diff --git a/patches/0001-dummy-for-module-resolution.patch b/patches/0001-dummy-for-module-resolution.patch new file mode 100644 index 000000000..837fd1aba --- /dev/null +++ b/patches/0001-dummy-for-module-resolution.patch @@ -0,0 +1 @@ +This patch is intentionally empty so we can use the `upstream` submodule for dependency resolution, since the upstream provider does not follow Go module versioning standards. \ No newline at end of file diff --git a/patches/0001-fork.patch b/patches/0001-fork.patch deleted file mode 100644 index a8c948363..000000000 --- a/patches/0001-fork.patch +++ /dev/null @@ -1,2043 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Ian Wahbe -Date: Fri, 15 Dec 2023 13:32:07 -0800 -Subject: [PATCH 1/2] fork - - -diff --git a/go.mod b/go.mod -index b8b413b6..a1fa2c56 100644 ---- a/go.mod -+++ b/go.mod -@@ -4,7 +4,7 @@ go 1.21 - - require ( - cloud.google.com/go/compute/metadata v0.2.3 -- cloud.google.com/go/iam v1.1.5 -+ cloud.google.com/go/iam v1.1.6 - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.0 - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 -@@ -24,8 +24,9 @@ require ( - github.com/hashicorp/go-secure-stdlib/awsutil v0.2.3 - github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 - github.com/hashicorp/go-version v1.6.0 -+ github.com/hashicorp/hcl v1.0.1-vault-5 - github.com/hashicorp/terraform-plugin-sdk/v2 v2.31.0 -- github.com/hashicorp/vault v1.11.3 -+ github.com/hashicorp/vault v1.15.5 - github.com/hashicorp/vault-plugin-auth-jwt v0.18.0 - github.com/hashicorp/vault-plugin-auth-kerberos v0.10.1 - github.com/hashicorp/vault-plugin-auth-oci v0.14.2 -@@ -35,56 +36,30 @@ require ( - github.com/mitchellh/go-homedir v1.1.0 - github.com/mitchellh/mapstructure v1.5.0 - golang.org/x/crypto v0.19.0 -- golang.org/x/net v0.20.0 -+ golang.org/x/net v0.21.0 - golang.org/x/oauth2 v0.16.0 -- google.golang.org/api v0.156.0 -- google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac -+ google.golang.org/api v0.160.0 -+ google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 - k8s.io/utils v0.0.0-20240102154912-e7106e64919e - ) - - require ( -- cloud.google.com/go/compute v1.23.3 // indirect -- cloud.google.com/go/kms v1.15.5 // indirect -- cloud.google.com/go/monitoring v1.17.0 // indirect -- github.com/Azure/azure-sdk-for-go v61.4.0+incompatible // indirect -+ cloud.google.com/go/compute v1.23.4 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 // indirect -- github.com/Azure/go-autorest v14.2.0+incompatible // indirect -- github.com/Azure/go-autorest/autorest v0.11.29 // indirect -- github.com/Azure/go-autorest/autorest/adal v0.9.22 // indirect -- github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 // indirect -- github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 // indirect -- github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect -- github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect -- github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect -- github.com/Azure/go-autorest/logger v0.2.1 // indirect -- github.com/Azure/go-autorest/tracing v0.6.0 // indirect - github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect -- github.com/DataDog/datadog-go v3.2.0+incompatible // indirect -- github.com/Masterminds/goutils v1.1.1 // indirect -- github.com/Masterminds/semver/v3 v3.1.1 // indirect -- github.com/Masterminds/sprig/v3 v3.2.1 // indirect - github.com/Microsoft/go-winio v0.6.1 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect - github.com/agext/levenshtein v1.2.2 // indirect -- github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190620160927-9418d7b0cd0f // indirect - github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect - github.com/armon/go-metrics v0.4.1 // indirect - github.com/armon/go-radix v1.0.0 // indirect -- github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect -- github.com/beorn7/perks v1.0.1 // indirect -- github.com/bgentry/speakeasy v0.1.0 // indirect - github.com/cenkalti/backoff/v3 v3.2.2 // indirect -- github.com/cespare/xxhash/v2 v2.2.0 // indirect -- github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible // indirect -- github.com/circonus-labs/circonusllhist v0.1.3 // indirect -- github.com/cloudflare/circl v1.3.3 // indirect -- github.com/containerd/containerd v1.7.0 // indirect -+ github.com/cloudflare/circl v1.3.7 // indirect - github.com/coreos/go-oidc/v3 v3.5.0 // indirect - github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect -- github.com/dimchansky/utfbom v1.1.1 // indirect -- github.com/docker/distribution v2.8.2+incompatible // indirect -- github.com/docker/docker v24.0.7+incompatible // indirect -+ github.com/distribution/reference v0.5.0 // indirect -+ github.com/docker/docker v25.0.1+incompatible // indirect - github.com/docker/go-connections v0.4.0 // indirect - github.com/docker/go-units v0.5.0 // indirect - github.com/evanphx/json-patch/v5 v5.6.0 // indirect -@@ -93,33 +68,30 @@ require ( - github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect - github.com/go-jose/go-jose/v3 v3.0.3 // indirect - github.com/go-ldap/ldap/v3 v3.4.4 // indirect -- github.com/go-logr/logr v1.3.0 // indirect -+ github.com/go-logr/logr v1.4.1 // indirect - github.com/go-logr/stdr v1.2.2 // indirect - github.com/gogo/protobuf v1.3.2 // indirect -- github.com/golang-jwt/jwt/v4 v4.5.0 // indirect - github.com/golang-jwt/jwt/v5 v5.2.0 // indirect -- github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe // indirect -+ github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 // indirect - github.com/golang-sql/sqlexp v0.1.0 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect - github.com/golang/snappy v0.0.4 // indirect - github.com/google/go-cmp v0.6.0 // indirect -- github.com/google/go-metrics-stackdriver v0.2.0 // indirect - github.com/google/s2a-go v0.1.7 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect - github.com/googleapis/gax-go/v2 v2.12.0 // indirect - github.com/gosimple/unidecode v1.0.1 // indirect -+ github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 // indirect - github.com/hashicorp/cap v0.4.1 // indirect -- github.com/hashicorp/consul/api v1.14.0 // indirect - github.com/hashicorp/go-checkpoint v0.5.0 // indirect - github.com/hashicorp/go-immutable-radix v1.3.1 // indirect -- github.com/hashicorp/go-kms-wrapping v0.7.0 // indirect - github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.0 // indirect -- github.com/hashicorp/go-kms-wrapping/v2 v2.0.8 // indirect -+ github.com/hashicorp/go-kms-wrapping/v2 v2.0.14 // indirect - github.com/hashicorp/go-plugin v1.6.0 // indirect - github.com/hashicorp/go-rootcerts v1.0.2 // indirect - github.com/hashicorp/go-secure-stdlib/base62 v0.1.2 // indirect -- github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 // indirect -+ github.com/hashicorp/go-secure-stdlib/mlock v0.1.3 // indirect - github.com/hashicorp/go-secure-stdlib/plugincontainer v0.2.2 // indirect - github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect - github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.2 // indirect -@@ -127,10 +99,8 @@ require ( - github.com/hashicorp/go-uuid v1.0.3 // indirect - github.com/hashicorp/golang-lru v0.5.4 // indirect - github.com/hashicorp/hc-install v0.6.2 // indirect -- github.com/hashicorp/hcl v1.0.1-vault-5 // indirect - github.com/hashicorp/hcl/v2 v2.19.1 // indirect - github.com/hashicorp/logutils v1.0.0 // indirect -- github.com/hashicorp/serf v0.9.7 // indirect - github.com/hashicorp/terraform-exec v0.19.0 // indirect - github.com/hashicorp/terraform-json v0.18.0 // indirect - github.com/hashicorp/terraform-plugin-go v0.20.0 // indirect -@@ -138,75 +108,55 @@ require ( - github.com/hashicorp/terraform-registry-address v0.2.3 // indirect - github.com/hashicorp/terraform-svchost v0.1.1 // indirect - github.com/hashicorp/yamux v0.1.1 // indirect -- github.com/huandu/xstrings v1.3.2 // indirect -- github.com/imdario/mergo v0.3.15 // indirect - github.com/jcmturner/aescts/v2 v2.0.0 // indirect - github.com/jcmturner/dnsutils/v2 v2.0.0 // indirect - github.com/jcmturner/gofork v1.7.6 // indirect - github.com/jcmturner/goidentity/v6 v6.0.1 // indirect - github.com/jcmturner/rpc/v2 v2.0.3 // indirect - github.com/jmespath/go-jmespath v0.4.0 // indirect -- github.com/json-iterator/go v1.1.12 // indirect -- github.com/klauspost/compress v1.16.5 // indirect - github.com/kylelemons/godebug v1.1.0 // indirect - github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.20 // indirect -- github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect -- github.com/mitchellh/cli v1.1.5 // indirect - github.com/mitchellh/copystructure v1.2.0 // indirect - github.com/mitchellh/go-testing-interface v1.14.1 // indirect - github.com/mitchellh/go-wordwrap v1.0.1 // indirect - github.com/mitchellh/pointerstructure v1.2.1 // indirect - github.com/mitchellh/reflectwalk v1.0.2 // indirect -- github.com/moby/patternmatcher v0.5.0 // indirect -- github.com/moby/sys/sequential v0.5.0 // indirect -- github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect -- github.com/modern-go/reflect2 v1.0.2 // indirect -- github.com/natefinch/atomic v1.0.1 // indirect - github.com/oklog/run v1.1.0 // indirect - github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b // indirect -- github.com/opencontainers/runc v1.1.6 // indirect - github.com/oracle/oci-go-sdk v24.3.0+incompatible // indirect - github.com/patrickmn/go-cache v2.1.0+incompatible // indirect - github.com/pierrec/lz4 v2.6.1+incompatible // indirect - github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect - github.com/pkg/errors v0.9.1 // indirect - github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect -- github.com/posener/complete v1.2.3 // indirect -- github.com/prometheus/client_golang v1.14.0 // indirect -- github.com/prometheus/client_model v0.3.0 // indirect -- github.com/prometheus/common v0.37.0 // indirect -- github.com/prometheus/procfs v0.8.0 // indirect - github.com/ryanuber/go-glob v1.0.0 // indirect -- github.com/shopspring/decimal v1.2.0 // indirect -- github.com/sirupsen/logrus v1.9.0 // indirect -- github.com/spf13/cast v1.3.1 // indirect - github.com/stretchr/testify v1.8.4 // indirect -- github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c // indirect - github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect - github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect - github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect - github.com/zclconf/go-cty v1.14.1 // indirect - go.opencensus.io v0.24.0 // indirect -- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 // indirect -- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect -- go.opentelemetry.io/otel v1.21.0 // indirect -- go.opentelemetry.io/otel/metric v1.21.0 // indirect -- go.opentelemetry.io/otel/trace v1.21.0 // indirect -- go.uber.org/atomic v1.10.0 // indirect -+ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 // indirect -+ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect -+ go.opentelemetry.io/otel v1.23.1 // indirect -+ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.23.1 // indirect -+ go.opentelemetry.io/otel/metric v1.23.1 // indirect -+ go.opentelemetry.io/otel/sdk v1.23.1 // indirect -+ go.opentelemetry.io/otel/trace v1.23.1 // indirect -+ go.uber.org/atomic v1.11.0 // indirect - golang.org/x/mod v0.14.0 // indirect - golang.org/x/sync v0.6.0 // indirect - golang.org/x/sys v0.17.0 // indirect - golang.org/x/text v0.14.0 // indirect - golang.org/x/time v0.5.0 // indirect -- golang.org/x/tools v0.13.0 // indirect -+ golang.org/x/tools v0.14.0 // indirect - google.golang.org/appengine v1.6.8 // indirect -- google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 // indirect -- google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 // indirect -- google.golang.org/grpc v1.60.1 // indirect -+ google.golang.org/genproto/googleapis/api v0.0.0-20240213162025-012b6fc9bca9 // indirect -+ google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 // indirect -+ google.golang.org/grpc v1.61.1 // indirect - google.golang.org/protobuf v1.33.0 // indirect -- gopkg.in/ini.v1 v1.62.0 // indirect - gopkg.in/jcmturner/goidentity.v3 v3.0.0 // indirect - gopkg.in/square/go-jose.v2 v2.6.0 // indirect - gopkg.in/yaml.v3 v3.0.1 // indirect -diff --git a/go.sum b/go.sum -index fa9f0887..0cb02f06 100644 ---- a/go.sum -+++ b/go.sum -@@ -3,7 +3,6 @@ bazil.org/fuse v0.0.0-20200407214033-5883e5a4b512/go.mod h1:FbcW6z/2VytnFDhZfumh - cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= - cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= - cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= --cloud.google.com/go v0.39.0/go.mod h1:rVLT6fkc8chs9sfPtFc1SBH6em7n+ZoXaG+87tDISts= - cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= - cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= - cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -@@ -39,8 +38,6 @@ cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRY - cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM= - cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I= - cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY= --cloud.google.com/go v0.111.0 h1:YHLKNupSD1KqjDbQ3+LVdQ81h/UJbJyZG203cEfnQgM= --cloud.google.com/go v0.111.0/go.mod h1:0mibmpKP1TyOOFYQY5izo0LnT+ecvOQ0Sg3OdmMiNRU= - cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4= - cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw= - cloud.google.com/go/accessapproval v1.6.0/go.mod h1:R0EiYnwV5fsRFiKZkPHr6mwyk2wxUJ30nL4j2pcFY2E= -@@ -177,8 +174,8 @@ cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63 - cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= - cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU= - cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE= --cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk= --cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI= -+cloud.google.com/go/compute v1.23.4 h1:EBT9Nw4q3zyE7G45Wvv3MzolIrCJEuHys5muLY0wvAw= -+cloud.google.com/go/compute v1.23.4/go.mod h1:/EJMj55asU6kAFnuZET8zqgwgJ9FvXWXOkkfQZa4ioI= - cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU= - cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= - cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= -@@ -318,8 +315,8 @@ cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGE - cloud.google.com/go/iam v0.11.0/go.mod h1:9PiLDanza5D+oWFZiH1uG+RnRCfEGKoyl6yo4cgWZGY= - cloud.google.com/go/iam v0.12.0/go.mod h1:knyHGviacl11zrtZUoDuYpDgLjvr28sLQaG0YB2GYAY= - cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0= --cloud.google.com/go/iam v1.1.5 h1:1jTsCu4bcsNsE4iiqNT5SHwrDRCfRmIaaaVFhRveTJI= --cloud.google.com/go/iam v1.1.5/go.mod h1:rB6P/Ic3mykPbFio+vo7403drjlgvoWfYpJhMXEbzv8= -+cloud.google.com/go/iam v1.1.6 h1:bEa06k05IO4f4uJonbB5iAgKTPpABy1ayxaIZV/GHVc= -+cloud.google.com/go/iam v1.1.6/go.mod h1:O0zxdPeGBoFdWW3HWmBxJsk0pfvNM/p/qa82rWOGTwI= - cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= - cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= - cloud.google.com/go/iap v1.6.0/go.mod h1:NSuvI9C/j7UdjGjIde7t7HBz+QTwBcapPE07+sSRcLk= -@@ -339,8 +336,6 @@ cloud.google.com/go/kms v1.8.0/go.mod h1:4xFEhYFqvW+4VMELtZyxomGSYtSQKzM178ylFW4 - cloud.google.com/go/kms v1.9.0/go.mod h1:qb1tPTgfF9RQP8e1wq4cLFErVuTJv7UsSC915J8dh3w= - cloud.google.com/go/kms v1.10.0/go.mod h1:ng3KTUtQQU9bPX3+QGLsflZIHlkbn8amFAMY63m8d24= - cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI= --cloud.google.com/go/kms v1.15.5 h1:pj1sRfut2eRbD9pFRjNnPNg/CzJPuQAzUujMIM1vVeM= --cloud.google.com/go/kms v1.15.5/go.mod h1:cU2H5jnp6G2TDpUGZyqTCoy1n16fbubHZjmVXSMtwDI= - cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= - cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= - cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE= -@@ -377,8 +372,6 @@ cloud.google.com/go/monitoring v1.7.0/go.mod h1:HpYse6kkGo//7p6sT0wsIC6IBDET0RhI - cloud.google.com/go/monitoring v1.8.0/go.mod h1:E7PtoMJ1kQXWxPjB6mv2fhC5/15jInuulFdYYtlcvT4= - cloud.google.com/go/monitoring v1.12.0/go.mod h1:yx8Jj2fZNEkL/GYZyTLS4ZtZEZN8WtDEiEqG4kLK50w= - cloud.google.com/go/monitoring v1.13.0/go.mod h1:k2yMBAB1H9JT/QETjNkgdCGD9bPF712XiLTVr+cBrpw= --cloud.google.com/go/monitoring v1.17.0 h1:blrdvF0MkPPivSO041ihul7rFMhXdVp8Uq7F59DKXTU= --cloud.google.com/go/monitoring v1.17.0/go.mod h1:KwSsX5+8PnXv5NJnICZzW2R8pWTis8ypC4zmdRD63Tw= - cloud.google.com/go/networkconnectivity v1.4.0/go.mod h1:nOl7YL8odKyAOtzNX73/M5/mGZgqqMeryi6UPZTk/rA= - cloud.google.com/go/networkconnectivity v1.5.0/go.mod h1:3GzqJx7uhtlM3kln0+x5wyFvuVH1pIBJjhCpjzSt75o= - cloud.google.com/go/networkconnectivity v1.6.0/go.mod h1:OJOoEXW+0LAxHh89nXd64uGG+FbQoeH8DtxCHVOMlaM= -@@ -614,14 +607,11 @@ gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zum - git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc= - github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg= - github.com/AdaLogics/go-fuzz-headers v0.0.0-20221206110420-d395f97c4830/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0= --github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic= - github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0= - github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20221215162035-5330a85ea652/go.mod h1:OahwfttHWG6eJ0clwcfBAHoDI6X/LV/15hx/wlMZSrU= - github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= --github.com/Azure/azure-sdk-for-go v36.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= - github.com/Azure/azure-sdk-for-go v56.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= --github.com/Azure/azure-sdk-for-go v61.4.0+incompatible h1:BF2Pm3aQWIa6q9KmxyF1JYKYXtVw67vtvu2Wd54NGuY= --github.com/Azure/azure-sdk-for-go v61.4.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -+github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= - github.com/Azure/azure-sdk-for-go/sdk/azcore v0.19.0/go.mod h1:h6H6c8enJmmocHUbLiiGY6sx7f9i+X3m1CHdd5c6Rdw= - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 h1:lGlwhPtrX6EVml1hO0ivjkUxsSyl4dsiw9qcA1k/3IQ= - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA= -@@ -639,58 +629,24 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1. - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE= - github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= - github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= --github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= - github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= -+github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= -+github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= - github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= --github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= - github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= --github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= --github.com/Azure/go-autorest/autorest v0.9.3/go.mod h1:GsRuLYvwzLjjjRoWEIyMUaYq8GNUx2nRB378IPt/1p0= --github.com/Azure/go-autorest/autorest v0.10.1/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630= - github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= - github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= - github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= --github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw= --github.com/Azure/go-autorest/autorest v0.11.29/go.mod h1:ZtEzC4Jy2JDrZLxvWs8LrBWEBycl1hbT1eknI8MtfAs= --github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= --github.com/Azure/go-autorest/autorest/adal v0.8.0/go.mod h1:Z6vX6WXXuyieHAXwMj0S6HY6e6wcHn37qQMBQlvY3lc= --github.com/Azure/go-autorest/autorest/adal v0.8.1/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q= --github.com/Azure/go-autorest/autorest/adal v0.8.2/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q= - github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= - github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= - github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= - github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= --github.com/Azure/go-autorest/autorest/adal v0.9.22 h1:/GblQdIudfEM3AWWZ0mrYJQSd7JS4S/Mbzh6F0ov0Xc= --github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk= --github.com/Azure/go-autorest/autorest/azure/auth v0.4.2/go.mod h1:90gmfKdlmKgfjUpnCEpOJzsUEjrWDSLwHIG73tSXddM= --github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 h1:P6bYXFoao05z5uhOQzbC3Qd8JqF3jUoocoTeIxkp2cA= --github.com/Azure/go-autorest/autorest/azure/auth v0.5.11/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg= --github.com/Azure/go-autorest/autorest/azure/cli v0.3.1/go.mod h1:ZG5p860J94/0kI9mNJVoIoLgXcirM2gF5i2kWloofxw= --github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 h1:0W/yGmFdTIT77fvdlGZ0LMISoLHFJ7Tx4U0yeB+uFs4= --github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWVUNamOgh8YNrv4p27l3Wc55oVfpzg= --github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= --github.com/Azure/go-autorest/autorest/date v0.2.0/go.mod h1:vcORJHLJEh643/Ioh9+vPmf1Ij9AEBM5FuBIXLmIy0g= --github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= - github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= --github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= --github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= --github.com/Azure/go-autorest/autorest/mocks v0.3.0/go.mod h1:a8FDP3DYzQ4RYfVAxAN3SVSiiO77gL2j2ronKKP0syM= - github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= - github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= --github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw= --github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU= --github.com/Azure/go-autorest/autorest/to v0.3.0/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA= --github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk= - github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= --github.com/Azure/go-autorest/autorest/validation v0.2.0/go.mod h1:3EEqHnBxQGHXRYq3HT1WyXAvT7LLY3tl70hw6tQIbjI= --github.com/Azure/go-autorest/autorest/validation v0.3.1 h1:AgyqjAd94fwNAoTjl/WQXg4VvFeRFpO+UhNyRXqF1ac= --github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= --github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= - github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= --github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= - github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= --github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= --github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= - github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= - github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= - github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= -@@ -701,15 +657,8 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83 - github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= - github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= - github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= --github.com/DataDog/datadog-go v3.2.0+incompatible h1:qSG2N4FghB1He/r2mFrWKCaL7dXCilEuNEeAn20fdD4= - github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= - github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk= --github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= --github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= --github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc= --github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= --github.com/Masterminds/sprig/v3 v3.2.1 h1:n6EPaDyLSvCEa3frruQvAiHuNp2dhBlMSmkEr+HuzGc= --github.com/Masterminds/sprig/v3 v3.2.1/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk= - github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= - github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= - github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= -@@ -737,7 +686,6 @@ github.com/Microsoft/hcsshim v0.9.2/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfy - github.com/Microsoft/hcsshim v0.9.3/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= - github.com/Microsoft/hcsshim v0.9.4/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= - github.com/Microsoft/hcsshim v0.9.6/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= --github.com/Microsoft/hcsshim v0.10.0-rc.7 h1:HBytQPxcv8Oy4244zbQbe6hnOnx544eL5QPUqhJldz8= - github.com/Microsoft/hcsshim v0.10.0-rc.7/go.mod h1:ILuwjA+kNW+MrN/w5un7n3mTqkwsFu4Bp05/okFUZlE= - github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= - github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY= -@@ -769,9 +717,6 @@ github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk5 - github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= - github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY9UnI16Z+UJqRyk= - github.com/alexflint/go-filemutex v1.2.0/go.mod h1:mYyQSWvw9Tx2/H2n9qXPb52tTYfE0pZAWcBq5mK025c= --github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190620160927-9418d7b0cd0f h1:oRD16bhpKNAanfcDDVU+J0NXqsgHIvGbbe/sy+r6Rs0= --github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190620160927-9418d7b0cd0f/go.mod h1:myCDvQSzCW+wB1WAlocEru4wMGJxy+vlxHdhegi1CDQ= --github.com/aliyun/aliyun-oss-go-sdk v0.0.0-20190307165228-86c17b95fcd5/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8= - github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= - github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= - github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -@@ -786,35 +731,26 @@ github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmms - github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= - github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= - github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= --github.com/armon/go-metrics v0.3.0/go.mod h1:zXjbSimjXTd7vOpY8B0/2LpvNvDoXBuplAD+gJD3GYs= --github.com/armon/go-metrics v0.3.3/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= - github.com/armon/go-metrics v0.3.9/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= --github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= - github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA= - github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4= - github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= - github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= - github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= - github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= --github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA= - github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= - github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= --github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= --github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= - github.com/aws/aws-sdk-go v1.34.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= - github.com/aws/aws-sdk-go v1.43.9/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= - github.com/aws/aws-sdk-go v1.43.16/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= - github.com/aws/aws-sdk-go v1.49.22 h1:r01+cQJ3cORQI1PJxG8af0jzrZpUOL9L+/3kU2x1geU= - github.com/aws/aws-sdk-go v1.49.22/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= --github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= - github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= - github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= - github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= - github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= - github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= --github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= - github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= --github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY= - github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= - github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA= - github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA= -@@ -836,7 +772,6 @@ github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0Bsq - github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= - github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= - github.com/bytecodealliance/wasmtime-go v0.36.0/go.mod h1:q320gUxqyI8yB+ZqRuaJOEnGkAnHh6WtJjMaT2CW4wI= --github.com/c2h5oh/datasize v0.0.0-20200112174442-28bbd4740fee/go.mod h1:S/7n9copUssQ56c7aAgHqftWO4LTf4xY6CGWt8Bc+3M= - github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= - github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M= - github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= -@@ -854,7 +789,6 @@ github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6 - github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= - github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= - github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= --github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= - github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= - github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw= - github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M= -@@ -869,13 +803,12 @@ github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJ - github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= - github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= - github.com/cilium/ebpf v0.9.1/go.mod h1:+OhNOIXx/Fnu1IE8bJz2dzOA+VSfyTfdNUVdlQnxUFY= --github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible h1:C29Ae4G5GtYyYMm1aztcyj/J5ckgJm2zwdDajFbx1NY= - github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= --github.com/circonus-labs/circonusllhist v0.1.3 h1:TJH+oke8D16535+jHExHj4nQvzlZrj7ug5D7I/orNUA= - github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= - github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= --github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= - github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= -+github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= -+github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= - github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= - github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= - github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -@@ -888,8 +821,9 @@ github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWH - github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= - github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= - github.com/cncf/xds/go v0.0.0-20230105202645-06c439db220b/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= --github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k= - github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -+github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101 h1:7To3pQ+pZo0i3dsWEbinPNFs5gPSBOsJtx3wTT94VBY= -+github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= - github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= - github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= - github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= -@@ -924,7 +858,6 @@ github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go. - github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= - github.com/containerd/containerd v1.3.1-0.20191213020239-082f7e3aed57/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= - github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= --github.com/containerd/containerd v1.3.4/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= - github.com/containerd/containerd v1.4.0-beta.2.0.20200729163537-40b22ef07410/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= - github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= - github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -@@ -940,19 +873,18 @@ github.com/containerd/containerd v1.6.1/go.mod h1:1nJz5xCZPusx6jJU8Frfct988y0Npu - github.com/containerd/containerd v1.6.6/go.mod h1:ZoP1geJldzCVY3Tonoz7b1IXk8rIX0Nltt5QE4OMNk0= - github.com/containerd/containerd v1.6.8/go.mod h1:By6p5KqPK0/7/CgO/A6t/Gz+CUYUu2zf1hUaaymVXB0= - github.com/containerd/containerd v1.6.9/go.mod h1:XVicUvkxOrftE2Q1YWUXgZwkkAxwQYNOFzYWvfVfEfQ= --github.com/containerd/containerd v1.7.0 h1:G/ZQr3gMZs6ZT0qPUZ15znx5QSdQdASW11nXTLTM2Pg= - github.com/containerd/containerd v1.7.0/go.mod h1:QfR7Efgb/6X2BDpTPJRvPTYDE9rsF0FsXX9J8sIs/sc= - github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= - github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= - github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= --github.com/containerd/continuity v0.0.0-20200709052629-daa8e1ccc0bc/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo= - github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo= - github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y= - github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ= - github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM= - github.com/containerd/continuity v0.2.2/go.mod h1:pWygW9u7LtS1o4N/Tn0FoCFDIXZ7rxcMX7HX1Dmibvk= --github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg= - github.com/containerd/continuity v0.3.0/go.mod h1:wJEAIwKOm/pBZuBd0JmeTvnLquTB1Ag8espWhkykbPM= -+github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= -+github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= - github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= - github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= - github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0= -@@ -978,6 +910,8 @@ github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJ - github.com/containerd/imgcrypt v1.1.3/go.mod h1:/TPA1GIDXMzbj01yd8pIbQiLdQxed5ue1wb8bP7PQu4= - github.com/containerd/imgcrypt v1.1.4/go.mod h1:LorQnPtzL/T0IyCeftcsMEO7AqxUDbdO8j/tSUpgxvo= - github.com/containerd/imgcrypt v1.1.7/go.mod h1:FD8gqIcX5aTotCtOmjeCsi3A1dHmTZpnMISGKSczt4k= -+github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= -+github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= - github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c= - github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= - github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= -@@ -1077,32 +1011,30 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZm - github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= - github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= - github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= --github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= --github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= --github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= - github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269/go.mod h1:28YO/VJk9/64+sTGNuYaBjWxrXTPrj0C0XmgTIOjxX4= -+github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= -+github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= - github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= - github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= - github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= - github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= - github.com/docker/cli v20.10.17+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= --github.com/docker/cli v20.10.20+incompatible h1:lWQbHSHUFs7KraSN2jOJK7zbMS2jNCHI4mt4xUFUVQ4= - github.com/docker/cli v20.10.20+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -+github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbTO1lpcGSkU= -+github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= - github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= - github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= - github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= - github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= --github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= - github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= - github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= --github.com/docker/docker v1.4.2-0.20200319182547-c7ad2b866182/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= - github.com/docker/docker v20.10.