1. Packages
  2. Pulumi Vault Provider
  3. API Docs
  4. pkiSecret
  5. getBackendConfigEst
HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi

vault.pkiSecret.getBackendConfigEst

Explore with Pulumi AI

vault logo
HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const pki = new vault.Mount("pki", {
        path: "pki",
        type: "pki",
        description: "PKI secret engine mount",
    });
    const estConfig = vault.pkiSecret.getBackendConfigEstOutput({
        backend: pki.path,
    });
    
    import pulumi
    import pulumi_vault as vault
    
    pki = vault.Mount("pki",
        path="pki",
        type="pki",
        description="PKI secret engine mount")
    est_config = vault.pkiSecret.get_backend_config_est_output(backend=pki.path)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/pkiSecret"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		pki, err := vault.NewMount(ctx, "pki", &vault.MountArgs{
    			Path:        pulumi.String("pki"),
    			Type:        pulumi.String("pki"),
    			Description: pulumi.String("PKI secret engine mount"),
    		})
    		if err != nil {
    			return err
    		}
    		_ = pkiSecret.GetBackendConfigEstOutput(ctx, pkisecret.GetBackendConfigEstOutputArgs{
    			Backend: pki.Path,
    		}, nil)
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var pki = new Vault.Mount("pki", new()
        {
            Path = "pki",
            Type = "pki",
            Description = "PKI secret engine mount",
        });
    
        var estConfig = Vault.PkiSecret.GetBackendConfigEst.Invoke(new()
        {
            Backend = pki.Path,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.Mount;
    import com.pulumi.vault.MountArgs;
    import com.pulumi.vault.pkiSecret.PkiSecretFunctions;
    import com.pulumi.vault.pkiSecret.inputs.GetBackendConfigEstArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var pki = new Mount("pki", MountArgs.builder()
                .path("pki")
                .type("pki")
                .description("PKI secret engine mount")
                .build());
    
            final var estConfig = PkiSecretFunctions.getBackendConfigEst(GetBackendConfigEstArgs.builder()
                .backend(pki.path())
                .build());
    
        }
    }
    
    resources:
      pki:
        type: vault:Mount
        properties:
          path: pki
          type: pki
          description: PKI secret engine mount
    variables:
      estConfig:
        fn::invoke:
          Function: vault:pkiSecret:getBackendConfigEst
          Arguments:
            backend: ${pki.path}
    

    Using getBackendConfigEst

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getBackendConfigEst(args: GetBackendConfigEstArgs, opts?: InvokeOptions): Promise<GetBackendConfigEstResult>
    function getBackendConfigEstOutput(args: GetBackendConfigEstOutputArgs, opts?: InvokeOptions): Output<GetBackendConfigEstResult>
    def get_backend_config_est(backend: Optional[str] = None,
                               namespace: Optional[str] = None,
                               opts: Optional[InvokeOptions] = None) -> GetBackendConfigEstResult
    def get_backend_config_est_output(backend: Optional[pulumi.Input[str]] = None,
                               namespace: Optional[pulumi.Input[str]] = None,
                               opts: Optional[InvokeOptions] = None) -> Output[GetBackendConfigEstResult]
    func GetBackendConfigEst(ctx *Context, args *GetBackendConfigEstArgs, opts ...InvokeOption) (*GetBackendConfigEstResult, error)
    func GetBackendConfigEstOutput(ctx *Context, args *GetBackendConfigEstOutputArgs, opts ...InvokeOption) GetBackendConfigEstResultOutput

    > Note: This function is named GetBackendConfigEst in the Go SDK.

    public static class GetBackendConfigEst 
    {
        public static Task<GetBackendConfigEstResult> InvokeAsync(GetBackendConfigEstArgs args, InvokeOptions? opts = null)
        public static Output<GetBackendConfigEstResult> Invoke(GetBackendConfigEstInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetBackendConfigEstResult> getBackendConfigEst(GetBackendConfigEstArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: vault:pkiSecret/getBackendConfigEst:getBackendConfigEst
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Backend string
    The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Backend string
    The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    backend String
    The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    backend string
    The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.
    namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    backend str
    The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.
    namespace str
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    backend String
    The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    getBackendConfigEst Result

    The following output properties are available:

