HashiCorp Vault v6.2.0, Jun 21 24

HashiCorp Vault v6.2.0 published on Friday, Jun 21, 2024 by Pulumi

vault.pkiSecret.getBackendConfigEst

Explore with Pulumi AI

HashiCorp Vault v6.2.0 published on Friday, Jun 21, 2024 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const pki = new vault.Mount("pki", {
    path: "pki",
    type: "pki",
    description: "PKI secret engine mount",
});
const estConfig = vault.pkiSecret.getBackendConfigEstOutput({
    backend: pki.path,
});

import pulumi
import pulumi_vault as vault

pki = vault.Mount("pki",
    path="pki",
    type="pki",
    description="PKI secret engine mount")
est_config = vault.pkiSecret.get_backend_config_est_output(backend=pki.path)

package main

import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/pkiSecret"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pki, err := vault.NewMount(ctx, "pki", &vault.MountArgs{
			Path:        pulumi.String("pki"),
			Type:        pulumi.String("pki"),
			Description: pulumi.String("PKI secret engine mount"),
		})
		if err != nil {
			return err
		}
		_ = pkiSecret.GetBackendConfigEstOutput(ctx, pkisecret.GetBackendConfigEstOutputArgs{
			Backend: pki.Path,
		}, nil)
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;

return await Deployment.RunAsync(() => 
{
    var pki = new Vault.Mount("pki", new()
    {
        Path = "pki",
        Type = "pki",
        Description = "PKI secret engine mount",
    });

    var estConfig = Vault.PkiSecret.GetBackendConfigEst.Invoke(new()
    {
        Backend = pki.Path,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.Mount;
import com.pulumi.vault.MountArgs;
import com.pulumi.vault.pkiSecret.PkiSecretFunctions;
import com.pulumi.vault.pkiSecret.inputs.GetBackendConfigEstArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var pki = new Mount("pki", MountArgs.builder()
            .path("pki")
            .type("pki")
            .description("PKI secret engine mount")
            .build());

        final var estConfig = PkiSecretFunctions.getBackendConfigEst(GetBackendConfigEstArgs.builder()
            .backend(pki.path())
            .build());

    }
}

resources:
  pki:
    type: vault:Mount
    properties:
      path: pki
      type: pki
      description: PKI secret engine mount
variables:
  estConfig:
    fn::invoke:
      Function: vault:pkiSecret:getBackendConfigEst
      Arguments:
        backend: ${pki.path}

Using getBackendConfigEst

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getBackendConfigEst(args: GetBackendConfigEstArgs, opts?: InvokeOptions): Promise<GetBackendConfigEstResult>
function getBackendConfigEstOutput(args: GetBackendConfigEstOutputArgs, opts?: InvokeOptions): Output<GetBackendConfigEstResult>

def get_backend_config_est(backend: Optional[str] = None,
                           namespace: Optional[str] = None,
                           opts: Optional[InvokeOptions] = None) -> GetBackendConfigEstResult
def get_backend_config_est_output(backend: Optional[pulumi.Input[str]] = None,
                           namespace: Optional[pulumi.Input[str]] = None,
                           opts: Optional[InvokeOptions] = None) -> Output[GetBackendConfigEstResult]

func GetBackendConfigEst(ctx *Context, args *GetBackendConfigEstArgs, opts ...InvokeOption) (*GetBackendConfigEstResult, error)
func GetBackendConfigEstOutput(ctx *Context, args *GetBackendConfigEstOutputArgs, opts ...InvokeOption) GetBackendConfigEstResultOutput

> Note: This function is named GetBackendConfigEst in the Go SDK.

public static class GetBackendConfigEst 
{
    public static Task<GetBackendConfigEstResult> InvokeAsync(GetBackendConfigEstArgs args, InvokeOptions? opts = null)
    public static Output<GetBackendConfigEstResult> Invoke(GetBackendConfigEstInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetBackendConfigEstResult> getBackendConfigEst(GetBackendConfigEstArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: vault:pkiSecret/getBackendConfigEst:getBackendConfigEst
  arguments:
    # arguments dictionary

The following arguments are supported:

Backend string: The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.
Namespace string: The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

Backend string: The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.
Namespace string: The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

backend String: The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.
namespace String: The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

backend string: The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.
namespace string: The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

backend str: The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.
namespace str: The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

backend String: The path to the PKI secret backend to read the EST configuration from, with no leading or trailing /s.
namespace String: The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

getBackendConfigEst Result

The following output properties are available:

