input; /** * The root credential username used in the connection URL. */ diff --git a/sdk/nodejs/types/output.ts b/sdk/nodejs/types/output.ts index 899ec8475..390326c0c 100644 --- a/sdk/nodejs/types/output.ts +++ b/sdk/nodejs/types/output.ts @@ -1053,6 +1053,10 @@ export namespace database { * for an example. */ connectionUrl?: string; + /** + * Enable the built-in session disconnect mechanism. + */ + disconnectSessions?: boolean; /** * The maximum number of seconds to keep * a connection alive for. @@ -1072,6 +1076,10 @@ export namespace database { * The password to authenticate with. */ password?: string; + /** + * Enable spliting statements after semi-colons. + */ + splitStatements?: boolean; /** * The username to authenticate with. */ @@ -2116,6 +2124,10 @@ export namespace database { * Supported list of database secrets engines that can be configured: */ data?: {[key: string]: any}; + /** + * Set to true to disconnect any open sessions prior to running the revocation statements. + */ + disconnectSessions?: boolean; /** * The maximum amount of time a connection may be reused. */ @@ -2146,6 +2158,10 @@ export namespace database { * A list of database statements to be executed to rotate the root user's credentials. */ rootRotationStatements?: string[]; + /** + * Set to true in order to split statements after semi-colons. + */ + splitStatements?: boolean; /** * The root credential username used in the connection URL. */ diff --git a/sdk/python/pulumi_vault/__init__.py b/sdk/python/pulumi_vault/__init__.py index 1c4abc007..1dfcf02a9 100644 --- a/sdk/python/pulumi_vault/__init__.py +++ b/sdk/python/pulumi_vault/__init__.py @@ -83,6 +83,8 @@ rabbitmq = __rabbitmq import pulumi_vault.saml as __saml saml = __saml + import pulumi_vault.secrets as __secrets + secrets = __secrets import pulumi_vault.ssh as __ssh ssh = __ssh import pulumi_vault.terraformcloud as __terraformcloud @@ -117,6 +119,7 @@ pkisecret = _utilities.lazy_import('pulumi_vault.pkisecret') rabbitmq = _utilities.lazy_import('pulumi_vault.rabbitmq') saml = _utilities.lazy_import('pulumi_vault.saml') + secrets = _utilities.lazy_import('pulumi_vault.secrets') ssh = _utilities.lazy_import('pulumi_vault.ssh') terraformcloud = _utilities.lazy_import('pulumi_vault.terraformcloud') tokenauth = _utilities.lazy_import('pulumi_vault.tokenauth') @@ -1118,6 +1121,62 @@ "vault:saml/authBackendRole:AuthBackendRole": "AuthBackendRole" } }, + { + "pkg": "vault", + "mod": "secrets/syncAssociation", + "fqn": "pulumi_vault.secrets", + "classes": { + "vault:secrets/syncAssociation:SyncAssociation": "SyncAssociation" + } + }, + { + "pkg": "vault", + "mod": "secrets/syncAwsDestination", + "fqn": "pulumi_vault.secrets", + "classes": { + "vault:secrets/syncAwsDestination:SyncAwsDestination": "SyncAwsDestination" + } + }, + { + "pkg": "vault", + "mod": "secrets/syncAzureDestination", + "fqn": "pulumi_vault.secrets", + "classes": { + "vault:secrets/syncAzureDestination:SyncAzureDestination": "SyncAzureDestination" + } + }, + { + "pkg": "vault", + "mod": "secrets/syncConfig", + "fqn": "pulumi_vault.secrets", + "classes": { + "vault:secrets/syncConfig:SyncConfig": "SyncConfig" + } + }, + { + "pkg": "vault", + "mod": "secrets/syncGcpDestination", + "fqn": "pulumi_vault.secrets", + "classes": { + "vault:secrets/syncGcpDestination:SyncGcpDestination": "SyncGcpDestination" + } + }, + { + "pkg": "vault", + "mod": "secrets/syncGhDestination", + "fqn": "pulumi_vault.secrets", + "classes": { + "vault:secrets/syncGhDestination:SyncGhDestination": "SyncGhDestination" + } + }, + { + "pkg": "vault", + "mod": "secrets/syncVercelDestination", + "fqn": "pulumi_vault.secrets", + "classes": { + "vault:secrets/syncVercelDestination:SyncVercelDestination": "SyncVercelDestination" + } + }, { "pkg": "vault", "mod": "ssh/secretBackendCa", diff --git a/sdk/python/pulumi_vault/aws/secret_backend.py b/sdk/python/pulumi_vault/aws/secret_backend.py index 3fbd7262f..e34beef7d 100644 --- a/sdk/python/pulumi_vault/aws/secret_backend.py +++ b/sdk/python/pulumi_vault/aws/secret_backend.py @@ -19,11 +19,15 @@ def __init__(__self__, *, description: Optional[pulumi.Input[str]] = None, disable_remount: Optional[pulumi.Input[bool]] = None, iam_endpoint: Optional[pulumi.Input[str]] = None, + identity_token_audience: Optional[pulumi.Input[str]] = None, + identity_token_key: Optional[pulumi.Input[str]] = None, + identity_token_ttl: Optional[pulumi.Input[int]] = None, local: Optional[pulumi.Input[bool]] = None, max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None, namespace: Optional[pulumi.Input[str]] = None, path: Optional[pulumi.Input[str]] = None, region: Optional[pulumi.Input[str]] = None, + role_arn: Optional[pulumi.Input[str]] = None, secret_key: Optional[pulumi.Input[str]] = None, sts_endpoint: Optional[pulumi.Input[str]] = None, username_template: Optional[pulumi.Input[str]] = None): @@ -37,6 +41,9 @@ def __init__(__self__, *, :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates. See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) :param pulumi.Input[str] iam_endpoint: Specifies a custom HTTP IAM endpoint to use. + :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.16+. + :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.16+. + :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.16+. :param pulumi.Input[bool] local: Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. :param pulumi.Input[int] max_lease_ttl_seconds: The maximum TTL that can be requested for credentials issued by this backend. @@ -47,6 +54,7 @@ def __init__(__self__, *, :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must not begin or end with a `/`. Defaults to `aws`. :param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1. + :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials. :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use. :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template: @@ -61,6 +69,12 @@ def __init__(__self__, *, pulumi.set(__self__, "disable_remount", disable_remount) if iam_endpoint is not None: pulumi.set(__self__, "iam_endpoint", iam_endpoint) + if identity_token_audience is not None: + pulumi.set(__self__, "identity_token_audience", identity_token_audience) + if identity_token_key is not None: + pulumi.set(__self__, "identity_token_key", identity_token_key) + if identity_token_ttl is not None: + pulumi.set(__self__, "identity_token_ttl", identity_token_ttl) if local is not None: pulumi.set(__self__, "local", local) if max_lease_ttl_seconds is not None: @@ -71,6 +85,8 @@ def __init__(__self__, *, pulumi.set(__self__, "path", path) if region is not None: pulumi.set(__self__, "region", region) + if role_arn is not None: + pulumi.set(__self__, "role_arn", role_arn) if secret_key is not None: pulumi.set(__self__, "secret_key", secret_key) if sts_endpoint is not None: @@ -141,6 +157,42 @@ def iam_endpoint(self) -> Optional[pulumi.Input[str]]: def iam_endpoint(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "iam_endpoint", value) + @property + @pulumi.getter(name="identityTokenAudience") + def identity_token_audience(self) -> Optional[pulumi.Input[str]]: + """ + The audience claim value. Requires Vault 1.16+. + """ + return pulumi.get(self, "identity_token_audience") + + @identity_token_audience.setter + def identity_token_audience(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "identity_token_audience", value) + + @property + @pulumi.getter(name="identityTokenKey") + def identity_token_key(self) -> Optional[pulumi.Input[str]]: + """ + The key to use for signing identity tokens. Requires Vault 1.16+. + """ + return pulumi.get(self, "identity_token_key") + + @identity_token_key.setter + def identity_token_key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "identity_token_key", value) + + @property + @pulumi.getter(name="identityTokenTtl") + def identity_token_ttl(self) -> Optional[pulumi.Input[int]]: + """ + The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + """ + return pulumi.get(self, "identity_token_ttl") + + @identity_token_ttl.setter + def identity_token_ttl(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "identity_token_ttl", value) + @property @pulumi.getter def local(self) -> Optional[pulumi.Input[bool]]: @@ -206,6 +258,18 @@ def region(self) -> Optional[pulumi.Input[str]]: def region(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "region", value) + @property + @pulumi.getter(name="roleArn") + def role_arn(self) -> Optional[pulumi.Input[str]]: + """ + Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + """ + return pulumi.get(self, "role_arn") + + @role_arn.setter + def role_arn(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "role_arn", value) + @property @pulumi.getter(name="secretKey") def secret_key(self) -> Optional[pulumi.Input[str]]: @@ -251,11 +315,15 @@ def __init__(__self__, *, description: Optional[pulumi.Input[str]] = None, disable_remount: Optional[pulumi.Input[bool]] = None, iam_endpoint: Optional[pulumi.Input[str]] = None, + identity_token_audience: Optional[pulumi.Input[str]] = None, + identity_token_key: Optional[pulumi.Input[str]] = None, + identity_token_ttl: Optional[pulumi.Input[int]] = None, local: Optional[pulumi.Input[bool]] = None, max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None, namespace: Optional[pulumi.Input[str]] = None, path: Optional[pulumi.Input[str]] = None, region: Optional[pulumi.Input[str]] = None, + role_arn: Optional[pulumi.Input[str]] = None, secret_key: Optional[pulumi.Input[str]] = None, sts_endpoint: Optional[pulumi.Input[str]] = None, username_template: Optional[pulumi.Input[str]] = None): @@ -269,6 +337,9 @@ def __init__(__self__, *, :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates. See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) :param pulumi.Input[str] iam_endpoint: Specifies a custom HTTP IAM endpoint to use. + :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.16+. + :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.16+. + :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.16+. :param pulumi.Input[bool] local: Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. :param pulumi.Input[int] max_lease_ttl_seconds: The maximum TTL that can be requested for credentials issued by this backend. @@ -279,6 +350,7 @@ def __init__(__self__, *, :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must not begin or end with a `/`. Defaults to `aws`. :param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1. + :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials. :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use. :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template: @@ -293,6 +365,12 @@ def __init__(__self__, *, pulumi.set(__self__, "disable_remount", disable_remount) if iam_endpoint is not None: pulumi.set(__self__, "iam_endpoint", iam_endpoint) + if identity_token_audience is not None: + pulumi.set(__self__, "identity_token_audience", identity_token_audience) + if identity_token_key is not None: + pulumi.set(__self__, "identity_token_key", identity_token_key) + if identity_token_ttl is not None: + pulumi.set(__self__, "identity_token_ttl", identity_token_ttl) if local is not None: pulumi.set(__self__, "local", local) if max_lease_ttl_seconds is not None: @@ -303,6 +381,8 @@ def __init__(__self__, *, pulumi.set(__self__, "path", path) if region is not None: pulumi.set(__self__, "region", region) + if role_arn is not None: + pulumi.set(__self__, "role_arn", role_arn) if secret_key is not None: pulumi.set(__self__, "secret_key", secret_key) if sts_endpoint is not None: @@ -373,6 +453,42 @@ def iam_endpoint(self) -> Optional[pulumi.Input[str]]: def iam_endpoint(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "iam_endpoint", value) + @property + @pulumi.getter(name="identityTokenAudience") + def identity_token_audience(self) -> Optional[pulumi.Input[str]]: + """ + The audience claim value. Requires Vault 1.16+. + """ + return pulumi.get(self, "identity_token_audience") + + @identity_token_audience.setter + def identity_token_audience(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "identity_token_audience", value) + + @property + @pulumi.getter(name="identityTokenKey") + def identity_token_key(self) -> Optional[pulumi.Input[str]]: + """ + The key to use for signing identity tokens. Requires Vault 1.16+. + """ + return pulumi.get(self, "identity_token_key") + + @identity_token_key.setter + def identity_token_key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "identity_token_key", value) + + @property + @pulumi.getter(name="identityTokenTtl") + def identity_token_ttl(self) -> Optional[pulumi.Input[int]]: + """ + The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + """ + return pulumi.get(self, "identity_token_ttl") + + @identity_token_ttl.setter + def identity_token_ttl(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "identity_token_ttl", value) + @property @pulumi.getter def local(self) -> Optional[pulumi.Input[bool]]: @@ -438,6 +554,18 @@ def region(self) -> Optional[pulumi.Input[str]]: def region(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "region", value) + @property + @pulumi.getter(name="roleArn") + def role_arn(self) -> Optional[pulumi.Input[str]]: + """ + Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + """ + return pulumi.get(self, "role_arn") + + @role_arn.setter + def role_arn(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "role_arn", value) + @property @pulumi.getter(name="secretKey") def secret_key(self) -> Optional[pulumi.Input[str]]: @@ -485,11 +613,15 @@ def __init__(__self__, description: Optional[pulumi.Input[str]] = None, disable_remount: Optional[pulumi.Input[bool]] = None, iam_endpoint: Optional[pulumi.Input[str]] = None, + identity_token_audience: Optional[pulumi.Input[str]] = None, + identity_token_key: Optional[pulumi.Input[str]] = None, + identity_token_ttl: Optional[pulumi.Input[int]] = None, local: Optional[pulumi.Input[bool]] = None, max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None, namespace: Optional[pulumi.Input[str]] = None, path: Optional[pulumi.Input[str]] = None, region: Optional[pulumi.Input[str]] = None, + role_arn: Optional[pulumi.Input[str]] = None, secret_key: Optional[pulumi.Input[str]] = None, sts_endpoint: Optional[pulumi.Input[str]] = None, username_template: Optional[pulumi.Input[str]] = None, @@ -513,6 +645,9 @@ def __init__(__self__, :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates. See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) :param pulumi.Input[str] iam_endpoint: Specifies a custom HTTP IAM endpoint to use. + :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.16+. + :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.16+. + :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.16+. :param pulumi.Input[bool] local: Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. :param pulumi.Input[int] max_lease_ttl_seconds: The maximum TTL that can be requested for credentials issued by this backend. @@ -523,6 +658,7 @@ def __init__(__self__, :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must not begin or end with a `/`. Defaults to `aws`. :param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1. + :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials. :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use. :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template: @@ -562,11 +698,15 @@ def _internal_init(__self__, description: Optional[pulumi.Input[str]] = None, disable_remount: Optional[pulumi.Input[bool]] = None, iam_endpoint: Optional[pulumi.Input[str]] = None, + identity_token_audience: Optional[pulumi.Input[str]] = None, + identity_token_key: Optional[pulumi.Input[str]] = None, + identity_token_ttl: Optional[pulumi.Input[int]] = None, local: Optional[pulumi.Input[bool]] = None, max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None, namespace: Optional[pulumi.Input[str]] = None, path: Optional[pulumi.Input[str]] = None, region: Optional[pulumi.Input[str]] = None, + role_arn: Optional[pulumi.Input[str]] = None, secret_key: Optional[pulumi.Input[str]] = None, sts_endpoint: Optional[pulumi.Input[str]] = None, username_template: Optional[pulumi.Input[str]] = None, @@ -584,11 +724,15 @@ def _internal_init(__self__, __props__.__dict__["description"] = description __props__.__dict__["disable_remount"] = disable_remount __props__.__dict__["iam_endpoint"] = iam_endpoint + __props__.__dict__["identity_token_audience"] = identity_token_audience + __props__.__dict__["identity_token_key"] = identity_token_key + __props__.__dict__["identity_token_ttl"] = identity_token_ttl __props__.