    AuditFields List<string>
    Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
    Authenticators List<GetBackendConfigEstAuthenticator>
    Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
    Backend string
    DefaultMount bool
    If set, this mount is registered as the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.
    DefaultPathPolicy string
    Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
    EnableSentinelParsing bool
    If set, parse out fields from the provided CSR making them available for Sentinel policies.
    Enabled bool
    Specifies whether EST is enabled.
    Id string
    The provider-assigned unique ID for this managed resource.
    LabelToPathPolicy Dictionary<string, string>
    A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
    LastUpdated string
    A read-only timestamp representing the last time the configuration was updated.
    Namespace string
    AuditFields []string
    Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
    Authenticators []GetBackendConfigEstAuthenticator
    Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
    Backend string
    DefaultMount bool
    If set, this mount is registered as the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.
    DefaultPathPolicy string
    Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
    EnableSentinelParsing bool
    If set, parse out fields from the provided CSR making them available for Sentinel policies.
    Enabled bool
    Specifies whether EST is enabled.
    Id string
    The provider-assigned unique ID for this managed resource.
    LabelToPathPolicy map[string]string
    A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
    LastUpdated string
    A read-only timestamp representing the last time the configuration was updated.
    Namespace string
    auditFields List<String>
    Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
    authenticators List<GetBackendConfigEstAuthenticator>
    Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
    backend String
    defaultMount Boolean
    If set, this mount is registered as the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.
    defaultPathPolicy String
    Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
    enableSentinelParsing Boolean
    If set, parse out fields from the provided CSR making them available for Sentinel policies.
    enabled Boolean
    Specifies whether EST is enabled.
    id String
    The provider-assigned unique ID for this managed resource.
    labelToPathPolicy Map<String,String>
    A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
    lastUpdated String
    A read-only timestamp representing the last time the configuration was updated.
    namespace String
    auditFields string[]
    Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
    authenticators GetBackendConfigEstAuthenticator[]
    Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
    backend string
    defaultMount boolean
    If set, this mount is registered as the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.
    defaultPathPolicy string
    Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
    enableSentinelParsing boolean
    If set, parse out fields from the provided CSR making them available for Sentinel policies.
    enabled boolean
    Specifies whether EST is enabled.
    id string
    The provider-assigned unique ID for this managed resource.
    labelToPathPolicy {[key: string]: string}
    A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
    lastUpdated string
    A read-only timestamp representing the last time the configuration was updated.
    namespace string
    audit_fields Sequence[str]
    Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
    authenticators Sequence[pkisecret.GetBackendConfigEstAuthenticator]
    Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
    backend str
    default_mount bool
    If set, this mount is registered as the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.
    default_path_policy str
    Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
    enable_sentinel_parsing bool
    If set, parse out fields from the provided CSR making them available for Sentinel policies.
    enabled bool
    Specifies whether EST is enabled.
    id str
    The provider-assigned unique ID for this managed resource.
    label_to_path_policy Mapping[str, str]
    A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
    last_updated str
    A read-only timestamp representing the last time the configuration was updated.
    namespace str
    auditFields List<String>
    Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
    authenticators List<Property Map>
    Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
    backend String
    defaultMount Boolean
    If set, this mount is registered as the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.
    defaultPathPolicy String
    Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
    enableSentinelParsing Boolean
    If set, parse out fields from the provided CSR making them available for Sentinel policies.
    enabled Boolean
    Specifies whether EST is enabled.
    id String
    The provider-assigned unique ID for this managed resource.
    labelToPathPolicy Map<String>
    A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
    lastUpdated String
    A read-only timestamp representing the last time the configuration was updated.
    namespace String

    Supporting Types

    GetBackendConfigEstAuthenticator

    Cert Dictionary<string, string>
    "The accessor and cert_role properties for cert auth backends".
    Userpass Dictionary<string, string>
    "The accessor property for user pass auth backends".
    Cert map[string]string
    "The accessor and cert_role properties for cert auth backends".
    Userpass map[string]string
    "The accessor property for user pass auth backends".
    cert Map<String,String>
    "The accessor and cert_role properties for cert auth backends".
    userpass Map<String,String>
    "The accessor property for user pass auth backends".
    cert {[key: string]: string}
    "The accessor and cert_role properties for cert auth backends".
    userpass {[key: string]: string}
    "The accessor property for user pass auth backends".
    cert Mapping[str, str]
    "The accessor and cert_role properties for cert auth backends".
    userpass Mapping[str, str]
    "The accessor property for user pass auth backends".
    cert Map<String>
    "The accessor and cert_role properties for cert auth backends".
    userpass Map<String>
    "The accessor property for user pass auth backends".

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi