HashiCorp Vault v6.3.0, Aug 8 24

HashiCorp Vault v6.3.0 published on Thursday, Aug 8, 2024 by Pulumi

vault.pkiSecret.BackendConfigEst

Explore with Pulumi AI

HashiCorp Vault v6.3.0 published on Thursday, Aug 8, 2024 by Pulumi

Create BackendConfigEst Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new BackendConfigEst(name: string, args: BackendConfigEstArgs, opts?: CustomResourceOptions);

@overload
def BackendConfigEst(resource_name: str,
                     args: BackendConfigEstArgs,
                     opts: Optional[ResourceOptions] = None)

@overload
def BackendConfigEst(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     backend: Optional[str] = None,
                     audit_fields: Optional[Sequence[str]] = None,
                     authenticators: Optional[_pkisecret.BackendConfigEstAuthenticatorsArgs] = None,
                     default_mount: Optional[bool] = None,
                     default_path_policy: Optional[str] = None,
                     enable_sentinel_parsing: Optional[bool] = None,
                     enabled: Optional[bool] = None,
                     label_to_path_policy: Optional[Mapping[str, Any]] = None,
                     namespace: Optional[str] = None)

func NewBackendConfigEst(ctx *Context, name string, args BackendConfigEstArgs, opts ...ResourceOption) (*BackendConfigEst, error)

public BackendConfigEst(string name, BackendConfigEstArgs args, CustomResourceOptions? opts = null)

public BackendConfigEst(String name, BackendConfigEstArgs args)
public BackendConfigEst(String name, BackendConfigEstArgs args, CustomResourceOptions options)

type: vault:pkiSecret:BackendConfigEst
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args BackendConfigEstArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args BackendConfigEstArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args BackendConfigEstArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args BackendConfigEstArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args BackendConfigEstArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var backendConfigEstResource = new Vault.PkiSecret.BackendConfigEst("backendConfigEstResource", new()
{
    Backend = "string",
    AuditFields = new[]
    {
        "string",
    },
    Authenticators = new Vault.PkiSecret.Inputs.BackendConfigEstAuthenticatorsArgs
    {
        Cert = 
        {
            { "string", "any" },
        },
        Userpass = 
        {
            { "string", "any" },
        },
    },
    DefaultMount = false,
    DefaultPathPolicy = "string",
    EnableSentinelParsing = false,
    Enabled = false,
    LabelToPathPolicy = 
    {
        { "string", "any" },
    },
    Namespace = "string",
});

example, err := pkiSecret.NewBackendConfigEst(ctx, "backendConfigEstResource", &pkiSecret.BackendConfigEstArgs{
	Backend: pulumi.String("string"),
	AuditFields: pulumi.StringArray{
		pulumi.String("string"),
	},
	Authenticators: &pkisecret.BackendConfigEstAuthenticatorsArgs{
		Cert: pulumi.Map{
			"string": pulumi.Any("any"),
		},
		Userpass: pulumi.Map{
			"string": pulumi.Any("any"),
		},
	},
	DefaultMount:          pulumi.Bool(false),
	DefaultPathPolicy:     pulumi.String("string"),
	EnableSentinelParsing: pulumi.Bool(false),
	Enabled:               pulumi.Bool(false),
	LabelToPathPolicy: pulumi.Map{
		"string": pulumi.Any("any"),
	},
	Namespace: pulumi.String("string"),
})

var backendConfigEstResource = new BackendConfigEst("backendConfigEstResource", BackendConfigEstArgs.builder()
    .backend("string")
    .auditFields("string")
    .authenticators(BackendConfigEstAuthenticatorsArgs.builder()
        .cert(Map.of("string", "any"))
        .userpass(Map.of("string", "any"))
        .build())
    .defaultMount(false)
    .defaultPathPolicy("string")
    .enableSentinelParsing(false)
    .enabled(false)
    .labelToPathPolicy(Map.of("string", "any"))
    .namespace("string")
    .build());

backend_config_est_resource = vault.pki_secret.BackendConfigEst("backendConfigEstResource",
    backend="string",
    audit_fields=["string"],
    authenticators=vault.pki_secret.BackendConfigEstAuthenticatorsArgs(
        cert={
            "string": "any",
        },
        userpass={
            "string": "any",
        },
    ),
    default_mount=False,
    default_path_policy="string",
    enable_sentinel_parsing=False,
    enabled=False,
    label_to_path_policy={
        "string": "any",
    },
    namespace="string")

const backendConfigEstResource = new vault.pkisecret.BackendConfigEst("backendConfigEstResource", {
    backend: "string",
    auditFields: ["string"],
    authenticators: {
        cert: {
            string: "any",
        },
        userpass: {
            string: "any",
        },
    },
    defaultMount: false,
    defaultPathPolicy: "string",
    enableSentinelParsing: false,
    enabled: false,
    labelToPathPolicy: {
        string: "any",
    },
    namespace: "string",
});

type: vault:pkiSecret:BackendConfigEst
properties:
    auditFields:
        - string
    authenticators:
        cert:
            string: any
        userpass:
            string: any
    backend: string
    defaultMount: false
    defaultPathPolicy: string
    enableSentinelParsing: false
    enabled: false
    labelToPathPolicy:
        string: any
    namespace: string

BackendConfigEst Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The BackendConfigEst resource accepts the following input properties:

Backend string

The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.

AuditFields List<string>

Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

Authenticators BackendConfigEstAuthenticators

Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).

DefaultMount bool

If set, this mount will register the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.

DefaultPathPolicy string

Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.

EnableSentinelParsing bool

If set, parse out fields from the provided CSR making them available for Sentinel policies.

Enabled bool

Specifies whether EST is enabled.

LabelToPathPolicy Dictionary<string, object>

Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.

Namespace string

The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

Backend string

The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.

AuditFields []string

Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

Authenticators BackendConfigEstAuthenticatorsArgs

Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).

DefaultMount bool

If set, this mount will register the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.

DefaultPathPolicy string

Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.

EnableSentinelParsing bool

If set, parse out fields from the provided CSR making them available for Sentinel policies.

Enabled bool

Specifies whether EST is enabled.

LabelToPathPolicy map[string]interface{}

Namespace string

backend String

The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.

auditFields List<String>

Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

authenticators BackendConfigEstAuthenticators

Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).

defaultMount Boolean

If set, this mount will register the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.

defaultPathPolicy String

Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.

enableSentinelParsing Boolean

If set, parse out fields from the provided CSR making them available for Sentinel policies.

enabled Boolean

Specifies whether EST is enabled.

labelToPathPolicy Map<String,Object>

namespace String

backend string

The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.

auditFields string[]

Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

authenticators BackendConfigEstAuthenticators

Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).

defaultMount boolean

If set, this mount will register the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.

defaultPathPolicy string

Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.

enableSentinelParsing boolean

If set, parse out fields from the provided CSR making them available for Sentinel policies.

enabled boolean

Specifies whether EST is enabled.

labelToPathPolicy {[key: string]: any}

namespace string

backend str

The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.

audit_fields Sequence[str]

Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

authenticators pkisecret.BackendConfigEstAuthenticatorsArgs

Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).

default_mount bool

If set, this mount will register the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.

default_path_policy str

Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.

enable_sentinel_parsing bool

If set, parse out fields from the provided CSR making them available for Sentinel policies.

enabled bool

Specifies whether EST is enabled.

label_to_path_policy Mapping[str, Any]

namespace str

backend String

The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.

auditFields List<String>

Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

authenticators Property Map

Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).

defaultMount Boolean

If set, this mount will register the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.

defaultPathPolicy String

Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.

enableSentinelParsing Boolean

If set, parse out fields from the provided CSR making them available for Sentinel policies.

enabled Boolean

Specifies whether EST is enabled.

labelToPathPolicy Map<Any>

namespace String

Outputs

All input properties are implicitly available as output properties. Additionally, the BackendConfigEst resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
LastUpdated string: A read-only timestamp representing the last time the configuration was updated.

Id string: The provider-assigned unique ID for this managed resource.
LastUpdated string: A read-only timestamp representing the last time the configuration was updated.

id String: The provider-assigned unique ID for this managed resource.
lastUpdated String: A read-only timestamp representing the last time the configuration was updated.

id string: The provider-assigned unique ID for this managed resource.
lastUpdated string: A read-only timestamp representing the last time the configuration was updated.

id str: The provider-assigned unique ID for this managed resource.
last_updated str: A read-only timestamp representing the last time the configuration was updated.

id String: The provider-assigned unique ID for this managed resource.
lastUpdated String: A read-only timestamp representing the last time the configuration was updated.

Look up Existing BackendConfigEst Resource

Get an existing BackendConfigEst resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: BackendConfigEstState, opts?: CustomResourceOptions): BackendConfigEst

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        audit_fields: Optional[Sequence[str]] = None,
        authenticators: Optional[_pkisecret.BackendConfigEstAuthenticatorsArgs] = None,
        backend: Optional[str] = None,
        default_mount: Optional[bool] = None,
        default_path_policy: Optional[str] = None,
        enable_sentinel_parsing: Optional[bool] = None,
        enabled: Optional[bool] = None,
        label_to_path_policy: Optional[Mapping[str, Any]] = None,
        last_updated: Optional[str] = None,
        namespace: Optional[str] = None) -> BackendConfigEst

func GetBackendConfigEst(ctx *Context, name string, id IDInput, state *BackendConfigEstState, opts ...ResourceOption) (*BackendConfigEst, error)

public static BackendConfigEst Get(string name, Input<string> id, BackendConfigEstState? state, CustomResourceOptions? opts = null)

public static BackendConfigEst get(String name, Output<String> id, BackendConfigEstState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AuditFields List<string>

Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

Authenticators BackendConfigEstAuthenticators

Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).

Backend string

The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.