__dict__["local"] = local __props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds __props__.__dict__["namespace"] = namespace __props__.__dict__["path"] = path __props__.__dict__["region"] = region + __props__.__dict__["role_arn"] = role_arn __props__.__dict__["secret_key"] = None if secret_key is None else pulumi.Output.secret(secret_key) __props__.__dict__["sts_endpoint"] = sts_endpoint __props__.__dict__["username_template"] = username_template @@ -609,11 +753,15 @@ def get(resource_name: str, description: Optional[pulumi.Input[str]] = None, disable_remount: Optional[pulumi.Input[bool]] = None, iam_endpoint: Optional[pulumi.Input[str]] = None, + identity_token_audience: Optional[pulumi.Input[str]] = None, + identity_token_key: Optional[pulumi.Input[str]] = None, + identity_token_ttl: Optional[pulumi.Input[int]] = None, local: Optional[pulumi.Input[bool]] = None, max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None, namespace: Optional[pulumi.Input[str]] = None, path: Optional[pulumi.Input[str]] = None, region: Optional[pulumi.Input[str]] = None, + role_arn: Optional[pulumi.Input[str]] = None, secret_key: Optional[pulumi.Input[str]] = None, sts_endpoint: Optional[pulumi.Input[str]] = None, username_template: Optional[pulumi.Input[str]] = None) -> 'SecretBackend': @@ -632,6 +780,9 @@ def get(resource_name: str, :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates. See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) :param pulumi.Input[str] iam_endpoint: Specifies a custom HTTP IAM endpoint to use. + :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.16+. + :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.16+. + :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.16+. :param pulumi.Input[bool] local: Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. :param pulumi.Input[int] max_lease_ttl_seconds: The maximum TTL that can be requested for credentials issued by this backend. @@ -642,6 +793,7 @@ def get(resource_name: str, :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must not begin or end with a `/`. Defaults to `aws`. :param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1. + :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials. :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use. :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template: @@ -655,11 +807,15 @@ def get(resource_name: str, __props__.__dict__["description"] = description __props__.__dict__["disable_remount"] = disable_remount __props__.__dict__["iam_endpoint"] = iam_endpoint + __props__.__dict__["identity_token_audience"] = identity_token_audience + __props__.__dict__["identity_token_key"] = identity_token_key + __props__.__dict__["identity_token_ttl"] = identity_token_ttl __props__.__dict__["local"] = local __props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds __props__.__dict__["namespace"] = namespace __props__.__dict__["path"] = path __props__.__dict__["region"] = region + __props__.__dict__["role_arn"] = role_arn __props__.__dict__["secret_key"] = secret_key __props__.__dict__["sts_endpoint"] = sts_endpoint __props__.__dict__["username_template"] = username_template @@ -708,6 +864,30 @@ def iam_endpoint(self) -> pulumi.Output[Optional[str]]: """ return pulumi.get(self, "iam_endpoint") + @property + @pulumi.getter(name="identityTokenAudience") + def identity_token_audience(self) -> pulumi.Output[Optional[str]]: + """ + The audience claim value. Requires Vault 1.16+. + """ + return pulumi.get(self, "identity_token_audience") + + @property + @pulumi.getter(name="identityTokenKey") + def identity_token_key(self) -> pulumi.Output[Optional[str]]: + """ + The key to use for signing identity tokens. Requires Vault 1.16+. + """ + return pulumi.get(self, "identity_token_key") + + @property + @pulumi.getter(name="identityTokenTtl") + def identity_token_ttl(self) -> pulumi.Output[int]: + """ + The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + """ + return pulumi.get(self, "identity_token_ttl") + @property @pulumi.getter def local(self) -> pulumi.Output[Optional[bool]]: @@ -753,6 +933,14 @@ def region(self) -> pulumi.Output[str]: """ return pulumi.get(self, "region") + @property + @pulumi.getter(name="roleArn") + def role_arn(self) -> pulumi.Output[Optional[str]]: + """ + Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + """ + return pulumi.get(self, "role_arn") + @property @pulumi.getter(name="secretKey") def secret_key(self) -> pulumi.Output[Optional[str]]: diff --git a/sdk/python/pulumi_vault/database/_inputs.py b/sdk/python/pulumi_vault/database/_inputs.py index 0b0e3f3d4..006552b41 100644 --- a/sdk/python/pulumi_vault/database/_inputs.py +++ b/sdk/python/pulumi_vault/database/_inputs.py @@ -1962,10 +1962,12 @@ def username_template(self, value: Optional[pulumi.Input[str]]): class SecretBackendConnectionOracleArgs: def __init__(__self__, *, connection_url: Optional[pulumi.Input[str]] = None, + disconnect_sessions: Optional[pulumi.Input[bool]] = None, max_connection_lifetime: Optional[pulumi.Input[int]] = None, max_idle_connections: Optional[pulumi.Input[int]] = None, max_open_connections: Optional[pulumi.Input[int]] = None, password: Optional[pulumi.Input[str]] = None, + split_statements: Optional[pulumi.Input[bool]] = None, username: Optional[pulumi.Input[str]] = None, username_template: Optional[pulumi.Input[str]] = None): """ @@ -1973,6 +1975,7 @@ def __init__(__self__, *, the [Vault docs](https://www.vaultproject.io/api-docs/secret/databases/mongodb.html#sample-payload) for an example. + :param pulumi.Input[bool] disconnect_sessions: Enable the built-in session disconnect mechanism. :param pulumi.Input[int] max_connection_lifetime: The maximum number of seconds to keep a connection alive for. :param pulumi.Input[int] max_idle_connections: The maximum number of idle connections to @@ -1980,11 +1983,14 @@ def __init__(__self__, *, :param pulumi.Input[int] max_open_connections: The maximum number of open connections to use. :param pulumi.Input[str] password: The password to authenticate with. + :param pulumi.Input[bool] split_statements: Enable spliting statements after semi-colons. :param pulumi.Input[str] username: The username to authenticate with. :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. """ if connection_url is not None: pulumi.set(__self__, "connection_url", connection_url) + if disconnect_sessions is not None: + pulumi.set(__self__, "disconnect_sessions", disconnect_sessions) if max_connection_lifetime is not None: pulumi.set(__self__, "max_connection_lifetime", max_connection_lifetime) if max_idle_connections is not None: @@ -1993,6 +1999,8 @@ def __init__(__self__, *, pulumi.set(__self__, "max_open_connections", max_open_connections) if password is not None: pulumi.set(__self__, "password", password) + if split_statements is not None: + pulumi.set(__self__, "split_statements", split_statements) if username is not None: pulumi.set(__self__, "username", username) if username_template is not None: @@ -2013,6 +2021,18 @@ def connection_url(self) -> Optional[pulumi.Input[str]]: def connection_url(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "connection_url", value) + @property + @pulumi.getter(name="disconnectSessions") + def disconnect_sessions(self) -> Optional[pulumi.Input[bool]]: + """ + Enable the built-in session disconnect mechanism. + """ + return pulumi.get(self, "disconnect_sessions") + + @disconnect_sessions.setter + def disconnect_sessions(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "disconnect_sessions", value) + @property @pulumi.getter(name="maxConnectionLifetime") def max_connection_lifetime(self) -> Optional[pulumi.Input[int]]: @@ -2064,6 +2084,18 @@ def password(self) -> Optional[pulumi.Input[str]]: def password(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "password", value) + @property + @pulumi.getter(name="splitStatements") + def split_statements(self) -> Optional[pulumi.Input[bool]]: + """ + Enable spliting statements after semi-colons. + """ + return pulumi.get(self, "split_statements") + + @split_statements.setter + def split_statements(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "split_statements", value) + @property @pulumi.getter def username(self) -> Optional[pulumi.Input[str]]: @@ -5847,12 +5879,14 @@ def __init__(__self__, *, allowed_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, connection_url: Optional[pulumi.Input[str]] = None, data: Optional[pulumi.Input[Mapping[str, Any]]] = None, + disconnect_sessions: Optional[pulumi.Input[bool]] = None, max_connection_lifetime: Optional[pulumi.Input[int]] = None, max_idle_connections: Optional[pulumi.Input[int]] = None, max_open_connections: Optional[pulumi.Input[int]] = None, password: Optional[pulumi.Input[str]] = None, plugin_name: Optional[pulumi.Input[str]] = None, root_rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + split_statements: Optional[pulumi.Input[bool]] = None, username: Optional[pulumi.Input[str]] = None, username_template: Optional[pulumi.Input[str]] = None, verify_connection: Optional[pulumi.Input[bool]] = None): @@ -5865,6 +5899,7 @@ def __init__(__self__, *, :param pulumi.Input[Mapping[str, Any]] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings. Supported list of database secrets engines that can be configured: + :param pulumi.Input[bool] disconnect_sessions: Set to true to disconnect any open sessions prior to running the revocation statements. :param pulumi.Input[int] max_connection_lifetime: The maximum amount of time a connection may be reused. :param pulumi.Input[int] max_idle_connections: The maximum number of idle connections to the database. @@ -5873,6 +5908,7 @@ def __init__(__self__, *, :param pulumi.Input[str] password: The root credential password used in the connection URL. :param pulumi.Input[str] plugin_name: Specifies the name of the plugin to use. :param pulumi.Input[Sequence[pulumi.Input[str]]] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials. + :param pulumi.Input[bool] split_statements: Set to true in order to split statements after semi-colons. :param pulumi.Input[str] username: The root credential username used in the connection URL. :param pulumi.Input[str] username_template: [Template](https://www.vaultproject.io/docs/concepts/username-templating) describing how dynamic usernames are generated. :param pulumi.Input[bool] verify_connection: Whether the connection should be verified on @@ -5885,6 +5921,8 @@ def __init__(__self__, *, pulumi.set(__self__, "connection_url", connection_url) if data is not None: pulumi.set(__self__, "data", data) + if disconnect_sessions is not None: + pulumi.set(__self__, "disconnect_sessions", disconnect_sessions) if max_connection_lifetime is not None: pulumi.set(__self__, "max_connection_lifetime", max_connection_lifetime) if max_idle_connections is not None: @@ -5897,6 +5935,8 @@ def __init__(__self__, *, pulumi.set(__self__, "plugin_name", plugin_name) if root_rotation_statements is not None: pulumi.set(__self__, "root_rotation_statements", root_rotation_statements) + if split_statements is not None: + pulumi.set(__self__, "split_statements", split_statements) if username is not None: pulumi.set(__self__, "username", username) if username_template is not None: @@ -5956,6 +5996,18 @@ def data(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: def data(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): pulumi.set(self, "data", value) + @property + @pulumi.getter(name="disconnectSessions") + def disconnect_sessions(self) -> Optional[pulumi.Input[bool]]: + """ + Set to true to disconnect any open sessions prior to running the revocation statements. + """ + return pulumi.get(self, "disconnect_sessions") + + @disconnect_sessions.setter + def disconnect_sessions(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "disconnect_sessions", value) + @property @pulumi.getter(name="maxConnectionLifetime") def max_connection_lifetime(self) -> Optional[pulumi.Input[int]]: @@ -6030,6 +6082,18 @@ def root_rotation_statements(self) -> Optional[pulumi.Input[Sequence[pulumi.Inpu def root_rotation_statements(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "root_rotation_statements", value) + @property + @pulumi.getter(name="splitStatements") + def split_statements(self) -> Optional[pulumi.Input[bool]]: + """ + Set to true in order to split statements after semi-colons. + """ + return pulumi.get(self, "split_statements") + + @split_statements.setter + def split_statements(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "split_statements", value) + @property @pulumi.getter def username(self) -> Optional[pulumi.Input[str]]: diff --git a/sdk/python/pulumi_vault/database/outputs.py b/sdk/python/pulumi_vault/database/outputs.py index 2ef021245..f007f8812 100644 --- a/sdk/python/pulumi_vault/database/outputs.py +++ b/sdk/python/pulumi_vault/database/outputs.py @@ -1865,12 +1865,16 @@ def __key_warning(key: str): suggest = None if key == "connectionUrl": suggest = "connection_url" + elif key == "disconnectSessions": + suggest = "disconnect_sessions" elif key == "maxConnectionLifetime": suggest = "max_connection_lifetime" elif key == "maxIdleConnections": suggest = "max_idle_connections" elif key == "maxOpenConnections": suggest = "max_open_connections" + elif key == "splitStatements": + suggest = "split_statements" elif key == "usernameTemplate": suggest = "username_template" @@ -1887,10 +1891,12 @@ def get(self, key: str, default = None) -> Any: def __init__(__self__, *, connection_url: Optional[str] = None, + disconnect_sessions: Optional[bool] = None, max_connection_lifetime: Optional[int] = None, max_idle_connections: Optional[int] = None, max_open_connections: Optional[int] = None, password: Optional[str] = None, + split_statements: Optional[bool] = None, username: Optional[str] = None, username_template: Optional[str] = None): """ @@ -1898,6 +1904,7 @@ def __init__(__self__, *, the [Vault docs](https://www.vaultproject.io/api-docs/secret/databases/mongodb.html#sample-payload) for an example. + :param bool disconnect_sessions: Enable the built-in session disconnect mechanism. :param int max_connection_lifetime: The maximum number of seconds to keep a connection alive for. :param int max_idle_connections: The maximum number of idle connections to @@ -1905,11 +1912,14 @@ def __init__(__self__, *, :param int max_open_connections: The maximum number of open connections to use. :param str password: The password to authenticate with. + :param bool split_statements: Enable spliting statements after semi-colons. :param str username: The username to authenticate with. :param str username_template: Template describing how dynamic usernames are generated. """ if connection_url is not None: pulumi.set(__self__, "connection_url", connection_url) + if disconnect_sessions is not None: + pulumi.set(__self__, "disconnect_sessions", disconnect_sessions) if max_connection_lifetime is not None: pulumi.set(__self__, "max_connection_lifetime", max_connection_lifetime) if max_idle_connections is not None: @@ -1918,6 +1928,8 @@ def __init__(__self__, *, pulumi.set(__self__, "max_open_connections", max_open_connections) if password is not None: pulumi.set(__self__, "password", password) + if split_statements is not None: + pulumi.set(__self__, "split_statements", split_statements) if username is not None: pulumi.set(__self__, "username", username) if username_template is not None: @@ -1934,6 +1946,14 @@ def connection_url(self) -> Optional[str]: """ return pulumi.get(self, "connection_url") + @property + @pulumi.getter(name="disconnectSessions") + def disconnect_sessions(self) -> Optional[bool]: + """ + Enable the built-in session disconnect mechanism. + """ + return pulumi.get(self, "disconnect_sessions") + @property @pulumi.getter(name="maxConnectionLifetime") def max_connection_lifetime(self) -> Optional[int]: @@ -1969,6 +1989,14 @@ def password(self) -> Optional[str]: """ return pulumi.get(self, "password") + @property + @pulumi.getter(name="splitStatements") + def split_statements(self) -> Optional[bool]: + """ + Enable spliting statements after semi-colons. + """ + return pulumi.get(self, "split_statements") + @property @pulumi.getter def username(self) -> Optional[str]: @@ -5412,6 +5440,8 @@ def __key_warning(key: str): suggest = "allowed_roles" elif key == "connectionUrl": suggest = "connection_url" + elif key == "disconnectSessions": + suggest = "disconnect_sessions" elif key == "maxConnectionLifetime": suggest = "max_connection_lifetime" elif key == "maxIdleConnections": @@ -5422,6 +5452,8 @@ def __key_warning(key: str): suggest = "plugin_name" elif key == "rootRotationStatements": suggest = "root_rotation_statements" + elif key == "splitStatements": + suggest = "split_statements" elif key == "usernameTemplate": suggest = "username_template" elif key == "verifyConnection": @@ -5443,12 +5475,14 @@ def __init__(__self__, *, allowed_roles: Optional[Sequence[str]] = None, connection_url: Optional[str] = None, data: Optional[Mapping[str, Any]] = None, + disconnect_sessions: Optional[bool] = None, max_connection_lifetime: Optional[int] = None, max_idle_connections: Optional[int] = None, max_open_connections: Optional[int] = None, password: Optional[str] = None, plugin_name: Optional[str] = None, root_rotation_statements: Optional[Sequence[str]] = None, + split_statements: Optional[bool] = None, username: Optional[str] = None, username_template: Optional[str] = None, verify_connection: Optional[bool] = None): @@ -5461,6 +5495,7 @@ def __init__(__self__, *, :param Mapping[str, Any] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings. Supported list of database secrets engines that can be configured: + :param bool disconnect_sessions: Set to true to disconnect any open sessions prior to running the revocation statements. :param int max_connection_lifetime: The maximum amount of time a connection may be reused. :param int max_idle_connections: The maximum number of idle connections to the database. @@ -5469,6 +5504,7 @@ def __init__(__self__, *, :param str password: The root credential password used in the connection URL. :param str plugin_name: Specifies the name of the plugin to use. :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials. + :param bool split_statements: Set to true in order to split statements after semi-colons. :param str username: The root credential username used in the connection URL. :param str username_template: [Template](https://www.vaultproject.io/docs/concepts/username-templating) describing how dynamic usernames are generated. :param bool verify_connection: Whether the connection should be verified on @@ -5481,6 +5517,8 @@ def __init__(__self__, *, pulumi.set(__self__, "connection_url", connection_url) if data is not None: pulumi.set(__self__, "data", data) + if disconnect_sessions is not None: + pulumi.set(__self__, "disconnect_sessions", disconnect_sessions) if max_connection_lifetime is not None: pulumi.set(__self__, "max_connection_lifetime", max_connection_lifetime) if max_idle_connections is not None: @@ -5493,6 +5531,8 @@ def __init__(__self__, *, pulumi.set(__self__, "plugin_name", plugin_name) if root_rotation_statements is not None: pulumi.set(__self__, "root_rotation_statements", root_rotation_statements) + if split_statements is not None: + pulumi.set(__self__, "split_statements", split_statements) if username is not None: pulumi.set(__self__, "username", username) if username_template is not None: @@ -5536,6 +5576,14 @@ def data(self) -> Optional[Mapping[str, Any]]: """ return pulumi.get(self, "data") + @property + @pulumi.getter(name="disconnectSessions") + def disconnect_sessions(self) -> Optional[bool]: + """ + Set to true to disconnect any open sessions prior to running the revocation statements. + """ + return pulumi.get(self, "disconnect_sessions") + @property @pulumi.getter(name="maxConnectionLifetime") def max_connection_lifetime(self) -> Optional[int]: @@ -5586,6 +5634,14 @@ def root_rotation_statements(self) -> Optional[Sequence[str]]: """ return pulumi.get(self, "root_rotation_statements") + @property + @pulumi.getter(name="splitStatements") + def split_statements(self) -> Optional[bool]: + """ + Set to true in order to split statements after semi-colons. + """ + return pulumi.get(self, "split_statements") + @property @pulumi.getter def username(self) -> Optional[str]: diff --git a/sdk/python/pulumi_vault/secrets/__init__.py b/sdk/python/pulumi_vault/secrets/__init__.py new file mode 100644 index 000000000..59375449f --- /dev/null +++ b/sdk/python/pulumi_vault/secrets/__init__.py @@ -0,0 +1,14 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +from .. import _utilities +import typing +# Export this package's modules as members: +from .sync_association import * +from .sync_aws_destination import * +from .sync_azure_destination import * +from .sync_config import * +from .sync_gcp_destination import * +from .sync_gh_destination import * +from .sync_vercel_destination import * diff --git a/sdk/python/pulumi_vault/secrets/sync_association.py b/sdk/python/pulumi_vault/secrets/sync_association.py new file mode 100644 index 000000000..1923aebd9 --- /dev/null +++ b/sdk/python/pulumi_vault/secrets/sync_association.py @@ -0,0 +1,464 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from .. import _utilities + +__all__ = ['SyncAssociationArgs', 'SyncAssociation'] + +@pulumi.input_type +class SyncAssociationArgs: + def __init__(__self__, *, + mount: pulumi.Input[str], + secret_name: pulumi.Input[str], + type: pulumi.Input[str], + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None): + """ + The set of arguments for constructing a SyncAssociation resource. + :param pulumi.Input[str] mount: Specifies the mount where the secret is located. + :param pulumi.Input[str] secret_name: Specifies the name of the secret to synchronize. + :param pulumi.Input[str] type: Specifies the destination type. + :param pulumi.Input[str] name: Specifies the name of the destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + """ + pulumi.set(__self__, "mount", mount) + pulumi.set(__self__, "secret_name", secret_name) + pulumi.set(__self__, "type", type) + if name is not None: + pulumi.set(__self__, "name", name) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + + @property + @pulumi.getter + def mount(self) -> pulumi.Input[str]: + """ + Specifies the mount where the secret is located. + """ + return pulumi.get(self, "mount") + + @mount.setter + def mount(self, value: pulumi.Input[str]): + pulumi.set(self, "mount", value) + + @property + @pulumi.getter(name="secretName") + def secret_name(self) -> pulumi.Input[str]: + """ + Specifies the name of the secret to synchronize. + """ + return pulumi.get(self, "secret_name") + + @secret_name.setter + def secret_name(self, value: pulumi.Input[str]): + pulumi.set(self, "secret_name", value) + + @property + @pulumi.getter + def type(self) -> pulumi.Input[str]: + """ + Specifies the destination type. + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: pulumi.Input[str]): + pulumi.set(self, "type", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Specifies the name of the destination. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def namespace(self) -> Optional[pulumi.Input[str]]: + """ + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + """ + return pulumi.get(self, "namespace") + + @namespace.setter + def namespace(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "namespace", value) + + +@pulumi.input_type +class _SyncAssociationState: + def __init__(__self__, *, + mount: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + secret_name: Optional[pulumi.Input[str]] = None, + sync_status: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None, + updated_at: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering SyncAssociation resources. + :param pulumi.Input[str] mount: Specifies the mount where the secret is located. + :param pulumi.Input[str] name: Specifies the name of the destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] secret_name: Specifies the name of the secret to synchronize. + :param pulumi.Input[str] sync_status: Specifies the status of the association (for eg. `SYNCED`). + :param pulumi.Input[str] type: Specifies the destination type. + :param pulumi.Input[str] updated_at: Duration string specifying when the secret was last updated. + """ + if mount is not None: + pulumi.set(__self__, "mount", mount) + if name is not None: + pulumi.set(__self__, "name", name) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + if secret_name is not None: + pulumi.set(__self__, "secret_name", secret_name) + if sync_status is not None: + pulumi.set(__self__, "sync_status", sync_status) + if type is not None: + pulumi.set(__self__, "type", type) + if updated_at is not None: + pulumi.set(__self__, "updated_at", updated_at) + + @property + @pulumi.getter + def mount(self) -> Optional[pulumi.Input[str]]: + """ + Specifies the mount where the secret is located. + """ + return pulumi.get(self, "mount") + + @mount.setter + def mount(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "mount", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Specifies the name of the destination. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def namespace(self) -> Optional[pulumi.Input[str]]: + """ + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + """ + return pulumi.get(self, "namespace") + + @namespace.setter + def namespace(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "namespace", value) + + @property + @pulumi.getter(name="secretName") + def secret_name(self) -> Optional[pulumi.Input[str]]: + """ + Specifies the name of the secret to synchronize. + """ + return pulumi.get(self, "secret_name") + + @secret_name.setter + def secret_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "secret_name", value) + + @property + @pulumi.getter(name="syncStatus") + def sync_status(self) -> Optional[pulumi.Input[str]]: + """ + Specifies the status of the association (for eg. `SYNCED`). + """ + return pulumi.get(self, "sync_status") + + @sync_status.setter + def sync_status(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "sync_status", value) + + @property + @pulumi.getter + def type(self) -> Optional[pulumi.Input[str]]: + """ + Specifies the destination type. + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "type", value) + + @property + @pulumi.getter(name="updatedAt") + def updated_at(self) -> Optional[pulumi.Input[str]]: + """ + Duration string specifying when the secret was last updated. + """ + return pulumi.get(self, "updated_at") + + @updated_at.setter + def updated_at(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "updated_at", value) + + +class SyncAssociation(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + mount: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + secret_name: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + ## Example Usage + + ```python + import pulumi + import json + import pulumi_vault as vault + + kvv2 = vault.Mount("kvv2", + path="kvv2", + type="kv", + options={ + "version": "2", + }, + description="KV Version 2 secret engine mount") + token = vault.kv.SecretV2("token", + mount=kvv2.path, + data_json=json.dumps({ + "dev": "B!gS3cr3t", + "prod": "S3cureP4$$", + })) + gh = vault.secrets.SyncGhDestination("gh", + access_token=var["access_token"], + repository_owner=var["repo_owner"], + repository_name="repo-name-example", + secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}") + gh_token = vault.secrets.SyncAssociation("ghToken", + type=gh.type, + mount=kvv2.path, + secret_name=token.name) + ``` + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] mount: Specifies the mount where the secret is located. + :param pulumi.Input[str] name: Specifies the name of the destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] secret_name: Specifies the name of the secret to synchronize. + :param pulumi.Input[str] type: Specifies the destination type. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: SyncAssociationArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + ## Example Usage + + ```python + import pulumi + import json + import pulumi_vault as vault + + kvv2 = vault.Mount("kvv2", + path="kvv2", + type="kv", + options={ + "version": "2", + }, + description="KV Version 2 secret engine mount") + token = vault.kv.SecretV2("token", + mount=kvv2.path, + data_json=json.dumps({ + "dev": "B!gS3cr3t", + "prod": "S3cureP4$$", + })) + gh = vault.secrets.SyncGhDestination("gh", + access_token=var["access_token"], + repository_owner=var["repo_owner"], + repository_name="repo-name-example", + secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}") + gh_token = vault.secrets.SyncAssociation("ghToken", + type=gh.type, + mount=kvv2.path, + secret_name=token.name) + ``` + + :param str resource_name: The name of the resource. + :param SyncAssociationArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(SyncAssociationArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + mount: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + secret_name: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = SyncAssociationArgs.__new__(SyncAssociationArgs) + + if mount is None and not opts.urn: + raise TypeError("Missing required property 'mount'") + __props__.__dict__["mount"] = mount + __props__.__dict__["name"] = name + __props__.__dict__["namespace"] = namespace + if secret_name is None and not opts.urn: + raise TypeError("Missing required property 'secret_name'") + __props__.__dict__["secret_name"] = secret_name + if type is None and not opts.urn: + raise TypeError("Missing required property 'type'") + __props__.__dict__["type"] = type + __props__.__dict__["sync_status"] = None + __props__.__dict__["updated_at"] = None + super(SyncAssociation, __self__).__init__( + 'vault:secrets/syncAssociation:SyncAssociation', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + mount: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + secret_name: Optional[pulumi.Input[str]] = None, + sync_status: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None, + updated_at: Optional[pulumi.Input[str]] = None) -> 'SyncAssociation': + """ + Get an existing SyncAssociation resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] mount: Specifies the mount where the secret is located. + :param pulumi.Input[str] name: Specifies the name of the destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] secret_name: Specifies the name of the secret to synchronize. + :param pulumi.Input[str] sync_status: Specifies the status of the association (for eg. `SYNCED`). + :param pulumi.Input[str] type: Specifies the destination type. + :param pulumi.Input[str] updated_at: Duration string specifying when the secret was last updated. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _SyncAssociationState.__new__(_SyncAssociationState) + + __props__.__dict__["mount"] = mount + __props__.__dict__["name"] = name + __props__.__dict__["namespace"] = namespace + __props__.__dict__["secret_name"] = secret_name + __props__.__dict__["sync_status"] = sync_status + __props__.__dict__["type"] = type + __props__.__dict__["updated_at"] = updated_at + return SyncAssociation(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter + def mount(self) -> pulumi.Output[str]: + """ + Specifies the mount where the secret is located. + """ + return pulumi.get(self, "mount") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + Specifies the name of the destination. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def namespace(self) -> pulumi.Output[Optional[str]]: + """ + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + """ + return pulumi.get(self, "namespace") + + @property + @pulumi.getter(name="secretName") + def secret_name(self) -> pulumi.Output[str]: + """ + Specifies the name of the secret to synchronize. + """ + return pulumi.get(self, "secret_name") + + @property + @pulumi.getter(name="syncStatus") + def sync_status(self) -> pulumi.Output[str]: + """ + Specifies the status of the association (for eg. `SYNCED`). + """ + return pulumi.get(self, "sync_status") + + @property + @pulumi.getter + def type(self) -> pulumi.Output[str]: + """ + Specifies the destination type. + """ + return pulumi.get(self, "type") + + @property + @pulumi.getter(name="updatedAt") + def updated_at(self) -> pulumi.Output[str]: + """ + Duration string specifying when the secret was last updated. + """ + return pulumi.get(self, "updated_at") + diff --git a/sdk/python/pulumi_vault/secrets/sync_aws_destination.py b/sdk/python/pulumi_vault/secrets/sync_aws_destination.py new file mode 100644 index 000000000..284077f61 --- /dev/null +++ b/sdk/python/pulumi_vault/secrets/sync_aws_destination.py @@ -0,0 +1,564 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from .. import _utilities + +__all__ = ['SyncAwsDestinationArgs', 'SyncAwsDestination'] + +@pulumi.input_type +class SyncAwsDestinationArgs: + def __init__(__self__, *, + access_key_id: Optional[pulumi.Input[str]] = None, + custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + region: Optional[pulumi.Input[str]] = None, + secret_access_key: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None): + """ + The set of arguments for constructing a SyncAwsDestination resource. + :param pulumi.Input[str] access_key_id: Access key id to authenticate against the AWS secrets manager. + Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + variable. + :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination. + :param pulumi.Input[str] name: Unique name of the AWS destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] region: Region where to manage the secrets manager entries. + Can be omitted and directly provided to Vault using the `AWS_REGION` environment + variable. + :param pulumi.Input[str] secret_access_key: Secret access key to authenticate against the AWS secrets manager. + Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + variable. + :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + """ + if access_key_id is not None: + pulumi.set(__self__, "access_key_id", access_key_id) + if custom_tags is not None: + pulumi.set(__self__, "custom_tags", custom_tags) + if name is not None: + pulumi.set(__self__, "name", name) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + if region is not None: + pulumi.set(__self__, "region", region) + if secret_access_key is not None: + pulumi.set(__self__, "secret_access_key", secret_access_key) + if secret_name_template is not None: + pulumi.set(__self__, "secret_name_template", secret_name_template) + + @property + @pulumi.getter(name="accessKeyId") + def access_key_id(self) -> Optional[pulumi.Input[str]]: + """ + Access key id to authenticate against the AWS secrets manager. + Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + variable. + """ + return pulumi.get(self, "access_key_id") + + @access_key_id.setter + def access_key_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "access_key_id", value) + + @property + @pulumi.getter(name="customTags") + def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: + """ + Custom tags to set on the secret managed at the destination. + """ + return pulumi.get(self, "custom_tags") + + @custom_tags.setter + def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): + pulumi.set(self, "custom_tags", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Unique name of the AWS destination. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def namespace(self) -> Optional[pulumi.Input[str]]: + """ + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + """ + return pulumi.get(self, "namespace") + + @namespace.setter + def namespace(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "namespace", value) + + @property + @pulumi.getter + def region(self) -> Optional[pulumi.Input[str]]: + """ + Region where to manage the secrets manager entries. + Can be omitted and directly provided to Vault using the `AWS_REGION` environment + variable. + """ + return pulumi.get(self, "region") + + @region.setter + def region(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "region", value) + + @property + @pulumi.getter(name="secretAccessKey") + def secret_access_key(self) -> Optional[pulumi.Input[str]]: + """ + Secret access key to authenticate against the AWS secrets manager. + Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + variable. + """ + return pulumi.get(self, "secret_access_key") + + @secret_access_key.setter + def secret_access_key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "secret_access_key", value) + + @property + @pulumi.getter(name="secretNameTemplate") + def secret_name_template(self) -> Optional[pulumi.Input[str]]: + """ + Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + """ + return pulumi.get(self, "secret_name_template") + + @secret_name_template.setter + def secret_name_template(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "secret_name_template", value) + + +@pulumi.input_type +class _SyncAwsDestinationState: + def __init__(__self__, *, + access_key_id: Optional[pulumi.Input[str]] = None, + custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + region: Optional[pulumi.Input[str]] = None, + secret_access_key: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering SyncAwsDestination resources. + :param pulumi.Input[str] access_key_id: Access key id to authenticate against the AWS secrets manager. + Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + variable. + :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination. + :param pulumi.Input[str] name: Unique name of the AWS destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] region: Region where to manage the secrets manager entries. + Can be omitted and directly provided to Vault using the `AWS_REGION` environment + variable. + :param pulumi.Input[str] secret_access_key: Secret access key to authenticate against the AWS secrets manager. + Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + variable. + :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + :param pulumi.Input[str] type: The type of the secrets destination (`aws-sm`). + """ + if access_key_id is not None: + pulumi.set(__self__, "access_key_id", access_key_id) + if custom_tags is not None: + pulumi.set(__self__, "custom_tags", custom_tags) + if name is not None: + pulumi.set(__self__, "name", name) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + if region is not None: + pulumi.set(__self__, "region", region) + if secret_access_key is not None: + pulumi.set(__self__, "secret_access_key", secret_access_key) + if secret_name_template is not None: + pulumi.set(__self__, "secret_name_template", secret_name_template) + if type is not None: + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter(name="accessKeyId") + def access_key_id(self) -> Optional[pulumi.Input[str]]: + """ + Access key id to authenticate against the AWS secrets manager. + Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + variable. + """ + return pulumi.get(self, "access_key_id") + + @access_key_id.setter + def access_key_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "access_key_id", value) + + @property + @pulumi.getter(name="customTags") + def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: + """ + Custom tags to set on the secret managed at the destination. + """ + return pulumi.get(self, "custom_tags") + + @custom_tags.setter + def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): + pulumi.set(self, "custom_tags", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Unique name of the AWS destination. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def namespace(self) -> Optional[pulumi.Input[str]]: + """ + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + """ + return pulumi.get(self, "namespace") + + @namespace.setter + def namespace(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "namespace", value) + + @property + @pulumi.getter + def region(self) -> Optional[pulumi.Input[str]]: + """ + Region where to manage the secrets manager entries. + Can be omitted and directly provided to Vault using the `AWS_REGION` environment + variable. + """ + return pulumi.get(self, "region") + + @region.setter + def region(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "region", value) + + @property + @pulumi.getter(name="secretAccessKey") + def secret_access_key(self) -> Optional[pulumi.Input[str]]: + """ + Secret access key to authenticate against the AWS secrets manager. + Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + variable. + """ + return pulumi.get(self, "secret_access_key") + + @secret_access_key.setter + def secret_access_key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "secret_access_key", value) + + @property + @pulumi.getter(name="secretNameTemplate") + def secret_name_template(self) -> Optional[pulumi.Input[str]]: + """ + Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + """ + return pulumi.get(self, "secret_name_template") + + @secret_name_template.setter + def secret_name_template(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "secret_name_template", value) + + @property + @pulumi.getter + def type(self) -> Optional[pulumi.Input[str]]: + """ + The type of the secrets destination (`aws-sm`). + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "type", value) + + +class SyncAwsDestination(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + access_key_id: Optional[pulumi.Input[str]] = None, + custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + region: Optional[pulumi.Input[str]] = None, + secret_access_key: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + ## Example Usage + + ```python + import pulumi + import pulumi_vault as vault + + aws = vault.secrets.SyncAwsDestination("aws", + access_key_id=var["access_key_id"], + secret_access_key=var["secret_access_key"], + region="us-east-1", + secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}", + custom_tags={ + "foo": "bar", + }) + ``` + + ## Import + + AWS Secrets sync destinations can be imported using the `name`, e.g. + + ```sh + $ pulumi import vault:secrets/syncAwsDestination:SyncAwsDestination aws aws-dest + ``` + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] access_key_id: Access key id to authenticate against the AWS secrets manager. + Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + variable. + :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination. + :param pulumi.Input[str] name: Unique name of the AWS destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] region: Region where to manage the secrets manager entries. + Can be omitted and directly provided to Vault using the `AWS_REGION` environment + variable. + :param pulumi.Input[str] secret_access_key: Secret access key to authenticate against the AWS secrets manager. + Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + variable. + :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: Optional[SyncAwsDestinationArgs] = None, + opts: Optional[pulumi.ResourceOptions] = None): + """ + ## Example Usage + + ```python + import pulumi + import pulumi_vault as vault + + aws = vault.secrets.SyncAwsDestination("aws", + access_key_id=var["access_key_id"], + secret_access_key=var["secret_access_key"], + region="us-east-1", + secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}", + custom_tags={ + "foo": "bar", + }) + ``` + + ## Import + + AWS Secrets sync destinations can be imported using the `name`, e.g. + + ```sh + $ pulumi import vault:secrets/syncAwsDestination:SyncAwsDestination aws aws-dest + ``` + + :param str resource_name: The name of the resource. + :param SyncAwsDestinationArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(SyncAwsDestinationArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + access_key_id: Optional[pulumi.Input[str]] = None, + custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + region: Optional[pulumi.Input[str]] = None, + secret_access_key: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = SyncAwsDestinationArgs.__new__(SyncAwsDestinationArgs) + + __props__.__dict__["access_key_id"] = access_key_id + __props__.__dict__["custom_tags"] = custom_tags + __props__.__dict__["name"] = name + __props__.__dict__["namespace"] = namespace + __props__.__dict__["region"] = region + __props__.__dict__["secret_access_key"] = None if secret_access_key is None else pulumi.Output.secret(secret_access_key) + __props__.__dict__["secret_name_template"] = secret_name_template + __props__.__dict__["type"] = None + secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["secretAccessKey"]) + opts = pulumi.ResourceOptions.merge(opts, secret_opts) + super(SyncAwsDestination, __self__).__init__( + 'vault:secrets/syncAwsDestination:SyncAwsDestination', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + access_key_id: Optional[pulumi.Input[str]] = None, + custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + region: Optional[pulumi.Input[str]] = None, + secret_access_key: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None) -> 'SyncAwsDestination': + """ + Get an existing SyncAwsDestination resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] access_key_id: Access key id to authenticate against the AWS secrets manager. + Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + variable. + :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination. + :param pulumi.Input[str] name: Unique name of the AWS destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] region: Region where to manage the secrets manager entries. + Can be omitted and directly provided to Vault using the `AWS_REGION` environment + variable. + :param pulumi.Input[str] secret_access_key: Secret access key to authenticate against the AWS secrets manager. + Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + variable. + :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + :param pulumi.Input[str] type: The type of the secrets destination (`aws-sm`). + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _SyncAwsDestinationState.__new__(_SyncAwsDestinationState) + + __props__.__dict__["access_key_id"] = access_key_id + __props__.__dict__["custom_tags"] = custom_tags + __props__.__dict__["name"] = name + __props__.__dict__["namespace"] = namespace + __props__.__dict__["region"] = region + __props__.__dict__["secret_access_key"] = secret_access_key + __props__.__dict__["secret_name_template"] = secret_name_template + __props__.__dict__["type"] = type + return SyncAwsDestination(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="accessKeyId") + def access_key_id(self) -> pulumi.Output[Optional[str]]: + """ + Access key id to authenticate against the AWS secrets manager. + Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment + variable. + """ + return pulumi.get(self, "access_key_id") + + @property + @pulumi.getter(name="customTags") + def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, Any]]]: + """ + Custom tags to set on the secret managed at the destination. + """ + return pulumi.get(self, "custom_tags") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + Unique name of the AWS destination. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def namespace(self) -> pulumi.Output[Optional[str]]: + """ + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + """ + return pulumi.get(self, "namespace") + + @property + @pulumi.getter + def region(self) -> pulumi.Output[Optional[str]]: + """ + Region where to manage the secrets manager entries. + Can be omitted and directly provided to Vault using the `AWS_REGION` environment + variable. + """ + return pulumi.get(self, "region") + + @property + @pulumi.getter(name="secretAccessKey") + def secret_access_key(self) -> pulumi.Output[Optional[str]]: + """ + Secret access key to authenticate against the AWS secrets manager. + Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment + variable. + """ + return pulumi.get(self, "secret_access_key") + + @property + @pulumi.getter(name="secretNameTemplate") + def secret_name_template(self) -> pulumi.Output[str]: + """ + Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + """ + return pulumi.get(self, "secret_name_template") + + @property + @pulumi.getter + def type(self) -> pulumi.Output[str]: + """ + The type of the secrets destination (`aws-sm`). + """ + return pulumi.get(self, "type") + diff --git a/sdk/python/pulumi_vault/secrets/sync_azure_destination.py b/sdk/python/pulumi_vault/secrets/sync_azure_destination.py new file mode 100644 index 000000000..eaab36b30 --- /dev/null +++ b/sdk/python/pulumi_vault/secrets/sync_azure_destination.py @@ -0,0 +1,674 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from .. import _utilities + +__all__ = ['SyncAzureDestinationArgs', 'SyncAzureDestination'] + +@pulumi.input_type +class SyncAzureDestinationArgs: + def __init__(__self__, *, + client_id: Optional[pulumi.Input[str]] = None, + client_secret: Optional[pulumi.Input[str]] = None, + cloud: Optional[pulumi.Input[str]] = None, + custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None, + key_vault_uri: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + tenant_id: Optional[pulumi.Input[str]] = None): + """ + The set of arguments for constructing a SyncAzureDestination resource. + :param pulumi.Input[str] client_id: Client ID of an Azure app registration. + Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + variable. + :param pulumi.Input[str] client_secret: Client Secret of an Azure app registration. + Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + variable. + :param pulumi.Input[str] cloud: Specifies a cloud for the client. The default is Azure Public Cloud. + :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination. + :param pulumi.Input[str] key_vault_uri: URI of an existing Azure Key Vault instance. + Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + variable. + :param pulumi.Input[str] name: Unique name of the Azure destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + :param pulumi.Input[str] tenant_id: ID of the target Azure tenant. + Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + variable. + """ + if client_id is not None: + pulumi.set(__self__, "client_id", client_id) + if client_secret is not None: + pulumi.set(__self__, "client_secret", client_secret) + if cloud is not None: + pulumi.set(__self__, "cloud", cloud) + if custom_tags is not None: + pulumi.set(__self__, "custom_tags", custom_tags) + if key_vault_uri is not None: + pulumi.set(__self__, "key_vault_uri", key_vault_uri) + if name is not None: + pulumi.set(__self__, "name", name) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + if secret_name_template is not None: + pulumi.set(__self__, "secret_name_template", secret_name_template) + if tenant_id is not None: + pulumi.set(__self__, "tenant_id", tenant_id) + + @property + @pulumi.getter(name="clientId") + def client_id(self) -> Optional[pulumi.Input[str]]: + """ + Client ID of an Azure app registration. + Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + variable. + """ + return pulumi.get(self, "client_id") + + @client_id.setter + def client_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "client_id", value) + + @property + @pulumi.getter(name="clientSecret") + def client_secret(self) -> Optional[pulumi.Input[str]]: + """ + Client Secret of an Azure app registration. + Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + variable. + """ + return pulumi.get(self, "client_secret") + + @client_secret.setter + def client_secret(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "client_secret", value) + + @property + @pulumi.getter + def cloud(self) -> Optional[pulumi.Input[str]]: + """ + Specifies a cloud for the client. The default is Azure Public Cloud. + """ + return pulumi.get(self, "cloud") + + @cloud.setter + def cloud(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "cloud", value) + + @property + @pulumi.getter(name="customTags") + def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: + """ + Custom tags to set on the secret managed at the destination. + """ + return pulumi.get(self, "custom_tags") + + @custom_tags.setter + def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): + pulumi.set(self, "custom_tags", value) + + @property + @pulumi.getter(name="keyVaultUri") + def key_vault_uri(self) -> Optional[pulumi.Input[str]]: + """ + URI of an existing Azure Key Vault instance. + Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + variable. + """ + return pulumi.get(self, "key_vault_uri") + + @key_vault_uri.setter + def key_vault_uri(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key_vault_uri", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Unique name of the Azure destination. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def namespace(self) -> Optional[pulumi.Input[str]]: + """ + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + """ + return pulumi.get(self, "namespace") + + @namespace.setter + def namespace(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "namespace", value) + + @property + @pulumi.getter(name="secretNameTemplate") + def secret_name_template(self) -> Optional[pulumi.Input[str]]: + """ + Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + """ + return pulumi.get(self, "secret_name_template") + + @secret_name_template.setter + def secret_name_template(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "secret_name_template", value) + + @property + @pulumi.getter(name="tenantId") + def tenant_id(self) -> Optional[pulumi.Input[str]]: + """ + ID of the target Azure tenant. + Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + variable. + """ + return pulumi.get(self, "tenant_id") + + @tenant_id.setter + def tenant_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "tenant_id", value) + + +@pulumi.input_type +class _SyncAzureDestinationState: + def __init__(__self__, *, + client_id: Optional[pulumi.Input[str]] = None, + client_secret: Optional[pulumi.Input[str]] = None, + cloud: Optional[pulumi.Input[str]] = None, + custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None, + key_vault_uri: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + tenant_id: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering SyncAzureDestination resources. + :param pulumi.Input[str] client_id: Client ID of an Azure app registration. + Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + variable. + :param pulumi.Input[str] client_secret: Client Secret of an Azure app registration. + Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + variable. + :param pulumi.Input[str] cloud: Specifies a cloud for the client. The default is Azure Public Cloud. + :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination. + :param pulumi.Input[str] key_vault_uri: URI of an existing Azure Key Vault instance. + Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + variable. + :param pulumi.Input[str] name: Unique name of the Azure destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + :param pulumi.Input[str] tenant_id: ID of the target Azure tenant. + Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + variable. + :param pulumi.Input[str] type: The type of the secrets destination (`azure-kv`). + """ + if client_id is not None: + pulumi.set(__self__, "client_id", client_id) + if client_secret is not None: + pulumi.set(__self__, "client_secret", client_secret) + if cloud is not None: + pulumi.set(__self__, "cloud", cloud) + if custom_tags is not None: + pulumi.set(__self__, "custom_tags", custom_tags) + if key_vault_uri is not None: + pulumi.set(__self__, "key_vault_uri", key_vault_uri) + if name is not None: + pulumi.set(__self__, "name", name) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + if secret_name_template is not None: + pulumi.set(__self__, "secret_name_template", secret_name_template) + if tenant_id is not None: + pulumi.set(__self__, "tenant_id", tenant_id) + if type is not None: + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter(name="clientId") + def client_id(self) -> Optional[pulumi.Input[str]]: + """ + Client ID of an Azure app registration. + Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + variable. + """ + return pulumi.get(self, "client_id") + + @client_id.setter + def client_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "client_id", value) + + @property + @pulumi.getter(name="clientSecret") + def client_secret(self) -> Optional[pulumi.Input[str]]: + """ + Client Secret of an Azure app registration. + Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + variable. + """ + return pulumi.get(self, "client_secret") + + @client_secret.setter + def client_secret(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "client_secret", value) + + @property + @pulumi.getter + def cloud(self) -> Optional[pulumi.Input[str]]: + """ + Specifies a cloud for the client. The default is Azure Public Cloud. + """ + return pulumi.get(self, "cloud") + + @cloud.setter + def cloud(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "cloud", value) + + @property + @pulumi.getter(name="customTags") + def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: + """ + Custom tags to set on the secret managed at the destination. + """ + return pulumi.get(self, "custom_tags") + + @custom_tags.setter + def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): + pulumi.set(self, "custom_tags", value) + + @property + @pulumi.getter(name="keyVaultUri") + def key_vault_uri(self) -> Optional[pulumi.Input[str]]: + """ + URI of an existing Azure Key Vault instance. + Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + variable. + """ + return pulumi.get(self, "key_vault_uri") + + @key_vault_uri.setter + def key_vault_uri(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key_vault_uri", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Unique name of the Azure destination. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def namespace(self) -> Optional[pulumi.Input[str]]: + """ + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + """ + return pulumi.get(self, "namespace") + + @namespace.setter + def namespace(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "namespace", value) + + @property + @pulumi.getter(name="secretNameTemplate") + def secret_name_template(self) -> Optional[pulumi.Input[str]]: + """ + Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + """ + return pulumi.get(self, "secret_name_template") + + @secret_name_template.setter + def secret_name_template(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "secret_name_template", value) + + @property + @pulumi.getter(name="tenantId") + def tenant_id(self) -> Optional[pulumi.Input[str]]: + """ + ID of the target Azure tenant. + Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + variable. + """ + return pulumi.get(self, "tenant_id") + + @tenant_id.setter + def tenant_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "tenant_id", value) + + @property + @pulumi.getter + def type(self) -> Optional[pulumi.Input[str]]: + """ + The type of the secrets destination (`azure-kv`). + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "type", value) + + +class SyncAzureDestination(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + client_id: Optional[pulumi.Input[str]] = None, + client_secret: Optional[pulumi.Input[str]] = None, + cloud: Optional[pulumi.Input[str]] = None, + custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None, + key_vault_uri: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + tenant_id: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + ## Example Usage + + ```python + import pulumi + import pulumi_vault as vault + + az = vault.secrets.SyncAzureDestination("az", + key_vault_uri=var["key_vault_uri"], + client_id=var["client_id"], + client_secret=var["client_secret"], + tenant_id=var["tenant_id"], + secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}", + custom_tags={ + "foo": "bar", + }) + ``` + + ## Import + + Azure Secrets sync destinations can be imported using the `name`, e.g. + + ```sh + $ pulumi import vault:secrets/syncAzureDestination:SyncAzureDestination az az-dest + ``` + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] client_id: Client ID of an Azure app registration. + Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + variable. + :param pulumi.Input[str] client_secret: Client Secret of an Azure app registration. + Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + variable. + :param pulumi.Input[str] cloud: Specifies a cloud for the client. The default is Azure Public Cloud. + :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination. + :param pulumi.Input[str] key_vault_uri: URI of an existing Azure Key Vault instance. + Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + variable. + :param pulumi.Input[str] name: Unique name of the Azure destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + :param pulumi.Input[str] tenant_id: ID of the target Azure tenant. + Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + variable. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: Optional[SyncAzureDestinationArgs] = None, + opts: Optional[pulumi.ResourceOptions] = None): + """ + ## Example Usage + + ```python + import pulumi + import pulumi_vault as vault + + az = vault.secrets.SyncAzureDestination("az", + key_vault_uri=var["key_vault_uri"], + client_id=var["client_id"], + client_secret=var["client_secret"], + tenant_id=var["tenant_id"], + secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}", + custom_tags={ + "foo": "bar", + }) + ``` + + ## Import + + Azure Secrets sync destinations can be imported using the `name`, e.g. + + ```sh + $ pulumi import vault:secrets/syncAzureDestination:SyncAzureDestination az az-dest + ``` + + :param str resource_name: The name of the resource. + :param SyncAzureDestinationArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(SyncAzureDestinationArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + client_id: Optional[pulumi.Input[str]] = None, + client_secret: Optional[pulumi.Input[str]] = None, + cloud: Optional[pulumi.Input[str]] = None, + custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None, + key_vault_uri: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + tenant_id: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = SyncAzureDestinationArgs.__new__(SyncAzureDestinationArgs) + + __props__.__dict__["client_id"] = client_id + __props__.__dict__["client_secret"] = None if client_secret is None else pulumi.Output.secret(client_secret) + __props__.__dict__["cloud"] = cloud + __props__.__dict__["custom_tags"] = custom_tags + __props__.__dict__["key_vault_uri"] = key_vault_uri + __props__.__dict__["name"] = name + __props__.__dict__["namespace"] = namespace + __props__.__dict__["secret_name_template"] = secret_name_template + __props__.__dict__["tenant_id"] = tenant_id + __props__.__dict__["type"] = None + secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["clientSecret"]) + opts = pulumi.ResourceOptions.merge(opts, secret_opts) + super(SyncAzureDestination, __self__).__init__( + 'vault:secrets/syncAzureDestination:SyncAzureDestination', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + client_id: Optional[pulumi.Input[str]] = None, + client_secret: Optional[pulumi.Input[str]] = None, + cloud: Optional[pulumi.Input[str]] = None, + custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None, + key_vault_uri: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + tenant_id: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None) -> 'SyncAzureDestination': + """ + Get an existing SyncAzureDestination resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] client_id: Client ID of an Azure app registration. + Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + variable. + :param pulumi.Input[str] client_secret: Client Secret of an Azure app registration. + Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + variable. + :param pulumi.Input[str] cloud: Specifies a cloud for the client. The default is Azure Public Cloud. + :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination. + :param pulumi.Input[str] key_vault_uri: URI of an existing Azure Key Vault instance. + Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + variable. + :param pulumi.Input[str] name: Unique name of the Azure destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + :param pulumi.Input[str] tenant_id: ID of the target Azure tenant. + Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + variable. + :param pulumi.Input[str] type: The type of the secrets destination (`azure-kv`). + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _SyncAzureDestinationState.__new__(_SyncAzureDestinationState) + + __props__.__dict__["client_id"] = client_id + __props__.__dict__["client_secret"] = client_secret + __props__.__dict__["cloud"] = cloud + __props__.__dict__["custom_tags"] = custom_tags + __props__.__dict__["key_vault_uri"] = key_vault_uri + __props__.__dict__["name"] = name + __props__.__dict__["namespace"] = namespace + __props__.__dict__["secret_name_template"] = secret_name_template + __props__.__dict__["tenant_id"] = tenant_id + __props__.__dict__["type"] = type + return SyncAzureDestination(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="clientId") + def client_id(self) -> pulumi.Output[Optional[str]]: + """ + Client ID of an Azure app registration. + Can be omitted and directly provided to Vault using the `AZURE_CLIENT_ID` environment + variable. + """ + return pulumi.get(self, "client_id") + + @property + @pulumi.getter(name="clientSecret") + def client_secret(self) -> pulumi.Output[Optional[str]]: + """ + Client Secret of an Azure app registration. + Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment + variable. + """ + return pulumi.get(self, "client_secret") + + @property + @pulumi.getter + def cloud(self) -> pulumi.Output[Optional[str]]: + """ + Specifies a cloud for the client. The default is Azure Public Cloud. + """ + return pulumi.get(self, "cloud") + + @property + @pulumi.getter(name="customTags") + def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, Any]]]: + """ + Custom tags to set on the secret managed at the destination. + """ + return pulumi.get(self, "custom_tags") + + @property + @pulumi.getter(name="keyVaultUri") + def key_vault_uri(self) -> pulumi.Output[Optional[str]]: + """ + URI of an existing Azure Key Vault instance. + Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment + variable. + """ + return pulumi.get(self, "key_vault_uri") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + Unique name of the Azure destination. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def namespace(self) -> pulumi.Output[Optional[str]]: + """ + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + """ + return pulumi.get(self, "namespace") + + @property + @pulumi.getter(name="secretNameTemplate") + def secret_name_template(self) -> pulumi.Output[str]: + """ + Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + """ + return pulumi.get(self, "secret_name_template") + + @property + @pulumi.getter(name="tenantId") + def tenant_id(self) -> pulumi.Output[Optional[str]]: + """ + ID of the target Azure tenant. + Can be omitted and directly provided to Vault using the `AZURE_TENANT_ID` environment + variable. + """ + return pulumi.get(self, "tenant_id") + + @property + @pulumi.getter + def type(self) -> pulumi.Output[str]: + """ + The type of the secrets destination (`azure-kv`). + """ + return pulumi.get(self, "type") + diff --git a/sdk/python/pulumi_vault/secrets/sync_config.py b/sdk/python/pulumi_vault/secrets/sync_config.py new file mode 100644 index 000000000..67b5ebc03 --- /dev/null +++ b/sdk/python/pulumi_vault/secrets/sync_config.py @@ -0,0 +1,297 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from .. import _utilities + +__all__ = ['SyncConfigArgs', 'SyncConfig'] + +@pulumi.input_type +class SyncConfigArgs: + def __init__(__self__, *, + disabled: Optional[pulumi.Input[bool]] = None, + namespace: Optional[pulumi.Input[str]] = None, + queue_capacity: Optional[pulumi.Input[int]] = None): + """ + The set of arguments for constructing a SyncConfig resource. + :param pulumi.Input[bool] disabled: Disables the syncing process between Vault and external destinations. Defaults to `false`. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + This resource can only be configured in the root namespace. + *Available only for Vault Enterprise*. + :param pulumi.Input[int] queue_capacity: Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + """ + if disabled is not None: + pulumi.set(__self__, "disabled", disabled) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + if queue_capacity is not None: + pulumi.set(__self__, "queue_capacity", queue_capacity) + + @property + @pulumi.getter + def disabled(self) -> Optional[pulumi.Input[bool]]: + """ + Disables the syncing process between Vault and external destinations. Defaults to `false`. + """ + return pulumi.get(self, "disabled") + + @disabled.setter + def disabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "disabled", value) + + @property + @pulumi.getter + def namespace(self) -> Optional[pulumi.Input[str]]: + """ + The namespace to provision the resource in. + This resource can only be configured in the root namespace. + *Available only for Vault Enterprise*. + """ + return pulumi.get(self, "namespace") + + @namespace.setter + def namespace(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "namespace", value) + + @property + @pulumi.getter(name="queueCapacity") + def queue_capacity(self) -> Optional[pulumi.Input[int]]: + """ + Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + """ + return pulumi.get(self, "queue_capacity") + + @queue_capacity.setter + def queue_capacity(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "queue_capacity", value) + + +@pulumi.input_type +class _SyncConfigState: + def __init__(__self__, *, + disabled: Optional[pulumi.Input[bool]] = None, + namespace: Optional[pulumi.Input[str]] = None, + queue_capacity: Optional[pulumi.Input[int]] = None): + """ + Input properties used for looking up and filtering SyncConfig resources. + :param pulumi.Input[bool] disabled: Disables the syncing process between Vault and external destinations. Defaults to `false`. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + This resource can only be configured in the root namespace. + *Available only for Vault Enterprise*. + :param pulumi.Input[int] queue_capacity: Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + """ + if disabled is not None: + pulumi.set(__self__, "disabled", disabled) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + if queue_capacity is not None: + pulumi.set(__self__, "queue_capacity", queue_capacity) + + @property + @pulumi.getter + def disabled(self) -> Optional[pulumi.Input[bool]]: + """ + Disables the syncing process between Vault and external destinations. Defaults to `false`. + """ + return pulumi.get(self, "disabled") + + @disabled.setter + def disabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "disabled", value) + + @property + @pulumi.getter + def namespace(self) -> Optional[pulumi.Input[str]]: + """ + The namespace to provision the resource in. + This resource can only be configured in the root namespace. + *Available only for Vault Enterprise*. + """ + return pulumi.get(self, "namespace") + + @namespace.setter + def namespace(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "namespace", value) + + @property + @pulumi.getter(name="queueCapacity") + def queue_capacity(self) -> Optional[pulumi.Input[int]]: + """ + Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + """ + return pulumi.get(self, "queue_capacity") + + @queue_capacity.setter + def queue_capacity(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "queue_capacity", value) + + +class SyncConfig(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + disabled: Optional[pulumi.Input[bool]] = None, + namespace: Optional[pulumi.Input[str]] = None, + queue_capacity: Optional[pulumi.Input[int]] = None, + __props__=None): + """ + Configures the secret sync global config. + The config is global and can only be managed in the root namespace. + + > **Important** The config is global so the secrets.SyncConfig resource must not be defined + multiple times for the same Vault server. If multiple definition exists, the last one applied will be + effective. + + ## Example Usage + + ```python + import pulumi + import pulumi_vault as vault + + global_config = vault.secrets.SyncConfig("globalConfig", + disabled=True, + queue_capacity=500000) + ``` + + ## Import + + ```sh + $ pulumi import vault:secrets/syncConfig:SyncConfig config global_config + ``` + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[bool] disabled: Disables the syncing process between Vault and external destinations. Defaults to `false`. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + This resource can only be configured in the root namespace. + *Available only for Vault Enterprise*. + :param pulumi.Input[int] queue_capacity: Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: Optional[SyncConfigArgs] = None, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Configures the secret sync global config. + The config is global and can only be managed in the root namespace. + + > **Important** The config is global so the secrets.SyncConfig resource must not be defined + multiple times for the same Vault server. If multiple definition exists, the last one applied will be + effective. + + ## Example Usage + + ```python + import pulumi + import pulumi_vault as vault + + global_config = vault.secrets.SyncConfig("globalConfig", + disabled=True, + queue_capacity=500000) + ``` + + ## Import + + ```sh + $ pulumi import vault:secrets/syncConfig:SyncConfig config global_config + ``` + + :param str resource_name: The name of the resource. + :param SyncConfigArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(SyncConfigArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + disabled: Optional[pulumi.Input[bool]] = None, + namespace: Optional[pulumi.Input[str]] = None, + queue_capacity: Optional[pulumi.Input[int]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = SyncConfigArgs.__new__(SyncConfigArgs) + + __props__.__dict__["disabled"] = disabled + __props__.__dict__["namespace"] = namespace + __props__.__dict__["queue_capacity"] = queue_capacity + super(SyncConfig, __self__).__init__( + 'vault:secrets/syncConfig:SyncConfig', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + disabled: Optional[pulumi.Input[bool]] = None, + namespace: Optional[pulumi.Input[str]] = None, + queue_capacity: Optional[pulumi.Input[int]] = None) -> 'SyncConfig': + """ + Get an existing SyncConfig resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[bool] disabled: Disables the syncing process between Vault and external destinations. Defaults to `false`. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + This resource can only be configured in the root namespace. + *Available only for Vault Enterprise*. + :param pulumi.Input[int] queue_capacity: Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _SyncConfigState.__new__(_SyncConfigState) + + __props__.__dict__["disabled"] = disabled + __props__.__dict__["namespace"] = namespace + __props__.__dict__["queue_capacity"] = queue_capacity + return SyncConfig(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter + def disabled(self) -> pulumi.Output[Optional[bool]]: + """ + Disables the syncing process between Vault and external destinations. Defaults to `false`. + """ + return pulumi.get(self, "disabled") + + @property + @pulumi.getter + def namespace(self) -> pulumi.Output[Optional[str]]: + """ + The namespace to provision the resource in. + This resource can only be configured in the root namespace. + *Available only for Vault Enterprise*. + """ + return pulumi.get(self, "namespace") + + @property + @pulumi.getter(name="queueCapacity") + def queue_capacity(self) -> pulumi.Output[Optional[int]]: + """ + Maximum number of pending sync operations allowed on the queue. Defaults to `1000000`. + """ + return pulumi.get(self, "queue_capacity") + diff --git a/sdk/python/pulumi_vault/secrets/sync_gcp_destination.py b/sdk/python/pulumi_vault/secrets/sync_gcp_destination.py new file mode 100644 index 000000000..72e8e2cda --- /dev/null +++ b/sdk/python/pulumi_vault/secrets/sync_gcp_destination.py @@ -0,0 +1,438 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from .. import _utilities + +__all__ = ['SyncGcpDestinationArgs', 'SyncGcpDestination'] + +@pulumi.input_type +class SyncGcpDestinationArgs: + def __init__(__self__, *, + credentials: Optional[pulumi.Input[str]] = None, + custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None): + """ + The set of arguments for constructing a SyncGcpDestination resource. + :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP. + Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + variable. + :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination. + :param pulumi.Input[str] name: Unique name of the GCP destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + """ + if credentials is not None: + pulumi.set(__self__, "credentials", credentials) + if custom_tags is not None: + pulumi.set(__self__, "custom_tags", custom_tags) + if name is not None: + pulumi.set(__self__, "name", name) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + if secret_name_template is not None: + pulumi.set(__self__, "secret_name_template", secret_name_template) + + @property + @pulumi.getter + def credentials(self) -> Optional[pulumi.Input[str]]: + """ + JSON-encoded credentials to use to connect to GCP. + Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + variable. + """ + return pulumi.get(self, "credentials") + + @credentials.setter + def credentials(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "credentials", value) + + @property + @pulumi.getter(name="customTags") + def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: + """ + Custom tags to set on the secret managed at the destination. + """ + return pulumi.get(self, "custom_tags") + + @custom_tags.setter + def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): + pulumi.set(self, "custom_tags", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Unique name of the GCP destination. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def namespace(self) -> Optional[pulumi.Input[str]]: + """ + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + """ + return pulumi.get(self, "namespace") + + @namespace.setter + def namespace(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "namespace", value) + + @property + @pulumi.getter(name="secretNameTemplate") + def secret_name_template(self) -> Optional[pulumi.Input[str]]: + """ + Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + """ + return pulumi.get(self, "secret_name_template") + + @secret_name_template.setter + def secret_name_template(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "secret_name_template", value) + + +@pulumi.input_type +class _SyncGcpDestinationState: + def __init__(__self__, *, + credentials: Optional[pulumi.Input[str]] = None, + custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering SyncGcpDestination resources. + :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP. + Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + variable. + :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination. + :param pulumi.Input[str] name: Unique name of the GCP destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + :param pulumi.Input[str] type: The type of the secrets destination (`gcp-sm`). + """ + if credentials is not None: + pulumi.set(__self__, "credentials", credentials) + if custom_tags is not None: + pulumi.set(__self__, "custom_tags", custom_tags) + if name is not None: + pulumi.set(__self__, "name", name) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + if secret_name_template is not None: + pulumi.set(__self__, "secret_name_template", secret_name_template) + if type is not None: + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter + def credentials(self) -> Optional[pulumi.Input[str]]: + """ + JSON-encoded credentials to use to connect to GCP. + Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + variable. + """ + return pulumi.get(self, "credentials") + + @credentials.setter + def credentials(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "credentials", value) + + @property + @pulumi.getter(name="customTags") + def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: + """ + Custom tags to set on the secret managed at the destination. + """ + return pulumi.get(self, "custom_tags") + + @custom_tags.setter + def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): + pulumi.set(self, "custom_tags", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Unique name of the GCP destination. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def namespace(self) -> Optional[pulumi.Input[str]]: + """ + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + """ + return pulumi.get(self, "namespace") + + @namespace.setter + def namespace(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "namespace", value) + + @property + @pulumi.getter(name="secretNameTemplate") + def secret_name_template(self) -> Optional[pulumi.Input[str]]: + """ + Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + """ + return pulumi.get(self, "secret_name_template") + + @secret_name_template.setter + def secret_name_template(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "secret_name_template", value) + + @property + @pulumi.getter + def type(self) -> Optional[pulumi.Input[str]]: + """ + The type of the secrets destination (`gcp-sm`). + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "type", value) + + +class SyncGcpDestination(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + credentials: Optional[pulumi.Input[str]] = None, + custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + ## Example Usage + + ```python + import pulumi + import pulumi_vault as vault + + gcp = vault.secrets.SyncGcpDestination("gcp", + credentials=(lambda path: open(path).read())(var["credentials_file"]), + secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}", + custom_tags={ + "foo": "bar", + }) + ``` + + ## Import + + GCP Secrets sync destinations can be imported using the `name`, e.g. + + ```sh + $ pulumi import vault:secrets/syncGcpDestination:SyncGcpDestination gcp gcp-dest + ``` + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP. + Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + variable. + :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination. + :param pulumi.Input[str] name: Unique name of the GCP destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: Optional[SyncGcpDestinationArgs] = None, + opts: Optional[pulumi.ResourceOptions] = None): + """ + ## Example Usage + + ```python + import pulumi + import pulumi_vault as vault + + gcp = vault.secrets.SyncGcpDestination("gcp", + credentials=(lambda path: open(path).read())(var["credentials_file"]), + secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}", + custom_tags={ + "foo": "bar", + }) + ``` + + ## Import + + GCP Secrets sync destinations can be imported using the `name`, e.g. + + ```sh + $ pulumi import vault:secrets/syncGcpDestination:SyncGcpDestination gcp gcp-dest + ``` + + :param str resource_name: The name of the resource. + :param SyncGcpDestinationArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(SyncGcpDestinationArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + credentials: Optional[pulumi.Input[str]] = None, + custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = SyncGcpDestinationArgs.