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= - github.com/docker/docker v20.10.17+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= - github.com/docker/docker v20.10.20+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= - github.com/docker/docker v23.0.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= - github.com/docker/docker v24.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= --github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM= --github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -+github.com/docker/docker v25.0.1+incompatible h1:k5TYd5rIVQRSqcTwCID+cyVA0yRg86+Pcrz1ls0/frA= -+github.com/docker/docker v25.0.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= - github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= - github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c= - github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= -@@ -1152,7 +1084,6 @@ github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2Vvl - github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= - github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= - github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= --github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= - github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= - github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg= - github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= -@@ -1200,8 +1131,8 @@ github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66D - github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= - github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= - github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= --github.com/go-git/go-git/v5 v5.10.1 h1:tu8/D8i+TWxgKpzQ3Vc43e+kkhXqtsZCKI/egajKnxk= --github.com/go-git/go-git/v5 v5.10.1/go.mod h1:uEuHjxkHap8kAl//V5F/nNWwqIYtP/402ddd05mp0wg= -+github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4= -+github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY= - github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= - github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= - github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -@@ -1216,7 +1147,6 @@ github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vb - github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= - github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U= - github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk= --github.com/go-ldap/ldap/v3 v3.1.3/go.mod h1:3rbOH3jRS2u6jg2rJnKAMLE/xQyCKIveG2Sa/Cohzb8= - github.com/go-ldap/ldap/v3 v3.1.10/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q= - github.com/go-ldap/ldap/v3 v3.4.1/go.mod h1:iYS1MdmrmceOJ1QOTnRXrIs7i3kloqtmGQjRvjKpyMg= - github.com/go-ldap/ldap/v3 v3.4.4 h1:qPjipEpt+qDa6SI/h1fzuGWoRUY+qqQ9sOZq67/PYUs= -@@ -1232,8 +1162,8 @@ github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV - github.com/go-logr/logr v1.2.1/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= - github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= - github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= --github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= --github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -+github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= -+github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= - github.com/go-logr/stdr v1.2.0/go.mod h1:YkVgnZu1ZjjL7xTxrfm/LLZBfkhTqSR1ydtm6jTKKwI= - github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= - github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -@@ -1261,7 +1191,6 @@ github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrt - github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= - github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= - github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= --github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= - github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= - github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= - github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= -@@ -1285,15 +1214,13 @@ github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP - github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= - github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= - github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= --github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A= - github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= - github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= --github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= --github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= - github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw= - github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= --github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY= - github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= -+github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 h1:au07oEsX2xN0ktxqI+Sida1w446QrXBRJ0nee3SNZlA= -+github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= - github.com/golang-sql/sqlexp v0.1.0 h1:ZCD6MBpcuOVfGVqsEmY5/4FtYiKz6tSyUv9LPEDei6A= - github.com/golang-sql/sqlexp v0.1.0/go.mod h1:J4ad9Vo8ZCWQ2GMrC4UCQy1JpCbwU9m3EOqtpKwwwHI= - github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= -@@ -1336,14 +1263,12 @@ github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx - github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= - github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= - github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= --github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= - github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= - github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= - github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= - github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0= - github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= - github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= --github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= - github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= - github.com/google/cel-go v0.12.6/go.mod h1:Jk7ljRzLBhkmiAwBoUxB1sZSCVBAzkqPF25olK/iRDw= - github.com/google/flatbuffers v1.12.1/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= -@@ -1368,8 +1293,6 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= - github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= - github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0= - github.com/google/go-containerregistry v0.13.0/go.mod h1:J9FQ+eSS4a1aC2GNZxvNpbWhgp0487v+cgiilB4FqDo= --github.com/google/go-metrics-stackdriver v0.2.0 h1:rbs2sxHAPn2OtUj9JdR/Gij1YKGl0BTVD0augB+HEjE= --github.com/google/go-metrics-stackdriver v0.2.0/go.mod h1:KLcPyp3dWJAFD+yHisGlJSZktIsTjb50eB72U2YZ9K0= - github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= - github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= - github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -@@ -1432,13 +1355,11 @@ github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2c - github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= - github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= - github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= --github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8= - github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= - github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ= - github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q= - github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= - github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= --github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= - github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= - github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ= - github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= -@@ -1461,14 +1382,12 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t - github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= - github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= - github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w= -+github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 h1:/c3QmbOGMGTOumP2iT/rCwB7b0QDGLKzqOmktBjT+Is= -+github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1/go.mod h1:5SN9VR2LTsRFsrEC6FHgRbTWrTHu6tqPeKxEQv15giM= - github.com/hashicorp/cap v0.4.1 h1:LVYrTLbPV8W6DPwIm/zC/fbc4UTpCQ7nJhCAPshLuG4= - github.com/hashicorp/cap v0.4.1/go.mod h1:oOoohCNd2JAgfvLz2NpFJTZiZ6CqH9dW8dZ2js52lGA= - github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= --github.com/hashicorp/consul/api v1.14.0 h1:Y64GIJ8hYTu+tuGekwO4G4ardXoiCivX9wv1iP/kihk= --github.com/hashicorp/consul/api v1.14.0/go.mod h1:bcaw5CSZ7NE9qfOfKCI1xb7ZKjzu/MyvQkCLTfqLqxQ= - github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= --github.com/hashicorp/consul/sdk v0.10.0 h1:rGLEh2AWK4K0KCMvqWAz2EYxQqgciIfMagWZ0nVe5MI= --github.com/hashicorp/consul/sdk v0.10.0/go.mod h1:yPkX5Q6CsxTFMjQQDJwzeNmUUF5NUGGbrDsv9wTb8cw= - github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= - github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= - github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= -@@ -1481,62 +1400,49 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n - github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= - github.com/hashicorp/go-cty v1.4.1-0.20200723130312-85980079f637 h1:Ud/6/AdmJ1R7ibdS0Wo5MWPj0T1R0fkpaD087bBaW8I= - github.com/hashicorp/go-cty v1.4.1-0.20200723130312-85980079f637/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs= --github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= - github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= --github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= - github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= --github.com/hashicorp/go-hclog v0.16.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= - github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= - github.com/hashicorp/go-hclog v1.4.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= - github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= - github.com/hashicorp/go-hclog v1.6.2 h1:NOtoftovWkDheyUM/8JW3QMiXyxJK3uHRK7wV04nD2I= - github.com/hashicorp/go-hclog v1.6.2/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= - github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= --github.com/hashicorp/go-immutable-radix v1.1.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= --github.com/hashicorp/go-immutable-radix v1.3.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= - github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc= - github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= --github.com/hashicorp/go-kms-wrapping v0.7.0 h1:UBagVJn4nSNOSjjtpkR370VOEBLnGMXfQcIlE/WL/7o= --github.com/hashicorp/go-kms-wrapping v0.7.0/go.mod h1:rmGmNzO/DIBzUyisFjeocXvazOlxgO5K8vsFQkUn7Hk= - github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g= - github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.0 h1:pSjQfW3vPtrOTcasTUKgCTQT7OGPPTTMVRrOfU6FJD8= - github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.0/go.mod h1:xvb32K2keAc+R8DSFG2IwDcydK9DBQE+fGA5fsw6hSk= --github.com/hashicorp/go-kms-wrapping/v2 v2.0.8 h1:9Q2lu1YbbmiAgvYZ7Pr31RdlVonUpX+mmDL7Z7qTA2U= - github.com/hashicorp/go-kms-wrapping/v2 v2.0.8/go.mod h1:qTCjxGig/kjuj3hk1z8pOUrzbse/GxB1tGfbrq8tGJg= -+github.com/hashicorp/go-kms-wrapping/v2 v2.0.14 h1:1ZuhfnZgRnLK8S0KovJkoTCRIQId5pv3sDR7pG5VQBw= -+github.com/hashicorp/go-kms-wrapping/v2 v2.0.14/go.mod h1:0dWtzl2ilqKpavgM3id/kFK9L3tjo6fS4OhbVPSYpnQ= - github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= --github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= --github.com/hashicorp/go-msgpack v1.1.5 h1:9byZdVjKTe5mce63pRVNP1L7UAmdHOTEMGehn6KvJWs= --github.com/hashicorp/go-msgpack v1.1.5/go.mod h1:gWVc3sv/wbDmR3rQsj1CAktEZzoz1YNK9NfGLXJ69/4= - github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I= - github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= --github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= - github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= - github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= --github.com/hashicorp/go-plugin v1.0.1/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn3cQptSMzBuY= - github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ= - github.com/hashicorp/go-plugin v1.4.8/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s= - github.com/hashicorp/go-plugin v1.5.0/go.mod h1:w1sAEES3g3PuV/RzUrgow20W2uErMly84hhD3um1WL4= - github.com/hashicorp/go-plugin v1.6.0 h1:wgd4KxHJTVGGqWBq4QPB1i5BZNEx9BR8+OFmHDmTk8A= - github.com/hashicorp/go-plugin v1.6.0/go.mod h1:lBS5MtSSBZk0SHc66KACcjjlU6WzEVP/8pwz68aMkCI= - github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= --github.com/hashicorp/go-retryablehttp v0.6.2/go.mod h1:gEx6HMUGxYYhJScX7W1Il64m6cc2C1mDaW3NQ9sY1FY= - github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= - github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= - github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M= - github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= - github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= --github.com/hashicorp/go-rootcerts v1.0.1/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= - github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= - github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= --github.com/hashicorp/go-secure-stdlib/awsutil v0.1.2/go.mod h1:QRJZ7siKie+SZJB9jLbfKrs0Gd0yPWMtbneg0iU1PrY= - github.com/hashicorp/go-secure-stdlib/awsutil v0.2.3 h1:AAQ6Vmo/ncfrZYtbpjhO+g0Qt+iNpYtl3UWT1NLmbYY= - github.com/hashicorp/go-secure-stdlib/awsutil v0.2.3/go.mod h1:oKHSQs4ivIfZ3fbXGQOop1XuDfdSb8RIsWTGaAanSfg= - github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw= - github.com/hashicorp/go-secure-stdlib/base62 v0.1.2 h1:ET4pqyjiGmY09R5y+rSd70J2w45CtbWDNvGqWp/R3Ng= - github.com/hashicorp/go-secure-stdlib/base62 v0.1.2/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw= - github.com/hashicorp/go-secure-stdlib/mlock v0.1.1/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I= --github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 h1:p4AKXPPS24tO8Wc8i1gLvSKdmkiSY5xuju57czJ/IJQ= - github.com/hashicorp/go-secure-stdlib/mlock v0.1.2/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I= -+github.com/hashicorp/go-secure-stdlib/mlock v0.1.3 h1:kH3Rhiht36xhAfhuHyWJDgdXXEx9IIZhDGRk24CDhzg= -+github.com/hashicorp/go-secure-stdlib/mlock v0.1.3/go.mod h1:ov1Q0oEDjC3+A4BwsG2YdKltrmEw8sf9Pau4V9JQ4Vo= - github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= - github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= - github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= -@@ -1562,14 +1468,12 @@ github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b - github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= - github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= - github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= --github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= - github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= - github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= - github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= - github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= - github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= - github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= --github.com/hashicorp/golang-lru v0.5.3/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= - github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= - github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= - github.com/hashicorp/hc-install v0.6.2 h1:V1k+Vraqz4olgZ9UzKiAcbman9i9scg9GgSt/U3mw/M= -@@ -1582,14 +1486,8 @@ github.com/hashicorp/hcl/v2 v2.19.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+J - github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= - github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= - github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= --github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc= - github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= --github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= --github.com/hashicorp/memberlist v0.3.1 h1:MXgUXLqva1QvpVEDQW1IQLG0wivQAtmFlHRQ+1vWZfM= --github.com/hashicorp/memberlist v0.3.1/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= - github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= --github.com/hashicorp/serf v0.9.7 h1:hkdgbqizGQHuU5IPqYM1JdSMV8nKfpuOnZYXssk9muY= --github.com/hashicorp/serf v0.9.7/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= - github.com/hashicorp/terraform-exec v0.19.0 h1:FpqZ6n50Tk95mItTSS9BjeOVUb4eg81SpgVtZNNtFSM= - github.com/hashicorp/terraform-exec v0.19.0/go.mod h1:tbxUpe3JKruE9Cuf65mycSIT8KiNPZ0FkuTE3H4urQg= - github.com/hashicorp/terraform-json v0.18.0 h1:pCjgJEqqDESv4y0Tzdqfxr/edOIGkjs8keY42xfNBwU= -@@ -1604,24 +1502,20 @@ github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTV - github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM= - github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= - github.com/hashicorp/terraform-svchost v0.1.1/go.mod h1:mNsjQfZyf/Jhz35v6/0LWcv26+X7JPS+buii2c9/ctc= --github.com/hashicorp/vault v1.11.3 h1:KROmJz/YRIaYVpwJaWYNfHDcchtugCP8GTRz+939eT8= --github.com/hashicorp/vault v1.11.3/go.mod h1:shpQ0ikGOzP07k/TJG54VNzbOIISS4h/2UKRD4xjpj8= -+github.com/hashicorp/vault v1.15.5 h1:CzDfgFcKjMfsfYhxyfixugeDNcCTU5L0idJXsNEmt9g= -+github.com/hashicorp/vault v1.15.5/go.mod h1:Osg4441jt6uoCZi46XfASOy988G3mSh5UTo1EKmVnUY= - github.com/hashicorp/vault-plugin-auth-jwt v0.18.0 h1:ooDRFPUtlRH2gvtXkG6Mpt2E/ziO8tCFU7lWdWtjW50= - github.com/hashicorp/vault-plugin-auth-jwt v0.18.0/go.mod h1:nLMLAx8jTNEDYwa86nltCVAwhVt/gHODRlfRQSu3Wp8= - github.com/hashicorp/vault-plugin-auth-kerberos v0.10.1 h1:nXni7zfOyhOWJBC42iWqIEZA+aYCo3diyVrr1mHs5yo= - github.com/hashicorp/vault-plugin-auth-kerberos v0.10.1/go.mod h1:S0XEzmbUO+iuC44a8wqnL869l6WH0DUMVqxTIEkITys= - github.com/hashicorp/vault-plugin-auth-oci v0.14.2 h1:NcTn5LPRL6lVusPjqGkav+C8LRsy46QKdEk9HElQ5B0= - github.com/hashicorp/vault-plugin-auth-oci v0.14.2/go.mod h1:FaLJvP+AUbeo4yop49aVit4JW/I9GfajFqI8wpX+b0w= --github.com/hashicorp/vault/api v1.0.5-0.20200519221902-385fac77e20f/go.mod h1:euTFbi2YJgwcju3imEt919lhJKF68nN1cQPq3aA+kBE= --github.com/hashicorp/vault/api v1.1.1/go.mod h1:29UXcn/1cLOPHQNMWA7bCz2By4PSd0VKPAydKXS5yN0= - github.com/hashicorp/vault/api v1.4.1/go.mod h1:LkMdrZnWNrFaQyYYazWVn7KshilfDidgVBq6YiTq/bM= - github.com/hashicorp/vault/api v1.9.1/go.mod h1:78kktNcQYbBGSrOjQfHjXN32OhhxXnbYl3zxpd2uPUs= - github.com/hashicorp/vault/api v1.9.2/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8= - github.com/hashicorp/vault/api v1.10.0/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8= - github.com/hashicorp/vault/api v1.12.2 h1:7YkCTE5Ni90TcmYHDBExdt4WGJxhpzaHqR6uGbQb/rE= - github.com/hashicorp/vault/api v1.12.2/go.mod h1:LSGf1NGT1BnvFFnKVtnvcaLBM2Lz+gJdpL6HUYed8KE= --github.com/hashicorp/vault/sdk v0.1.14-0.20200519221530-14615acda45f/go.mod h1:WX57W2PwkrOPQ6rVQk+dy5/htHIaB4aBM70EwKThu10= --github.com/hashicorp/vault/sdk v0.2.1/go.mod h1:WfUiO1vYzfBkz1TmoE4ZGU7HD0T0Cl/rZwaxjBkgN4U= - github.com/hashicorp/vault/sdk v0.4.1/go.mod h1:aZ3fNuL5VNydQk8GcLJ2TV8YCRVvyaakYkhZRoVuhj0= - github.com/hashicorp/vault/sdk v0.9.2/go.mod h1:gG0lA7P++KefplzvcD3vrfCmgxVAM7Z/SqX5NeOL/98= - github.com/hashicorp/vault/sdk v0.10.0/go.mod h1:s9F8+FF/Q9HuChoi1OWnIPoHRU6V675qHhCYkXVPPQE= -@@ -1632,10 +1526,6 @@ github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87/go.mod h1:CtWFDAQg - github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE= - github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= - github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= --github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= --github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw= --github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= --github.com/huaweicloud/golangsdk v0.0.0-20200304081349-45ec0797f2a4/go.mod h1:WQBcHRNX9shz3928lWEvstQJtAtYI7ks6XlgtRT9Tcw= - github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= - github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= - github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -@@ -1646,8 +1536,6 @@ github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH - github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= - github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= - github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= --github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM= --github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= - github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= - github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= - github.com/intel/goresctrl v0.2.0/go.mod h1:+CZdzouYFn5EsxgqAQTEzMfwKwuc0fVdMrT9FCCAVRQ= -@@ -1678,7 +1566,6 @@ github.com/jhump/protoreflect v1.15.1 h1:HUMERORf3I3ZdX05WaQ6MIpd/NJ434hTp5YiKgf - github.com/jhump/protoreflect v1.15.1/go.mod h1:jD/2GMKKE6OqX8qTjhADU1e6DShO+gavG9e0Q693nKo= - github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= - github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= --github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= - github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= - github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= - github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -@@ -1689,17 +1576,14 @@ github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22 - github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= - github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= - github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= --github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= - github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= - github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= - github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= - github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= - github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= --github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= - github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= - github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= - github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= --github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= - github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= - github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= - github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -@@ -1720,7 +1604,6 @@ github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47e - github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= - github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= - github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= --github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI= - github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= - github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= - github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -@@ -1732,8 +1615,9 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB - github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= - github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= - github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= --github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= - github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= -+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= -+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= - github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= - github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= - github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -@@ -1772,7 +1656,6 @@ github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNx - github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= - github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= - github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= --github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= - github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= - github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= - github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -@@ -1788,14 +1671,10 @@ github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4 - github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= - github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= - github.com/matttproud/golang_protobuf_extensions v1.0.2/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= --github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= - github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= - github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY= - github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= - github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= --github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= --github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= --github.com/miekg/dns v1.1.43 h1:JKfpVSCB84vrAmHzyrsxB5NAr5kLoMXZArPSw7Qlgyg= - github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= - github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= - github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= -@@ -1804,9 +1683,6 @@ github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8Ie - github.com/minio/sha256-simd v1.0.0/go.mod h1:OuYzVNI5vcoYIAmbIvHPl3N3jUzVedXbKy5RFepssQM= - github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4= - github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= --github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI= --github.com/mitchellh/cli v1.1.5 h1:OxRIeJXpAMztws/XHlN2vu6imG5Dpq+j61AzAX5fLng= --github.com/mitchellh/cli v1.1.5/go.mod h1:v8+iFts2sPIKUV1ltktPXMCC8fumSKFItNcD2cLtRR4= - github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= - github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= - github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= -@@ -1824,7 +1700,6 @@ github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS4 - github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= - github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= - github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= --github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= - github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= - github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= - github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= -@@ -1837,14 +1712,12 @@ github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zx - github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= - github.com/mndrix/tap-go v0.0.0-20171203230836-629fa407e90b/go.mod h1:pzzDgJWZ34fGzaAZGFW22KVZDfyrYW+QABMrWnJBnSs= - github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= --github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo= - github.com/moby/patternmatcher v0.5.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc= - github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= - github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= - github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= - github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= - github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= --github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc= - github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo= - github.com/moby/sys/signal v0.6.