DefaultMount bool

If set, this mount will register the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.

DefaultPathPolicy string

Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.

EnableSentinelParsing bool

If set, parse out fields from the provided CSR making them available for Sentinel policies.

Enabled bool

Specifies whether EST is enabled.

LabelToPathPolicy Dictionary<string, object>

LastUpdated string

A read-only timestamp representing the last time the configuration was updated.

Namespace string

AuditFields []string

Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

Authenticators BackendConfigEstAuthenticatorsArgs

Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).

Backend string

The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.

DefaultMount bool

If set, this mount will register the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.

DefaultPathPolicy string

Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.

EnableSentinelParsing bool

If set, parse out fields from the provided CSR making them available for Sentinel policies.

Enabled bool

Specifies whether EST is enabled.

LabelToPathPolicy map[string]interface{}

LastUpdated string

A read-only timestamp representing the last time the configuration was updated.

Namespace string

auditFields List<String>

Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

authenticators BackendConfigEstAuthenticators

Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).

backend String

The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.

defaultMount Boolean

If set, this mount will register the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.

defaultPathPolicy String

Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.

enableSentinelParsing Boolean

If set, parse out fields from the provided CSR making them available for Sentinel policies.

enabled Boolean

Specifies whether EST is enabled.

labelToPathPolicy Map<String,Object>

lastUpdated String

A read-only timestamp representing the last time the configuration was updated.

namespace String

auditFields string[]

Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

authenticators BackendConfigEstAuthenticators

Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).

backend string

The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.

defaultMount boolean

If set, this mount will register the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.

defaultPathPolicy string

Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.

enableSentinelParsing boolean

If set, parse out fields from the provided CSR making them available for Sentinel policies.

enabled boolean

Specifies whether EST is enabled.

labelToPathPolicy {[key: string]: any}

lastUpdated string

A read-only timestamp representing the last time the configuration was updated.

namespace string

audit_fields Sequence[str]

Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

authenticators pkisecret.BackendConfigEstAuthenticatorsArgs

Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).

backend str

The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.

default_mount bool

If set, this mount will register the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.

default_path_policy str

Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.

enable_sentinel_parsing bool

If set, parse out fields from the provided CSR making them available for Sentinel policies.

enabled bool

Specifies whether EST is enabled.

label_to_path_policy Mapping[str, Any]

last_updated str

A read-only timestamp representing the last time the configuration was updated.

namespace str

auditFields List<String>

Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

authenticators Property Map

Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).

backend String

The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.

defaultMount Boolean

If set, this mount will register the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.

defaultPathPolicy String

Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.

enableSentinelParsing Boolean

If set, parse out fields from the provided CSR making them available for Sentinel policies.

enabled Boolean

Specifies whether EST is enabled.

labelToPathPolicy Map<Any>

lastUpdated String

A read-only timestamp representing the last time the configuration was updated.

namespace String

Supporting Types

BackendConfigEstAuthenticators, BackendConfigEstAuthenticatorsArgs

Cert Dictionary<string, object>: "The accessor (required) and cert_role (optional) properties for cert auth backends".
Userpass Dictionary<string, object>: "The accessor (required) property for user pass auth backends".

Cert map[string]interface{}: "The accessor (required) and cert_role (optional) properties for cert auth backends".
Userpass map[string]interface{}: "The accessor (required) property for user pass auth backends".

cert Map<String,Object>: "The accessor (required) and cert_role (optional) properties for cert auth backends".
userpass Map<String,Object>: "The accessor (required) property for user pass auth backends".

cert {[key: string]: any}: "The accessor (required) and cert_role (optional) properties for cert auth backends".
userpass {[key: string]: any}: "The accessor (required) property for user pass auth backends".

cert Mapping[str, Any]: "The accessor (required) and cert_role (optional) properties for cert auth backends".
userpass Mapping[str, Any]: "The accessor (required) property for user pass auth backends".

cert Map<Any>: "The accessor (required) and cert_role (optional) properties for cert auth backends".
userpass Map<Any>: "The accessor (required) property for user pass auth backends".

Import

The PKI config cluster can be imported using the resource’s id. In the case of the example above the id would be pki-root/config/est, where the pki-root component is the resource’s backend, e.g.

$ pulumi import vault:pkiSecret/backendConfigEst:BackendConfigEst example pki-root/config/est

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Vault pulumi/pulumi-vault
License: Apache-2.0
Notes: This Pulumi package is based on the vault Terraform Provider.

HashiCorp Vault v6.3.0 published on Thursday, Aug 8, 2024 by Pulumi

pulumi/pulumi-vault

vault.pkiSecret.BackendConfigEst

On this page

On this page

Create BackendConfigEst Resource

Constructor syntax

Parameters

Constructor example

BackendConfigEst Resource Properties

Inputs

Outputs

Look up Existing BackendConfigEst Resource

Supporting Types

BackendConfigEstAuthenticators, BackendConfigEstAuthenticatorsArgs

Import

Package Details

On this page

On this page