make tfgen

pulumi · Nov 9, 2023 · aec340e · aec340e
1 parent 5121183
commit aec340e
Show file tree

Hide file tree

Showing 139 changed files with 13,247 additions and 194 deletions.
diff --git a/sdk/dotnet/CertAuthBackendRole.cs b/sdk/dotnet/CertAuthBackendRole.cs
@@ -125,7 +125,50 @@ public partial class CertAuthBackendRole : global::Pulumi.CustomResource
         public Output<string?> Namespace { get; private set; } = null!;
 
         /// <summary>
-        /// TLS extensions required on client certificates
+        /// Any additional CA certificates
+        /// needed to verify OCSP responses. Provided as base64 encoded PEM data.
+        /// Requires Vault version 1.13+.
+        /// </summary>
+        [Output("ocspCaCertificates")]
+        public Output<string?> OcspCaCertificates { get; private set; } = null!;
+
+        /// <summary>
+        /// - If enabled, validate certificates'
+        /// revocation status using OCSP. Requires Vault version 1.13+.
+        /// </summary>
+        [Output("ocspEnabled")]
+        public Output<bool> OcspEnabled { get; private set; } = null!;
+
+        /// <summary>
+        /// - If true and an OCSP response cannot
+        /// be fetched or is of an unknown status, the login will proceed as if the
+        /// certificate has not been revoked.
+        /// Requires Vault version 1.13+.
+        /// </summary>
+        [Output("ocspFailOpen")]
+        public Output<bool> OcspFailOpen { get; private set; } = null!;
+
+        /// <summary>
+        /// - If set to true, rather than
+        /// accepting the first successful OCSP response, query all servers and consider
+        /// the certificate valid only if all servers agree.
+        /// Requires Vault version 1.13+.
+        /// </summary>
+        [Output("ocspQueryAllServers")]
+        public Output<bool> OcspQueryAllServers { get; private set; } = null!;
+
+        /// <summary>
+        /// : A comma-separated list of OCSP
+        /// server addresses. If unset, the OCSP server is determined from the
+        /// AuthorityInformationAccess extension on the certificate being inspected.
+        /// Requires Vault version 1.13+.
+        /// </summary>
+        [Output("ocspServersOverrides")]
+        public Output<ImmutableArray<string>> OcspServersOverrides { get; private set; } = null!;
+
+        /// <summary>
+        /// TLS extensions required on
+        /// client certificates
         /// </summary>
         [Output("requiredExtensions")]
         public Output<ImmutableArray<string>> RequiredExtensions { get; private set; } = null!;
@@ -362,11 +405,60 @@ public InputList<string> AllowedUriSans
         [Input("namespace")]
         public Input<string>? Namespace { get; set; }
 
+        /// <summary>
+        /// Any additional CA certificates
+        /// needed to verify OCSP responses. Provided as base64 encoded PEM data.
+        /// Requires Vault version 1.13+.
+        /// </summary>
+        [Input("ocspCaCertificates")]
+        public Input<string>? OcspCaCertificates { get; set; }
+
+        /// <summary>
+        /// - If enabled, validate certificates'
+        /// revocation status using OCSP. Requires Vault version 1.13+.
+        /// </summary>
+        [Input("ocspEnabled")]
+        public Input<bool>? OcspEnabled { get; set; }
+
+        /// <summary>
+        /// - If true and an OCSP response cannot
+        /// be fetched or is of an unknown status, the login will proceed as if the
+        /// certificate has not been revoked.
+        /// Requires Vault version 1.13+.
+        /// </summary>
+        [Input("ocspFailOpen")]
+        public Input<bool>? OcspFailOpen { get; set; }
+
+        /// <summary>
+        /// - If set to true, rather than
+        /// accepting the first successful OCSP response, query all servers and consider
+        /// the certificate valid only if all servers agree.
+        /// Requires Vault version 1.13+.
+        /// </summary>
+        [Input("ocspQueryAllServers")]
+        public Input<bool>? OcspQueryAllServers { get; set; }
+
+        [Input("ocspServersOverrides")]
+        private InputList<string>? _ocspServersOverrides;
+
+        /// <summary>
+        /// : A comma-separated list of OCSP
+        /// server addresses. If unset, the OCSP server is determined from the
+        /// AuthorityInformationAccess extension on the certificate being inspected.
+        /// Requires Vault version 1.13+.
+        /// </summary>
+        public InputList<string> OcspServersOverrides
+        {
+            get => _ocspServersOverrides ?? (_ocspServersOverrides = new InputList<string>());
+            set => _ocspServersOverrides = value;
+        }
+
         [Input("requiredExtensions")]
         private InputList<string>? _requiredExtensions;
 