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg= - github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg= -@@ -1858,11 +1731,9 @@ github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbD - github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= - github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= - github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= --github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= - github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= - github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= - github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= --github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= - github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= - github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:caMODM3PzxT8aQXRPkAt8xlV/e7d7w8GM5g0fa5F0D8= - github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= -@@ -1874,8 +1745,6 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m - github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= - github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= - github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= --github.com/natefinch/atomic v1.0.1 h1:ZPYKxkqQOx3KZ+RsbnP/YsgvxWQPGxjC0oBt2AhwV0A= --github.com/natefinch/atomic v1.0.1/go.mod h1:N/D/ELrljoqDyT3rZrsUmtsuzvHkeB/wWjHV22AZRbM= - github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM= - github.com/networkplumbing/go-nft v0.2.0/go.mod h1:HnnM+tYvlGAsMU7yoYwXEVLLiDW9gdMmb5HoGcwpuQs= - github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -@@ -1971,7 +1840,6 @@ github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuh - github.com/opencontainers/selinux v1.10.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= - github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= - github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= --github.com/oracle/oci-go-sdk v13.1.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888= - github.com/oracle/oci-go-sdk v24.3.0+incompatible h1:x4mcfb4agelf1O4/1/auGlZ1lr97jXRSSN5MxTgG/zU= - github.com/oracle/oci-go-sdk v24.3.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888= - github.com/ory/dockertest v3.3.5+incompatible h1:iLLK6SQwIhcbrG783Dghaaa3WPzGc+4Emza6EbVUUGA= -@@ -1992,7 +1860,6 @@ github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rK - github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY= - github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= - github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= --github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= - github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= - github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM= - github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= -@@ -2014,14 +1881,11 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN - github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= - github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= - github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= --github.com/posener/complete v1.2.3 h1:NP0eAhjcjImqslEwo/1hq7gpajME0fTLTezBKDqfXqo= --github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= - github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= - github.com/pquerna/cachecontrol v0.1.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI= - github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U= - github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= - github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= --github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM= - github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= - github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= - github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= -@@ -2032,18 +1896,15 @@ github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqr - github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= - github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= - github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ= --github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw= - github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= - github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= - github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= - github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= - github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= - github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= --github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= - github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= - github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= - github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= --github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= - github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= - github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= - github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -@@ -2052,11 +1913,9 @@ github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB8 - github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= - github.com/prometheus/common v0.30.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= - github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= --github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE= - github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= - github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= - github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= --github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= - github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= - github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= - github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -@@ -2067,7 +1926,6 @@ github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4O - github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= - github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= - github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= --github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo= - github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= - github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= - github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -@@ -2077,8 +1935,9 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L - github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= - github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= - github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o= --github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= - github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= -+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -+github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= - github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= - github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY= - github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -@@ -2095,7 +1954,6 @@ github.com/safchain/ethtool v0.2.0/go.mod h1:WkKB1DnNtvsMlDmQ50sgwowDJV/hGbJSOvJ - github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= - github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw= - github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U= --github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I= - github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= - github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= - github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= -@@ -2103,8 +1961,6 @@ github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod - github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= - github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= - github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= --github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= --github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= - github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= - github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= - github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= -@@ -2114,14 +1970,13 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd - github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= - github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= - github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= --github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= - github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= -+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= - github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ= - github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= --github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM= - github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= - github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= --github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s= - github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= - github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= - github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= -@@ -2133,8 +1988,6 @@ github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY52 - github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= - github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y= - github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= --github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng= --github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= - github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= - github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= - github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= -@@ -2182,12 +2035,10 @@ github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG - github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= - github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= - github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= --github.com/tencentcloud/tencentcloud-sdk-go v1.0.162/go.mod h1:asUz5BPXxgoPGaRgZaVm1iGcUAuHyYUo1nXqKa83cvI= - github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= - github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= - github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= - github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= --github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c h1:u6SKchux2yDvFQnDHS3lPnIRmfVJ5Sxy3ao2SIdysLQ= - github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c/go.mod h1:hzIxponao9Kjc7aWznkXaL4U4TWaDSs8zcsY4Ka08nM= - github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= - github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= -@@ -2232,8 +2083,6 @@ github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17 - github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= - github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= - github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= --github.com/yandex-cloud/go-genproto v0.0.0-20200722140432-762fe965ce77/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= --github.com/yandex-cloud/go-sdk v0.0.0-20200722140627-2194e5077f13/go.mod h1:LEdAMqa1v/7KYe4b13ALLkonuDxLph57ibUb50ctvJk= - github.com/yashtewari/glob-intersection v0.1.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= - github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= - github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -@@ -2286,13 +2135,13 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.2 - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0/go.mod h1:vEhqr0m4eTc+DWxfsXoXue2GBgV2uUwVznkGIHW/e5w= - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.35.0/go.mod h1:h8TWwRAhQpOd0aM5nYsRD8+flnkj+526GEIVlarH7eY= - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.40.0/go.mod h1:UMklln0+MRhZC4e3PwmN3pCtq4DyIadWw4yikh6bNrw= --go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 h1:SpGay3w+nEwMpfVnbqOLH5gY52/foP8RE8UzTZ1pdSE= --go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1/go.mod h1:4UoMYEZOC0yN/sPGH76KPkkU7zgiEWYWL9vwmbnTJPE= -+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 h1:UNQQKPfTDe1J81ViolILjTKPr9WetKW6uei2hFgJmFs= -+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0/go.mod h1:r9vWsPS/3AQItv3OSlEJ/E4mbrhUbbw18meOjArPtKQ= - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4= - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.32.0/go.mod h1:5eCOqeGphOyz6TsY3ZDNjE33SM/TFAK3RGuCL2naTgY= - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.0/go.mod h1:9NiG9I2aHTKkcxqCILhjtyNA1QEiCjdBACv4IvrFQ+c= --go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 h1:aFJWCqJMNjENlcleuuOkGAPH82y0yULBScfXcIEdS24= --go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo= -+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 h1:sv9kVfal0MK0wBMCOGr+HeJm9v803BkJxGrk2au7j08= -+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw= - go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= - go.opentelemetry.io/otel v1.0.1/go.mod h1:OPEOD4jIT2SlZPMmwT6FqZz2C0ZNdQqiWcoK6M0SNFU= - go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs= -@@ -2300,8 +2149,9 @@ go.opentelemetry.io/otel v1.7.0/go.mod h1:5BdUoMIz5WEs0vt0CUEMtSSaTSHBBVwrhnz7+n - go.opentelemetry.io/otel v1.8.0/go.mod h1:2pkj+iMj0o03Y+cW6/m8Y4WkRdYN3AvCXCnzRMp9yvM= - go.opentelemetry.io/otel v1.10.0/go.mod h1:NbvWjCthWHKBEUMpf0/v8ZRZlni86PpGFEMA9pnQSnQ= - go.opentelemetry.io/otel v1.14.0/go.mod h1:o4buv+dJzx8rohcUeRmWUZhqupFvzWis188WlggnNeU= --go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc= --go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= -+go.opentelemetry.io/otel v1.23.1 h1:Za4UzOqJYS+MUczKI320AtqZHZb7EqxO00jAHE0jmQY= -+go.opentelemetry.io/otel v1.23.1/go.mod h1:Td0134eafDLcTS4y+zQ26GE8u3dEuRBiBCTUIRHaikA= -+go.opentelemetry.io/otel/exporters/otlp v0.20.0 h1:PTNgq9MRmQqqJY0REVbZFvwkYOA85vbdQU/nVfxDyqg= - go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= - go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4= - go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.7.0/go.mod h1:M1hVZHNxcbkAlcvrOMlpQ4YOO3Awf+4N2dxkZL3xm04= -@@ -2312,6 +2162,8 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0/go.mod h1:hO1KLR7jcKaDD - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.7.0/go.mod h1:ceUgdyfNv4h4gLxHR0WNfDiiVmZFodZhZSbOLhpxqXE= - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.10.0/go.mod h1:Krqnjl22jUJ0HgMzw5eveuCvFDXY4nSYb4F8t5gdrag= - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.14.0/go.mod h1:HrbCVv40OOLTABmOn1ZWty6CHXkU8DK/Urc43tHug70= -+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.23.1 h1:o8iWeVFa1BcLtVEV0LzrCxV2/55tB3xLxADr6Kyoey4= -+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.23.1/go.mod h1:SEVfdK4IoBnbT2FXNM/k8yC08MrfbhWk3U4ljM8B3HE= - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.0.1/go.mod h1:xOvWoTOrQjxjW61xtOmD/WKGRYb/P4NzRo3bs65U6Rk= - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0/go.mod h1:keUU7UfnwWTWpJ+FWnyqmogPa82nuU5VUANFq49hlMY= - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.7.0/go.mod h1:E+/KKhwOSw8yoPxSSuUHG6vKppkvhN+S1Jc7Nib3k3o= -@@ -2319,20 +2171,23 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.10.0/go.mod h - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.14.0/go.mod h1:5w41DY6S9gZrbjuq6Y+753e96WfPha5IcsOSZTtullM= - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1:QNX1aly8ehqqX1LEa6YniTU7VY9I6R3X/oPxhGdTceE= - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.14.0/go.mod h1:+N7zNjIJv4K+DeX67XXET0P+eIciESgaFDBqh+ZJFS4= -+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.23.1 h1:cfuy3bXmLJS7M1RZmAL6SuhGtKUp2KEsrm00OlAXkq4= -+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.23.1/go.mod h1:22jr92C6KwlwItJmQzfixzQM3oyyuYLCfHiMY+rpsPU= - go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= - go.opentelemetry.io/otel/metric v0.30.0/go.mod h1:/ShZ7+TS4dHzDFmfi1kSXMhMVubNoP0oIaBp70J6UXU= - go.opentelemetry.io/otel/metric v0.31.0/go.mod h1:ohmwj9KTSIeBnDBm/ZwH2PSZxZzoOaG2xZeekTRzL5A= - go.opentelemetry.io/otel/metric v0.37.0/go.mod h1:DmdaHfGt54iV6UKxsV9slj2bBRJcKC1B1uvDLIioc1s= --go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4= --go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM= -+go.opentelemetry.io/otel/metric v1.23.1 h1:PQJmqJ9u2QaJLBOELl1cxIdPcpbwzbkjfEyelTl2rlo= -+go.opentelemetry.io/otel/metric v1.23.1/go.mod h1:mpG2QPlAfnK8yNhNJAxDZruU9Y1/HubbC+KyH8FaCWI= - go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= - go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= - go.opentelemetry.io/otel/sdk v1.0.1/go.mod h1:HrdXne+BiwsOHYYkBE5ysIcv2bvdZstxzmCQhxTcZkI= - go.opentelemetry.io/otel/sdk v1.3.0/go.mod h1:rIo4suHNhQwBIPg9axF8V9CA72Wz2mKF1teNrup8yzs= - go.opentelemetry.io/otel/sdk v1.7.0/go.mod h1:uTEOTwaqIVuTGiJN7ii13Ibp75wJmYUDe374q6cZwUU= - go.opentelemetry.io/otel/sdk v1.10.0/go.mod h1:vO06iKzD5baltJz1zarxMCNHFpUlUiOy4s65ECtn6kE= --go.opentelemetry.io/otel/sdk v1.14.0 h1:PDCppFRDq8A1jL9v6KMI6dYesaq+DFcDZvjsoGvxGzY= - go.opentelemetry.io/otel/sdk v1.14.0/go.mod h1:bwIC5TjrNG6QDCHNWvW4HLHtUQ4I+VQDsnjhvyZCALM= -+go.opentelemetry.io/otel/sdk v1.23.1 h1:O7JmZw0h76if63LQdsBMKQDWNb5oEcOThG9IrxscV+E= -+go.opentelemetry.io/otel/sdk v1.23.1/go.mod h1:LzdEVR5am1uKOOwfBWFef2DCi1nu3SA8XQxx2IerWFk= - go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= - go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= - go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= -@@ -2342,21 +2197,22 @@ go.opentelemetry.io/otel/trace v1.7.0/go.mod h1:fzLSB9nqR2eXzxPXb2JW9IKE+ScyXA48 - go.opentelemetry.io/otel/trace v1.8.0/go.mod h1:0Bt3PXY8w+3pheS3hQUt+wow8b1ojPaTBoTCh2zIFI4= - go.opentelemetry.io/otel/trace v1.10.0/go.mod h1:Sij3YYczqAdz+EhmGhE6TpTxUO5/F/AzrK+kxfGqySM= - go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+gozhnZjy/rw9G8= --go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc= --go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ= -+go.opentelemetry.io/otel/trace v1.23.1 h1:4LrmmEd8AU2rFvU1zegmvqW7+kWarxtNOPyeL6HmYY8= -+go.opentelemetry.io/otel/trace v1.23.1/go.mod h1:4IpnpJFwr1mo/6HL8XIPJaE9y0+u1KcVmuW7dwFSVrI= - go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= - go.opentelemetry.io/proto/otlp v0.9.0/go.mod h1:1vKfU9rv61e9EVGthD1zNvUbiwPcimSsOPU9brfSHJg= - go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ= - go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= - go.opentelemetry.io/proto/otlp v0.16.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= - go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= -+go.opentelemetry.io/proto/otlp v1.1.0 h1:2Di21piLrCqJ3U3eXGCTPHE9R8Nh+0uglSnOyxikMeI= -+go.opentelemetry.io/proto/otlp v1.1.0/go.mod h1:GpBHCBWiqvVLDqmHZsoMM3C5ySeKTC7ej/RNTae6MdY= - go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= - go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= --go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= - go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= - go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= --go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= --go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= -+go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= -+go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= - go.uber.org/automaxprocs v1.5.1/go.mod h1:BF4eumQw0P9GtnuxxovUd06vwm1o18oMzFtK66vU6XU= - go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= - go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= -@@ -2372,7 +2228,6 @@ golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnf - golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= - golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= - golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= --golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= - golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= - golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= - golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -@@ -2381,12 +2236,9 @@ golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8U - golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= - golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= - golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= --golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= --golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= - golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= - golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= - golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= --golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= - golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= - golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= - golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= -@@ -2404,7 +2256,6 @@ golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0 - golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= - golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= - golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= --golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= - golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= - golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= - golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= -@@ -2505,14 +2356,12 @@ golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLL - golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= - golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= - golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= --golang.org/x/net v0.0.0-20200320220750-118fecf932d8/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= - golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= - golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= - golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= - golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= - golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= - golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= --golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= - golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= - golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= - golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -@@ -2527,7 +2376,6 @@ golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v - golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= - golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= - golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= --golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= - golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= - golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= - golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -@@ -2562,8 +2410,8 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= - golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= - golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= --golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= --golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= -+golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= - golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= - golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= - golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -@@ -2623,11 +2471,9 @@ golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5h - golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= --golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= --golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -@@ -2676,7 +2522,6 @@ golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7w - golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= --golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -@@ -2845,7 +2690,6 @@ golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtn - golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= - golang.org/x/tools v0.0.0-20190927191325-030b2cf1153e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= - golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= --golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= - golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= - golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= - golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -@@ -2901,8 +2745,8 @@ golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= - golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= - golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= - golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= --golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ= --golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= -+golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= -+golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= - golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -@@ -2921,7 +2765,6 @@ gonum.org/v1/plot v0.9.0/go.mod h1:3Pcqqmp6RHvJI72kgb8fThyUnav364FOsdDo2aGW5lY= - gonum.org/v1/plot v0.10.1/go.mod h1:VZW5OlhkL1mysU9vaqNHnsy86inf6Ot+jB3r+BczCEo= - google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= - google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= --google.golang.org/api v0.5.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= - google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= - google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= - google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -@@ -2978,8 +2821,8 @@ google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/ - google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= - google.golang.org/api v0.111.0/go.mod h1:qtFHvU9mhgTJegR31csQ+rwxyUTHOKFqCKWp1J0fdw0= - google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg= --google.golang.org/api v0.156.0 h1:yloYcGbBtVYjLKQe4enCunxvwn3s2w/XPrrhVf6MsvQ= --google.golang.org/api v0.156.0/go.mod h1:bUSmn4KFO0Q+69zo9CNIDp4Psi6BqM0np0CbzKRSiSY= -+google.golang.org/api v0.160.0 h1:SEspjXHVqE1m5a1fRy8JFB+5jSu+V0GEDKDghF3ttO4= -+google.golang.org/api v0.160.0/go.mod h1:0mu0TpK33qnydLvWqbImq2b1eQ5FHRSDCBzAxX9ZHyw= - google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= - google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= - google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -@@ -2996,7 +2839,6 @@ google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRn - google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= - google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= - google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= --google.golang.org/genproto v0.0.0-20190508193815-b515fa19cec8/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= - google.golang.org/genproto v0.0.0-20190522204451-c2c4e71fbf69/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= - google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= - google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -@@ -3014,7 +2856,6 @@ google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfG - google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= - google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= - google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= --google.golang.org/genproto v0.0.0-20200323114720-3f67cca34472/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= - google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= - google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= - google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -@@ -3133,24 +2974,22 @@ google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea/go.mod h1:UUQDJDOl - google.golang.org/genproto v0.0.0-20230331144136-dcfb400f0633/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= - google.golang.org/genproto v0.0.0-20230525234025-438c736192d0/go.mod h1:9ExIQyXL5hZrHzQceCwuSYwZZ5QZBazOcprJ5rgs3lY= - google.golang.org/genproto v0.0.0-20230526161137-0005af68ea54/go.mod h1:zqTuNwFlFRsw5zIts5VnzLQxSRqh+CGOTVMlYbY0Eyk= --google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac h1:ZL/Teoy/ZGnzyrqK/Optxxp2pmVh+fmJ97slxSRyzUg= --google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:+Rvu7ElI+aLzyDQhpHMFMMltsD6m7nqpuWDd2CwJw3k= -+google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 h1:g/4bk7P6TPMkAUbUhquq98xey1slwvuVJPosdBqYJlU= -+google.golang.org/genproto v0.0.0-20240205150955-31a09d347014/go.mod h1:xEgQu1e4stdSSsxPDK8Azkrk/ECl5HvdPf6nbZrTS5M= - google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8= - google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= --google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 h1:rcS6EyEaoCO52hQDupoSfrxI3R6C2Tq741is7X8OvnM= --google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917/go.mod h1:CmlNWB9lSezaYELKS5Ym1r44VrrbPUa7JTvw+6MbpJ0= -+google.golang.org/genproto/googleapis/api v0.0.0-20240213162025-012b6fc9bca9 h1:4++qSzdWBUy9/2x8L5KZgwZw+mjJZ2yDSCGMVM0YzRs= -+google.golang.org/genproto/googleapis/api v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:PVreiBMirk8ypES6aw9d4p6iiBNSIfZEBqr3UGoAi2E= - google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234015-3fc162c6f38a/go.mod h1:xURIpW9ES5+/GZhnV6beoEtxQrnkRGIfP5VQG2tCBLc= - google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= --google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 h1:6G8oQ016D88m1xAKljMlBOOGWDZkes4kMhgGFlf8WcQ= --google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917/go.mod h1:xtjpI3tXFPP051KaWnhvxkiubL/6dJ18vLVf7q2pTOU= -+google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 h1:hZB7eLIaYlW9qXRfCq/qDaPdbeY3757uARz5Vvfv+cY= -+google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:YUWgXUFRPfoYK1IHMuxH5K6nPEXSCzIMljnQ59lLRCk= - google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= - google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= --google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= - google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= - google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= - google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= - google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= --google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= - google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= - google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= - google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA= -@@ -3193,8 +3032,8 @@ google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5v - google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= - google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= - google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= --google.golang.org/grpc v1.60.1 h1:26+wFr+cNqSGFcOXcabYC0lUVJVRa2Sb2ortSK7VrEU= --google.golang.org/grpc v1.60.1/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM= -+google.golang.org/grpc v1.61.1 h1:kLAiWrZs7YeDM6MumDe7m3y4aM6wacLzM1Y/wiLP9XY= -+google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= - google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= - google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= - google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -@@ -3231,10 +3070,7 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= - gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= - gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= - gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= --gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= - gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= --gopkg.in/ini.v1 v1.62.0 h1:duBzk771uxoUuOlyRLkHsygud9+5lrlGjdFBb4mSKDU= --gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= - gopkg.in/jcmturner/goidentity.v3 v3.0.0 h1:1duIyWiTaYvVx3YX2CYtpJbUFd7/UuPYCfgXtQ3VTbI= - gopkg.in/jcmturner/goidentity.v3 v3.0.0/go.mod h1:oG2kH0IvSYNIu80dVAyu/yoefjq1mNfM5bm88whjWx4= - gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= -diff --git a/internal/provider/meta.go b/internal/provider/meta.go -index 4f741f8c..99e9e976 100644 ---- a/internal/provider/meta.go -+++ b/internal/provider/meta.go -@@ -4,23 +4,27 @@ - package provider - - import ( -+ "bytes" - "errors" - "fmt" - "log" - "net/http" - "os" -+ "os/exec" -+ "path/filepath" - "strings" - "sync" - "time" - - "github.com/hashicorp/go-hclog" - "github.com/hashicorp/go-version" -+ "github.com/hashicorp/hcl" - "github.com/hashicorp/terraform-plugin-sdk/v2/diag" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/logging" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" - "github.com/hashicorp/vault/api" -- "github.com/hashicorp/vault/command/config" -+ "github.com/mitchellh/go-homedir" - "k8s.io/utils/pointer" - - "github.com/hashicorp/terraform-provider-vault/helper" -@@ -623,16 +627,70 @@ func GetToken(d *schema.ResourceData) (string, error) { - } - } - -- // Use ~/.vault-token, or the configured token helper. -- tokenHelper, err := config.DefaultTokenHelper() -+ return getToken() -+ -+} -+ -+// Get gets the value of the stored token, if any -+func getToken() (string, error) { -+ // See https://developer.hashicorp.com/vault/docs/commands/token-helper -+ vaultConfigPath, err := homedir.Expand("~/.vault") - if err != nil { -- return "", fmt.Errorf("error getting token helper: %s", err) -+ return "", err - } -- token, err := tokenHelper.Get() -+ -+ vaultConfigBytes, err := os.ReadFile(vaultConfigPath) -+ if err != nil && !os.IsNotExist(err) { -+ return "", err -+ } -+ -+ vaultConfigFile, err := hcl.ParseBytes(vaultConfigBytes) - if err != nil { -- return "", fmt.Errorf("error getting token: %s", err) -+ return "", err - } -- return strings.TrimSpace(token), nil -+ -+ var obj struct { -+ TokenHelper string `hcl:"token_helper"` -+ } -+ -+ err = hcl.DecodeObject(&obj, vaultConfigFile.Node) -+ if err != nil { -+ return "", err -+ } -+ -+ if obj.TokenHelper == "" { -+ -+ tokenFile, err := homedir.Expand("~/.vault-token") -+ if err != nil { -+ return "", err -+ } -+ -+ byts, err := os.ReadFile(tokenFile) -+ if err != nil { -+ return "", err -+ } -+ -+ return strings.TrimSpace(string(byts)), nil -+ } -+ -+ tokenHelperPath := obj.TokenHelper -+ if !filepath.IsAbs(tokenHelperPath) { -+ tokenHelperPath, err = filepath.Abs(tokenHelperPath) -+ if err != nil { -+ return "", err -+ } -+ } -+ -+ var stdout, stderr bytes.Buffer -+ cmd := exec.Command("/bin/sh", "-c", fmt.Sprintf("%s get", tokenHelperPath)) -+ cmd.Stdout = &stdout -+ cmd.Stderr = &stderr -+ err = cmd.Run() -+ if err != nil { -+ return "", err -+ } -+ return stdout.String(), nil -+ - } - - func getHCLogger() hclog.Logger { -diff --git a/vault/provider_test.go b/vault/provider_test.go -index b6959856..48318a79 100644 ---- a/vault/provider_test.go -+++ b/vault/provider_test.go -@@ -16,7 +16,6 @@ import ( - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" - "github.com/hashicorp/vault/api" -- "github.com/hashicorp/vault/command/config" - "github.com/mitchellh/go-homedir" - - "github.com/hashicorp/terraform-provider-vault/internal/consts" -@@ -51,6 +50,7 @@ import ( - // start over with a fresh Vault. (Remember to reset VAULT_TOKEN.) - - const providerName = "vault" -+const configPathEnv = "VAULT_CONFIG_PATH" - - var testInitOnce = sync.Once{} - -@@ -388,7 +388,7 @@ func TestAccProviderToken(t *testing.T) { - } - - // Clear the config file env var and restore it after the test. -- reset, err := tempUnsetenv(config.ConfigPathEnv) -+ reset, err := tempUnsetenv(configPathEnv) - defer failIfErr(t, reset) - if err != nil { - t.Fatal(err) -@@ -722,7 +722,7 @@ func TestAccProviderVaultAddrEnv(t *testing.T) { - testutil.SkipTestAcc(t) - - // Clear the config file env var and restore it after the test. -- resetConfigPathEnv, err := tempUnsetenv(config.ConfigPathEnv) -+ resetConfigPathEnv, err := tempUnsetenv(configPathEnv) - defer failIfErr(t, resetConfigPathEnv) - if err != nil { - t.Fatal(err) -@@ -893,13 +893,13 @@ func setupTestTokenHelper(t *testing.T, script string) (cleanup func()) { - t.Fatal(err) - } - // Point Vault at the config file. -- os.Setenv(config.ConfigPathEnv, configPath) -+ os.Setenv(configPathEnv, configPath) - if err != nil { - t.Fatal(err) - } - - return func() { -- if err := os.Unsetenv(config.ConfigPathEnv); err != nil { -+ if err := os.Unsetenv(configPathEnv); err != nil { - t.Fatal(err) - } - -diff --git a/vault/resource_consul_secret_backend_test.go b/vault/resource_consul_secret_backend_test.go -index 604968b8..71389eaf 100644 ---- a/vault/resource_consul_secret_backend_test.go -+++ b/vault/resource_consul_secret_backend_test.go -@@ -5,7 +5,6 @@ package vault - - import ( - "fmt" -- "regexp" - "strings" - "testing" - -@@ -13,7 +12,6 @@ import ( - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" - "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" - "github.com/hashicorp/vault/api" -- consulhelper "github.com/hashicorp/vault/helper/testhelpers/consul" - - "github.com/hashicorp/terraform-provider-vault/internal/consts" - "github.com/hashicorp/terraform-provider-vault/internal/provider" -@@ -131,76 +129,6 @@ func TestConsulSecretBackend(t *testing.T) { - }) - } - --func TestConsulSecretBackend_Bootstrap(t *testing.T) { -- t.Parallel() -- testutil.SkipTestAcc(t) -- -- path := acctest.RandomWithPrefix("tf-test-consul") -- resourceType := "vault_consul_secret_backend" -- resourceName := resourceType + ".test" -- resourceRoleName := "vault_consul_secret_backend_role.test" -- -- cleanup, consulConfig := consulhelper.PrepareTestContainer(t, "1.12.3", false, false) -- t.Cleanup(cleanup) -- consulAddr := consulConfig.Address() -- -- resource.Test(t, resource.TestCase{ -- ProviderFactories: providerFactories, -- PreCheck: func() { -- testutil.TestAccPreCheck(t) -- SkipIfAPIVersionLT(t, testProvider.Meta(), provider.VaultVersion111) -- }, -- CheckDestroy: testCheckMountDestroyed(resourceType, consts.MountTypeConsul, consts.FieldPath), -- Steps: []resource.TestStep{ -- { -- Config: testConsulSecretBackend_bootstrapConfig(path, consulAddr, "", false), -- ExpectError: regexp.MustCompile("field 'bootstrap' must be set to true when 'token' is unspecified"), -- }, -- { -- Config: testConsulSecretBackend_bootstrapConfig(path, consulAddr, "token", true), -- ExpectError: regexp.MustCompile("field 'bootstrap' must be set to false when 'token' is specified"), -- }, -- { -- Config: testConsulSecretBackend_bootstrapConfig(path, consulAddr, "", true), -- Check: resource.ComposeTestCheckFunc( -- resource.TestCheckResourceAttr(resourceName, consts.FieldPath, path), -- resource.TestCheckResourceAttr(resourceName, "address", consulAddr), -- resource.TestCheckResourceAttr(resourceName, "bootstrap", "true"), -- ), -- }, -- testutil.GetImportTestStep(resourceName, false, nil, "token", "bootstrap", "disable_remount"), -- { -- Config: testConsulSecretBackend_bootstrapAddRole(path, consulAddr), -- Check: resource.ComposeTestCheckFunc( -- resource.TestCheckResourceAttr(resourceRoleName, consts.FieldName, "management"), -- resource.TestCheckResourceAttr(resourceRoleName, consts.FieldBackend, path), -- resource.TestCheckResourceAttr(resourceRoleName, "consul_policies.#", "1"), -- resource.TestCheckTypeSetElemAttr(resourceRoleName, "consul_policies.*", "global-management"), -- ), -- }, -- { -- // test graceful remount -- Config: testConsulSecretBackend_bootstrapAddRole(path+"-new", consulAddr), -- Check: resource.ComposeTestCheckFunc( -- resource.TestCheckResourceAttr(resourceRoleName, consts.FieldName, "management"), -- resource.TestCheckResourceAttr(resourceRoleName, consts.FieldBackend, path+"-new"), -- resource.TestCheckResourceAttr(resourceRoleName, "consul_policies.#", "1"), -- resource.TestCheckTypeSetElemAttr(resourceRoleName, "consul_policies.*", "global-management"), -- ), -- }, -- { -- Config: testConsulSecretBackend_bootstrapAddRoleMulti(path+"-new", consulAddr), -- ExpectError: regexp.MustCompile(`Token not provided and failed to bootstrap ACLs`), -- }, -- { -- // ensure that the failure step above did not introduce any side effects. -- Config: testConsulSecretBackend_bootstrapAddRole(path+"-new", consulAddr), -- PlanOnly: true, -- }, -- }, -- }) --} -- - func TestConsulSecretBackend_remount(t *testing.T) { - t.Parallel() - path := acctest.RandomWithPrefix("tf-test-consul") -diff --git a/vault/resource_database_secret_backend_connection_test.go b/vault/resource_database_secret_backend_connection_test.go -index 6d30dec1..8c998d75 100644 ---- a/vault/resource_database_secret_backend_connection_test.go -+++ b/vault/resource_database_secret_backend_connection_test.go -@@ -24,7 +24,6 @@ import ( - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" - "github.com/hashicorp/vault/api" -- mssqlhelper "github.com/hashicorp/vault/helper/testhelpers/mssql" - "github.com/hashicorp/vault/sdk/database/helper/dbutil" - - "github.com/hashicorp/terraform-provider-vault/internal/provider" -@@ -374,115 +373,6 @@ func TestAccDatabaseSecretBackendConnection_mongodb(t *testing.T) { - }) - } - --func TestAccDatabaseSecretBackendConnection_mssql(t *testing.T) { -- MaybeSkipDBTests(t, dbEngineMSSQL) -- -- cleanupFunc, connURL := mssqlhelper.PrepareMSSQLTestContainer(t) -- t.Cleanup(cleanupFunc) -- -- backend := acctest.RandomWithPrefix("tf-test-db") -- pluginName := dbEngineMSSQL.DefaultPluginName() -- name := acctest.RandomWithPrefix("db") -- -- parsedURL, err := url.Parse(connURL) -- if err != nil { -- t.Fatal(err) -- } -- -- username := parsedURL.User.Username() -- resource.Test(t, resource.TestCase{ -- ProviderFactories: providerFactories, -- PreCheck: func() { testutil.TestAccPreCheck(t) }, -- CheckDestroy: testAccDatabaseSecretBackendConnectionCheckDestroy, -- Steps: []resource.TestStep{ -- { -- Config: testAccDatabaseSecretBackendConnectionConfig_mssql(name, backend, pluginName, parsedURL, false), -- Check: testComposeCheckFuncCommonDatabaseSecretBackend(name, backend, pluginName, -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "allowed_roles.#", "2"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "allowed_roles.0", "dev"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "allowed_roles.1", "prod"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "root_rotation_statements.#", "1"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "root_rotation_statements.0", "FOOBAR"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "verify_connection", "true"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "mssql.0.connection_url", connURL), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "mssql.0.max_open_connections", "2"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "mssql.0.max_idle_connections", "0"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "mssql.0.max_connection_lifetime", "0"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "mssql.0.username", username), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "mssql.0.disable_escaping", "true"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "mssql.0.contained_db", "false"), -- ), -- }, -- { -- Config: testAccDatabaseSecretBackendConnectionConfig_mssql(name, backend, pluginName, parsedURL, true), -- Check: testComposeCheckFuncCommonDatabaseSecretBackend(name, backend, pluginName, -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "plugin_name", pluginName), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "allowed_roles.#", "2"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "allowed_roles.0", "dev"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "allowed_roles.1", "prod"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "root_rotation_statements.#", "1"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "root_rotation_statements.0", "FOOBAR"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "verify_connection", "true"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "mssql.0.connection_url", connURL), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "mssql.0.max_open_connections", "2"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "mssql.0.max_idle_connections", "0"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "mssql.0.max_connection_lifetime", "0"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "mssql.0.username", username), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "mssql.0.disable_escaping", "true"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "mssql.0.contained_db", "true"), -- ), -- }, -- { -- ResourceName: testDefaultDatabaseSecretBackendResource, -- ImportState: true, -- ImportStateVerify: true, -- ImportStateVerifyIgnore: []string{"verify_connection", "mssql.0.password", "mssql.0.connection_url"}, -- }, -- }, -- }) --} -- --func TestAccDatabaseSecretBackendConnection_mysql_cloud(t *testing.T) { -- // wanted this to be the included with the following test, but the env-var check is different -- values := testutil.SkipTestEnvUnset(t, "MYSQL_CLOUD_CONNECTION_URL", "MYSQL_CLOUD_CONNECTION_SERVICE_ACCOUNT_JSON") -- connURL, saJSON := values[0], values[1] -- -- backend := acctest.RandomWithPrefix("tf-test-db") -- name := acctest.RandomWithPrefix("db") -- resource.Test(t, resource.TestCase{ -- ProviderFactories: providerFactories, -- PreCheck: func() { -- testutil.TestAccPreCheck(t) -- SkipIfAPIVersionLT(t, testProvider.Meta(), provider.VaultVersion115) -- }, -- CheckDestroy: testAccDatabaseSecretBackendConnectionCheckDestroy, -- Steps: []resource.TestStep{ -- { -- Config: testAccDatabaseSecretBackendConnectionConfig_mysql_cloud(name, backend, connURL, "gcp_iam", saJSON), -- Check: testComposeCheckFuncCommonDatabaseSecretBackend(name, backend, dbEngineMySQL.DefaultPluginName(), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "allowed_roles.#", "2"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "allowed_roles.0", "dev"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "allowed_roles.1", "prod"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "root_rotation_statements.#", "1"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "root_rotation_statements.0", "FOOBAR"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "verify_connection", "true"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "mysql.0.connection_url", connURL), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "mysql.0.auth_type", "gcp_iam"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "mysql.0.max_open_connections", "2"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "mysql.0.max_idle_connections", "0"), -- resource.TestCheckResourceAttr(testDefaultDatabaseSecretBackendResource, "mysql.0.max_connection_lifetime", "0"), -- ), -- }, -- { -- ResourceName: testDefaultDatabaseSecretBackendResource, -- ImportState: true, -- ImportStateVerify: true, -- ImportStateVerifyIgnore: []string{"verify_connection", "mysql.0.service_account_json"}, -- }, -- }, -- }) --} -- - func TestAccDatabaseSecretBackendConnection_mysql(t *testing.T) { - MaybeSkipDBTests(t, dbEngineMySQL) - -diff --git a/vault/resource_database_secrets_mount_test.go b/vault/resource_database_secrets_mount_test.go -index d702255a..52291b8c 100644 ---- a/vault/resource_database_secrets_mount_test.go -+++ b/vault/resource_database_secrets_mount_test.go -@@ -6,233 +6,8 @@ package vault - import ( - "fmt" - "net/url" -- "testing" -- -- "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" -- "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" -- mssqlhelper "github.com/hashicorp/vault/helper/testhelpers/mssql" -- -- "github.com/hashicorp/terraform-provider-vault/internal/consts" -- "github.com/hashicorp/terraform-provider-vault/internal/provider" -- "github.com/hashicorp/terraform-provider-vault/testutil" - ) - --func TestAccDatabaseSecretsMount_mssql(t *testing.T) { -- MaybeSkipDBTests(t, dbEngineMSSQL) -- -- cleanupFunc, connURL := mssqlhelper.PrepareMSSQLTestContainer(t) -- -- t.Cleanup(cleanupFunc) -- -- backend := acctest.RandomWithPrefix("tf-test-db") -- pluginName := dbEngineMSSQL.DefaultPluginName() -- name := acctest.RandomWithPrefix("db") -- name2 := name + "-2" -- -- parsedURL, err := url.Parse(connURL) -- if err != nil { -- t.Fatal(err) -- } -- -- importIgnoreKeys := []string{ -- "engine_count", -- "mssql.0.verify_connection", -- "mssql.0.password", -- "mssql.0.connection_url", -- } -- resourceType := "vault_database_secrets_mount" -- resourceName := resourceType + ".db" -- -- username := parsedURL.User.Username() -- resource.Test(t, resource.TestCase{ -- ProviderFactories: providerFactories, -- PreCheck: func() { testutil.TestAccPreCheck(t) }, -- CheckDestroy: testCheckMountDestroyed(resourceType, consts.MountTypeDatabase, consts.FieldPath), -- Steps: []resource.TestStep{ -- { -- Config: testAccDatabaseSecretsMount_mssql(name, backend, pluginName, parsedURL), -- Check: resource.ComposeTestCheckFunc( -- resource.TestCheckResourceAttr(resourceName, "mssql.#", "1"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.allowed_roles.#", "2"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.allowed_roles.0", "dev"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.allowed_roles.1", "prod"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.connection_url", connURL), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.max_open_connections", "2"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.max_idle_connections", "0"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.max_connection_lifetime", "0"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.username", username), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.name", name), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.contained_db", "false"), -- ), -- }, -- { -- ResourceName: resourceName, -- ImportState: true, -- ImportStateVerify: true, -- ImportStateVerifyIgnore: importIgnoreKeys, -- }, -- { -- PreConfig: func() { -- client := testProvider.Meta().(*provider.ProviderMeta).MustGetClient() -- -- resp, err := client.Logical().Read(fmt.Sprintf("%s/creds/%s", backend, "dev")) -- if err != nil { -- t.Fatal(err) -- } -- if resp == nil { -- t.Fatal("empty response") -- } -- }, -- Config: testAccDatabaseSecretsMount_mssql(name2, backend, pluginName, parsedURL), -- Check: resource.ComposeTestCheckFunc( -- resource.TestCheckResourceAttr(resourceName, "mssql.#", "1"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.allowed_roles.#", "2"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.allowed_roles.0", "dev"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.allowed_roles.1", "prod"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.connection_url", connURL), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.max_open_connections", "2"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.max_idle_connections", "0"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.max_connection_lifetime", "0"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.username", username), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.name", name2), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.contained_db", "false"), -- ), -- }, -- { -- ResourceName: resourceName, -- ImportState: true, -- ImportStateVerify: true, -- ImportStateVerifyIgnore: importIgnoreKeys, -- }, -- }, -- }) --} -- --func TestAccDatabaseSecretsMount_mssql_multi(t *testing.T) { -- testutil.SkipTestEnvSet(t, "SKIP_MSSQL_MULTI_CI") -- MaybeSkipDBTests(t, dbEngineMSSQL) -- -- cleanupFunc, connURL := mssqlhelper.PrepareMSSQLTestContainer(t) -- t.Cleanup(cleanupFunc) -- -- cleanupFunc2, connURL2 := mssqlhelper.PrepareMSSQLTestContainer(t) -- t.Cleanup(cleanupFunc2) -- -- backend := acctest.RandomWithPrefix("tf-test-db") -- pluginName := dbEngineMSSQL.DefaultPluginName() -- name := acctest.RandomWithPrefix("db") -- name2 := acctest.RandomWithPrefix("db2") -- -- parsedURL, err := url.Parse(connURL) -- if err != nil { -- t.Fatal(err) -- } -- -- parsedURL2, err := url.Parse(connURL2) -- if err != nil { -- t.Fatal(err) -- } -- -- importIgnoreKeys := []string{ -- "engine_count", -- "mssql.0.verify_connection", -- "mssql.0.password", -- "mssql.0.connection_url", -- "mssql.1.verify_connection", -- "mssql.1.password", -- "mssql.1.connection_url", -- } -- -- resourceType := "vault_database_secrets_mount" -- resourceName := resourceType + ".db" -- username := parsedURL.User.Username() -- resource.Test(t, resource.TestCase{ -- ProviderFactories: providerFactories, -- PreCheck: func() { testutil.TestAccPreCheck(t) }, -- CheckDestroy: testCheckMountDestroyed(resourceType, consts.MountTypeDatabase, consts.FieldPath), -- Steps: []resource.TestStep{ -- { -- Config: testAccDatabaseSecretsMount_mssql_dual(name, name2, backend, pluginName, parsedURL, parsedURL2), -- Check: resource.ComposeTestCheckFunc( -- resource.TestCheckResourceAttr(resourceName, "mssql.#", "2"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.allowed_roles.#", "1"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.allowed_roles.0", "dev1"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.connection_url", connURL), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.max_open_connections", "2"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.max_idle_connections", "0"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.max_connection_lifetime", "0"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.username", username), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.contained_db", "false"), -- resource.TestCheckResourceAttr(resourceName, "mssql.1.allowed_roles.#", "1"), -- resource.TestCheckResourceAttr(resourceName, "mssql.1.allowed_roles.0", "dev2"), -- resource.TestCheckResourceAttr(resourceName, "mssql.1.connection_url", connURL2), -- resource.TestCheckResourceAttr(resourceName, "mssql.1.max_open_connections", "2"), -- resource.TestCheckResourceAttr(resourceName, "mssql.1.max_idle_connections", "0"), -- resource.TestCheckResourceAttr(resourceName, "mssql.1.max_connection_lifetime", "0"), -- resource.TestCheckResourceAttr(resourceName, "mssql.1.username", username), -- resource.TestCheckResourceAttr(resourceName, "mssql.1.contained_db", "false"), -- ), -- }, -- { -- PreConfig: func() { -- client := testProvider.Meta().(*provider.ProviderMeta).MustGetClient() -- -- for _, role := range []string{"dev1", "dev2"} { -- resp, err := client.Logical().Read(fmt.Sprintf("%s/creds/%s", backend, role)) -- if err != nil { -- t.Fatal(err) -- } -- if resp == nil { -- t.Fatal("empty response") -- } -- } -- }, -- Config: testAccDatabaseSecretsMount_mssql_dual(name, name2, backend, pluginName, parsedURL, parsedURL2), -- Check: resource.ComposeTestCheckFunc( -- resource.TestCheckResourceAttr(resourceName, "mssql.#", "2"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.allowed_roles.#", "1"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.allowed_roles.0", "dev1"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.connection_url", connURL), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.max_open_connections", "2"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.max_idle_connections", "0"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.max_connection_lifetime", "0"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.username", username), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.contained_db", "false"), -- resource.TestCheckResourceAttr(resourceName, "mssql.1.allowed_roles.#", "1"), -- resource.TestCheckResourceAttr(resourceName, "mssql.1.allowed_roles.0", "dev2"), -- resource.TestCheckResourceAttr(resourceName, "mssql.1.connection_url", connURL2), -- resource.TestCheckResourceAttr(resourceName, "mssql.1.max_open_connections", "2"), -- resource.TestCheckResourceAttr(resourceName, "mssql.1.max_idle_connections", "0"), -- resource.TestCheckResourceAttr(resourceName, "mssql.1.max_connection_lifetime", "0"), -- resource.TestCheckResourceAttr(resourceName, "mssql.1.username", username), -- resource.TestCheckResourceAttr(resourceName, "mssql.1.contained_db", "false"), -- ), -- }, -- { -- ResourceName: resourceName, -- ImportState: true, -- ImportStateVerify: true, -- ImportStateVerifyIgnore: importIgnoreKeys, -- }, -- { -- Config: testAccDatabaseSecretsMount_mssql(name, backend, pluginName, parsedURL), -- Check: resource.ComposeTestCheckFunc( -- resource.TestCheckResourceAttr(resourceName, "mssql.#", "1"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.allowed_roles.#", "2"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.allowed_roles.0", "dev"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.allowed_roles.1", "prod"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.connection_url", connURL), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.max_open_connections", "2"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.max_idle_connections", "0"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.max_connection_lifetime", "0"), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.username", username), -- resource.TestCheckResourceAttr(resourceName, "mssql.0.contained_db", "false"), -- ), -- }, -- }, -- }) --} -- - func testAccDatabaseSecretsMount_mssql(name, path, pluginName string, parsedURL *url.URL) string { - password, _ := parsedURL.User.Password() - -diff --git a/vault/resource_okta_auth_backend_user.go b/vault/resource_okta_auth_backend_user.go -index 21ae8a9d..e97cf988 100644 ---- a/vault/resource_okta_auth_backend_user.go -+++ b/vault/resource_okta_auth_backend_user.go -@@ -21,6 +21,19 @@ func oktaAuthBackendUserResource() *schema.Resource { - Read: provider.ReadWrapper(oktaAuthBackendUserRead), - Update: oktaAuthBackendUserWrite, - Delete: oktaAuthBackendUserDelete, -+ Importer: &schema.ResourceImporter{ -+ State: func(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { -+ // An ID is based on the path/user so we need to break this into it's component parts -+ idParts := strings.Split(d.Id(), "/") -+ if len(idParts) != 2 { -+ return nil, fmt.Errorf("unable to parse the resource ID for okta_auth_backend_user: "+ -+ "expected `path/user` format but got %q", d.Id()) -+ } -+ d.Set("path", idParts[0]) -+ d.Set("username", idParts[1]) -+ return []*schema.ResourceData{d}, nil -+ }, -+ }, - - Schema: map[string]*schema.Schema{ - "path": { -diff --git a/website/docs/r/okta_auth_backend_user.html.md b/website/docs/r/okta_auth_backend_user.html.md -index 007a05cd..b12432c6 100644 ---- a/website/docs/r/okta_auth_backend_user.html.md -+++ b/website/docs/r/okta_auth_backend_user.html.md -@@ -46,3 +46,11 @@ The following arguments are supported: - ## Attributes Reference - - No additional attributes are exposed by this resource. -+ -+## Import -+ -+Okta authentication backend users can be imported using its `path/user` ID format, e.g. -+ -+``` -+$ terraform import vault_okta_auth_backend_user.example okta/foo -+``` diff --git a/patches/0002-remove-dependency-on-BUSL-code.patch b/patches/0002-remove-dependency-on-BUSL-code.patch deleted file mode 100644 index 282a74952..000000000 --- a/patches/0002-remove-dependency-on-BUSL-code.patch +++ /dev/null @@ -1,115 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Ian Wahbe -Date: Tue, 20 Feb 2024 17:33:24 +0100 -Subject: [PATCH 2/2] remove dependency on BUSL code - - -diff --git a/go.mod b/go.mod -index a1fa2c56..c84257a9 100644 ---- a/go.mod -+++ b/go.mod -@@ -26,7 +26,6 @@ require ( - github.com/hashicorp/go-version v1.6.0 - github.com/hashicorp/hcl v1.0.1-vault-5 - github.com/hashicorp/terraform-plugin-sdk/v2 v2.31.0 -- github.com/hashicorp/vault v1.15.5 - github.com/hashicorp/vault-plugin-auth-jwt v0.18.0 - github.com/hashicorp/vault-plugin-auth-kerberos v0.10.1 - github.com/hashicorp/vault-plugin-auth-oci v0.14.2 -@@ -46,6 +45,7 @@ require ( - require ( - cloud.google.com/go/compute v1.23.4 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 // indirect -+ github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect - github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect - github.com/Microsoft/go-winio v0.6.1 // indirect -@@ -56,9 +56,12 @@ require ( - github.com/armon/go-radix v1.0.0 // indirect - github.com/cenkalti/backoff/v3 v3.2.2 // indirect - github.com/cloudflare/circl v1.3.7 // indirect -+ github.com/containerd/continuity v0.4.2 // indirect -+ github.com/containerd/log v0.1.0 // indirect - github.com/coreos/go-oidc/v3 v3.5.0 // indirect - github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/distribution/reference v0.5.0 // indirect -+ github.com/docker/cli v25.0.1+incompatible // indirect - github.com/docker/docker v25.0.1+incompatible // indirect - github.com/docker/go-connections v0.4.0 // indirect - github.com/docker/go-units v0.5.0 // indirect -@@ -66,6 +69,7 @@ require ( - github.com/fatih/color v1.16.0 // indirect - github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect -+ github.com/go-git/go-git/v5 v5.11.0 // indirect - github.com/go-jose/go-jose/v3 v3.0.3 // indirect - github.com/go-ldap/ldap/v3 v3.4.4 // indirect - github.com/go-logr/logr v1.4.1 // indirect -@@ -114,6 +118,7 @@ require ( - github.com/jcmturner/goidentity/v6 v6.0.1 // indirect - github.com/jcmturner/rpc/v2 v2.0.3 // indirect - github.com/jmespath/go-jmespath v0.4.0 // indirect -+ github.com/kr/pretty v0.3.1 // indirect - github.com/kylelemons/godebug v1.1.0 // indirect - github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.20 // indirect -@@ -131,6 +136,7 @@ require ( - github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect - github.com/pkg/errors v0.9.1 // indirect - github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect -+ github.com/rogpeppe/go-internal v1.11.0 // indirect - github.com/ryanuber/go-glob v1.0.0 // indirect - github.com/stretchr/testify v1.8.4 // indirect - github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect -diff --git a/go.sum b/go.sum -index 0cb02f06..69fb921c 100644 ---- a/go.sum -+++ b/go.sum -@@ -610,8 +610,8 @@ github.com/AdaLogics/go-fuzz-headers v0.0.0-20221206110420-d395f97c4830/go.mod h - github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0= - github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20221215162035-5330a85ea652/go.mod h1:OahwfttHWG6eJ0clwcfBAHoDI6X/LV/15hx/wlMZSrU= - github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -+github.com/Azure/azure-sdk-for-go v56.3.0+incompatible h1:DmhwMrUIvpeoTDiWRDtNHqelNUd3Og8JCkrLHQK795c= - github.com/Azure/azure-sdk-for-go v56.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= --github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= - github.com/Azure/azure-sdk-for-go/sdk/azcore v0.19.0/go.mod h1:h6H6c8enJmmocHUbLiiGY6sx7f9i+X3m1CHdd5c6Rdw= - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 h1:lGlwhPtrX6EVml1hO0ivjkUxsSyl4dsiw9qcA1k/3IQ= - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA= -@@ -1502,8 +1502,6 @@ github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTV - github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM= - github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= - github.com/hashicorp/terraform-svchost v0.1.1/go.mod h1:mNsjQfZyf/Jhz35v6/0LWcv26+X7JPS+buii2c9/ctc= --github.com/hashicorp/vault v1.15.5 h1:CzDfgFcKjMfsfYhxyfixugeDNcCTU5L0idJXsNEmt9g= --github.com/hashicorp/vault v1.15.5/go.mod h1:Osg4441jt6uoCZi46XfASOy988G3mSh5UTo1EKmVnUY= - github.com/hashicorp/vault-plugin-auth-jwt v0.18.0 h1:ooDRFPUtlRH2gvtXkG6Mpt2E/ziO8tCFU7lWdWtjW50= - github.com/hashicorp/vault-plugin-auth-jwt v0.18.0/go.mod h1:nLMLAx8jTNEDYwa86nltCVAwhVt/gHODRlfRQSu3Wp8= - github.com/hashicorp/vault-plugin-auth-kerberos v0.10.1 h1:nXni7zfOyhOWJBC42iWqIEZA+aYCo3diyVrr1mHs5yo= -@@ -1842,7 +1840,6 @@ github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M5 - github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= - github.com/oracle/oci-go-sdk v24.3.0+incompatible h1:x4mcfb4agelf1O4/1/auGlZ1lr97jXRSSN5MxTgG/zU= - github.com/oracle/oci-go-sdk v24.3.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888= --github.com/ory/dockertest v3.3.5+incompatible h1:iLLK6SQwIhcbrG783Dghaaa3WPzGc+4Emza6EbVUUGA= - github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4aNE4= - github.com/ory/dockertest/v3 v3.10.0/go.mod h1:nr57ZbRWMqfsdGdFNLHz5jjNdDb7VVFnzAeW1n5N1Lg= - github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -diff --git a/vault/resource_secrets_sync_config.go b/vault/resource_secrets_sync_config.go -index fce0ec62..55af5883 100644 ---- a/vault/resource_secrets_sync_config.go -+++ b/vault/resource_secrets_sync_config.go -@@ -10,7 +10,6 @@ import ( - "github.com/hashicorp/terraform-plugin-sdk/v2/diag" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/hashicorp/terraform-provider-vault/internal/provider" -- "github.com/hashicorp/vault/helper/namespace" - ) - - const ( -@@ -56,7 +55,7 @@ func secretsSyncConfigWrite(ctx context.Context, d *schema.ResourceData, meta in - return diag.FromErr(e) - } - -- if client.Namespace() != namespace.RootNamespaceID && client.Namespace() != "" { -+ if client.Namespace() != "root" && client.Namespace() != "" { - return diag.Errorf("error writing sync config, this API is reserved to the root namespace and cannot be used with %q", client.Namespace()) - } - diff --git a/provider/cmd/pulumi-resource-vault/bridge-metadata.json b/provider/cmd/pulumi-resource-vault/bridge-metadata.json index 79a7a2466..c3b6877bf 100644 --- a/provider/cmd/pulumi-resource-vault/bridge-metadata.json +++ b/provider/cmd/pulumi-resource-vault/bridge-metadata.json @@ -445,6 +445,9 @@ "allowed_managed_keys": { "maxItemsOne": false }, + "allowed_response_headers": { + "maxItemsOne": false + }, "audit_non_hmac_request_keys": { "maxItemsOne": false }, @@ -483,6 +486,9 @@ } } }, + "delegated_auth_accessors": { + "maxItemsOne": false + }, "elasticsearch": { "maxItemsOne": false, "elem": { @@ -626,6 +632,9 @@ } } }, + "passthrough_request_headers": { + "maxItemsOne": false + }, "postgresql": { "maxItemsOne": false, "elem": { @@ -1151,11 +1160,20 @@ "allowed_managed_keys": { "maxItemsOne": false }, + "allowed_response_headers": { + "maxItemsOne": false + }, "audit_non_hmac_request_keys": { "maxItemsOne": false }, "audit_non_hmac_response_keys": { "maxItemsOne": false + }, + "delegated_auth_accessors": { + "maxItemsOne": false + }, + "passthrough_request_headers": { + "maxItemsOne": false } } }, @@ -1225,11 +1243,20 @@ "allowed_managed_keys": { "maxItemsOne": false }, + "allowed_response_headers": { + "maxItemsOne": false + }, "audit_non_hmac_request_keys": { "maxItemsOne": false }, "audit_non_hmac_response_keys": { "maxItemsOne": false + }, + "delegated_auth_accessors": { + "maxItemsOne": false + }, + "passthrough_request_headers": { + "maxItemsOne": false } } }, @@ -1310,11 +1337,20 @@ "allowed_managed_keys": { "maxItemsOne": false }, + "allowed_response_headers": { + "maxItemsOne": false + }, "audit_non_hmac_request_keys": { "maxItemsOne": false }, "audit_non_hmac_response_keys": { "maxItemsOne": false + }, + "delegated_auth_accessors": { + "maxItemsOne": false + }, + "passthrough_request_headers": { + "maxItemsOne": false } } }, @@ -1349,6 +1385,12 @@ } } }, + "token_bound_cidrs": { + "maxItemsOne": false + }, + "token_policies": { + "maxItemsOne": false + }, "user": { "maxItemsOne": false, "elem": { @@ -1418,6 +1460,18 @@ "current": "vault:pkiSecret/backendConfigCluster:BackendConfigCluster", "majorVersion": 6 }, + "vault_pki_secret_backend_config_est": { + "current": "vault:pkiSecret/backendConfigEst:BackendConfigEst", + "majorVersion": 6, + "fields": { + "audit_fields": { + "maxItemsOne": false + }, + "authenticators": { + "maxItemsOne": true + } + } + }, "vault_pki_secret_backend_config_issuers": { "current": "vault:pkiSecret/secretBackendConfigIssuers:SecretBackendConfigIssuers", "majorVersion": 6 @@ -1616,6 +1670,22 @@ } } }, + "vault_plugin": { + "current": "vault:index/plugin:Plugin", + "majorVersion": 6, + "fields": { + "args": { + "maxItemsOne": false + }, + "env": { + "maxItemsOne": false + } + } + }, + "vault_plugin_pinned_version": { + "current": "vault:index/pluginPinnedVersion:PluginPinnedVersion", + "majorVersion": 6 + }, "vault_policy": { "current": "vault:index/policy:Policy", "majorVersion": 6 @@ -2091,6 +2161,18 @@ "current": "vault:index/getNomadAccessToken:getNomadAccessToken", "majorVersion": 6 }, + "vault_pki_secret_backend_config_est": { + "current": "vault:pkiSecret/getBackendConfigEst:getBackendConfigEst", + "majorVersion": 6, + "fields": { + "audit_fields": { + "maxItemsOne": false + }, + "authenticators": { + "maxItemsOne": false + } + } + }, "vault_pki_secret_backend_issuer": { "current": "vault:pkiSecret/getBackendIssuer:getBackendIssuer", "majorVersion": 6, diff --git a/provider/cmd/pulumi-resource-vault/schema.json b/provider/cmd/pulumi-resource-vault/schema.json index f2f8f0ad6..521b526cb 100644 --- a/provider/cmd/pulumi-resource-vault/schema.json +++ b/provider/cmd/pulumi-resource-vault/schema.json @@ -4488,6 +4488,23 @@ "username" ] }, + "vault:pkiSecret/BackendConfigEstAuthenticators:BackendConfigEstAuthenticators": { + "properties": { + "cert": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + } + }, + "userpass": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + } + } + }, + "type": "object" + }, "vault:pkiSecret/SecretBackendRolePolicyIdentifier:SecretBackendRolePolicyIdentifier": { "properties": { "cps": { @@ -4508,6 +4525,25 @@ "oid" ] }, + "vault:pkiSecret/getBackendConfigEstAuthenticator:getBackendConfigEstAuthenticator": { + "properties": { + "cert": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "\"The accessor and cert_role properties for cert auth backends\".\n" + }, + "userpass": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "\"The accessor property for user pass auth backends\".\n" + } + }, + "type": "object" + }, "vault:rabbitMq/SecretBackendRoleVhost:SecretBackendRoleVhost": { "properties": { "configure": { @@ -6469,11 +6505,11 @@ } }, "vault:aws/authBackendClient:AuthBackendClient": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst example = new vault.AuthBackend(\"example\", {type: \"aws\"});\nconst exampleAuthBackendClient = new vault.aws.AuthBackendClient(\"example\", {\n backend: example.path,\n accessKey: \"INSERT_AWS_ACCESS_KEY\",\n secretKey: \"INSERT_AWS_SECRET_KEY\",\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\nexample = vault.AuthBackend(\"example\", type=\"aws\")\nexample_auth_backend_client = vault.aws.AuthBackendClient(\"example\",\n backend=example.path,\n access_key=\"INSERT_AWS_ACCESS_KEY\",\n secret_key=\"INSERT_AWS_SECRET_KEY\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Vault.AuthBackend(\"example\", new()\n {\n Type = \"aws\",\n });\n\n var exampleAuthBackendClient = new Vault.Aws.AuthBackendClient(\"example\", new()\n {\n Backend = example.Path,\n AccessKey = \"INSERT_AWS_ACCESS_KEY\",\n SecretKey = \"INSERT_AWS_SECRET_KEY\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault\"\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/aws\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := vault.NewAuthBackend(ctx, \"example\", \u0026vault.AuthBackendArgs{\n\t\t\tType: pulumi.String(\"aws\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aws.NewAuthBackendClient(ctx, \"example\", \u0026aws.AuthBackendClientArgs{\n\t\t\tBackend: example.Path,\n\t\t\tAccessKey: pulumi.String(\"INSERT_AWS_ACCESS_KEY\"),\n\t\t\tSecretKey: pulumi.String(\"INSERT_AWS_SECRET_KEY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.AuthBackend;\nimport com.pulumi.vault.AuthBackendArgs;\nimport com.pulumi.vault.aws.AuthBackendClient;\nimport com.pulumi.vault.aws.AuthBackendClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new AuthBackend(\"example\", AuthBackendArgs.builder()\n .type(\"aws\")\n .build());\n\n var exampleAuthBackendClient = new AuthBackendClient(\"exampleAuthBackendClient\", AuthBackendClientArgs.builder()\n .backend(example.path())\n .accessKey(\"INSERT_AWS_ACCESS_KEY\")\n .secretKey(\"INSERT_AWS_SECRET_KEY\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: vault:AuthBackend\n properties:\n type: aws\n exampleAuthBackendClient:\n type: vault:aws:AuthBackendClient\n name: example\n properties:\n backend: ${example.path}\n accessKey: INSERT_AWS_ACCESS_KEY\n secretKey: INSERT_AWS_SECRET_KEY\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAWS auth backend clients can be imported using `auth/`, the `backend` path, and `/config/client` e.g.\n\n```sh\n$ pulumi import vault:aws/authBackendClient:AuthBackendClient example auth/aws/config/client\n```\n", + "description": "## Example Usage\n\nYou can setup the AWS auth engine with Workload Identity Federation (WIF) for a secret-less configuration:\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst example = new vault.AuthBackend(\"example\", {type: \"aws\"});\nconst exampleAuthBackendClient = new vault.aws.AuthBackendClient(\"example\", {\n identityTokenAudience: \"\u003cTOKEN_AUDIENCE\u003e\",\n identityTokenTtl: \"\u003cTOKEN_TTL\u003e\",\n roleArn: \"\u003cAWS_ROLE_ARN\u003e\",\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\nexample = vault.AuthBackend(\"example\", type=\"aws\")\nexample_auth_backend_client = vault.aws.AuthBackendClient(\"example\",\n identity_token_audience=\"\u003cTOKEN_AUDIENCE\u003e\",\n identity_token_ttl=\"\u003cTOKEN_TTL\u003e\",\n role_arn=\"\u003cAWS_ROLE_ARN\u003e\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Vault.AuthBackend(\"example\", new()\n {\n Type = \"aws\",\n });\n\n var exampleAuthBackendClient = new Vault.Aws.AuthBackendClient(\"example\", new()\n {\n IdentityTokenAudience = \"\u003cTOKEN_AUDIENCE\u003e\",\n IdentityTokenTtl = \"\u003cTOKEN_TTL\u003e\",\n RoleArn = \"\u003cAWS_ROLE_ARN\u003e\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault\"\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/aws\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vault.NewAuthBackend(ctx, \"example\", \u0026vault.AuthBackendArgs{\n\t\t\tType: pulumi.String(\"aws\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aws.NewAuthBackendClient(ctx, \"example\", \u0026aws.AuthBackendClientArgs{\n\t\t\tIdentityTokenAudience: pulumi.String(\"\u003cTOKEN_AUDIENCE\u003e\"),\n\t\t\tIdentityTokenTtl: pulumi.Int(\"\u003cTOKEN_TTL\u003e\"),\n\t\t\tRoleArn: pulumi.String(\"\u003cAWS_ROLE_ARN\u003e\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.AuthBackend;\nimport com.pulumi.vault.AuthBackendArgs;\nimport com.pulumi.vault.aws.AuthBackendClient;\nimport com.pulumi.vault.aws.AuthBackendClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new AuthBackend(\"example\", AuthBackendArgs.builder()\n .type(\"aws\")\n .build());\n\n var exampleAuthBackendClient = new AuthBackendClient(\"exampleAuthBackendClient\", AuthBackendClientArgs.builder()\n .identityTokenAudience(\"\u003cTOKEN_AUDIENCE\u003e\")\n .identityTokenTtl(\"\u003cTOKEN_TTL\u003e\")\n .roleArn(\"\u003cAWS_ROLE_ARN\u003e\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: vault:AuthBackend\n properties:\n type: aws\n exampleAuthBackendClient:\n type: vault:aws:AuthBackendClient\n name: example\n properties:\n identityTokenAudience: \u003cTOKEN_AUDIENCE\u003e\n identityTokenTtl: \u003cTOKEN_TTL\u003e\n roleArn: \u003cAWS_ROLE_ARN\u003e\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst example = new vault.AuthBackend(\"example\", {type: \"aws\"});\nconst exampleAuthBackendClient = new vault.aws.AuthBackendClient(\"example\", {\n backend: example.path,\n accessKey: \"INSERT_AWS_ACCESS_KEY\",\n secretKey: \"INSERT_AWS_SECRET_KEY\",\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\nexample = vault.AuthBackend(\"example\", type=\"aws\")\nexample_auth_backend_client = vault.aws.AuthBackendClient(\"example\",\n backend=example.path,\n access_key=\"INSERT_AWS_ACCESS_KEY\",\n secret_key=\"INSERT_AWS_SECRET_KEY\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Vault.AuthBackend(\"example\", new()\n {\n Type = \"aws\",\n });\n\n var exampleAuthBackendClient = new Vault.Aws.AuthBackendClient(\"example\", new()\n {\n Backend = example.Path,\n AccessKey = \"INSERT_AWS_ACCESS_KEY\",\n SecretKey = \"INSERT_AWS_SECRET_KEY\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault\"\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/aws\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := vault.NewAuthBackend(ctx, \"example\", \u0026vault.AuthBackendArgs{\n\t\t\tType: pulumi.String(\"aws\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aws.NewAuthBackendClient(ctx, \"example\", \u0026aws.AuthBackendClientArgs{\n\t\t\tBackend: example.Path,\n\t\t\tAccessKey: pulumi.String(\"INSERT_AWS_ACCESS_KEY\"),\n\t\t\tSecretKey: pulumi.String(\"INSERT_AWS_SECRET_KEY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.AuthBackend;\nimport com.pulumi.vault.AuthBackendArgs;\nimport com.pulumi.vault.aws.AuthBackendClient;\nimport com.pulumi.vault.aws.AuthBackendClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new AuthBackend(\"example\", AuthBackendArgs.builder()\n .type(\"aws\")\n .build());\n\n var exampleAuthBackendClient = new AuthBackendClient(\"exampleAuthBackendClient\", AuthBackendClientArgs.builder()\n .backend(example.path())\n .accessKey(\"INSERT_AWS_ACCESS_KEY\")\n .secretKey(\"INSERT_AWS_SECRET_KEY\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: vault:AuthBackend\n properties:\n type: aws\n exampleAuthBackendClient:\n type: vault:aws:AuthBackendClient\n name: example\n properties:\n backend: ${example.path}\n accessKey: INSERT_AWS_ACCESS_KEY\n secretKey: INSERT_AWS_SECRET_KEY\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAWS auth backend clients can be imported using `auth/`, the `backend` path, and `/config/client` e.g.\n\n```sh\n$ pulumi import vault:aws/authBackendClient:AuthBackendClient example auth/aws/config/client\n```\n", "properties": { "accessKey": { "type": "string", - "description": "The AWS access key that Vault should use for the\nauth backend.\n", + "description": "The AWS access key that Vault should use for the\nauth backend. Mutually exclusive with `identity_token_audience`.\n", "secret": true }, "backend": { @@ -6492,10 +6528,26 @@ "type": "string", "description": "The value to require in the\n`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests\nthat are used in the IAM auth method.\n" }, + "identityTokenAudience": { + "type": "string", + "description": "The audience claim value. Mutually exclusive with `access_key`. \nRequires Vault 1.17+. *Available only for Vault Enterprise*\n" + }, + "identityTokenTtl": { + "type": "integer", + "description": "The TTL of generated identity tokens in seconds. Requires Vault 1.17+.\n*Available only for Vault Enterprise*\n" + }, + "maxRetries": { + "type": "integer", + "description": "Number of max retries the client should use for recoverable errors. \nThe default `-1` falls back to the AWS SDK's default behavior.\n" + }, "namespace": { "type": "string", "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n" }, + "roleArn": { + "type": "string", + "description": "Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.\n*Available only for Vault Enterprise*\n" + }, "secretKey": { "type": "string", "description": "The AWS secret key that Vault should use for the\nauth backend.\n", @@ -6515,12 +6567,13 @@ } }, "required": [ + "identityTokenTtl", "useStsRegionFromClient" ], "inputProperties": { "accessKey": { "type": "string", - "description": "The AWS access key that Vault should use for the\nauth backend.\n", + "description": "The AWS access key that Vault should use for the\nauth backend. Mutually exclusive with `identity_token_audience`.\n", "secret": true }, "backend": { @@ -6540,11 +6593,27 @@ "type": "string", "description": "The value to require in the\n`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests\nthat are used in the IAM auth method.\n" }, + "identityTokenAudience": { + "type": "string", + "description": "The audience claim value. Mutually exclusive with `access_key`. \nRequires Vault 1.17+. *Available only for Vault Enterprise*\n" + }, + "identityTokenTtl": { + "type": "integer", + "description": "The TTL of generated identity tokens in seconds. Requires Vault 1.17+.\n*Available only for Vault Enterprise*\n" + }, + "maxRetries": { + "type": "integer", + "description": "Number of max retries the client should use for recoverable errors. \nThe default `-1` falls back to the AWS SDK's default behavior.\n" + }, "namespace": { "type": "string", "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n", "willReplaceOnChanges": true }, + "roleArn": { + "type": "string", + "description": "Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.\n*Available only for Vault Enterprise*\n" + }, "secretKey": { "type": "string", "description": "The AWS secret key that Vault should use for the\nauth backend.\n", @@ -6568,7 +6637,7 @@ "properties": { "accessKey": { "type": "string", - "description": "The AWS access key that Vault should use for the\nauth backend.\n", + "description": "The AWS access key that Vault should use for the\nauth backend. Mutually exclusive with `identity_token_audience`.\n", "secret": true }, "backend": { @@ -6588,11 +6657,27 @@ "type": "string", "description": "The value to require in the\n`X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests\nthat are used in the IAM auth method.\n" }, + "identityTokenAudience": { + "type": "string", + "description": "The audience claim value. Mutually exclusive with `access_key`. \nRequires Vault 1.17+. *Available only for Vault Enterprise*\n" + }, + "identityTokenTtl": { + "type": "integer", + "description": "The TTL of generated identity tokens in seconds. Requires Vault 1.17+.\n*Available only for Vault Enterprise*\n" + }, + "maxRetries": { + "type": "integer", + "description": "Number of max retries the client should use for recoverable errors. \nThe default `-1` falls back to the AWS SDK's default behavior.\n" + }, "namespace": { "type": "string", "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n", "willReplaceOnChanges": true }, + "roleArn": { + "type": "string", + "description": "Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.\n*Available only for Vault Enterprise*\n" + }, "secretKey": { "type": "string", "description": "The AWS secret key that Vault should use for the\nauth backend.\n", @@ -8070,6 +8155,13 @@ }, "description": "A list of IAM group names. IAM users generated\nagainst this vault role will be added to these IAM Groups. For a credential\ntype of `assumed_role` or `federation_token`, the policies sent to the\ncorresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the\npolicies from each group in `iam_groups` combined with the `policy_document`\nand `policy_arns` parameters.\n" }, + "iamTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of strings representing key/value pairs\nto be used as tags for any IAM user that is created by this role.\n" + }, "maxStsTtl": { "type": "integer", "description": "The max allowed TTL in seconds for STS credentials\n(credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is\none of `assumed_role` or `federation_token`.\n" @@ -8137,6 +8229,13 @@ }, "description": "A list of IAM group names. IAM users generated\nagainst this vault role will be added to these IAM Groups. For a credential\ntype of `assumed_role` or `federation_token`, the policies sent to the\ncorresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the\npolicies from each group in `iam_groups` combined with the `policy_document`\nand `policy_arns` parameters.\n" }, + "iamTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of strings representing key/value pairs\nto be used as tags for any IAM user that is created by this role.\n" + }, "maxStsTtl": { "type": "integer", "description": "The max allowed TTL in seconds for STS credentials\n(credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is\none of `assumed_role` or `federation_token`.\n" @@ -8206,6 +8305,13 @@ }, "description": "A list of IAM group names. IAM users generated\nagainst this vault role will be added to these IAM Groups. For a credential\ntype of `assumed_role` or `federation_token`, the policies sent to the\ncorresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the\npolicies from each group in `iam_groups` combined with the `policy_document`\nand `policy_arns` parameters.\n" }, + "iamTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of strings representing key/value pairs\nto be used as tags for any IAM user that is created by this role.\n" + }, "maxStsTtl": { "type": "integer", "description": "The max allowed TTL in seconds for STS credentials\n(credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is\none of `assumed_role` or `federation_token`.\n" @@ -8340,7 +8446,7 @@ } }, "vault:azure/authBackendConfig:AuthBackendConfig": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst example = new vault.AuthBackend(\"example\", {type: \"azure\"});\nconst exampleAuthBackendConfig = new vault.azure.AuthBackendConfig(\"example\", {\n backend: example.path,\n tenantId: \"11111111-2222-3333-4444-555555555555\",\n clientId: \"11111111-2222-3333-4444-555555555555\",\n clientSecret: \"01234567890123456789\",\n resource: \"https://vault.hashicorp.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\nexample = vault.AuthBackend(\"example\", type=\"azure\")\nexample_auth_backend_config = vault.azure.AuthBackendConfig(\"example\",\n backend=example.path,\n tenant_id=\"11111111-2222-3333-4444-555555555555\",\n client_id=\"11111111-2222-3333-4444-555555555555\",\n client_secret=\"01234567890123456789\",\n resource=\"https://vault.hashicorp.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Vault.AuthBackend(\"example\", new()\n {\n Type = \"azure\",\n });\n\n var exampleAuthBackendConfig = new Vault.Azure.AuthBackendConfig(\"example\", new()\n {\n Backend = example.Path,\n TenantId = \"11111111-2222-3333-4444-555555555555\",\n ClientId = \"11111111-2222-3333-4444-555555555555\",\n ClientSecret = \"01234567890123456789\",\n Resource = \"https://vault.hashicorp.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault\"\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/azure\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := vault.NewAuthBackend(ctx, \"example\", \u0026vault.AuthBackendArgs{\n\t\t\tType: pulumi.String(\"azure\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azure.NewAuthBackendConfig(ctx, \"example\", \u0026azure.AuthBackendConfigArgs{\n\t\t\tBackend: example.Path,\n\t\t\tTenantId: pulumi.String(\"11111111-2222-3333-4444-555555555555\"),\n\t\t\tClientId: pulumi.String(\"11111111-2222-3333-4444-555555555555\"),\n\t\t\tClientSecret: pulumi.String(\"01234567890123456789\"),\n\t\t\tResource: pulumi.String(\"https://vault.hashicorp.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.AuthBackend;\nimport com.pulumi.vault.AuthBackendArgs;\nimport com.pulumi.vault.azure.AuthBackendConfig;\nimport com.pulumi.vault.azure.AuthBackendConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new AuthBackend(\"example\", AuthBackendArgs.builder()\n .type(\"azure\")\n .build());\n\n var exampleAuthBackendConfig = new AuthBackendConfig(\"exampleAuthBackendConfig\", AuthBackendConfigArgs.builder()\n .backend(example.path())\n .tenantId(\"11111111-2222-3333-4444-555555555555\")\n .clientId(\"11111111-2222-3333-4444-555555555555\")\n .clientSecret(\"01234567890123456789\")\n .resource(\"https://vault.hashicorp.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: vault:AuthBackend\n properties:\n type: azure\n exampleAuthBackendConfig:\n type: vault:azure:AuthBackendConfig\n name: example\n properties:\n backend: ${example.path}\n tenantId: 11111111-2222-3333-4444-555555555555\n clientId: 11111111-2222-3333-4444-555555555555\n clientSecret: '01234567890123456789'\n resource: https://vault.hashicorp.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAzure auth backends can be imported using `auth/`, the `backend` path, and `/config` e.g.\n\n```sh\n$ pulumi import vault:azure/authBackendConfig:AuthBackendConfig example auth/azure/config\n```\n", + "description": "## Example Usage\n\nYou can setup the Azure auth engine with Workload Identity Federation (WIF) for a secret-less configuration:\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst example = new vault.AuthBackend(\"example\", {\n type: \"azure\",\n identityTokenKey: \"example-key\",\n});\nconst exampleAuthBackendConfig = new vault.azure.AuthBackendConfig(\"example\", {\n backend: example.path,\n tenantId: \"11111111-2222-3333-4444-555555555555\",\n clientId: \"11111111-2222-3333-4444-555555555555\",\n identityTokenAudience: \"\u003cTOKEN_AUDIENCE\u003e\",\n identityTokenTtl: \"\u003cTOKEN_TTL\u003e\",\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\nexample = vault.AuthBackend(\"example\",\n type=\"azure\",\n identity_token_key=\"example-key\")\nexample_auth_backend_config = vault.azure.AuthBackendConfig(\"example\",\n backend=example.path,\n tenant_id=\"11111111-2222-3333-4444-555555555555\",\n client_id=\"11111111-2222-3333-4444-555555555555\",\n identity_token_audience=\"\u003cTOKEN_AUDIENCE\u003e\",\n identity_token_ttl=\"\u003cTOKEN_TTL\u003e\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Vault.AuthBackend(\"example\", new()\n {\n Type = \"azure\",\n IdentityTokenKey = \"example-key\",\n });\n\n var exampleAuthBackendConfig = new Vault.Azure.AuthBackendConfig(\"example\", new()\n {\n Backend = example.Path,\n TenantId = \"11111111-2222-3333-4444-555555555555\",\n ClientId = \"11111111-2222-3333-4444-555555555555\",\n IdentityTokenAudience = \"\u003cTOKEN_AUDIENCE\u003e\",\n IdentityTokenTtl = \"\u003cTOKEN_TTL\u003e\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault\"\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/azure\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := vault.NewAuthBackend(ctx, \"example\", \u0026vault.AuthBackendArgs{\n\t\t\tType: pulumi.String(\"azure\"),\n\t\t\tIdentityTokenKey: pulumi.String(\"example-key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azure.NewAuthBackendConfig(ctx, \"example\", \u0026azure.AuthBackendConfigArgs{\n\t\t\tBackend: example.Path,\n\t\t\tTenantId: pulumi.String(\"11111111-2222-3333-4444-555555555555\"),\n\t\t\tClientId: pulumi.String(\"11111111-2222-3333-4444-555555555555\"),\n\t\t\tIdentityTokenAudience: pulumi.String(\"\u003cTOKEN_AUDIENCE\u003e\"),\n\t\t\tIdentityTokenTtl: pulumi.Int(\"\u003cTOKEN_TTL\u003e\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.AuthBackend;\nimport com.pulumi.vault.AuthBackendArgs;\nimport com.pulumi.vault.azure.AuthBackendConfig;\nimport com.pulumi.vault.azure.AuthBackendConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new AuthBackend(\"example\", AuthBackendArgs.builder()\n .type(\"azure\")\n .identityTokenKey(\"example-key\")\n .build());\n\n var exampleAuthBackendConfig = new AuthBackendConfig(\"exampleAuthBackendConfig\", AuthBackendConfigArgs.builder()\n .backend(example.path())\n .tenantId(\"11111111-2222-3333-4444-555555555555\")\n .clientId(\"11111111-2222-3333-4444-555555555555\")\n .identityTokenAudience(\"\u003cTOKEN_AUDIENCE\u003e\")\n .identityTokenTtl(\"\u003cTOKEN_TTL\u003e\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: vault:AuthBackend\n properties:\n type: azure\n identityTokenKey: example-key\n exampleAuthBackendConfig:\n type: vault:azure:AuthBackendConfig\n name: example\n properties:\n backend: ${example.path}\n tenantId: 11111111-2222-3333-4444-555555555555\n clientId: 11111111-2222-3333-4444-555555555555\n identityTokenAudience: \u003cTOKEN_AUDIENCE\u003e\n identityTokenTtl: \u003cTOKEN_TTL\u003e\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst example = new vault.AuthBackend(\"example\", {type: \"azure\"});\nconst exampleAuthBackendConfig = new vault.azure.AuthBackendConfig(\"example\", {\n backend: example.path,\n tenantId: \"11111111-2222-3333-4444-555555555555\",\n clientId: \"11111111-2222-3333-4444-555555555555\",\n clientSecret: \"01234567890123456789\",\n resource: \"https://vault.hashicorp.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\nexample = vault.AuthBackend(\"example\", type=\"azure\")\nexample_auth_backend_config = vault.azure.AuthBackendConfig(\"example\",\n backend=example.path,\n tenant_id=\"11111111-2222-3333-4444-555555555555\",\n client_id=\"11111111-2222-3333-4444-555555555555\",\n client_secret=\"01234567890123456789\",\n resource=\"https://vault.hashicorp.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Vault.AuthBackend(\"example\", new()\n {\n Type = \"azure\",\n });\n\n var exampleAuthBackendConfig = new Vault.Azure.AuthBackendConfig(\"example\", new()\n {\n Backend = example.Path,\n TenantId = \"11111111-2222-3333-4444-555555555555\",\n ClientId = \"11111111-2222-3333-4444-555555555555\",\n ClientSecret = \"01234567890123456789\",\n Resource = \"https://vault.hashicorp.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault\"\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/azure\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := vault.NewAuthBackend(ctx, \"example\", \u0026vault.AuthBackendArgs{\n\t\t\tType: pulumi.String(\"azure\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azure.NewAuthBackendConfig(ctx, \"example\", \u0026azure.AuthBackendConfigArgs{\n\t\t\tBackend: example.Path,\n\t\t\tTenantId: pulumi.String(\"11111111-2222-3333-4444-555555555555\"),\n\t\t\tClientId: pulumi.String(\"11111111-2222-3333-4444-555555555555\"),\n\t\t\tClientSecret: pulumi.String(\"01234567890123456789\"),\n\t\t\tResource: pulumi.String(\"https://vault.hashicorp.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.AuthBackend;\nimport com.pulumi.vault.AuthBackendArgs;\nimport com.pulumi.vault.azure.AuthBackendConfig;\nimport com.pulumi.vault.azure.AuthBackendConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new AuthBackend(\"example\", AuthBackendArgs.builder()\n .type(\"azure\")\n .build());\n\n var exampleAuthBackendConfig = new AuthBackendConfig(\"exampleAuthBackendConfig\", AuthBackendConfigArgs.builder()\n .backend(example.path())\n .tenantId(\"11111111-2222-3333-4444-555555555555\")\n .clientId(\"11111111-2222-3333-4444-555555555555\")\n .clientSecret(\"01234567890123456789\")\n .resource(\"https://vault.hashicorp.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: vault:AuthBackend\n properties:\n type: azure\n exampleAuthBackendConfig:\n type: vault:azure:AuthBackendConfig\n name: example\n properties:\n backend: ${example.path}\n tenantId: 11111111-2222-3333-4444-555555555555\n clientId: 11111111-2222-3333-4444-555555555555\n clientSecret: '01234567890123456789'\n resource: https://vault.hashicorp.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAzure auth backends can be imported using `auth/`, the `backend` path, and `/config` e.g.\n\n```sh\n$ pulumi import vault:azure/authBackendConfig:AuthBackendConfig example auth/azure/config\n```\n", "properties": { "backend": { "type": "string", @@ -8360,6 +8466,14 @@ "type": "string", "description": "The Azure cloud environment. Valid values:\nAzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,\nAzureGermanCloud. Defaults to `AzurePublicCloud`.\n" }, + "identityTokenAudience": { + "type": "string", + "description": "The audience claim value for plugin identity tokens. Requires Vault 1.17+.\n*Available only for Vault Enterprise*\n" + }, + "identityTokenTtl": { + "type": "integer", + "description": "The TTL of generated identity tokens in seconds.\n" + }, "namespace": { "type": "string", "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n" @@ -8375,6 +8489,7 @@ } }, "required": [ + "identityTokenTtl", "resource", "tenantId" ], @@ -8398,6 +8513,14 @@ "type": "string", "description": "The Azure cloud environment. Valid values:\nAzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,\nAzureGermanCloud. Defaults to `AzurePublicCloud`.\n" }, + "identityTokenAudience": { + "type": "string", + "description": "The audience claim value for plugin identity tokens. Requires Vault 1.17+.\n*Available only for Vault Enterprise*\n" + }, + "identityTokenTtl": { + "type": "integer", + "description": "The TTL of generated identity tokens in seconds.\n" + }, "namespace": { "type": "string", "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n", @@ -8439,6 +8562,14 @@ "type": "string", "description": "The Azure cloud environment. Valid values:\nAzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,\nAzureGermanCloud. Defaults to `AzurePublicCloud`.\n" }, + "identityTokenAudience": { + "type": "string", + "description": "The audience claim value for plugin identity tokens. Requires Vault 1.17+.\n*Available only for Vault Enterprise*\n" + }, + "identityTokenTtl": { + "type": "integer", + "description": "The TTL of generated identity tokens in seconds.\n" + }, "namespace": { "type": "string", "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n", @@ -8771,7 +8902,7 @@ } }, "vault:azure/backend:Backend": { - "description": "## Example Usage\n\n### *Vault-1.9 And Above*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst azure = new vault.azure.Backend(\"azure\", {\n useMicrosoftGraphApi: true,\n subscriptionId: \"11111111-2222-3333-4444-111111111111\",\n tenantId: \"11111111-2222-3333-4444-222222222222\",\n clientId: \"11111111-2222-3333-4444-333333333333\",\n clientSecret: \"12345678901234567890\",\n environment: \"AzurePublicCloud\",\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\nazure = vault.azure.Backend(\"azure\",\n use_microsoft_graph_api=True,\n subscription_id=\"11111111-2222-3333-4444-111111111111\",\n tenant_id=\"11111111-2222-3333-4444-222222222222\",\n client_id=\"11111111-2222-3333-4444-333333333333\",\n client_secret=\"12345678901234567890\",\n environment=\"AzurePublicCloud\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var azure = new Vault.Azure.Backend(\"azure\", new()\n {\n UseMicrosoftGraphApi = true,\n SubscriptionId = \"11111111-2222-3333-4444-111111111111\",\n TenantId = \"11111111-2222-3333-4444-222222222222\",\n ClientId = \"11111111-2222-3333-4444-333333333333\",\n ClientSecret = \"12345678901234567890\",\n Environment = \"AzurePublicCloud\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/azure\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azure.NewBackend(ctx, \"azure\", \u0026azure.BackendArgs{\n\t\t\tUseMicrosoftGraphApi: pulumi.Bool(true),\n\t\t\tSubscriptionId: pulumi.String(\"11111111-2222-3333-4444-111111111111\"),\n\t\t\tTenantId: pulumi.String(\"11111111-2222-3333-4444-222222222222\"),\n\t\t\tClientId: pulumi.String(\"11111111-2222-3333-4444-333333333333\"),\n\t\t\tClientSecret: pulumi.String(\"12345678901234567890\"),\n\t\t\tEnvironment: pulumi.String(\"AzurePublicCloud\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.azure.Backend;\nimport com.pulumi.vault.azure.BackendArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var azure = new Backend(\"azure\", BackendArgs.builder()\n .useMicrosoftGraphApi(true)\n .subscriptionId(\"11111111-2222-3333-4444-111111111111\")\n .tenantId(\"11111111-2222-3333-4444-222222222222\")\n .clientId(\"11111111-2222-3333-4444-333333333333\")\n .clientSecret(\"12345678901234567890\")\n .environment(\"AzurePublicCloud\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n azure:\n type: vault:azure:Backend\n properties:\n useMicrosoftGraphApi: true\n subscriptionId: 11111111-2222-3333-4444-111111111111\n tenantId: 11111111-2222-3333-4444-222222222222\n clientId: 11111111-2222-3333-4444-333333333333\n clientSecret: '12345678901234567890'\n environment: AzurePublicCloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### *Vault-1.8 And Below*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst azure = new vault.azure.Backend(\"azure\", {\n useMicrosoftGraphApi: false,\n subscriptionId: \"11111111-2222-3333-4444-111111111111\",\n tenantId: \"11111111-2222-3333-4444-222222222222\",\n clientId: \"11111111-2222-3333-4444-333333333333\",\n clientSecret: \"12345678901234567890\",\n environment: \"AzurePublicCloud\",\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\nazure = vault.azure.Backend(\"azure\",\n use_microsoft_graph_api=False,\n subscription_id=\"11111111-2222-3333-4444-111111111111\",\n tenant_id=\"11111111-2222-3333-4444-222222222222\",\n client_id=\"11111111-2222-3333-4444-333333333333\",\n client_secret=\"12345678901234567890\",\n environment=\"AzurePublicCloud\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var azure = new Vault.Azure.Backend(\"azure\", new()\n {\n UseMicrosoftGraphApi = false,\n SubscriptionId = \"11111111-2222-3333-4444-111111111111\",\n TenantId = \"11111111-2222-3333-4444-222222222222\",\n ClientId = \"11111111-2222-3333-4444-333333333333\",\n ClientSecret = \"12345678901234567890\",\n Environment = \"AzurePublicCloud\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/azure\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azure.NewBackend(ctx, \"azure\", \u0026azure.BackendArgs{\n\t\t\tUseMicrosoftGraphApi: pulumi.Bool(false),\n\t\t\tSubscriptionId: pulumi.String(\"11111111-2222-3333-4444-111111111111\"),\n\t\t\tTenantId: pulumi.String(\"11111111-2222-3333-4444-222222222222\"),\n\t\t\tClientId: pulumi.String(\"11111111-2222-3333-4444-333333333333\"),\n\t\t\tClientSecret: pulumi.String(\"12345678901234567890\"),\n\t\t\tEnvironment: pulumi.String(\"AzurePublicCloud\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.azure.Backend;\nimport com.pulumi.vault.azure.BackendArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var azure = new Backend(\"azure\", BackendArgs.builder()\n .useMicrosoftGraphApi(false)\n .subscriptionId(\"11111111-2222-3333-4444-111111111111\")\n .tenantId(\"11111111-2222-3333-4444-222222222222\")\n .clientId(\"11111111-2222-3333-4444-333333333333\")\n .clientSecret(\"12345678901234567890\")\n .environment(\"AzurePublicCloud\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n azure:\n type: vault:azure:Backend\n properties:\n useMicrosoftGraphApi: false\n subscriptionId: 11111111-2222-3333-4444-111111111111\n tenantId: 11111111-2222-3333-4444-222222222222\n clientId: 11111111-2222-3333-4444-333333333333\n clientSecret: '12345678901234567890'\n environment: AzurePublicCloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "## Example Usage\n\n### *Vault-1.9 And Above*\n\nYou can setup the Azure secrets engine with Workload Identity Federation (WIF) for a secret-less configuration:\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst azure = new vault.azure.Backend(\"azure\", {\n subscriptionId: \"11111111-2222-3333-4444-111111111111\",\n tenantId: \"11111111-2222-3333-4444-222222222222\",\n clientId: \"11111111-2222-3333-4444-333333333333\",\n identityTokenAudience: \"\u003cTOKEN_AUDIENCE\u003e\",\n identityTokenTtl: \"\u003cTOKEN_TTL\u003e\",\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\nazure = vault.azure.Backend(\"azure\",\n subscription_id=\"11111111-2222-3333-4444-111111111111\",\n tenant_id=\"11111111-2222-3333-4444-222222222222\",\n client_id=\"11111111-2222-3333-4444-333333333333\",\n identity_token_audience=\"\u003cTOKEN_AUDIENCE\u003e\",\n identity_token_ttl=\"\u003cTOKEN_TTL\u003e\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var azure = new Vault.Azure.Backend(\"azure\", new()\n {\n SubscriptionId = \"11111111-2222-3333-4444-111111111111\",\n TenantId = \"11111111-2222-3333-4444-222222222222\",\n ClientId = \"11111111-2222-3333-4444-333333333333\",\n IdentityTokenAudience = \"\u003cTOKEN_AUDIENCE\u003e\",\n IdentityTokenTtl = \"\u003cTOKEN_TTL\u003e\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/azure\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azure.NewBackend(ctx, \"azure\", \u0026azure.BackendArgs{\n\t\t\tSubscriptionId: pulumi.String(\"11111111-2222-3333-4444-111111111111\"),\n\t\t\tTenantId: pulumi.String(\"11111111-2222-3333-4444-222222222222\"),\n\t\t\tClientId: pulumi.String(\"11111111-2222-3333-4444-333333333333\"),\n\t\t\tIdentityTokenAudience: pulumi.String(\"\u003cTOKEN_AUDIENCE\u003e\"),\n\t\t\tIdentityTokenTtl: pulumi.Int(\"\u003cTOKEN_TTL\u003e\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.azure.Backend;\nimport com.pulumi.vault.azure.BackendArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var azure = new Backend(\"azure\", BackendArgs.builder()\n .subscriptionId(\"11111111-2222-3333-4444-111111111111\")\n .tenantId(\"11111111-2222-3333-4444-222222222222\")\n .clientId(\"11111111-2222-3333-4444-333333333333\")\n .identityTokenAudience(\"\u003cTOKEN_AUDIENCE\u003e\")\n .identityTokenTtl(\"\u003cTOKEN_TTL\u003e\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n azure:\n type: vault:azure:Backend\n properties:\n subscriptionId: 11111111-2222-3333-4444-111111111111\n tenantId: 11111111-2222-3333-4444-222222222222\n clientId: 11111111-2222-3333-4444-333333333333\n identityTokenAudience: \u003cTOKEN_AUDIENCE\u003e\n identityTokenTtl: \u003cTOKEN_TTL\u003e\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst azure = new vault.azure.Backend(\"azure\", {\n useMicrosoftGraphApi: true,\n subscriptionId: \"11111111-2222-3333-4444-111111111111\",\n tenantId: \"11111111-2222-3333-4444-222222222222\",\n clientId: \"11111111-2222-3333-4444-333333333333\",\n clientSecret: \"12345678901234567890\",\n environment: \"AzurePublicCloud\",\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\nazure = vault.azure.Backend(\"azure\",\n use_microsoft_graph_api=True,\n subscription_id=\"11111111-2222-3333-4444-111111111111\",\n tenant_id=\"11111111-2222-3333-4444-222222222222\",\n client_id=\"11111111-2222-3333-4444-333333333333\",\n client_secret=\"12345678901234567890\",\n environment=\"AzurePublicCloud\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var azure = new Vault.Azure.Backend(\"azure\", new()\n {\n UseMicrosoftGraphApi = true,\n SubscriptionId = \"11111111-2222-3333-4444-111111111111\",\n TenantId = \"11111111-2222-3333-4444-222222222222\",\n ClientId = \"11111111-2222-3333-4444-333333333333\",\n ClientSecret = \"12345678901234567890\",\n Environment = \"AzurePublicCloud\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/azure\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azure.NewBackend(ctx, \"azure\", \u0026azure.BackendArgs{\n\t\t\tUseMicrosoftGraphApi: pulumi.Bool(true),\n\t\t\tSubscriptionId: pulumi.String(\"11111111-2222-3333-4444-111111111111\"),\n\t\t\tTenantId: pulumi.String(\"11111111-2222-3333-4444-222222222222\"),\n\t\t\tClientId: pulumi.String(\"11111111-2222-3333-4444-333333333333\"),\n\t\t\tClientSecret: pulumi.String(\"12345678901234567890\"),\n\t\t\tEnvironment: pulumi.String(\"AzurePublicCloud\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.azure.Backend;\nimport com.pulumi.vault.azure.BackendArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var azure = new Backend(\"azure\", BackendArgs.builder()\n .useMicrosoftGraphApi(true)\n .subscriptionId(\"11111111-2222-3333-4444-111111111111\")\n .tenantId(\"11111111-2222-3333-4444-222222222222\")\n .clientId(\"11111111-2222-3333-4444-333333333333\")\n .clientSecret(\"12345678901234567890\")\n .environment(\"AzurePublicCloud\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n azure:\n type: vault:azure:Backend\n properties:\n useMicrosoftGraphApi: true\n subscriptionId: 11111111-2222-3333-4444-111111111111\n tenantId: 11111111-2222-3333-4444-222222222222\n clientId: 11111111-2222-3333-4444-333333333333\n clientSecret: '12345678901234567890'\n environment: AzurePublicCloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### *Vault-1.8 And Below*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst azure = new vault.azure.Backend(\"azure\", {\n useMicrosoftGraphApi: false,\n subscriptionId: \"11111111-2222-3333-4444-111111111111\",\n tenantId: \"11111111-2222-3333-4444-222222222222\",\n clientId: \"11111111-2222-3333-4444-333333333333\",\n clientSecret: \"12345678901234567890\",\n environment: \"AzurePublicCloud\",\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\nazure = vault.azure.Backend(\"azure\",\n use_microsoft_graph_api=False,\n subscription_id=\"11111111-2222-3333-4444-111111111111\",\n tenant_id=\"11111111-2222-3333-4444-222222222222\",\n client_id=\"11111111-2222-3333-4444-333333333333\",\n client_secret=\"12345678901234567890\",\n environment=\"AzurePublicCloud\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var azure = new Vault.Azure.Backend(\"azure\", new()\n {\n UseMicrosoftGraphApi = false,\n SubscriptionId = \"11111111-2222-3333-4444-111111111111\",\n TenantId = \"11111111-2222-3333-4444-222222222222\",\n ClientId = \"11111111-2222-3333-4444-333333333333\",\n ClientSecret = \"12345678901234567890\",\n Environment = \"AzurePublicCloud\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/azure\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azure.NewBackend(ctx, \"azure\", \u0026azure.BackendArgs{\n\t\t\tUseMicrosoftGraphApi: pulumi.Bool(false),\n\t\t\tSubscriptionId: pulumi.String(\"11111111-2222-3333-4444-111111111111\"),\n\t\t\tTenantId: pulumi.String(\"11111111-2222-3333-4444-222222222222\"),\n\t\t\tClientId: pulumi.String(\"11111111-2222-3333-4444-333333333333\"),\n\t\t\tClientSecret: pulumi.String(\"12345678901234567890\"),\n\t\t\tEnvironment: pulumi.String(\"AzurePublicCloud\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.azure.Backend;\nimport com.pulumi.vault.azure.BackendArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var azure = new Backend(\"azure\", BackendArgs.builder()\n .useMicrosoftGraphApi(false)\n .subscriptionId(\"11111111-2222-3333-4444-111111111111\")\n .tenantId(\"11111111-2222-3333-4444-222222222222\")\n .clientId(\"11111111-2222-3333-4444-333333333333\")\n .clientSecret(\"12345678901234567890\")\n .environment(\"AzurePublicCloud\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n azure:\n type: vault:azure:Backend\n properties:\n useMicrosoftGraphApi: false\n subscriptionId: 11111111-2222-3333-4444-111111111111\n tenantId: 11111111-2222-3333-4444-222222222222\n clientId: 11111111-2222-3333-4444-333333333333\n clientSecret: '12345678901234567890'\n environment: AzurePublicCloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "clientId": { "type": "string", @@ -8795,6 +8926,18 @@ "type": "string", "description": "The Azure environment.\n" }, + "identityTokenAudience": { + "type": "string", + "description": "The audience claim value. Requires Vault 1.17+.\n*Available only for Vault Enterprise*\n" + }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing identity tokens. Requires Vault 1.17+.\n*Available only for Vault Enterprise*\n" + }, + "identityTokenTtl": { + "type": "integer", + "description": "The TTL of generated identity tokens in seconds. Requires Vault 1.17+.\n*Available only for Vault Enterprise*\n" + }, "namespace": { "type": "string", "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n" @@ -8815,10 +8958,12 @@ }, "useMicrosoftGraphApi": { "type": "boolean", - "description": "Use the Microsoft Graph API. Should be set to true on vault-1.10+\n" + "description": "Use the Microsoft Graph API. Should be set to true on vault-1.10+\n", + "deprecationMessage": "This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider." } }, "required": [ + "identityTokenTtl", "subscriptionId", "tenantId", "useMicrosoftGraphApi" @@ -8846,6 +8991,18 @@ "type": "string", "description": "The Azure environment.\n" }, + "identityTokenAudience": { + "type": "string", + "description": "The audience claim value. Requires Vault 1.17+.\n*Available only for Vault Enterprise*\n" + }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing identity tokens. Requires Vault 1.17+.\n*Available only for Vault Enterprise*\n" + }, + "identityTokenTtl": { + "type": "integer", + "description": "The TTL of generated identity tokens in seconds. Requires Vault 1.17+.\n*Available only for Vault Enterprise*\n" + }, "namespace": { "type": "string", "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n", @@ -8868,7 +9025,8 @@ }, "useMicrosoftGraphApi": { "type": "boolean", - "description": "Use the Microsoft Graph API. Should be set to true on vault-1.10+\n" + "description": "Use the Microsoft Graph API. Should be set to true on vault-1.10+\n", + "deprecationMessage": "This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider." } }, "requiredInputs": [ @@ -8900,6 +9058,18 @@ "type": "string", "description": "The Azure environment.\n" }, + "identityTokenAudience": { + "type": "string", + "description": "The audience claim value. Requires Vault 1.17+.\n*Available only for Vault Enterprise*\n" + }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing identity tokens. Requires Vault 1.17+.\n*Available only for Vault Enterprise*\n" + }, + "identityTokenTtl": { + "type": "integer", + "description": "The TTL of generated identity tokens in seconds. Requires Vault 1.17+.\n*Available only for Vault Enterprise*\n" + }, "namespace": { "type": "string", "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n", @@ -8922,7 +9092,8 @@ }, "useMicrosoftGraphApi": { "type": "boolean", - "description": "Use the Microsoft Graph API. Should be set to true on vault-1.10+\n" + "description": "Use the Microsoft Graph API. Should be set to true on vault-1.10+\n", + "deprecationMessage": "This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider." } }, "type": "object" @@ -10442,6 +10613,13 @@ }, "description": "Set of managed key registry entry names that the mount in question is allowed to access\n\nThe following arguments are common to all database engines:\n" }, + "allowedResponseHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" + }, "auditNonHmacRequestKeys": { "type": "array", "items": { @@ -10474,6 +10652,13 @@ "type": "integer", "description": "Default lease duration for tokens and secrets in seconds\n" }, + "delegatedAuthAccessors": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" + }, "description": { "type": "string", "description": "Human-friendly description of the mount\n" @@ -10500,6 +10685,10 @@ }, "description": "A nested block containing configuration options for SAP HanaDB connections. \n*See Configuration Options for more info*\n" }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing plugin workload identity tokens\n" + }, "influxdbs": { "type": "array", "items": { @@ -10507,6 +10696,10 @@ }, "description": "A nested block containing configuration options for InfluxDB connections. \n*See Configuration Options for more info*\n" }, + "listingVisibility": { + "type": "string", + "description": "Specifies whether to show this mount in the UI-specific listing endpoint\n" + }, "local": { "type": "boolean", "description": "Boolean flag that can be explicitly set to true to enforce local mount in HA environment\n" @@ -10582,10 +10775,21 @@ }, "description": "A nested block containing configuration options for Oracle connections. \n*See Configuration Options for more info*\n" }, + "passthroughRequestHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" + }, "path": { "type": "string", "description": "Where the secret backend will be mounted\n" }, + "pluginVersion": { + "type": "string", + "description": "Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'\n" + }, "postgresqls": { "type": "array", "items": { @@ -10642,8 +10846,14 @@ "items": { "type": "string" }, - "description": "Set of managed key registry entry names that the mount in question is allowed to access\n\nThe following arguments are common to all database engines:\n", - "willReplaceOnChanges": true + "description": "Set of managed key registry entry names that the mount in question is allowed to access\n\nThe following arguments are common to all database engines:\n" + }, + "allowedResponseHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" }, "auditNonHmacRequestKeys": { "type": "array", @@ -10677,6 +10887,13 @@ "type": "integer", "description": "Default lease duration for tokens and secrets in seconds\n" }, + "delegatedAuthAccessors": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" + }, "description": { "type": "string", "description": "Human-friendly description of the mount\n" @@ -10700,6 +10917,10 @@ }, "description": "A nested block containing configuration options for SAP HanaDB connections. \n*See Configuration Options for more info*\n" }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing plugin workload identity tokens\n" + }, "influxdbs": { "type": "array", "items": { @@ -10707,6 +10928,10 @@ }, "description": "A nested block containing configuration options for InfluxDB connections. \n*See Configuration Options for more info*\n" }, + "listingVisibility": { + "type": "string", + "description": "Specifies whether to show this mount in the UI-specific listing endpoint\n" + }, "local": { "type": "boolean", "description": "Boolean flag that can be explicitly set to true to enforce local mount in HA environment\n", @@ -10784,10 +11009,21 @@ }, "description": "A nested block containing configuration options for Oracle connections. \n*See Configuration Options for more info*\n" }, + "passthroughRequestHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" + }, "path": { "type": "string", "description": "Where the secret backend will be mounted\n" }, + "pluginVersion": { + "type": "string", + "description": "Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'\n" + }, "postgresqls": { "type": "array", "items": { @@ -10844,8 +11080,14 @@ "items": { "type": "string" }, - "description": "Set of managed key registry entry names that the mount in question is allowed to access\n\nThe following arguments are common to all database engines:\n", - "willReplaceOnChanges": true + "description": "Set of managed key registry entry names that the mount in question is allowed to access\n\nThe following arguments are common to all database engines:\n" + }, + "allowedResponseHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" }, "auditNonHmacRequestKeys": { "type": "array", @@ -10879,6 +11121,13 @@ "type": "integer", "description": "Default lease duration for tokens and secrets in seconds\n" }, + "delegatedAuthAccessors": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" + }, "description": { "type": "string", "description": "Human-friendly description of the mount\n" @@ -10906,6 +11155,10 @@ }, "description": "A nested block containing configuration options for SAP HanaDB connections. \n*See Configuration Options for more info*\n" }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing plugin workload identity tokens\n" + }, "influxdbs": { "type": "array", "items": { @@ -10913,6 +11166,10 @@ }, "description": "A nested block containing configuration options for InfluxDB connections. \n*See Configuration Options for more info*\n" }, + "listingVisibility": { + "type": "string", + "description": "Specifies whether to show this mount in the UI-specific listing endpoint\n" + }, "local": { "type": "boolean", "description": "Boolean flag that can be explicitly set to true to enforce local mount in HA environment\n", @@ -10990,10 +11247,21 @@ }, "description": "A nested block containing configuration options for Oracle connections. \n*See Configuration Options for more info*\n" }, + "passthroughRequestHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" + }, "path": { "type": "string", "description": "Where the secret backend will be mounted\n" }, + "pluginVersion": { + "type": "string", + "description": "Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'\n" + }, "postgresqls": { "type": "array", "items": { @@ -11039,7 +11307,7 @@ } }, "vault:gcp/authBackend:AuthBackend": { - "description": "Provides a resource to configure the [GCP auth backend within Vault](https://www.vaultproject.io/docs/auth/gcp.html).\n\n## Import\n\nGCP authentication backends can be imported using the backend name, e.g.\n\n```sh\n$ pulumi import vault:gcp/authBackend:AuthBackend gcp gcp\n```\n", + "description": "Provides a resource to configure the [GCP auth backend within Vault](https://www.vaultproject.io/docs/auth/gcp.html).\n\n## Example Usage\n\nYou can setup the GCP auth backend with Workload Identity Federation (WIF) for a secret-less configuration:\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst gcp = new vault.gcp.AuthBackend(\"gcp\", {\n identityTokenKey: \"example-key\",\n identityTokenTtl: 1800,\n identityTokenAudience: \"\u003cTOKEN_AUDIENCE\u003e\",\n serviceAccountEmail: \"\u003cSERVICE_ACCOUNT_EMAIL\u003e\",\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\ngcp = vault.gcp.AuthBackend(\"gcp\",\n identity_token_key=\"example-key\",\n identity_token_ttl=1800,\n identity_token_audience=\"\u003cTOKEN_AUDIENCE\u003e\",\n service_account_email=\"\u003cSERVICE_ACCOUNT_EMAIL\u003e\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gcp = new Vault.Gcp.AuthBackend(\"gcp\", new()\n {\n IdentityTokenKey = \"example-key\",\n IdentityTokenTtl = 1800,\n IdentityTokenAudience = \"\u003cTOKEN_AUDIENCE\u003e\",\n ServiceAccountEmail = \"\u003cSERVICE_ACCOUNT_EMAIL\u003e\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/gcp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gcp.NewAuthBackend(ctx, \"gcp\", \u0026gcp.AuthBackendArgs{\n\t\t\tIdentityTokenKey: pulumi.String(\"example-key\"),\n\t\t\tIdentityTokenTtl: pulumi.Int(1800),\n\t\t\tIdentityTokenAudience: pulumi.String(\"\u003cTOKEN_AUDIENCE\u003e\"),\n\t\t\tServiceAccountEmail: pulumi.String(\"\u003cSERVICE_ACCOUNT_EMAIL\u003e\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.gcp.AuthBackend;\nimport com.pulumi.vault.gcp.AuthBackendArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var gcp = new AuthBackend(\"gcp\", AuthBackendArgs.builder()\n .identityTokenKey(\"example-key\")\n .identityTokenTtl(1800)\n .identityTokenAudience(\"\u003cTOKEN_AUDIENCE\u003e\")\n .serviceAccountEmail(\"\u003cSERVICE_ACCOUNT_EMAIL\u003e\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n gcp:\n type: vault:gcp:AuthBackend\n properties:\n identityTokenKey: example-key\n identityTokenTtl: 1800\n identityTokenAudience: \u003cTOKEN_AUDIENCE\u003e\n serviceAccountEmail: \u003cSERVICE_ACCOUNT_EMAIL\u003e\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGCP authentication backends can be imported using the backend name, e.g.\n\n```sh\n$ pulumi import vault:gcp/authBackend:AuthBackend gcp gcp\n```\n", "properties": { "accessor": { "type": "string", @@ -11070,6 +11338,18 @@ "type": "boolean", "description": "If set, opts out of mount migration on path updates.\nSee here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)\n" }, + "identityTokenAudience": { + "type": "string", + "description": "The audience claim value for plugin identity\ntokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).\nMutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*.\n" + }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing plugin identity\ntokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.\n" + }, + "identityTokenTtl": { + "type": "integer", + "description": "The TTL of generated tokens.\n" + }, "local": { "type": "boolean", "description": "Specifies if the auth method is local only.\n" @@ -11090,6 +11370,10 @@ "type": "string", "description": "The GCP Project ID\n" }, + "serviceAccountEmail": { + "type": "string", + "description": "Service Account to impersonate for plugin workload identity federation.\nRequired with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.\n" + }, "tune": { "$ref": "#/types/vault:gcp/AuthBackendTune:AuthBackendTune", "description": "Extra configuration block. Structure is documented below.\n\nThe `tune` block is used to tune the auth backend:\n" @@ -11129,6 +11413,18 @@ "type": "boolean", "description": "If set, opts out of mount migration on path updates.\nSee here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)\n" }, + "identityTokenAudience": { + "type": "string", + "description": "The audience claim value for plugin identity\ntokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).\nMutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*.\n" + }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing plugin identity\ntokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.\n" + }, + "identityTokenTtl": { + "type": "integer", + "description": "The TTL of generated tokens.\n" + }, "local": { "type": "boolean", "description": "Specifies if the auth method is local only.\n", @@ -11151,6 +11447,10 @@ "type": "string", "description": "The GCP Project ID\n" }, + "serviceAccountEmail": { + "type": "string", + "description": "Service Account to impersonate for plugin workload identity federation.\nRequired with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.\n" + }, "tune": { "$ref": "#/types/vault:gcp/AuthBackendTune:AuthBackendTune", "description": "Extra configuration block. Structure is documented below.\n\nThe `tune` block is used to tune the auth backend:\n" @@ -11188,6 +11488,18 @@ "type": "boolean", "description": "If set, opts out of mount migration on path updates.\nSee here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)\n" }, + "identityTokenAudience": { + "type": "string", + "description": "The audience claim value for plugin identity\ntokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).\nMutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*.\n" + }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing plugin identity\ntokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.\n" + }, + "identityTokenTtl": { + "type": "integer", + "description": "The TTL of generated tokens.\n" + }, "local": { "type": "boolean", "description": "Specifies if the auth method is local only.\n", @@ -11210,6 +11522,10 @@ "type": "string", "description": "The GCP Project ID\n" }, + "serviceAccountEmail": { + "type": "string", + "description": "Service Account to impersonate for plugin workload identity federation.\nRequired with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.\n" + }, "tune": { "$ref": "#/types/vault:gcp/AuthBackendTune:AuthBackendTune", "description": "Extra configuration block. Structure is documented below.\n\nThe `tune` block is used to tune the auth backend:\n" @@ -11573,8 +11889,12 @@ } }, "vault:gcp/secretBackend:SecretBackend": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as std from \"@pulumi/std\";\nimport * as vault from \"@pulumi/vault\";\n\nconst gcp = new vault.gcp.SecretBackend(\"gcp\", {credentials: std.file({\n input: \"credentials.json\",\n}).then(invoke =\u003e invoke.result)});\n```\n```python\nimport pulumi\nimport pulumi_std as std\nimport pulumi_vault as vault\n\ngcp = vault.gcp.SecretBackend(\"gcp\", credentials=std.file(input=\"credentials.json\").result)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Std = Pulumi.Std;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gcp = new Vault.Gcp.SecretBackend(\"gcp\", new()\n {\n Credentials = Std.File.Invoke(new()\n {\n Input = \"credentials.json\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/gcp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"credentials.json\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gcp.NewSecretBackend(ctx, \"gcp\", \u0026gcp.SecretBackendArgs{\n\t\t\tCredentials: invokeFile.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.gcp.SecretBackend;\nimport com.pulumi.vault.gcp.SecretBackendArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var gcp = new SecretBackend(\"gcp\", SecretBackendArgs.builder()\n .credentials(StdFunctions.file(FileArgs.builder()\n .input(\"credentials.json\")\n .build()).result())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n gcp:\n type: vault:gcp:SecretBackend\n properties:\n credentials:\n fn::invoke:\n Function: std:file\n Arguments:\n input: credentials.json\n Return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "## Example Usage\n\nYou can setup the GCP secret backend with Workload Identity Federation (WIF) for a secret-less configuration:\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst gcp = new vault.gcp.SecretBackend(\"gcp\", {\n identityTokenKey: \"example-key\",\n identityTokenTtl: 1800,\n identityTokenAudience: \"\u003cTOKEN_AUDIENCE\u003e\",\n serviceAccountEmail: \"\u003cSERVICE_ACCOUNT_EMAIL\u003e\",\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\ngcp = vault.gcp.SecretBackend(\"gcp\",\n identity_token_key=\"example-key\",\n identity_token_ttl=1800,\n identity_token_audience=\"\u003cTOKEN_AUDIENCE\u003e\",\n service_account_email=\"\u003cSERVICE_ACCOUNT_EMAIL\u003e\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gcp = new Vault.Gcp.SecretBackend(\"gcp\", new()\n {\n IdentityTokenKey = \"example-key\",\n IdentityTokenTtl = 1800,\n IdentityTokenAudience = \"\u003cTOKEN_AUDIENCE\u003e\",\n ServiceAccountEmail = \"\u003cSERVICE_ACCOUNT_EMAIL\u003e\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/gcp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gcp.NewSecretBackend(ctx, \"gcp\", \u0026gcp.SecretBackendArgs{\n\t\t\tIdentityTokenKey: pulumi.String(\"example-key\"),\n\t\t\tIdentityTokenTtl: pulumi.Int(1800),\n\t\t\tIdentityTokenAudience: pulumi.String(\"\u003cTOKEN_AUDIENCE\u003e\"),\n\t\t\tServiceAccountEmail: pulumi.String(\"\u003cSERVICE_ACCOUNT_EMAIL\u003e\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.gcp.SecretBackend;\nimport com.pulumi.vault.gcp.SecretBackendArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var gcp = new SecretBackend(\"gcp\", SecretBackendArgs.builder()\n .identityTokenKey(\"example-key\")\n .identityTokenTtl(1800)\n .identityTokenAudience(\"\u003cTOKEN_AUDIENCE\u003e\")\n .serviceAccountEmail(\"\u003cSERVICE_ACCOUNT_EMAIL\u003e\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n gcp:\n type: vault:gcp:SecretBackend\n properties:\n identityTokenKey: example-key\n identityTokenTtl: 1800\n identityTokenAudience: \u003cTOKEN_AUDIENCE\u003e\n serviceAccountEmail: \u003cSERVICE_ACCOUNT_EMAIL\u003e\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as std from \"@pulumi/std\";\nimport * as vault from \"@pulumi/vault\";\n\nconst gcp = new vault.gcp.SecretBackend(\"gcp\", {credentials: std.file({\n input: \"credentials.json\",\n}).then(invoke =\u003e invoke.result)});\n```\n```python\nimport pulumi\nimport pulumi_std as std\nimport pulumi_vault as vault\n\ngcp = vault.gcp.SecretBackend(\"gcp\", credentials=std.file(input=\"credentials.json\").result)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Std = Pulumi.Std;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gcp = new Vault.Gcp.SecretBackend(\"gcp\", new()\n {\n Credentials = Std.File.Invoke(new()\n {\n Input = \"credentials.json\",\n }).Apply(invoke =\u003e invoke.Result),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/gcp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, \u0026std.FileArgs{\n\t\t\tInput: \"credentials.json\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gcp.NewSecretBackend(ctx, \"gcp\", \u0026gcp.SecretBackendArgs{\n\t\t\tCredentials: invokeFile.Result,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.gcp.SecretBackend;\nimport com.pulumi.vault.gcp.SecretBackendArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var gcp = new SecretBackend(\"gcp\", SecretBackendArgs.builder()\n .credentials(StdFunctions.file(FileArgs.builder()\n .input(\"credentials.json\")\n .build()).result())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n gcp:\n type: vault:gcp:SecretBackend\n properties:\n credentials:\n fn::invoke:\n Function: std:file\n Arguments:\n input: credentials.json\n Return: result\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { + "accessor": { + "type": "string", + "description": "The accessor of the created GCP mount.