vault.pkiSecret.BackendConfigEst
Explore with Pulumi AI
Allows setting the EST configuration on a PKI Secret Backend
Create BackendConfigEst Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new BackendConfigEst(name: string, args: BackendConfigEstArgs, opts?: CustomResourceOptions);
@overload
def BackendConfigEst(resource_name: str,
args: BackendConfigEstArgs,
opts: Optional[ResourceOptions] = None)
@overload
def BackendConfigEst(resource_name: str,
opts: Optional[ResourceOptions] = None,
backend: Optional[str] = None,
audit_fields: Optional[Sequence[str]] = None,
authenticators: Optional[_pkisecret.BackendConfigEstAuthenticatorsArgs] = None,
default_mount: Optional[bool] = None,
default_path_policy: Optional[str] = None,
enable_sentinel_parsing: Optional[bool] = None,
enabled: Optional[bool] = None,
label_to_path_policy: Optional[Mapping[str, str]] = None,
namespace: Optional[str] = None)
func NewBackendConfigEst(ctx *Context, name string, args BackendConfigEstArgs, opts ...ResourceOption) (*BackendConfigEst, error)
public BackendConfigEst(string name, BackendConfigEstArgs args, CustomResourceOptions? opts = null)
public BackendConfigEst(String name, BackendConfigEstArgs args)
public BackendConfigEst(String name, BackendConfigEstArgs args, CustomResourceOptions options)
type: vault:pkiSecret:BackendConfigEst
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args BackendConfigEstArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args BackendConfigEstArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args BackendConfigEstArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args BackendConfigEstArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args BackendConfigEstArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var backendConfigEstResource = new Vault.PkiSecret.BackendConfigEst("backendConfigEstResource", new()
{
Backend = "string",
AuditFields = new[]
{
"string",
},
Authenticators = new Vault.PkiSecret.Inputs.BackendConfigEstAuthenticatorsArgs
{
Cert =
{
{ "string", "string" },
},
Userpass =
{
{ "string", "string" },
},
},
DefaultMount = false,
DefaultPathPolicy = "string",
EnableSentinelParsing = false,
Enabled = false,
LabelToPathPolicy =
{
{ "string", "string" },
},
Namespace = "string",
});
example, err := pkiSecret.NewBackendConfigEst(ctx, "backendConfigEstResource", &pkiSecret.BackendConfigEstArgs{
Backend: pulumi.String("string"),
AuditFields: pulumi.StringArray{
pulumi.String("string"),
},
Authenticators: &pkisecret.BackendConfigEstAuthenticatorsArgs{
Cert: pulumi.StringMap{
"string": pulumi.String("string"),
},
Userpass: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
DefaultMount: pulumi.Bool(false),
DefaultPathPolicy: pulumi.String("string"),
EnableSentinelParsing: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
LabelToPathPolicy: pulumi.StringMap{
"string": pulumi.String("string"),
},
Namespace: pulumi.String("string"),
})
var backendConfigEstResource = new BackendConfigEst("backendConfigEstResource", BackendConfigEstArgs.builder()
.backend("string")
.auditFields("string")
.authenticators(BackendConfigEstAuthenticatorsArgs.builder()
.cert(Map.of("string", "string"))
.userpass(Map.of("string", "string"))
.build())
.defaultMount(false)
.defaultPathPolicy("string")
.enableSentinelParsing(false)
.enabled(false)
.labelToPathPolicy(Map.of("string", "string"))
.namespace("string")
.build());
backend_config_est_resource = vault.pki_secret.BackendConfigEst("backendConfigEstResource",
backend="string",
audit_fields=["string"],
authenticators={
"cert": {
"string": "string",
},
"userpass": {
"string": "string",
},
},
default_mount=False,
default_path_policy="string",
enable_sentinel_parsing=False,
enabled=False,
label_to_path_policy={
"string": "string",
},
namespace="string")
const backendConfigEstResource = new vault.pkisecret.BackendConfigEst("backendConfigEstResource", {
backend: "string",
auditFields: ["string"],
authenticators: {
cert: {
string: "string",
},
userpass: {
string: "string",
},
},
defaultMount: false,
defaultPathPolicy: "string",
enableSentinelParsing: false,
enabled: false,
labelToPathPolicy: {
string: "string",
},
namespace: "string",
});
type: vault:pkiSecret:BackendConfigEst
properties:
auditFields:
- string
authenticators:
cert:
string: string
userpass:
string: string
backend: string
defaultMount: false
defaultPathPolicy: string
enableSentinelParsing: false
enabled: false
labelToPathPolicy:
string: string
namespace: string
BackendConfigEst Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The BackendConfigEst resource accepts the following input properties:
- Backend string
- The path to the PKI secret backend to
read the EST configuration from, with no leading or trailing
/
s. - Audit
Fields List<string> Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
- Authenticators
Backend
Config Est Authenticators - Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
- Default
Mount bool - If set, this mount will register the default
.well-known/est
URL path. Only a single mount can enable this across a Vault cluster. - Default
Path stringPolicy - Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
- Enable
Sentinel boolParsing - If set, parse out fields from the provided CSR making them available for Sentinel policies.