         /// <summary>
-        /// TLS extensions required on client certificates
+        /// TLS extensions required on
+        /// client certificates
         /// </summary>
         public InputList<string> RequiredExtensions
         {
@@ -580,11 +672,60 @@ public InputList<string> AllowedUriSans
         [Input("namespace")]
         public Input<string>? Namespace { get; set; }
 
+        /// <summary>
+        /// Any additional CA certificates
+        /// needed to verify OCSP responses. Provided as base64 encoded PEM data.
+        /// Requires Vault version 1.13+.
+        /// </summary>
+        [Input("ocspCaCertificates")]
+        public Input<string>? OcspCaCertificates { get; set; }
+
+        /// <summary>
+        /// - If enabled, validate certificates'
+        /// revocation status using OCSP. Requires Vault version 1.13+.
+        /// </summary>
+        [Input("ocspEnabled")]
+        public Input<bool>? OcspEnabled { get; set; }
+
+        /// <summary>
+        /// - If true and an OCSP response cannot
+        /// be fetched or is of an unknown status, the login will proceed as if the
+        /// certificate has not been revoked.
+        /// Requires Vault version 1.13+.
+        /// </summary>
+        [Input("ocspFailOpen")]
+        public Input<bool>? OcspFailOpen { get; set; }
+
+        /// <summary>
+        /// - If set to true, rather than
+        /// accepting the first successful OCSP response, query all servers and consider
+        /// the certificate valid only if all servers agree.
+        /// Requires Vault version 1.13+.
+        /// </summary>
+        [Input("ocspQueryAllServers")]
+        public Input<bool>? OcspQueryAllServers { get; set; }
+
+        [Input("ocspServersOverrides")]
+        private InputList<string>? _ocspServersOverrides;
+
+        /// <summary>
+        /// : A comma-separated list of OCSP
+        /// server addresses. If unset, the OCSP server is determined from the
+        /// AuthorityInformationAccess extension on the certificate being inspected.
+        /// Requires Vault version 1.13+.
+        /// </summary>
+        public InputList<string> OcspServersOverrides
+        {
+            get => _ocspServersOverrides ?? (_ocspServersOverrides = new InputList<string>());
+            set => _ocspServersOverrides = value;
+        }
+
         [Input("requiredExtensions")]
         private InputList<string>? _requiredExtensions;
 
         /// <summary>
-        /// TLS extensions required on client certificates
+        /// TLS extensions required on
+        /// client certificates
         /// </summary>
         public InputList<string> RequiredExtensions
         {

diff --git a/sdk/dotnet/Config/Config.cs b/sdk/dotnet/Config/Config.cs
@@ -252,6 +252,17 @@ public static string? Namespace
             set => _namespace.Set(value);
         }
 
+        private static readonly __Value<bool?> _setNamespaceFromToken = new __Value<bool?>(() => __config.GetBoolean("setNamespaceFromToken"));
+        /// <summary>
+        /// In the case where the Vault token is for a specific namespace and the provider namespace is not configured, use the
+        /// token namespace as the root namespace for all resources.
+        /// </summary>
+        public static bool? SetNamespaceFromToken
+        {
+            get => _setNamespaceFromToken.Get();
+            set => _setNamespaceFromToken.Set(value);
+        }
+
         private static readonly __Value<bool?> _skipChildToken = new __Value<bool?>(() => __config.GetBoolean("skipChildToken"));
         /// <summary>
         /// Set this to true to prevent the creation of ephemeral child token used by this provider.
@@ -331,6 +342,7 @@ public class AuthLogin
                 public string? Namespace { get; set; } = null!;
                 public ImmutableDictionary<string, string>? Parameters { get; set; } = null!;
                 public string Path { get; set; }
+                public bool? UseRootNamespace { get; set; }
             }
 
              public class AuthLoginAws
@@ -350,6 +362,7 @@ public class AuthLoginAws
                 public string? Mount { get; set; } = null!;
                 public string? Namespace { get; set; } = null!;
                 public string Role { get; set; }
+                public bool? UseRootNamespace { get; set; }
             }
 