\n" + }, "credentials": { "type": "string", "description": "JSON-encoded credentials to use to connect to GCP\n", @@ -11592,6 +11912,18 @@ "type": "boolean", "description": "If set, opts out of mount migration on path updates.\nSee here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)\n" }, + "identityTokenAudience": { + "type": "string", + "description": "The audience claim value for plugin identity\ntokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).\nMutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*.\n" + }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing plugin identity\ntokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.\n" + }, + "identityTokenTtl": { + "type": "integer", + "description": "The TTL of generated tokens.\n" + }, "local": { "type": "boolean", "description": "Boolean flag that can be explicitly set to true to enforce local mount in HA environment\n" @@ -11607,8 +11939,15 @@ "path": { "type": "string", "description": "The unique path this backend should be mounted at. Must\nnot begin or end with a `/`. Defaults to `gcp`.\n" + }, + "serviceAccountEmail": { + "type": "string", + "description": "Service Account to impersonate for plugin workload identity federation.\nRequired with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.\n" } }, + "required": [ + "accessor" + ], "inputProperties": { "credentials": { "type": "string", @@ -11627,9 +11966,21 @@ "type": "boolean", "description": "If set, opts out of mount migration on path updates.\nSee here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)\n" }, - "local": { - "type": "boolean", - "description": "Boolean flag that can be explicitly set to true to enforce local mount in HA environment\n", + "identityTokenAudience": { + "type": "string", + "description": "The audience claim value for plugin identity\ntokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).\nMutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*.\n" + }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing plugin identity\ntokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.\n" + }, + "identityTokenTtl": { + "type": "integer", + "description": "The TTL of generated tokens.\n" + }, + "local": { + "type": "boolean", + "description": "Boolean flag that can be explicitly set to true to enforce local mount in HA environment\n", "willReplaceOnChanges": true }, "maxLeaseTtlSeconds": { @@ -11644,11 +11995,19 @@ "path": { "type": "string", "description": "The unique path this backend should be mounted at. Must\nnot begin or end with a `/`. Defaults to `gcp`.\n" + }, + "serviceAccountEmail": { + "type": "string", + "description": "Service Account to impersonate for plugin workload identity federation.\nRequired with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.\n" } }, "stateInputs": { "description": "Input properties used for looking up and filtering SecretBackend resources.\n", "properties": { + "accessor": { + "type": "string", + "description": "The accessor of the created GCP mount.\n" + }, "credentials": { "type": "string", "description": "JSON-encoded credentials to use to connect to GCP\n", @@ -11666,6 +12025,18 @@ "type": "boolean", "description": "If set, opts out of mount migration on path updates.\nSee here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)\n" }, + "identityTokenAudience": { + "type": "string", + "description": "The audience claim value for plugin identity\ntokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).\nMutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*.\n" + }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing plugin identity\ntokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.\n" + }, + "identityTokenTtl": { + "type": "integer", + "description": "The TTL of generated tokens.\n" + }, "local": { "type": "boolean", "description": "Boolean flag that can be explicitly set to true to enforce local mount in HA environment\n", @@ -11683,6 +12054,10 @@ "path": { "type": "string", "description": "The unique path this backend should be mounted at. Must\nnot begin or end with a `/`. Defaults to `gcp`.\n" + }, + "serviceAccountEmail": { + "type": "string", + "description": "Service Account to impersonate for plugin workload identity federation.\nRequired with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.\n" } }, "type": "object" @@ -15383,6 +15758,10 @@ "type": "boolean", "description": "If set, opts out of mount migration on path updates.\nSee here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)\n" }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing identity tokens.\n" + }, "local": { "type": "boolean", "description": "Specifies if the auth method is local only.\n" @@ -15419,6 +15798,10 @@ "type": "boolean", "description": "If set, opts out of mount migration on path updates.\nSee here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)\n" }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing identity tokens.\n" + }, "local": { "type": "boolean", "description": "Specifies if the auth method is local only.\n", @@ -15461,6 +15844,10 @@ "type": "boolean", "description": "If set, opts out of mount migration on path updates.\nSee here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)\n" }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing identity tokens.\n" + }, "local": { "type": "boolean", "description": "Specifies if the auth method is local only.\n", @@ -16609,6 +16996,13 @@ }, "description": "Set of managed key registry entry names that the mount in question is allowed to access\n" }, + "allowedResponseHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow, allowing a plugin to include\nthem in the response.\n" + }, "auditNonHmacRequestKeys": { "type": "array", "items": { @@ -16627,6 +17021,13 @@ "type": "integer", "description": "Default lease duration for tokens and secrets in seconds\n" }, + "delegatedAuthAccessors": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of allowed authentication mount accessors the\nbackend can request delegated authentication for.\n" + }, "description": { "type": "string", "description": "Human-friendly description of the mount\n" @@ -16635,6 +17036,14 @@ "type": "boolean", "description": "Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source\n" }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing plugin workload identity tokens. If\nnot provided, this will default to Vault's OIDC default key.\n" + }, + "listingVisibility": { + "type": "string", + "description": "Specifies whether to show this mount in the UI-specific listing endpoint\n" + }, "local": { "type": "boolean", "description": "Boolean flag that can be explicitly set to true to enforce local mount in HA environment\n" @@ -16654,10 +17063,21 @@ }, "description": "Specifies mount type specific options that are passed to the backend\n" }, + "passthroughRequestHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to\nthe plugin.\n" + }, "path": { "type": "string", "description": "Where the secret backend will be mounted\n" }, + "pluginVersion": { + "type": "string", + "description": "Specifies the semantic version of the plugin to use, e.g. \"v1.0.0\".\nIf unspecified, the server will select any matching unversioned plugin that may have been\nregistered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.\n" + }, "sealWrap": { "type": "boolean", "description": "Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability\n" @@ -16683,8 +17103,14 @@ "items": { "type": "string" }, - "description": "Set of managed key registry entry names that the mount in question is allowed to access\n", - "willReplaceOnChanges": true + "description": "Set of managed key registry entry names that the mount in question is allowed to access\n" + }, + "allowedResponseHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow, allowing a plugin to include\nthem in the response.\n" }, "auditNonHmacRequestKeys": { "type": "array", @@ -16704,6 +17130,13 @@ "type": "integer", "description": "Default lease duration for tokens and secrets in seconds\n" }, + "delegatedAuthAccessors": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of allowed authentication mount accessors the\nbackend can request delegated authentication for.\n" + }, "description": { "type": "string", "description": "Human-friendly description of the mount\n" @@ -16713,6 +17146,14 @@ "description": "Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source\n", "willReplaceOnChanges": true }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing plugin workload identity tokens. If\nnot provided, this will default to Vault's OIDC default key.\n" + }, + "listingVisibility": { + "type": "string", + "description": "Specifies whether to show this mount in the UI-specific listing endpoint\n" + }, "local": { "type": "boolean", "description": "Boolean flag that can be explicitly set to true to enforce local mount in HA environment\n", @@ -16734,10 +17175,21 @@ }, "description": "Specifies mount type specific options that are passed to the backend\n" }, + "passthroughRequestHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to\nthe plugin.\n" + }, "path": { "type": "string", "description": "Where the secret backend will be mounted\n" }, + "pluginVersion": { + "type": "string", + "description": "Specifies the semantic version of the plugin to use, e.g. \"v1.0.0\".\nIf unspecified, the server will select any matching unversioned plugin that may have been\nregistered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.\n" + }, "sealWrap": { "type": "boolean", "description": "Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability\n", @@ -16765,8 +17217,14 @@ "items": { "type": "string" }, - "description": "Set of managed key registry entry names that the mount in question is allowed to access\n", - "willReplaceOnChanges": true + "description": "Set of managed key registry entry names that the mount in question is allowed to access\n" + }, + "allowedResponseHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow, allowing a plugin to include\nthem in the response.\n" }, "auditNonHmacRequestKeys": { "type": "array", @@ -16786,6 +17244,13 @@ "type": "integer", "description": "Default lease duration for tokens and secrets in seconds\n" }, + "delegatedAuthAccessors": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of allowed authentication mount accessors the\nbackend can request delegated authentication for.\n" + }, "description": { "type": "string", "description": "Human-friendly description of the mount\n" @@ -16795,6 +17260,14 @@ "description": "Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source\n", "willReplaceOnChanges": true }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing plugin workload identity tokens. If\nnot provided, this will default to Vault's OIDC default key.\n" + }, + "listingVisibility": { + "type": "string", + "description": "Specifies whether to show this mount in the UI-specific listing endpoint\n" + }, "local": { "type": "boolean", "description": "Boolean flag that can be explicitly set to true to enforce local mount in HA environment\n", @@ -16816,10 +17289,21 @@ }, "description": "Specifies mount type specific options that are passed to the backend\n" }, + "passthroughRequestHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to\nthe plugin.\n" + }, "path": { "type": "string", "description": "Where the secret backend will be mounted\n" }, + "pluginVersion": { + "type": "string", + "description": "Specifies the semantic version of the plugin to use, e.g. \"v1.0.0\".\nIf unspecified, the server will select any matching unversioned plugin that may have been\nregistered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.\n" + }, "sealWrap": { "type": "boolean", "description": "Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability\n", @@ -17322,143 +17806,376 @@ "type": "object" } }, - "vault:index/policy:Policy": { - "description": "\n\n## Import\n\nPolicies can be imported using the `name`, e.g.\n\n```sh\n$ pulumi import vault:index/policy:Policy example dev-team\n```\n", + "vault:index/plugin:Plugin": { + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst jwt = new vault.Plugin(\"jwt\", {\n type: \"auth\",\n name: \"jwt\",\n command: \"vault-plugin-auth-jwt\",\n version: \"v0.17.0\",\n sha256: \"6bd0a803ed742aa3ce35e4fa23d2c8d550e6c1567bf63410cec489c28b68b0fc\",\n envs: [\"HTTP_PROXY=http://proxy.example.com:8080\"],\n});\nconst jwtAuth = new vault.AuthBackend(\"jwt_auth\", {type: jwt.name});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\njwt = vault.Plugin(\"jwt\",\n type=\"auth\",\n name=\"jwt\",\n command=\"vault-plugin-auth-jwt\",\n version=\"v0.17.0\",\n sha256=\"6bd0a803ed742aa3ce35e4fa23d2c8d550e6c1567bf63410cec489c28b68b0fc\",\n envs=[\"HTTP_PROXY=http://proxy.example.com:8080\"])\njwt_auth = vault.AuthBackend(\"jwt_auth\", type=jwt.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var jwt = new Vault.Plugin(\"jwt\", new()\n {\n Type = \"auth\",\n Name = \"jwt\",\n Command = \"vault-plugin-auth-jwt\",\n Version = \"v0.17.0\",\n Sha256 = \"6bd0a803ed742aa3ce35e4fa23d2c8d550e6c1567bf63410cec489c28b68b0fc\",\n Envs = new[]\n {\n \"HTTP_PROXY=http://proxy.example.com:8080\",\n },\n });\n\n var jwtAuth = new Vault.AuthBackend(\"jwt_auth\", new()\n {\n Type = jwt.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tjwt, err := vault.NewPlugin(ctx, \"jwt\", \u0026vault.PluginArgs{\n\t\t\tType: pulumi.String(\"auth\"),\n\t\t\tName: pulumi.String(\"jwt\"),\n\t\t\tCommand: pulumi.String(\"vault-plugin-auth-jwt\"),\n\t\t\tVersion: pulumi.String(\"v0.17.0\"),\n\t\t\tSha256: pulumi.String(\"6bd0a803ed742aa3ce35e4fa23d2c8d550e6c1567bf63410cec489c28b68b0fc\"),\n\t\t\tEnvs: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"HTTP_PROXY=http://proxy.example.com:8080\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vault.NewAuthBackend(ctx, \"jwt_auth\", \u0026vault.AuthBackendArgs{\n\t\t\tType: jwt.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.Plugin;\nimport com.pulumi.vault.PluginArgs;\nimport com.pulumi.vault.AuthBackend;\nimport com.pulumi.vault.AuthBackendArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var jwt = new Plugin(\"jwt\", PluginArgs.builder()\n .type(\"auth\")\n .name(\"jwt\")\n .command(\"vault-plugin-auth-jwt\")\n .version(\"v0.17.0\")\n .sha256(\"6bd0a803ed742aa3ce35e4fa23d2c8d550e6c1567bf63410cec489c28b68b0fc\")\n .envs(\"HTTP_PROXY=http://proxy.example.com:8080\")\n .build());\n\n var jwtAuth = new AuthBackend(\"jwtAuth\", AuthBackendArgs.builder()\n .type(jwt.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n jwt:\n type: vault:Plugin\n properties:\n type: auth\n name: jwt\n command: vault-plugin-auth-jwt\n version: v0.17.0\n sha256: 6bd0a803ed742aa3ce35e4fa23d2c8d550e6c1567bf63410cec489c28b68b0fc\n envs:\n - HTTP_PROXY=http://proxy.example.com:8080\n jwtAuth:\n type: vault:AuthBackend\n name: jwt_auth\n properties:\n type: ${jwt.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nPlugins can be imported using `:type/name/:name` or `:type/version/:version/name/:name` as the ID if the version is non-empty, e.g.\n\n```sh\n$ pulumi import vault:index/plugin:Plugin jwt auth/name/jwt\n```\n```sh\n$ pulumi import vault:index/plugin:Plugin jwt auth/version/v0.17.0/name/jwt\n```\n", "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of additional args to pass to the plugin.\n" + }, + "command": { + "type": "string", + "description": "Command to execute the plugin, relative to the server's configured `plugin_directory`.\n" + }, + "envs": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of additional environment variables to run the plugin with in KEY=VALUE form.\n", + "secret": true + }, "name": { "type": "string", - "description": "The name of the policy\n" + "description": "Name of the plugin.\n" }, - "namespace": { + "ociImage": { "type": "string", - "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n" + "description": "Specifies OCI image to run. If specified, setting\n`command`, `args`, and `env` will update the container's entrypoint, args, and\nenvironment variables (append-only) respectively.\n" }, - "policy": { + "runtime": { "type": "string", - "description": "String containing a Vault policy\n", - "language": { - "csharp": { - "name": "PolicyContents" - } - } + "description": "Vault plugin runtime to use if `oci_image` is specified.\n" + }, + "sha256": { + "type": "string", + "description": "SHA256 sum of the plugin binary.\n" + }, + "type": { + "type": "string", + "description": "Type of plugin; one of \"auth\", \"secret\", or \"database\".\n" + }, + "version": { + "type": "string", + "description": "Semantic version of the plugin.\n" } }, "required": [ + "command", "name", - "policy" + "sha256", + "type" ], "inputProperties": { + "args": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of additional args to pass to the plugin.\n" + }, + "command": { + "type": "string", + "description": "Command to execute the plugin, relative to the server's configured `plugin_directory`.\n" + }, + "envs": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of additional environment variables to run the plugin with in KEY=VALUE form.\n", + "secret": true + }, "name": { "type": "string", - "description": "The name of the policy\n", + "description": "Name of the plugin.\n", "willReplaceOnChanges": true }, - "namespace": { + "ociImage": { "type": "string", - "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n", + "description": "Specifies OCI image to run. If specified, setting\n`command`, `args`, and `env` will update the container's entrypoint, args, and\nenvironment variables (append-only) respectively.\n" + }, + "runtime": { + "type": "string", + "description": "Vault plugin runtime to use if `oci_image` is specified.\n" + }, + "sha256": { + "type": "string", + "description": "SHA256 sum of the plugin binary.\n" + }, + "type": { + "type": "string", + "description": "Type of plugin; one of \"auth\", \"secret\", or \"database\".\n", "willReplaceOnChanges": true }, - "policy": { + "version": { "type": "string", - "description": "String containing a Vault policy\n", - "language": { - "csharp": { - "name": "PolicyContents" - } - } + "description": "Semantic version of the plugin.\n", + "willReplaceOnChanges": true } }, "requiredInputs": [ - "policy" + "command", + "sha256", + "type" ], "stateInputs": { - "description": "Input properties used for looking up and filtering Policy resources.\n", + "description": "Input properties used for looking up and filtering Plugin resources.\n", "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of additional args to pass to the plugin.\n" + }, + "command": { + "type": "string", + "description": "Command to execute the plugin, relative to the server's configured `plugin_directory`.\n" + }, + "envs": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of additional environment variables to run the plugin with in KEY=VALUE form.\n", + "secret": true + }, "name": { "type": "string", - "description": "The name of the policy\n", + "description": "Name of the plugin.\n", "willReplaceOnChanges": true }, - "namespace": { + "ociImage": { "type": "string", - "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n", + "description": "Specifies OCI image to run. If specified, setting\n`command`, `args`, and `env` will update the container's entrypoint, args, and\nenvironment variables (append-only) respectively.\n" + }, + "runtime": { + "type": "string", + "description": "Vault plugin runtime to use if `oci_image` is specified.\n" + }, + "sha256": { + "type": "string", + "description": "SHA256 sum of the plugin binary.\n" + }, + "type": { + "type": "string", + "description": "Type of plugin; one of \"auth\", \"secret\", or \"database\".\n", "willReplaceOnChanges": true }, - "policy": { + "version": { "type": "string", - "description": "String containing a Vault policy\n", - "language": { - "csharp": { - "name": "PolicyContents" - } - } + "description": "Semantic version of the plugin.\n", + "willReplaceOnChanges": true } }, "type": "object" } }, - "vault:index/quotaLeaseCount:QuotaLeaseCount": { - "description": "Manage lease count quotas which enforce the number of leases that can be created.\nA lease count quota can be created at the root level or defined on a namespace or mount by\nspecifying a path when creating the quota.\n\nSee [Vault's Documentation](https://www.vaultproject.io/docs/enterprise/lease-count-quotas) for more\ninformation. \n\n**Note** this feature is available only with Vault Enterprise.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst global = new vault.QuotaLeaseCount(\"global\", {\n name: \"global\",\n path: \"\",\n maxLeases: 100,\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\nglobal_ = vault.QuotaLeaseCount(\"global\",\n name=\"global\",\n path=\"\",\n max_leases=100)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @global = new Vault.QuotaLeaseCount(\"global\", new()\n {\n Name = \"global\",\n Path = \"\",\n MaxLeases = 100,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vault.NewQuotaLeaseCount(ctx, \"global\", \u0026vault.QuotaLeaseCountArgs{\n\t\t\tName: pulumi.String(\"global\"),\n\t\t\tPath: pulumi.String(\"\"),\n\t\t\tMaxLeases: pulumi.Int(100),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.QuotaLeaseCount;\nimport com.pulumi.vault.QuotaLeaseCountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var global = new QuotaLeaseCount(\"global\", QuotaLeaseCountArgs.builder()\n .name(\"global\")\n .path(\"\")\n .maxLeases(100)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n global:\n type: vault:QuotaLeaseCount\n properties:\n name: global\n path:\n maxLeases: 100\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLease count quotas can be imported using their names\n\n```sh\n$ pulumi import vault:index/quotaLeaseCount:QuotaLeaseCount global global\n```\n", + "vault:index/pluginPinnedVersion:PluginPinnedVersion": { + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst jwt = new vault.Plugin(\"jwt\", {\n type: \"auth\",\n name: \"jwt\",\n command: \"vault-plugin-auth-jwt\",\n version: \"v0.17.0\",\n sha256: \"6bd0a803ed742aa3ce35e4fa23d2c8d550e6c1567bf63410cec489c28b68b0fc\",\n envs: [\"HTTP_PROXY=http://proxy.example.com:8080\"],\n});\nconst jwtPin = new vault.PluginPinnedVersion(\"jwt_pin\", {\n type: jwt.type,\n name: jwt.name,\n version: jwt.version,\n});\nconst jwtAuth = new vault.AuthBackend(\"jwt_auth\", {type: jwtPin.name});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\njwt = vault.Plugin(\"jwt\",\n type=\"auth\",\n name=\"jwt\",\n command=\"vault-plugin-auth-jwt\",\n version=\"v0.17.0\",\n sha256=\"6bd0a803ed742aa3ce35e4fa23d2c8d550e6c1567bf63410cec489c28b68b0fc\",\n envs=[\"HTTP_PROXY=http://proxy.example.com:8080\"])\njwt_pin = vault.PluginPinnedVersion(\"jwt_pin\",\n type=jwt.type,\n name=jwt.name,\n version=jwt.version)\njwt_auth = vault.AuthBackend(\"jwt_auth\", type=jwt_pin.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var jwt = new Vault.Plugin(\"jwt\", new()\n {\n Type = \"auth\",\n Name = \"jwt\",\n Command = \"vault-plugin-auth-jwt\",\n Version = \"v0.17.0\",\n Sha256 = \"6bd0a803ed742aa3ce35e4fa23d2c8d550e6c1567bf63410cec489c28b68b0fc\",\n Envs = new[]\n {\n \"HTTP_PROXY=http://proxy.example.com:8080\",\n },\n });\n\n var jwtPin = new Vault.PluginPinnedVersion(\"jwt_pin\", new()\n {\n Type = jwt.Type,\n Name = jwt.Name,\n Version = jwt.Version,\n });\n\n var jwtAuth = new Vault.AuthBackend(\"jwt_auth\", new()\n {\n Type = jwtPin.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tjwt, err := vault.NewPlugin(ctx, \"jwt\", \u0026vault.PluginArgs{\n\t\t\tType: pulumi.String(\"auth\"),\n\t\t\tName: pulumi.String(\"jwt\"),\n\t\t\tCommand: pulumi.String(\"vault-plugin-auth-jwt\"),\n\t\t\tVersion: pulumi.String(\"v0.17.0\"),\n\t\t\tSha256: pulumi.String(\"6bd0a803ed742aa3ce35e4fa23d2c8d550e6c1567bf63410cec489c28b68b0fc\"),\n\t\t\tEnvs: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"HTTP_PROXY=http://proxy.example.com:8080\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjwtPin, err := vault.NewPluginPinnedVersion(ctx, \"jwt_pin\", \u0026vault.PluginPinnedVersionArgs{\n\t\t\tType: jwt.Type,\n\t\t\tName: jwt.Name,\n\t\t\tVersion: jwt.Version,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vault.NewAuthBackend(ctx, \"jwt_auth\", \u0026vault.AuthBackendArgs{\n\t\t\tType: jwtPin.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.Plugin;\nimport com.pulumi.vault.PluginArgs;\nimport com.pulumi.vault.PluginPinnedVersion;\nimport com.pulumi.vault.PluginPinnedVersionArgs;\nimport com.pulumi.vault.AuthBackend;\nimport com.pulumi.vault.AuthBackendArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var jwt = new Plugin(\"jwt\", PluginArgs.builder()\n .type(\"auth\")\n .name(\"jwt\")\n .command(\"vault-plugin-auth-jwt\")\n .version(\"v0.17.0\")\n .sha256(\"6bd0a803ed742aa3ce35e4fa23d2c8d550e6c1567bf63410cec489c28b68b0fc\")\n .envs(\"HTTP_PROXY=http://proxy.example.com:8080\")\n .build());\n\n var jwtPin = new PluginPinnedVersion(\"jwtPin\", PluginPinnedVersionArgs.builder()\n .type(jwt.type())\n .name(jwt.name())\n .version(jwt.version())\n .build());\n\n var jwtAuth = new AuthBackend(\"jwtAuth\", AuthBackendArgs.builder()\n .type(jwtPin.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n jwt:\n type: vault:Plugin\n properties:\n type: auth\n name: jwt\n command: vault-plugin-auth-jwt\n version: v0.17.0\n sha256: 6bd0a803ed742aa3ce35e4fa23d2c8d550e6c1567bf63410cec489c28b68b0fc\n envs:\n - HTTP_PROXY=http://proxy.example.com:8080\n jwtPin:\n type: vault:PluginPinnedVersion\n name: jwt_pin\n properties:\n type: ${jwt.type}\n name: ${jwt.name}\n version: ${jwt.version}\n jwtAuth:\n type: vault:AuthBackend\n name: jwt_auth\n properties:\n type: ${jwtPin.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nPinned plugin versions can be imported using `type/name` as the ID, e.g.\n\n```sh\n$ pulumi import vault:index/pluginPinnedVersion:PluginPinnedVersion jwt_pin auth/jwt\n```\n", "properties": { - "maxLeases": { - "type": "integer", - "description": "The maximum number of leases to be allowed by the quota\nrule. The `max_leases` must be positive.\n" - }, "name": { "type": "string", - "description": "Name of the rate limit quota\n" - }, - "namespace": { - "type": "string", - "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured namespace.\n*Available only for Vault Enterprise*.\n" + "description": "Name of the plugin.\n" }, - "path": { + "type": { "type": "string", - "description": "Path of the mount or namespace to apply the quota. A blank path configures a\nglobal rate limit quota. For example `namespace1/` adds a quota to a full namespace,\n`namespace1/auth/userpass` adds a `quota` to `userpass` in `namespace1`.\nUpdating this field on an existing quota can have \"moving\" effects. For example, updating\n`auth/userpass` to `namespace1/auth/userpass` moves this quota from being a global mount quota to\na namespace specific mount quota. **Note, namespaces are supported in Enterprise only.**\n" + "description": "Type of plugin; one of \"auth\", \"secret\", or \"database\".\n" }, - "role": { + "version": { "type": "string", - "description": "If set on a quota where `path` is set to an auth mount with a concept of roles (such as /auth/approle/), this will make the quota restrict login requests to that mount that are made with the specified role.\n" + "description": "Semantic version of the plugin to pin.\n" } }, "required": [ - "maxLeases", - "name" + "name", + "type", + "version" ], "inputProperties": { - "maxLeases": { - "type": "integer", - "description": "The maximum number of leases to be allowed by the quota\nrule. The `max_leases` must be positive.\n" - }, "name": { "type": "string", - "description": "Name of the rate limit quota\n", + "description": "Name of the plugin.\n", "willReplaceOnChanges": true }, - "namespace": { + "type": { "type": "string", - "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured namespace.\n*Available only for Vault Enterprise*.\n", + "description": "Type of plugin; one of \"auth\", \"secret\", or \"database\".\n", "willReplaceOnChanges": true }, - "path": { - "type": "string", - "description": "Path of the mount or namespace to apply the quota. A blank path configures a\nglobal rate limit quota. For example `namespace1/` adds a quota to a full namespace,\n`namespace1/auth/userpass` adds a `quota` to `userpass` in `namespace1`.\nUpdating this field on an existing quota can have \"moving\" effects. For example, updating\n`auth/userpass` to `namespace1/auth/userpass` moves this quota from being a global mount quota to\na namespace specific mount quota. **Note, namespaces are supported in Enterprise only.**\n" - }, - "role": { + "version": { "type": "string", - "description": "If set on a quota where `path` is set to an auth mount with a concept of roles (such as /auth/approle/), this will make the quota restrict login requests to that mount that are made with the specified role.\n" + "description": "Semantic version of the plugin to pin.\n" } }, "requiredInputs": [ - "maxLeases" + "type", + "version" ], "stateInputs": { - "description": "Input properties used for looking up and filtering QuotaLeaseCount resources.\n", + "description": "Input properties used for looking up and filtering PluginPinnedVersion resources.\n", "properties": { - "maxLeases": { - "type": "integer", - "description": "The maximum number of leases to be allowed by the quota\nrule. The `max_leases` must be positive.\n" - }, + "name": { + "type": "string", + "description": "Name of the plugin.\n", + "willReplaceOnChanges": true + }, + "type": { + "type": "string", + "description": "Type of plugin; one of \"auth\", \"secret\", or \"database\".\n", + "willReplaceOnChanges": true + }, + "version": { + "type": "string", + "description": "Semantic version of the plugin to pin.\n" + } + }, + "type": "object" + } + }, + "vault:index/policy:Policy": { + "description": "\n\n## Import\n\nPolicies can be imported using the `name`, e.g.