- Enabled bool
- Specifies whether EST is enabled.
- Label
To Dictionary<string, string>Path Policy - Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
- Namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.
- Backend string
- The path to the PKI secret backend to
read the EST configuration from, with no leading or trailing
/
s. - Audit
Fields []string Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
- Authenticators
Backend
Config Est Authenticators Args - Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
- Default
Mount bool - If set, this mount will register the default
.well-known/est
URL path. Only a single mount can enable this across a Vault cluster. - Default
Path stringPolicy - Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
- Enable
Sentinel boolParsing - If set, parse out fields from the provided CSR making them available for Sentinel policies.
- Enabled bool
- Specifies whether EST is enabled.
- Label
To map[string]stringPath Policy - Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
- Namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.
- backend String
- The path to the PKI secret backend to
read the EST configuration from, with no leading or trailing
/
s. - audit
Fields List<String> Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
- authenticators
Backend
Config Est Authenticators - Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
- default
Mount Boolean - If set, this mount will register the default
.well-known/est
URL path. Only a single mount can enable this across a Vault cluster. - default
Path StringPolicy - Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
- enable
Sentinel BooleanParsing - If set, parse out fields from the provided CSR making them available for Sentinel policies.
- enabled Boolean
- Specifies whether EST is enabled.
- label
To Map<String,String>Path Policy - Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
- namespace String
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.
- backend string
- The path to the PKI secret backend to
read the EST configuration from, with no leading or trailing
/
s. - audit
Fields string[] Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
- authenticators
Backend
Config Est Authenticators - Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
- default
Mount boolean - If set, this mount will register the default
.well-known/est
URL path. Only a single mount can enable this across a Vault cluster. - default
Path stringPolicy - Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
- enable
Sentinel booleanParsing - If set, parse out fields from the provided CSR making them available for Sentinel policies.
- enabled boolean
- Specifies whether EST is enabled.
- label
To {[key: string]: string}Path Policy - Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
- namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.
- backend str
- The path to the PKI secret backend to
read the EST configuration from, with no leading or trailing
/
s. - audit_
fields Sequence[str] Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
- authenticators
pkisecret.
Backend Config Est Authenticators Args - Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
- default_
mount bool - If set, this mount will register the default
.well-known/est
URL path. Only a single mount can enable this across a Vault cluster. - default_
path_ strpolicy - Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
- enable_
sentinel_ boolparsing - If set, parse out fields from the provided CSR making them available for Sentinel policies.
- enabled bool
- Specifies whether EST is enabled.
- label_
to_ Mapping[str, str]path_ policy - Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
- namespace str
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.
- backend String
- The path to the PKI secret backend to
read the EST configuration from, with no leading or trailing
/
s. - audit
Fields List<String> Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
- authenticators Property Map
- Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
- default
Mount Boolean - If set, this mount will register the default
.well-known/est
URL path. Only a single mount can enable this across a Vault cluster. - default
Path StringPolicy - Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
- enable
Sentinel BooleanParsing - If set, parse out fields from the provided CSR making them available for Sentinel policies.
- enabled Boolean
- Specifies whether EST is enabled.
- label
To Map<String>Path Policy - Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
- namespace String
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.
Outputs
All input properties are implicitly available as output properties. Additionally, the BackendConfigEst resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Updated string - A read-only timestamp representing the last time the configuration was updated.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Updated string - A read-only timestamp representing the last time the configuration was updated.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Updated String - A read-only timestamp representing the last time the configuration was updated.
- id string
- The provider-assigned unique ID for this managed resource.
- last
Updated string - A read-only timestamp representing the last time the configuration was updated.
- id str
- The provider-assigned unique ID for this managed resource.
- last_
updated str - A read-only timestamp representing the last time the configuration was updated.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Updated String - A read-only timestamp representing the last time the configuration was updated.