              public class AuthLoginAzure
@@ -363,6 +376,7 @@ public class AuthLoginAzure
                 public string? Scope { get; set; } = null!;
                 public string SubscriptionId { get; set; }
                 public string? TenantId { get; set; } = null!;
+                public bool? UseRootNamespace { get; set; }
                 public string? VmName { get; set; } = null!;
                 public string? VmssName { get; set; } = null!;
             }
@@ -374,6 +388,7 @@ public class AuthLoginCert
                 public string? Mount { get; set; } = null!;
                 public string? Name { get; set; } = null!;
                 public string? Namespace { get; set; } = null!;
+                public bool? UseRootNamespace { get; set; }
             }
 
              public class AuthLoginGcp
@@ -384,6 +399,7 @@ public class AuthLoginGcp
                 public string? Namespace { get; set; } = null!;
                 public string Role { get; set; }
                 public string? ServiceAccount { get; set; } = null!;
+                public bool? UseRootNamespace { get; set; }
             }
 
              public class AuthLoginJwt
@@ -392,6 +408,7 @@ public class AuthLoginJwt
                 public string? Mount { get; set; } = null!;
                 public string? Namespace { get; set; } = null!;
                 public string Role { get; set; }
+                public bool? UseRootNamespace { get; set; }
             }
 
              public class AuthLoginKerberos
@@ -405,6 +422,7 @@ public class AuthLoginKerberos
                 public bool? RemoveInstanceName { get; set; }
                 public string? Service { get; set; } = null!;
                 public string? Token { get; set; } = null!;
+                public bool? UseRootNamespace { get; set; }
                 public string? Username { get; set; } = null!;
             }
 
@@ -414,6 +432,7 @@ public class AuthLoginOci
                 public string? Mount { get; set; } = null!;
                 public string? Namespace { get; set; } = null!;
                 public string Role { get; set; }
+                public bool? UseRootNamespace { get; set; }
             }
 
              public class AuthLoginOidc
@@ -423,20 +442,23 @@ public class AuthLoginOidc
                 public string? Mount { get; set; } = null!;
                 public string? Namespace { get; set; } = null!;
                 public string Role { get; set; }
+                public bool? UseRootNamespace { get; set; }
             }
 
              public class AuthLoginRadius
              {
                 public string? Mount { get; set; } = null!;
                 public string? Namespace { get; set; } = null!;
                 public string Password { get; set; }
+                public bool? UseRootNamespace { get; set; }
                 public string Username { get; set; }
             }
 
              public class AuthLoginTokenFile
              {
                 public string Filename { get; set; }
                 public string? Namespace { get; set; } = null!;
+                public bool? UseRootNamespace { get; set; }
             }
 
              public class AuthLoginUserpass
@@ -445,6 +467,7 @@ public class AuthLoginUserpass
                 public string? Namespace { get; set; } = null!;
                 public string? Password { get; set; } = null!;
                 public string? PasswordFile { get; set; } = null!;
+                public bool? UseRootNamespace { get; set; }
                 public string Username { get; set; }
             }
 

diff --git a/sdk/dotnet/Identity/GetOidcClientCreds.cs b/sdk/dotnet/Identity/GetOidcClientCreds.cs
@@ -143,6 +143,7 @@ public sealed class GetOidcClientCredsResult
         public readonly string ClientId;
         /// <summary>
         /// The Client Secret Key returned by Vault.
+        /// For public OpenID Clients `client_secret` is set to an empty string `""`
         /// </summary>
         public readonly string ClientSecret;
         /// <summary>

diff --git a/sdk/dotnet/Inputs/ProviderAuthLoginArgs.cs b/sdk/dotnet/Inputs/ProviderAuthLoginArgs.cs
@@ -23,12 +23,19 @@ public sealed class ProviderAuthLoginArgs : global::Pulumi.ResourceArgs
         public InputMap<string> Parameters
         {
             get => _parameters ?? (_parameters = new InputMap<string>());
-            set => _parameters = value;
+            set
+            {
+                var emptySecret = Output.CreateSecret(ImmutableDictionary.Create<string, string>());
+                _parameters = Output.All(value, emptySecret).Apply(v => v[0]);
+            }
         }
 
         [Input("path", required: true)]
         public Input<string> Path { get; set; } = null!;
 
+        [Input("useRootNamespace")]
+        public Input<bool>? UseRootNamespace { get; set; }
+
         public ProviderAuthLoginArgs()
         {
         }

diff --git a/sdk/dotnet/Inputs/ProviderAuthLoginAwsArgs.cs b/sdk/dotnet/Inputs/ProviderAuthLoginAwsArgs.cs
@@ -57,6 +57,9 @@ public sealed class ProviderAuthLoginAwsArgs : global::Pulumi.ResourceArgs
         [Input("role", required: true)]
         public Input<string> Role { get; set; } = null!;
 