__new__(SyncGcpDestinationArgs) + + __props__.__dict__["credentials"] = None if credentials is None else pulumi.Output.secret(credentials) + __props__.__dict__["custom_tags"] = custom_tags + __props__.__dict__["name"] = name + __props__.__dict__["namespace"] = namespace + __props__.__dict__["secret_name_template"] = secret_name_template + __props__.__dict__["type"] = None + secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["credentials"]) + opts = pulumi.ResourceOptions.merge(opts, secret_opts) + super(SyncGcpDestination, __self__).__init__( + 'vault:secrets/syncGcpDestination:SyncGcpDestination', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + credentials: Optional[pulumi.Input[str]] = None, + custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None) -> 'SyncGcpDestination': + """ + Get an existing SyncGcpDestination resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP. + Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + variable. + :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination. + :param pulumi.Input[str] name: Unique name of the GCP destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + :param pulumi.Input[str] type: The type of the secrets destination (`gcp-sm`). + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _SyncGcpDestinationState.__new__(_SyncGcpDestinationState) + + __props__.__dict__["credentials"] = credentials + __props__.__dict__["custom_tags"] = custom_tags + __props__.__dict__["name"] = name + __props__.__dict__["namespace"] = namespace + __props__.__dict__["secret_name_template"] = secret_name_template + __props__.__dict__["type"] = type + return SyncGcpDestination(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter + def credentials(self) -> pulumi.Output[Optional[str]]: + """ + JSON-encoded credentials to use to connect to GCP. + Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment + variable. + """ + return pulumi.get(self, "credentials") + + @property + @pulumi.getter(name="customTags") + def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, Any]]]: + """ + Custom tags to set on the secret managed at the destination. + """ + return pulumi.get(self, "custom_tags") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + Unique name of the GCP destination. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def namespace(self) -> pulumi.Output[Optional[str]]: + """ + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + """ + return pulumi.get(self, "namespace") + + @property + @pulumi.getter(name="secretNameTemplate") + def secret_name_template(self) -> pulumi.Output[str]: + """ + Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + """ + return pulumi.get(self, "secret_name_template") + + @property + @pulumi.getter + def type(self) -> pulumi.Output[str]: + """ + The type of the secrets destination (`gcp-sm`). + """ + return pulumi.get(self, "type") + diff --git a/sdk/python/pulumi_vault/secrets/sync_gh_destination.py b/sdk/python/pulumi_vault/secrets/sync_gh_destination.py new file mode 100644 index 000000000..9333349f1 --- /dev/null +++ b/sdk/python/pulumi_vault/secrets/sync_gh_destination.py @@ -0,0 +1,511 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from .. import _utilities + +__all__ = ['SyncGhDestinationArgs', 'SyncGhDestination'] + +@pulumi.input_type +class SyncGhDestinationArgs: + def __init__(__self__, *, + access_token: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + repository_name: Optional[pulumi.Input[str]] = None, + repository_owner: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None): + """ + The set of arguments for constructing a SyncGhDestination resource. + :param pulumi.Input[str] access_token: Fine-grained or personal access token. + Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + variable. + :param pulumi.Input[str] name: Unique name of the GitHub destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] repository_name: Name of the repository. + Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + variable. + :param pulumi.Input[str] repository_owner: GitHub organization or username that owns the repository. + Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + variable. + :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + """ + if access_token is not None: + pulumi.set(__self__, "access_token", access_token) + if name is not None: + pulumi.set(__self__, "name", name) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + if repository_name is not None: + pulumi.set(__self__, "repository_name", repository_name) + if repository_owner is not None: + pulumi.set(__self__, "repository_owner", repository_owner) + if secret_name_template is not None: + pulumi.set(__self__, "secret_name_template", secret_name_template) + + @property + @pulumi.getter(name="accessToken") + def access_token(self) -> Optional[pulumi.Input[str]]: + """ + Fine-grained or personal access token. + Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + variable. + """ + return pulumi.get(self, "access_token") + + @access_token.setter + def access_token(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "access_token", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Unique name of the GitHub destination. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def namespace(self) -> Optional[pulumi.Input[str]]: + """ + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + """ + return pulumi.get(self, "namespace") + + @namespace.setter + def namespace(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "namespace", value) + + @property + @pulumi.getter(name="repositoryName") + def repository_name(self) -> Optional[pulumi.Input[str]]: + """ + Name of the repository. + Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + variable. + """ + return pulumi.get(self, "repository_name") + + @repository_name.setter + def repository_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "repository_name", value) + + @property + @pulumi.getter(name="repositoryOwner") + def repository_owner(self) -> Optional[pulumi.Input[str]]: + """ + GitHub organization or username that owns the repository. + Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + variable. + """ + return pulumi.get(self, "repository_owner") + + @repository_owner.setter + def repository_owner(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "repository_owner", value) + + @property + @pulumi.getter(name="secretNameTemplate") + def secret_name_template(self) -> Optional[pulumi.Input[str]]: + """ + Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + """ + return pulumi.get(self, "secret_name_template") + + @secret_name_template.setter + def secret_name_template(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "secret_name_template", value) + + +@pulumi.input_type +class _SyncGhDestinationState: + def __init__(__self__, *, + access_token: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + repository_name: Optional[pulumi.Input[str]] = None, + repository_owner: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering SyncGhDestination resources. + :param pulumi.Input[str] access_token: Fine-grained or personal access token. + Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + variable. + :param pulumi.Input[str] name: Unique name of the GitHub destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] repository_name: Name of the repository. + Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + variable. + :param pulumi.Input[str] repository_owner: GitHub organization or username that owns the repository. + Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + variable. + :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + :param pulumi.Input[str] type: The type of the secrets destination (`gh`). + """ + if access_token is not None: + pulumi.set(__self__, "access_token", access_token) + if name is not None: + pulumi.set(__self__, "name", name) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + if repository_name is not None: + pulumi.set(__self__, "repository_name", repository_name) + if repository_owner is not None: + pulumi.set(__self__, "repository_owner", repository_owner) + if secret_name_template is not None: + pulumi.set(__self__, "secret_name_template", secret_name_template) + if type is not None: + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter(name="accessToken") + def access_token(self) -> Optional[pulumi.Input[str]]: + """ + Fine-grained or personal access token. + Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + variable. + """ + return pulumi.get(self, "access_token") + + @access_token.setter + def access_token(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "access_token", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Unique name of the GitHub destination. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def namespace(self) -> Optional[pulumi.Input[str]]: + """ + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + """ + return pulumi.get(self, "namespace") + + @namespace.setter + def namespace(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "namespace", value) + + @property + @pulumi.getter(name="repositoryName") + def repository_name(self) -> Optional[pulumi.Input[str]]: + """ + Name of the repository. + Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + variable. + """ + return pulumi.get(self, "repository_name") + + @repository_name.setter + def repository_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "repository_name", value) + + @property + @pulumi.getter(name="repositoryOwner") + def repository_owner(self) -> Optional[pulumi.Input[str]]: + """ + GitHub organization or username that owns the repository. + Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + variable. + """ + return pulumi.get(self, "repository_owner") + + @repository_owner.setter + def repository_owner(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "repository_owner", value) + + @property + @pulumi.getter(name="secretNameTemplate") + def secret_name_template(self) -> Optional[pulumi.Input[str]]: + """ + Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + """ + return pulumi.get(self, "secret_name_template") + + @secret_name_template.setter + def secret_name_template(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "secret_name_template", value) + + @property + @pulumi.getter + def type(self) -> Optional[pulumi.Input[str]]: + """ + The type of the secrets destination (`gh`). + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "type", value) + + +class SyncGhDestination(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + access_token: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + repository_name: Optional[pulumi.Input[str]] = None, + repository_owner: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + ## Example Usage + + ```python + import pulumi + import pulumi_vault as vault + + gh = vault.secrets.SyncGhDestination("gh", + access_token=var["access_token"], + repository_owner=var["repo_owner"], + repository_name="repo-name-example", + secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}") + ``` + + ## Import + + GitHub Secrets sync destinations can be imported using the `name`, e.g. + + ```sh + $ pulumi import vault:secrets/syncGhDestination:SyncGhDestination gh gh-dest + ``` + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] access_token: Fine-grained or personal access token. + Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + variable. + :param pulumi.Input[str] name: Unique name of the GitHub destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] repository_name: Name of the repository. + Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + variable. + :param pulumi.Input[str] repository_owner: GitHub organization or username that owns the repository. + Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + variable. + :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: Optional[SyncGhDestinationArgs] = None, + opts: Optional[pulumi.ResourceOptions] = None): + """ + ## Example Usage + + ```python + import pulumi + import pulumi_vault as vault + + gh = vault.secrets.SyncGhDestination("gh", + access_token=var["access_token"], + repository_owner=var["repo_owner"], + repository_name="repo-name-example", + secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}") + ``` + + ## Import + + GitHub Secrets sync destinations can be imported using the `name`, e.g. + + ```sh + $ pulumi import vault:secrets/syncGhDestination:SyncGhDestination gh gh-dest + ``` + + :param str resource_name: The name of the resource. + :param SyncGhDestinationArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(SyncGhDestinationArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + access_token: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + repository_name: Optional[pulumi.Input[str]] = None, + repository_owner: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = SyncGhDestinationArgs.__new__(SyncGhDestinationArgs) + + __props__.__dict__["access_token"] = None if access_token is None else pulumi.Output.secret(access_token) + __props__.__dict__["name"] = name + __props__.__dict__["namespace"] = namespace + __props__.__dict__["repository_name"] = repository_name + __props__.__dict__["repository_owner"] = repository_owner + __props__.__dict__["secret_name_template"] = secret_name_template + __props__.__dict__["type"] = None + secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["accessToken"]) + opts = pulumi.ResourceOptions.merge(opts, secret_opts) + super(SyncGhDestination, __self__).__init__( + 'vault:secrets/syncGhDestination:SyncGhDestination', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + access_token: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + repository_name: Optional[pulumi.Input[str]] = None, + repository_owner: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None) -> 'SyncGhDestination': + """ + Get an existing SyncGhDestination resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] access_token: Fine-grained or personal access token. + Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + variable. + :param pulumi.Input[str] name: Unique name of the GitHub destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] repository_name: Name of the repository. + Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + variable. + :param pulumi.Input[str] repository_owner: GitHub organization or username that owns the repository. + Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + variable. + :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + :param pulumi.Input[str] type: The type of the secrets destination (`gh`). + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _SyncGhDestinationState.__new__(_SyncGhDestinationState) + + __props__.__dict__["access_token"] = access_token + __props__.__dict__["name"] = name + __props__.__dict__["namespace"] = namespace + __props__.__dict__["repository_name"] = repository_name + __props__.__dict__["repository_owner"] = repository_owner + __props__.__dict__["secret_name_template"] = secret_name_template + __props__.__dict__["type"] = type + return SyncGhDestination(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="accessToken") + def access_token(self) -> pulumi.Output[Optional[str]]: + """ + Fine-grained or personal access token. + Can be omitted and directly provided to Vault using the `GITHUB_ACCESS_TOKEN` environment + variable. + """ + return pulumi.get(self, "access_token") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + Unique name of the GitHub destination. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def namespace(self) -> pulumi.Output[Optional[str]]: + """ + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + """ + return pulumi.get(self, "namespace") + + @property + @pulumi.getter(name="repositoryName") + def repository_name(self) -> pulumi.Output[Optional[str]]: + """ + Name of the repository. + Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_NAME` environment + variable. + """ + return pulumi.get(self, "repository_name") + + @property + @pulumi.getter(name="repositoryOwner") + def repository_owner(self) -> pulumi.Output[Optional[str]]: + """ + GitHub organization or username that owns the repository. + Can be omitted and directly provided to Vault using the `GITHUB_REPOSITORY_OWNER` environment + variable. + """ + return pulumi.get(self, "repository_owner") + + @property + @pulumi.getter(name="secretNameTemplate") + def secret_name_template(self) -> pulumi.Output[str]: + """ + Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + """ + return pulumi.get(self, "secret_name_template") + + @property + @pulumi.getter + def type(self) -> pulumi.Output[str]: + """ + The type of the secrets destination (`gh`). + """ + return pulumi.get(self, "type") + diff --git a/sdk/python/pulumi_vault/secrets/sync_vercel_destination.py b/sdk/python/pulumi_vault/secrets/sync_vercel_destination.py new file mode 100644 index 000000000..20c072f56 --- /dev/null +++ b/sdk/python/pulumi_vault/secrets/sync_vercel_destination.py @@ -0,0 +1,541 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from .. import _utilities + +__all__ = ['SyncVercelDestinationArgs', 'SyncVercelDestination'] + +@pulumi.input_type +class SyncVercelDestinationArgs: + def __init__(__self__, *, + access_token: pulumi.Input[str], + deployment_environments: pulumi.Input[Sequence[pulumi.Input[str]]], + project_id: pulumi.Input[str], + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + team_id: Optional[pulumi.Input[str]] = None): + """ + The set of arguments for constructing a SyncVercelDestination resource. + :param pulumi.Input[str] access_token: Vercel API access token with the permissions to manage environment + variables. + :param pulumi.Input[Sequence[pulumi.Input[str]]] deployment_environments: Deployment environments where the environment variables + are available. Accepts `development`, `preview` and `production`. + :param pulumi.Input[str] project_id: Project ID where to manage environment variables. + :param pulumi.Input[str] name: Unique name of the GitHub destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + :param pulumi.Input[str] team_id: Team ID where to manage environment variables. + """ + pulumi.set(__self__, "access_token", access_token) + pulumi.set(__self__, "deployment_environments", deployment_environments) + pulumi.set(__self__, "project_id", project_id) + if name is not None: + pulumi.set(__self__, "name", name) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + if secret_name_template is not None: + pulumi.set(__self__, "secret_name_template", secret_name_template) + if team_id is not None: + pulumi.set(__self__, "team_id", team_id) + + @property + @pulumi.getter(name="accessToken") + def access_token(self) -> pulumi.Input[str]: + """ + Vercel API access token with the permissions to manage environment + variables. + """ + return pulumi.get(self, "access_token") + + @access_token.setter + def access_token(self, value: pulumi.Input[str]): + pulumi.set(self, "access_token", value) + + @property + @pulumi.getter(name="deploymentEnvironments") + def deployment_environments(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Deployment environments where the environment variables + are available. Accepts `development`, `preview` and `production`. + """ + return pulumi.get(self, "deployment_environments") + + @deployment_environments.setter + def deployment_environments(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]): + pulumi.set(self, "deployment_environments", value) + + @property + @pulumi.getter(name="projectId") + def project_id(self) -> pulumi.Input[str]: + """ + Project ID where to manage environment variables. + """ + return pulumi.get(self, "project_id") + + @project_id.setter + def project_id(self, value: pulumi.Input[str]): + pulumi.set(self, "project_id", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Unique name of the GitHub destination. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def namespace(self) -> Optional[pulumi.Input[str]]: + """ + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + """ + return pulumi.get(self, "namespace") + + @namespace.setter + def namespace(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "namespace", value) + + @property + @pulumi.getter(name="secretNameTemplate") + def secret_name_template(self) -> Optional[pulumi.Input[str]]: + """ + Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + """ + return pulumi.get(self, "secret_name_template") + + @secret_name_template.setter + def secret_name_template(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "secret_name_template", value) + + @property + @pulumi.getter(name="teamId") + def team_id(self) -> Optional[pulumi.Input[str]]: + """ + Team ID where to manage environment variables. + """ + return pulumi.get(self, "team_id") + + @team_id.setter + def team_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "team_id", value) + + +@pulumi.input_type +class _SyncVercelDestinationState: + def __init__(__self__, *, + access_token: Optional[pulumi.Input[str]] = None, + deployment_environments: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + project_id: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + team_id: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering SyncVercelDestination resources. + :param pulumi.Input[str] access_token: Vercel API access token with the permissions to manage environment + variables. + :param pulumi.Input[Sequence[pulumi.Input[str]]] deployment_environments: Deployment environments where the environment variables + are available. Accepts `development`, `preview` and `production`. + :param pulumi.Input[str] name: Unique name of the GitHub destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] project_id: Project ID where to manage environment variables. + :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + :param pulumi.Input[str] team_id: Team ID where to manage environment variables. + :param pulumi.Input[str] type: The type of the secrets destination (`vercel-project`). + """ + if access_token is not None: + pulumi.set(__self__, "access_token", access_token) + if deployment_environments is not None: + pulumi.set(__self__, "deployment_environments", deployment_environments) + if name is not None: + pulumi.set(__self__, "name", name) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + if project_id is not None: + pulumi.set(__self__, "project_id", project_id) + if secret_name_template is not None: + pulumi.set(__self__, "secret_name_template", secret_name_template) + if team_id is not None: + pulumi.set(__self__, "team_id", team_id) + if type is not None: + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter(name="accessToken") + def access_token(self) -> Optional[pulumi.Input[str]]: + """ + Vercel API access token with the permissions to manage environment + variables. + """ + return pulumi.get(self, "access_token") + + @access_token.setter + def access_token(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "access_token", value) + + @property + @pulumi.getter(name="deploymentEnvironments") + def deployment_environments(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Deployment environments where the environment variables + are available. Accepts `development`, `preview` and `production`. + """ + return pulumi.get(self, "deployment_environments") + + @deployment_environments.setter + def deployment_environments(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "deployment_environments", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Unique name of the GitHub destination. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def namespace(self) -> Optional[pulumi.Input[str]]: + """ + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + """ + return pulumi.get(self, "namespace") + + @namespace.setter + def namespace(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "namespace", value) + + @property + @pulumi.getter(name="projectId") + def project_id(self) -> Optional[pulumi.Input[str]]: + """ + Project ID where to manage environment variables. + """ + return pulumi.get(self, "project_id") + + @project_id.setter + def project_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "project_id", value) + + @property + @pulumi.getter(name="secretNameTemplate") + def secret_name_template(self) -> Optional[pulumi.Input[str]]: + """ + Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + """ + return pulumi.get(self, "secret_name_template") + + @secret_name_template.setter + def secret_name_template(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "secret_name_template", value) + + @property + @pulumi.getter(name="teamId") + def team_id(self) -> Optional[pulumi.Input[str]]: + """ + Team ID where to manage environment variables. + """ + return pulumi.get(self, "team_id") + + @team_id.setter + def team_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "team_id", value) + + @property + @pulumi.getter + def type(self) -> Optional[pulumi.Input[str]]: + """ + The type of the secrets destination (`vercel-project`). + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "type", value) + + +class SyncVercelDestination(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + access_token: Optional[pulumi.Input[str]] = None, + deployment_environments: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + project_id: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + team_id: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + ## Example Usage + + ```python + import pulumi + import pulumi_vault as vault + + vercel = vault.secrets.SyncVercelDestination("vercel", + access_token=var["access_token"], + project_id=var["project_id"], + deployment_environments=[ + "development", + "preview", + "production", + ], + secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}") + ``` + + ## Import + + GitHub Secrets sync destinations can be imported using the `name`, e.g. + + ```sh + $ pulumi import vault:secrets/syncVercelDestination:SyncVercelDestination vercel vercel-dest + ``` + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] access_token: Vercel API access token with the permissions to manage environment + variables. + :param pulumi.Input[Sequence[pulumi.Input[str]]] deployment_environments: Deployment environments where the environment variables + are available. Accepts `development`, `preview` and `production`. + :param pulumi.Input[str] name: Unique name of the GitHub destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] project_id: Project ID where to manage environment variables. + :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + :param pulumi.Input[str] team_id: Team ID where to manage environment variables. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: SyncVercelDestinationArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + ## Example Usage + + ```python + import pulumi + import pulumi_vault as vault + + vercel = vault.secrets.SyncVercelDestination("vercel", + access_token=var["access_token"], + project_id=var["project_id"], + deployment_environments=[ + "development", + "preview", + "production", + ], + secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}") + ``` + + ## Import + + GitHub Secrets sync destinations can be imported using the `name`, e.g. + + ```sh + $ pulumi import vault:secrets/syncVercelDestination:SyncVercelDestination vercel vercel-dest + ``` + + :param str resource_name: The name of the resource. + :param SyncVercelDestinationArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(SyncVercelDestinationArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + access_token: Optional[pulumi.Input[str]] = None, + deployment_environments: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + project_id: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + team_id: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = SyncVercelDestinationArgs.__new__(SyncVercelDestinationArgs) + + if access_token is None and not opts.urn: + raise TypeError("Missing required property 'access_token'") + __props__.__dict__["access_token"] = None if access_token is None else pulumi.Output.secret(access_token) + if deployment_environments is None and not opts.urn: + raise TypeError("Missing required property 'deployment_environments'") + __props__.__dict__["deployment_environments"] = deployment_environments + __props__.__dict__["name"] = name + __props__.__dict__["namespace"] = namespace + if project_id is None and not opts.urn: + raise TypeError("Missing required property 'project_id'") + __props__.__dict__["project_id"] = project_id + __props__.__dict__["secret_name_template"] = secret_name_template + __props__.__dict__["team_id"] = team_id + __props__.__dict__["type"] = None + secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["accessToken"]) + opts = pulumi.ResourceOptions.merge(opts, secret_opts) + super(SyncVercelDestination, __self__).__init__( + 'vault:secrets/syncVercelDestination:SyncVercelDestination', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + access_token: Optional[pulumi.Input[str]] = None, + deployment_environments: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + name: Optional[pulumi.Input[str]] = None, + namespace: Optional[pulumi.Input[str]] = None, + project_id: Optional[pulumi.Input[str]] = None, + secret_name_template: Optional[pulumi.Input[str]] = None, + team_id: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None) -> 'SyncVercelDestination': + """ + Get an existing SyncVercelDestination resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] access_token: Vercel API access token with the permissions to manage environment + variables. + :param pulumi.Input[Sequence[pulumi.Input[str]]] deployment_environments: Deployment environments where the environment variables + are available. Accepts `development`, `preview` and `production`. + :param pulumi.Input[str] name: Unique name of the GitHub destination. + :param pulumi.Input[str] namespace: The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + :param pulumi.Input[str] project_id: Project ID where to manage environment variables. + :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + :param pulumi.Input[str] team_id: Team ID where to manage environment variables. + :param pulumi.Input[str] type: The type of the secrets destination (`vercel-project`). + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _SyncVercelDestinationState.__new__(_SyncVercelDestinationState) + + __props__.__dict__["access_token"] = access_token + __props__.__dict__["deployment_environments"] = deployment_environments + __props__.__dict__["name"] = name + __props__.__dict__["namespace"] = namespace + __props__.__dict__["project_id"] = project_id + __props__.__dict__["secret_name_template"] = secret_name_template + __props__.__dict__["team_id"] = team_id + __props__.__dict__["type"] = type + return SyncVercelDestination(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="accessToken") + def access_token(self) -> pulumi.Output[str]: + """ + Vercel API access token with the permissions to manage environment + variables. + """ + return pulumi.get(self, "access_token") + + @property + @pulumi.getter(name="deploymentEnvironments") + def deployment_environments(self) -> pulumi.Output[Sequence[str]]: + """ + Deployment environments where the environment variables + are available. Accepts `development`, `preview` and `production`. + """ + return pulumi.get(self, "deployment_environments") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + Unique name of the GitHub destination. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def namespace(self) -> pulumi.Output[Optional[str]]: + """ + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). + """ + return pulumi.get(self, "namespace") + + @property + @pulumi.getter(name="projectId") + def project_id(self) -> pulumi.Output[str]: + """ + Project ID where to manage environment variables. + """ + return pulumi.get(self, "project_id") + + @property + @pulumi.getter(name="secretNameTemplate") + def secret_name_template(self) -> pulumi.Output[str]: + """ + Template describing how to generate external secret names. + Supports a subset of the Go Template syntax. + """ + return pulumi.get(self, "secret_name_template") + + @property + @pulumi.getter(name="teamId") + def team_id(self) -> pulumi.Output[Optional[str]]: + """ + Team ID where to manage environment variables. + """ + return pulumi.get(self, "team_id") + + @property + @pulumi.getter + def type(self) -> pulumi.Output[str]: + """ + The type of the secrets destination (`vercel-project`). + """ + return pulumi.get(self, "type") + diff --git a/upstream b/upstream index db48a9067..17a91c8a1 160000 --- a/upstream +++ b/upstream @@ -1 +1 @@ -Subproject commit db48a90675ce88114e6be669f93cd567c4b00b67 +Subproject commit 17a91c8a1403f937719dcc50ff10fade2ad65c88