AuditFields List<string>: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
Authenticators List<GetBackendConfigEstAuthenticator>: Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
Backend string
DefaultMount bool: If set, this mount is registered as the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.
DefaultPathPolicy string: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
EnableSentinelParsing bool: If set, parse out fields from the provided CSR making them available for Sentinel policies.
Enabled bool: Specifies whether EST is enabled.
Id string: The provider-assigned unique ID for this managed resource.
LabelToPathPolicy Dictionary<string, object>: A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
LastUpdated string: A read-only timestamp representing the last time the configuration was updated.
Namespace string

AuditFields []string: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
Authenticators []GetBackendConfigEstAuthenticator: Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
Backend string
DefaultMount bool: If set, this mount is registered as the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.
DefaultPathPolicy string: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
EnableSentinelParsing bool: If set, parse out fields from the provided CSR making them available for Sentinel policies.
Enabled bool: Specifies whether EST is enabled.
Id string: The provider-assigned unique ID for this managed resource.
LabelToPathPolicy map[string]interface{}: A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
LastUpdated string: A read-only timestamp representing the last time the configuration was updated.
Namespace string

auditFields List<String>: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
authenticators List<GetBackendConfigEstAuthenticator>: Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
backend String
defaultMount Boolean: If set, this mount is registered as the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.
defaultPathPolicy String: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
enableSentinelParsing Boolean: If set, parse out fields from the provided CSR making them available for Sentinel policies.
enabled Boolean: Specifies whether EST is enabled.
id String: The provider-assigned unique ID for this managed resource.
labelToPathPolicy Map<String,Object>: A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
lastUpdated String: A read-only timestamp representing the last time the configuration was updated.
namespace String

auditFields string[]: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
authenticators GetBackendConfigEstAuthenticator[]: Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
backend string
defaultMount boolean: If set, this mount is registered as the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.
defaultPathPolicy string: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
enableSentinelParsing boolean: If set, parse out fields from the provided CSR making them available for Sentinel policies.
enabled boolean: Specifies whether EST is enabled.
id string: The provider-assigned unique ID for this managed resource.
labelToPathPolicy {[key: string]: any}: A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
lastUpdated string: A read-only timestamp representing the last time the configuration was updated.
namespace string

audit_fields Sequence[str]: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
authenticators Sequence[pkisecret.GetBackendConfigEstAuthenticator]: Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
backend str
default_mount bool: If set, this mount is registered as the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.
default_path_policy str: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
enable_sentinel_parsing bool: If set, parse out fields from the provided CSR making them available for Sentinel policies.
enabled bool: Specifies whether EST is enabled.
id str: The provider-assigned unique ID for this managed resource.
label_to_path_policy Mapping[str, Any]: A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
last_updated str: A read-only timestamp representing the last time the configuration was updated.
namespace str

auditFields List<String>: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
authenticators List<Property Map>: Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).
backend String
defaultMount Boolean: If set, this mount is registered as the default .well-known/est URL path. Only a single mount can enable this across a Vault cluster.
defaultPathPolicy String: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
enableSentinelParsing Boolean: If set, parse out fields from the provided CSR making them available for Sentinel policies.
enabled Boolean: Specifies whether EST is enabled.
id String: The provider-assigned unique ID for this managed resource.
labelToPathPolicy Map<Any>: A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/ URL paths.
lastUpdated String: A read-only timestamp representing the last time the configuration was updated.
namespace String

Supporting Types

GetBackendConfigEstAuthenticator

Cert Dictionary<string, object>: "The accessor and cert_role properties for cert auth backends".
Userpass Dictionary<string, object>: "The accessor property for user pass auth backends".

Cert map[string]interface{}: "The accessor and cert_role properties for cert auth backends".
Userpass map[string]interface{}: "The accessor property for user pass auth backends".

cert Map<String,Object>: "The accessor and cert_role properties for cert auth backends".
userpass Map<String,Object>: "The accessor property for user pass auth backends".

cert {[key: string]: any}: "The accessor and cert_role properties for cert auth backends".
userpass {[key: string]: any}: "The accessor property for user pass auth backends".

cert Mapping[str, Any]: "The accessor and cert_role properties for cert auth backends".
userpass Mapping[str, Any]: "The accessor property for user pass auth backends".

cert Map<Any>: "The accessor and cert_role properties for cert auth backends".
userpass Map<Any>: "The accessor property for user pass auth backends".

Package Details

Repository: Vault pulumi/pulumi-vault
License: Apache-2.0
Notes: This Pulumi package is based on the vault Terraform Provider.

HashiCorp Vault v6.2.0 published on Friday, Jun 21, 2024 by Pulumi

pulumi/pulumi-vault

vault.pkiSecret.getBackendConfigEst

On this page

On this page

Example Usage

Using getBackendConfigEst

getBackendConfigEst Result

Supporting Types

GetBackendConfigEstAuthenticator

Package Details

On this page

On this page