Look up Existing BackendConfigEst Resource
Get an existing BackendConfigEst resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: BackendConfigEstState, opts?: CustomResourceOptions): BackendConfigEst
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
audit_fields: Optional[Sequence[str]] = None,
authenticators: Optional[_pkisecret.BackendConfigEstAuthenticatorsArgs] = None,
backend: Optional[str] = None,
default_mount: Optional[bool] = None,
default_path_policy: Optional[str] = None,
enable_sentinel_parsing: Optional[bool] = None,
enabled: Optional[bool] = None,
label_to_path_policy: Optional[Mapping[str, str]] = None,
last_updated: Optional[str] = None,
namespace: Optional[str] = None) -> BackendConfigEst
func GetBackendConfigEst(ctx *Context, name string, id IDInput, state *BackendConfigEstState, opts ...ResourceOption) (*BackendConfigEst, error)
public static BackendConfigEst Get(string name, Input<string> id, BackendConfigEstState? state, CustomResourceOptions? opts = null)
public static BackendConfigEst get(String name, Output<String> id, BackendConfigEstState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Audit
Fields List<string> Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
- Authenticators
Backend
Config Est Authenticators - Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
- Backend string
- The path to the PKI secret backend to
read the EST configuration from, with no leading or trailing
/
s. - Default
Mount bool - If set, this mount will register the default
.well-known/est
URL path. Only a single mount can enable this across a Vault cluster. - Default
Path stringPolicy - Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
- Enable
Sentinel boolParsing - If set, parse out fields from the provided CSR making them available for Sentinel policies.
- Enabled bool
- Specifies whether EST is enabled.
- Label
To Dictionary<string, string>Path Policy - Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
- Last
Updated string - A read-only timestamp representing the last time the configuration was updated.
- Namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.
- Audit
Fields []string Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
- Authenticators
Backend
Config Est Authenticators Args - Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
- Backend string
- The path to the PKI secret backend to
read the EST configuration from, with no leading or trailing
/
s. - Default
Mount bool - If set, this mount will register the default
.well-known/est
URL path. Only a single mount can enable this across a Vault cluster. - Default
Path stringPolicy - Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
- Enable
Sentinel boolParsing - If set, parse out fields from the provided CSR making them available for Sentinel policies.
- Enabled bool
- Specifies whether EST is enabled.
- Label
To map[string]stringPath Policy - Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
- Last
Updated string - A read-only timestamp representing the last time the configuration was updated.
- Namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.
- audit
Fields List<String> Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
- authenticators
Backend
Config Est Authenticators - Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
- backend String
- The path to the PKI secret backend to
read the EST configuration from, with no leading or trailing
/
s. - default
Mount Boolean - If set, this mount will register the default
.well-known/est
URL path. Only a single mount can enable this across a Vault cluster. - default
Path StringPolicy - Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
- enable
Sentinel BooleanParsing - If set, parse out fields from the provided CSR making them available for Sentinel policies.
- enabled Boolean
- Specifies whether EST is enabled.
- label
To Map<String,String>Path Policy - Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
- last
Updated String - A read-only timestamp representing the last time the configuration was updated.
- namespace String
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.
- audit
Fields string[] Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
- authenticators
Backend
Config Est Authenticators - Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
- backend string
- The path to the PKI secret backend to
read the EST configuration from, with no leading or trailing
/
s. - default
Mount boolean - If set, this mount will register the default
.well-known/est
URL path. Only a single mount can enable this across a Vault cluster. - default
Path stringPolicy - Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
- enable
Sentinel booleanParsing - If set, parse out fields from the provided CSR making them available for Sentinel policies.
- enabled boolean
- Specifies whether EST is enabled.
- label
To {[key: string]: string}Path Policy - Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
- last
Updated string - A read-only timestamp representing the last time the configuration was updated.
- namespace string
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.
- audit_
fields Sequence[str] Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
- authenticators
pkisecret.
Backend Config Est Authenticators Args - Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
- backend str
- The path to the PKI secret backend to
read the EST configuration from, with no leading or trailing
/
s. - default_
mount bool - If set, this mount will register the default
.well-known/est
URL path. Only a single mount can enable this across a Vault cluster. - default_
path_ strpolicy - Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
- enable_
sentinel_ boolparsing - If set, parse out fields from the provided CSR making them available for Sentinel policies.
- enabled bool
- Specifies whether EST is enabled.
- label_
to_ Mapping[str, str]path_ policy - Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
- last_
updated str - A read-only timestamp representing the last time the configuration was updated.
- namespace str
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.
- audit
Fields List<String> Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
- authenticators Property Map
- Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
- backend String
- The path to the PKI secret backend to
read the EST configuration from, with no leading or trailing
/
s. - default
Mount Boolean - If set, this mount will register the default
.well-known/est
URL path. Only a single mount can enable this across a Vault cluster. - default
Path StringPolicy - Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
- enable
Sentinel BooleanParsing - If set, parse out fields from the provided CSR making them available for Sentinel policies.
- enabled Boolean
- Specifies whether EST is enabled.
- label
To Map<String>Path Policy - Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
- last
Updated String - A read-only timestamp representing the last time the configuration was updated.
- namespace String
- The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.
Supporting Types
BackendConfigEstAuthenticators, BackendConfigEstAuthenticatorsArgs
Import
The PKI config cluster can be imported using the resource’s id
.
In the case of the example above the id
would be pki-root/config/est
,
where the pki-root
component is the resource’s backend
, e.g.
$ pulumi import vault:pkiSecret/backendConfigEst:BackendConfigEst example pki-root/config/est
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vault
Terraform Provider.