+        [Input("useRootNamespace")]
+        public Input<bool>? UseRootNamespace { get; set; }
+
         public ProviderAuthLoginAwsArgs()
         {
         }

diff --git a/sdk/dotnet/Inputs/ProviderAuthLoginAzureArgs.cs b/sdk/dotnet/Inputs/ProviderAuthLoginAzureArgs.cs
@@ -39,6 +39,9 @@ public sealed class ProviderAuthLoginAzureArgs : global::Pulumi.ResourceArgs
         [Input("tenantId")]
         public Input<string>? TenantId { get; set; }
 
+        [Input("useRootNamespace")]
+        public Input<bool>? UseRootNamespace { get; set; }
+
         [Input("vmName")]
         public Input<string>? VmName { get; set; }
 

diff --git a/sdk/dotnet/Inputs/ProviderAuthLoginCertArgs.cs b/sdk/dotnet/Inputs/ProviderAuthLoginCertArgs.cs
@@ -27,6 +27,9 @@ public sealed class ProviderAuthLoginCertArgs : global::Pulumi.ResourceArgs
         [Input("namespace")]
         public Input<string>? Namespace { get; set; }
 
+        [Input("useRootNamespace")]
+        public Input<bool>? UseRootNamespace { get; set; }
+
         public ProviderAuthLoginCertArgs()
         {
         }

diff --git a/sdk/dotnet/Inputs/ProviderAuthLoginGcpArgs.cs b/sdk/dotnet/Inputs/ProviderAuthLoginGcpArgs.cs
@@ -30,6 +30,9 @@ public sealed class ProviderAuthLoginGcpArgs : global::Pulumi.ResourceArgs
         [Input("serviceAccount")]
         public Input<string>? ServiceAccount { get; set; }
 
+        [Input("useRootNamespace")]
+        public Input<bool>? UseRootNamespace { get; set; }
+
         public ProviderAuthLoginGcpArgs()
         {
         }

diff --git a/sdk/dotnet/Inputs/ProviderAuthLoginJwtArgs.cs b/sdk/dotnet/Inputs/ProviderAuthLoginJwtArgs.cs
@@ -24,6 +24,9 @@ public sealed class ProviderAuthLoginJwtArgs : global::Pulumi.ResourceArgs
         [Input("role", required: true)]
         public Input<string> Role { get; set; } = null!;
 
+        [Input("useRootNamespace")]
+        public Input<bool>? UseRootNamespace { get; set; }
+
         public ProviderAuthLoginJwtArgs()
         {
         }

diff --git a/sdk/dotnet/Inputs/ProviderAuthLoginKerberosArgs.cs b/sdk/dotnet/Inputs/ProviderAuthLoginKerberosArgs.cs
@@ -39,6 +39,9 @@ public sealed class ProviderAuthLoginKerberosArgs : global::Pulumi.ResourceArgs
         [Input("token")]
         public Input<string>? Token { get; set; }
 
+        [Input("useRootNamespace")]
+        public Input<bool>? UseRootNamespace { get; set; }
+
         [Input("username")]
         public Input<string>? Username { get; set; }
 

diff --git a/sdk/dotnet/Inputs/ProviderAuthLoginOciArgs.cs b/sdk/dotnet/Inputs/ProviderAuthLoginOciArgs.cs
@@ -24,6 +24,9 @@ public sealed class ProviderAuthLoginOciArgs : global::Pulumi.ResourceArgs
         [Input("role", required: true)]
         public Input<string> Role { get; set; } = null!;
 
+        [Input("useRootNamespace")]
+        public Input<bool>? UseRootNamespace { get; set; }
+
         public ProviderAuthLoginOciArgs()
         {
         }

diff --git a/sdk/dotnet/Inputs/ProviderAuthLoginOidcArgs.cs b/sdk/dotnet/Inputs/ProviderAuthLoginOidcArgs.cs
@@ -27,6 +27,9 @@ public sealed class ProviderAuthLoginOidcArgs : global::Pulumi.ResourceArgs
         [Input("role", required: true)]
         public Input<string> Role { get; set; } = null!;
 
+        [Input("useRootNamespace")]
+        public Input<bool>? UseRootNamespace { get; set; }
+
         public ProviderAuthLoginOidcArgs()
         {
         }