\n\n```sh\n$ pulumi import vault:index/policy:Policy example dev-team\n```\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the policy\n" + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n" + }, + "policy": { + "type": "string", + "description": "String containing a Vault policy\n", + "language": { + "csharp": { + "name": "PolicyContents" + } + } + } + }, + "required": [ + "name", + "policy" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name of the policy\n", + "willReplaceOnChanges": true + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n", + "willReplaceOnChanges": true + }, + "policy": { + "type": "string", + "description": "String containing a Vault policy\n", + "language": { + "csharp": { + "name": "PolicyContents" + } + } + } + }, + "requiredInputs": [ + "policy" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Policy resources.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the policy\n", + "willReplaceOnChanges": true + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n", + "willReplaceOnChanges": true + }, + "policy": { + "type": "string", + "description": "String containing a Vault policy\n", + "language": { + "csharp": { + "name": "PolicyContents" + } + } + } + }, + "type": "object" + } + }, + "vault:index/quotaLeaseCount:QuotaLeaseCount": { + "description": "Manage lease count quotas which enforce the number of leases that can be created.\nA lease count quota can be created at the root level or defined on a namespace or mount by\nspecifying a path when creating the quota.\n\nSee [Vault's Documentation](https://www.vaultproject.io/docs/enterprise/lease-count-quotas) for more\ninformation. \n\n**Note** this feature is available only with Vault Enterprise.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst global = new vault.QuotaLeaseCount(\"global\", {\n name: \"global\",\n path: \"\",\n maxLeases: 100,\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\nglobal_ = vault.QuotaLeaseCount(\"global\",\n name=\"global\",\n path=\"\",\n max_leases=100)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @global = new Vault.QuotaLeaseCount(\"global\", new()\n {\n Name = \"global\",\n Path = \"\",\n MaxLeases = 100,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vault.NewQuotaLeaseCount(ctx, \"global\", \u0026vault.QuotaLeaseCountArgs{\n\t\t\tName: pulumi.String(\"global\"),\n\t\t\tPath: pulumi.String(\"\"),\n\t\t\tMaxLeases: pulumi.Int(100),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.QuotaLeaseCount;\nimport com.pulumi.vault.QuotaLeaseCountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var global = new QuotaLeaseCount(\"global\", QuotaLeaseCountArgs.builder()\n .name(\"global\")\n .path(\"\")\n .maxLeases(100)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n global:\n type: vault:QuotaLeaseCount\n properties:\n name: global\n path:\n maxLeases: 100\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLease count quotas can be imported using their names\n\n```sh\n$ pulumi import vault:index/quotaLeaseCount:QuotaLeaseCount global global\n```\n", + "properties": { + "inheritable": { + "type": "boolean", + "description": "If set to `true` on a quota where path is set to a namespace, the same quota will be cumulatively applied to all child namespace. The inheritable parameter cannot be set to `true` if the path does not specify a namespace. Only the quotas associated with the root namespace are inheritable by default. Requires Vault 1.15+.\n" + }, + "maxLeases": { + "type": "integer", + "description": "The maximum number of leases to be allowed by the quota\nrule. The `max_leases` must be positive.\n" + }, + "name": { + "type": "string", + "description": "Name of the rate limit quota\n" + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured namespace.\n*Available only for Vault Enterprise*.\n" + }, + "path": { + "type": "string", + "description": "Path of the mount or namespace to apply the quota. A blank path configures a\nglobal rate limit quota. For example `namespace1/` adds a quota to a full namespace,\n`namespace1/auth/userpass` adds a `quota` to `userpass` in `namespace1`.\nUpdating this field on an existing quota can have \"moving\" effects. For example, updating\n`auth/userpass` to `namespace1/auth/userpass` moves this quota from being a global mount quota to\na namespace specific mount quota. **Note, namespaces are supported in Enterprise only.**\n" + }, + "role": { + "type": "string", + "description": "If set on a quota where `path` is set to an auth mount with a concept of roles (such as /auth/approle/), this will make the quota restrict login requests to that mount that are made with the specified role.\n" + } + }, + "required": [ + "maxLeases", + "name" + ], + "inputProperties": { + "inheritable": { + "type": "boolean", + "description": "If set to `true` on a quota where path is set to a namespace, the same quota will be cumulatively applied to all child namespace. The inheritable parameter cannot be set to `true` if the path does not specify a namespace. Only the quotas associated with the root namespace are inheritable by default. Requires Vault 1.15+.\n" + }, + "maxLeases": { + "type": "integer", + "description": "The maximum number of leases to be allowed by the quota\nrule. The `max_leases` must be positive.\n" + }, + "name": { + "type": "string", + "description": "Name of the rate limit quota\n", + "willReplaceOnChanges": true + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured namespace.\n*Available only for Vault Enterprise*.\n", + "willReplaceOnChanges": true + }, + "path": { + "type": "string", + "description": "Path of the mount or namespace to apply the quota. A blank path configures a\nglobal rate limit quota. For example `namespace1/` adds a quota to a full namespace,\n`namespace1/auth/userpass` adds a `quota` to `userpass` in `namespace1`.\nUpdating this field on an existing quota can have \"moving\" effects. For example, updating\n`auth/userpass` to `namespace1/auth/userpass` moves this quota from being a global mount quota to\na namespace specific mount quota. **Note, namespaces are supported in Enterprise only.**\n" + }, + "role": { + "type": "string", + "description": "If set on a quota where `path` is set to an auth mount with a concept of roles (such as /auth/approle/), this will make the quota restrict login requests to that mount that are made with the specified role.\n" + } + }, + "requiredInputs": [ + "maxLeases" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering QuotaLeaseCount resources.\n", + "properties": { + "inheritable": { + "type": "boolean", + "description": "If set to `true` on a quota where path is set to a namespace, the same quota will be cumulatively applied to all child namespace. The inheritable parameter cannot be set to `true` if the path does not specify a namespace. Only the quotas associated with the root namespace are inheritable by default. Requires Vault 1.15+.\n" + }, + "maxLeases": { + "type": "integer", + "description": "The maximum number of leases to be allowed by the quota\nrule. The `max_leases` must be positive.\n" + }, "name": { "type": "string", "description": "Name of the rate limit quota\n", @@ -17488,6 +18205,10 @@ "type": "integer", "description": "If set, when a client reaches a rate limit threshold, the client will\nbe prohibited from any further requests until after the 'block_interval' in seconds has elapsed.\n" }, + "inheritable": { + "type": "boolean", + "description": "If set to `true` on a quota where path is set to a namespace, the same quota will be cumulatively applied to all child namespace. The inheritable parameter cannot be set to `true` if the path does not specify a namespace. Only the quotas associated with the root namespace are inheritable by default. Requires Vault 1.15+.\n" + }, "interval": { "type": "integer", "description": "The duration in seconds to enforce rate limiting for.\n" @@ -17523,6 +18244,10 @@ "type": "integer", "description": "If set, when a client reaches a rate limit threshold, the client will\nbe prohibited from any further requests until after the 'block_interval' in seconds has elapsed.\n" }, + "inheritable": { + "type": "boolean", + "description": "If set to `true` on a quota where path is set to a namespace, the same quota will be cumulatively applied to all child namespace. The inheritable parameter cannot be set to `true` if the path does not specify a namespace. Only the quotas associated with the root namespace are inheritable by default. Requires Vault 1.15+.\n" + }, "interval": { "type": "integer", "description": "The duration in seconds to enforce rate limiting for.\n" @@ -17561,6 +18286,10 @@ "type": "integer", "description": "If set, when a client reaches a rate limit threshold, the client will\nbe prohibited from any further requests until after the 'block_interval' in seconds has elapsed.\n" }, + "inheritable": { + "type": "boolean", + "description": "If set to `true` on a quota where path is set to a namespace, the same quota will be cumulatively applied to all child namespace. The inheritable parameter cannot be set to `true` if the path does not specify a namespace. Only the quotas associated with the root namespace are inheritable by default. Requires Vault 1.15+.\n" + }, "interval": { "type": "integer", "description": "The duration in seconds to enforce rate limiting for.\n" @@ -18772,7 +19501,7 @@ "items": { "type": "string" }, - "description": "(For \"jwt\" roles, at least one of `bound_audiences`, `bound_subject`, `bound_claims`\nor `token_bound_cidrs` is required. Optional for \"oidc\" roles.) List of `aud` claims to match against.\nAny match is sufficient.\n" + "description": "(Required for roles of type `jwt`, optional for roles of\ntype `oidc`) List of `aud` claims to match against. Any match is sufficient.\n" }, "boundClaims": { "type": "object", @@ -18806,7 +19535,7 @@ }, "expirationLeeway": { "type": "integer", - "description": "The amount of leeway to add to expiration (`exp`) claims to account for\nclock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.\nOnly applicable with \"jwt\" roles.\n" + "description": "The amount of leeway to add to expiration (`exp`) claims to account for\nclock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.\nOnly applicable with \"jwt\" roles.\n" }, "groupsClaim": { "type": "string", @@ -18822,7 +19551,7 @@ }, "notBeforeLeeway": { "type": "integer", - "description": "The amount of leeway to add to not before (`nbf`) claims to account for\nclock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.\nOnly applicable with \"jwt\" roles.\n" + "description": "The amount of leeway to add to not before (`nbf`) claims to account for\nclock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.\nOnly applicable with \"jwt\" roles.\n" }, "oidcScopes": { "type": "array", @@ -18918,7 +19647,7 @@ "items": { "type": "string" }, - "description": "(For \"jwt\" roles, at least one of `bound_audiences`, `bound_subject`, `bound_claims`\nor `token_bound_cidrs` is required. Optional for \"oidc\" roles.) List of `aud` claims to match against.\nAny match is sufficient.\n" + "description": "(Required for roles of type `jwt`, optional for roles of\ntype `oidc`) List of `aud` claims to match against. Any match is sufficient.\n" }, "boundClaims": { "type": "object", @@ -18952,7 +19681,7 @@ }, "expirationLeeway": { "type": "integer", - "description": "The amount of leeway to add to expiration (`exp`) claims to account for\nclock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.\nOnly applicable with \"jwt\" roles.\n" + "description": "The amount of leeway to add to expiration (`exp`) claims to account for\nclock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.\nOnly applicable with \"jwt\" roles.\n" }, "groupsClaim": { "type": "string", @@ -18969,7 +19698,7 @@ }, "notBeforeLeeway": { "type": "integer", - "description": "The amount of leeway to add to not before (`nbf`) claims to account for\nclock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.\nOnly applicable with \"jwt\" roles.\n" + "description": "The amount of leeway to add to not before (`nbf`) claims to account for\nclock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.\nOnly applicable with \"jwt\" roles.\n" }, "oidcScopes": { "type": "array", @@ -19067,7 +19796,7 @@ "items": { "type": "string" }, - "description": "(For \"jwt\" roles, at least one of `bound_audiences`, `bound_subject`, `bound_claims`\nor `token_bound_cidrs` is required. Optional for \"oidc\" roles.) List of `aud` claims to match against.\nAny match is sufficient.\n" + "description": "(Required for roles of type `jwt`, optional for roles of\ntype `oidc`) List of `aud` claims to match against. Any match is sufficient.\n" }, "boundClaims": { "type": "object", @@ -19101,7 +19830,7 @@ }, "expirationLeeway": { "type": "integer", - "description": "The amount of leeway to add to expiration (`exp`) claims to account for\nclock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.\nOnly applicable with \"jwt\" roles.\n" + "description": "The amount of leeway to add to expiration (`exp`) claims to account for\nclock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.\nOnly applicable with \"jwt\" roles.\n" }, "groupsClaim": { "type": "string", @@ -19118,7 +19847,7 @@ }, "notBeforeLeeway": { "type": "integer", - "description": "The amount of leeway to add to not before (`nbf`) claims to account for\nclock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.\nOnly applicable with \"jwt\" roles.\n" + "description": "The amount of leeway to add to not before (`nbf`) claims to account for\nclock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.\nOnly applicable with \"jwt\" roles.\n" }, "oidcScopes": { "type": "array", @@ -20194,6 +20923,13 @@ }, "description": "List of managed key registry entry names that the mount in question is allowed to access\n" }, + "allowedResponseHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" + }, "auditNonHmacRequestKeys": { "type": "array", "items": { @@ -20212,6 +20948,13 @@ "type": "integer", "description": "Default lease duration for tokens and secrets in seconds\n" }, + "delegatedAuthAccessors": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" + }, "description": { "type": "string", "description": "Human-friendly description of the mount\n" @@ -20224,6 +20967,10 @@ "type": "boolean", "description": "Enable the secrets engine to access Vault's external entropy source\n" }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing plugin workload identity tokens\n" + }, "kubernetesCaCert": { "type": "string", "description": "A PEM-encoded CA certificate used by the \nsecrets engine to verify the Kubernetes API server certificate. Defaults to the local\npod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where\nVault is running.\n" @@ -20232,6 +20979,10 @@ "type": "string", "description": "The Kubernetes API URL to connect to. Required if the \nstandard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`\nare not set on the host that Vault is running on.\n" }, + "listingVisibility": { + "type": "string", + "description": "Specifies whether to show this mount in the UI-specific listing endpoint\n" + }, "local": { "type": "boolean", "description": "Local mount flag that can be explicitly set to true to enforce local mount in HA environment\n" @@ -20251,10 +21002,21 @@ }, "description": "Specifies mount type specific options that are passed to the backend\n" }, + "passthroughRequestHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" + }, "path": { "type": "string", "description": "Where the secret backend will be mounted\n" }, + "pluginVersion": { + "type": "string", + "description": "Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'\n" + }, "sealWrap": { "type": "boolean", "description": "Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability\n" @@ -20280,8 +21042,14 @@ "items": { "type": "string" }, - "description": "List of managed key registry entry names that the mount in question is allowed to access\n", - "willReplaceOnChanges": true + "description": "List of managed key registry entry names that the mount in question is allowed to access\n" + }, + "allowedResponseHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" }, "auditNonHmacRequestKeys": { "type": "array", @@ -20301,6 +21069,13 @@ "type": "integer", "description": "Default lease duration for tokens and secrets in seconds\n" }, + "delegatedAuthAccessors": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" + }, "description": { "type": "string", "description": "Human-friendly description of the mount\n" @@ -20314,6 +21089,10 @@ "description": "Enable the secrets engine to access Vault's external entropy source\n", "willReplaceOnChanges": true }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing plugin workload identity tokens\n" + }, "kubernetesCaCert": { "type": "string", "description": "A PEM-encoded CA certificate used by the \nsecrets engine to verify the Kubernetes API server certificate. Defaults to the local\npod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where\nVault is running.\n" @@ -20322,6 +21101,10 @@ "type": "string", "description": "The Kubernetes API URL to connect to. Required if the \nstandard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`\nare not set on the host that Vault is running on.\n" }, + "listingVisibility": { + "type": "string", + "description": "Specifies whether to show this mount in the UI-specific listing endpoint\n" + }, "local": { "type": "boolean", "description": "Local mount flag that can be explicitly set to true to enforce local mount in HA environment\n", @@ -20343,10 +21126,21 @@ }, "description": "Specifies mount type specific options that are passed to the backend\n" }, + "passthroughRequestHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" + }, "path": { "type": "string", "description": "Where the secret backend will be mounted\n" }, + "pluginVersion": { + "type": "string", + "description": "Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'\n" + }, "sealWrap": { "type": "boolean", "description": "Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability\n", @@ -20373,8 +21167,14 @@ "items": { "type": "string" }, - "description": "List of managed key registry entry names that the mount in question is allowed to access\n", - "willReplaceOnChanges": true + "description": "List of managed key registry entry names that the mount in question is allowed to access\n" + }, + "allowedResponseHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" }, "auditNonHmacRequestKeys": { "type": "array", @@ -20394,6 +21194,13 @@ "type": "integer", "description": "Default lease duration for tokens and secrets in seconds\n" }, + "delegatedAuthAccessors": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" + }, "description": { "type": "string", "description": "Human-friendly description of the mount\n" @@ -20407,6 +21214,10 @@ "description": "Enable the secrets engine to access Vault's external entropy source\n", "willReplaceOnChanges": true }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing plugin workload identity tokens\n" + }, "kubernetesCaCert": { "type": "string", "description": "A PEM-encoded CA certificate used by the \nsecrets engine to verify the Kubernetes API server certificate. Defaults to the local\npod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where\nVault is running.\n" @@ -20415,6 +21226,10 @@ "type": "string", "description": "The Kubernetes API URL to connect to. Required if the \nstandard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`\nare not set on the host that Vault is running on.\n" }, + "listingVisibility": { + "type": "string", + "description": "Specifies whether to show this mount in the UI-specific listing endpoint\n" + }, "local": { "type": "boolean", "description": "Local mount flag that can be explicitly set to true to enforce local mount in HA environment\n", @@ -20436,10 +21251,21 @@ }, "description": "Specifies mount type specific options that are passed to the backend\n" }, + "passthroughRequestHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" + }, "path": { "type": "string", "description": "Where the secret backend will be mounted\n" }, + "pluginVersion": { + "type": "string", + "description": "Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'\n" + }, "sealWrap": { "type": "boolean", "description": "Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability\n", @@ -21747,6 +22573,13 @@ }, "description": "List of managed key registry entry names that the mount in question is allowed to access\n" }, + "allowedResponseHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" + }, "auditNonHmacRequestKeys": { "type": "array", "items": { @@ -21792,6 +22625,13 @@ "type": "integer", "description": "Default lease duration for secrets in seconds.\n" }, + "delegatedAuthAccessors": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" + }, "description": { "type": "string", "description": "Human-friendly description of the mount for the Active Directory backend.\n" @@ -21804,10 +22644,18 @@ "type": "boolean", "description": "Enable the secrets engine to access Vault's external entropy source\n" }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing plugin workload identity tokens\n" + }, "insecureTls": { "type": "boolean", "description": "Skip LDAP server SSL Certificate verification. This is not recommended for production.\nDefaults to `false`.\n" }, + "listingVisibility": { + "type": "string", + "description": "Specifies whether to show this mount in the UI-specific listing endpoint\n" + }, "local": { "type": "boolean", "description": "Mark the secrets engine as local-only. Local engines are not replicated or removed by\nreplication.Tolerance duration to use when checking the last rotation time.\n" @@ -21827,6 +22675,13 @@ }, "description": "Specifies mount type specific options that are passed to the backend\n" }, + "passthroughRequestHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" + }, "passwordPolicy": { "type": "string", "description": "Name of the password policy to use to generate passwords.\n" @@ -21835,6 +22690,10 @@ "type": "string", "description": "The unique path this backend should be mounted at. Must\nnot begin or end with a `/`. Defaults to `ldap`.\n" }, + "pluginVersion": { + "type": "string", + "description": "Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'\n" + }, "requestTimeout": { "type": "integer", "description": "Timeout, in seconds, for the connection when making requests against the server\nbefore returning back an error.\n" @@ -21894,8 +22753,14 @@ "items": { "type": "string" }, - "description": "List of managed key registry entry names that the mount in question is allowed to access\n", - "willReplaceOnChanges": true + "description": "List of managed key registry entry names that the mount in question is allowed to access\n" + }, + "allowedResponseHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" }, "auditNonHmacRequestKeys": { "type": "array", @@ -21942,6 +22807,13 @@ "type": "integer", "description": "Default lease duration for secrets in seconds.\n" }, + "delegatedAuthAccessors": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" + }, "description": { "type": "string", "description": "Human-friendly description of the mount for the Active Directory backend.\n" @@ -21955,10 +22827,18 @@ "description": "Enable the secrets engine to access Vault's external entropy source\n", "willReplaceOnChanges": true }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing plugin workload identity tokens\n" + }, "insecureTls": { "type": "boolean", "description": "Skip LDAP server SSL Certificate verification. This is not recommended for production.\nDefaults to `false`.\n" }, + "listingVisibility": { + "type": "string", + "description": "Specifies whether to show this mount in the UI-specific listing endpoint\n" + }, "local": { "type": "boolean", "description": "Mark the secrets engine as local-only. Local engines are not replicated or removed by\nreplication.Tolerance duration to use when checking the last rotation time.\n", @@ -21980,6 +22860,13 @@ }, "description": "Specifies mount type specific options that are passed to the backend\n" }, + "passthroughRequestHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" + }, "passwordPolicy": { "type": "string", "description": "Name of the password policy to use to generate passwords.\n" @@ -21988,6 +22875,10 @@ "type": "string", "description": "The unique path this backend should be mounted at. Must\nnot begin or end with a `/`. Defaults to `ldap`.\n" }, + "pluginVersion": { + "type": "string", + "description": "Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'\n" + }, "requestTimeout": { "type": "integer", "description": "Timeout, in seconds, for the connection when making requests against the server\nbefore returning back an error.\n" @@ -22042,8 +22933,14 @@ "items": { "type": "string" }, - "description": "List of managed key registry entry names that the mount in question is allowed to access\n", - "willReplaceOnChanges": true + "description": "List of managed key registry entry names that the mount in question is allowed to access\n" + }, + "allowedResponseHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" }, "auditNonHmacRequestKeys": { "type": "array", @@ -22090,6 +22987,13 @@ "type": "integer", "description": "Default lease duration for secrets in seconds.\n" }, + "delegatedAuthAccessors": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" + }, "description": { "type": "string", "description": "Human-friendly description of the mount for the Active Directory backend.\n" @@ -22103,10 +23007,18 @@ "description": "Enable the secrets engine to access Vault's external entropy source\n", "willReplaceOnChanges": true }, + "identityTokenKey": { + "type": "string", + "description": "The key to use for signing plugin workload identity tokens\n" + }, "insecureTls": { "type": "boolean", "description": "Skip LDAP server SSL Certificate verification. This is not recommended for production.\nDefaults to `false`.\n" }, + "listingVisibility": { + "type": "string", + "description": "Specifies whether to show this mount in the UI-specific listing endpoint\n" + }, "local": { "type": "boolean", "description": "Mark the secrets engine as local-only. Local engines are not replicated or removed by\nreplication.Tolerance duration to use when checking the last rotation time.\n", @@ -22128,6 +23040,13 @@ }, "description": "Specifies mount type specific options that are passed to the backend\n" }, + "passthroughRequestHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of headers to allow and pass from the request to the plugin\n" + }, "passwordPolicy": { "type": "string", "description": "Name of the password policy to use to generate passwords.\n" @@ -22136,6 +23055,10 @@ "type": "string", "description": "The unique path this backend should be mounted at. Must\nnot begin or end with a `/`. Defaults to `ldap`.\n" }, + "pluginVersion": { + "type": "string", + "description": "Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'\n" + }, "requestTimeout": { "type": "integer", "description": "Timeout, in seconds, for the connection when making requests against the server\nbefore returning back an error.\n" @@ -22944,7 +23867,8 @@ }, "maxTtl": { "type": "string", - "description": "Maximum duration after which authentication will be expired\n[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).\n" + "description": "Maximum duration after which authentication will be expired\n[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).\n", + "deprecationMessage": "Deprecated. Please use `token_max_ttl` instead." }, "namespace": { "type": "string", @@ -22963,9 +23887,52 @@ "description": "The Okta API token. This is required to query Okta for user group membership.\nIf this is not supplied only locally configured groups will be enabled.\n", "secret": true }, + "tokenBoundCidrs": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies the blocks of IP addresses which are allowed to use the generated token\n" + }, + "tokenExplicitMaxTtl": { + "type": "integer", + "description": "Generated Token's Explicit Maximum TTL in seconds\n" + }, + "tokenMaxTtl": { + "type": "integer", + "description": "The maximum lifetime of the generated token\n" + }, + "tokenNoDefaultPolicy": { + "type": "boolean", + "description": "If true, the 'default' policy will not automatically be added to generated tokens\n" + }, + "tokenNumUses": { + "type": "integer", + "description": "The maximum number of times a token may be used, a value of zero means unlimited\n" + }, + "tokenPeriod": { + "type": "integer", + "description": "Generated Token's Period\n" + }, + "tokenPolicies": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Generated Token's Policies\n" + }, + "tokenTtl": { + "type": "integer", + "description": "The initial ttl of the token to generate in seconds\n" + }, + "tokenType": { + "type": "string", + "description": "The type of token to generate, service or batch\n" + }, "ttl": { "type": "string", - "description": "Duration after which authentication will be expired.\n[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).\n" + "description": "Duration after which authentication will be expired.\n[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).\n", + "deprecationMessage": "Deprecated. Please use `token_ttl` instead." }, "users": { "type": "array", @@ -22998,38 +23965,82 @@ "type": "boolean", "description": "If set, opts out of mount migration on path updates.\nSee here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)\n" }, - "groups": { + "groups": { + "type": "array", + "items": { + "$ref": "#/types/vault:okta/AuthBackendGroup:AuthBackendGroup" + }, + "description": "Associate Okta groups with policies within Vault.\nSee below for more details.\n" + }, + "maxTtl": { + "type": "string", + "description": "Maximum duration after which authentication will be expired\n[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).\n", + "deprecationMessage": "Deprecated. Please use `token_max_ttl` instead." + }, + "namespace": { + "type": "string", + "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n", + "willReplaceOnChanges": true + }, + "organization": { + "type": "string", + "description": "The Okta organization. This will be the first part of the url `https://XXX.okta.com`\n" + }, + "path": { + "type": "string", + "description": "Path to mount the Okta auth backend. Default to path `okta`.\n" + }, + "token": { + "type": "string", + "description": "The Okta API token. This is required to query Okta for user group membership.\nIf this is not supplied only locally configured groups will be enabled.\n", + "secret": true + }, + "tokenBoundCidrs": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies the blocks of IP addresses which are allowed to use the generated token\n" + }, + "tokenExplicitMaxTtl": { + "type": "integer", + "description": "Generated Token's Explicit Maximum TTL in seconds\n" + }, + "tokenMaxTtl": { + "type": "integer", + "description": "The maximum lifetime of the generated token\n" + }, + "tokenNoDefaultPolicy": { + "type": "boolean", + "description": "If true, the 'default' policy will not automatically be added to generated tokens\n" + }, + "tokenNumUses": { + "type": "integer", + "description": "The maximum number of times a token may be used, a value of zero means unlimited\n" + }, + "tokenPeriod": { + "type": "integer", + "description": "Generated Token's Period\n" + }, + "tokenPolicies": { "type": "array", "items": { - "$ref": "#/types/vault:okta/AuthBackendGroup:AuthBackendGroup" + "type": "string" }, - "description": "Associate Okta groups with policies within Vault.\nSee below for more details.\n" - }, - "maxTtl": { - "type": "string", - "description": "Maximum duration after which authentication will be expired\n[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).\n" - }, - "namespace": { - "type": "string", - "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n", - "willReplaceOnChanges": true - }, - "organization": { - "type": "string", - "description": "The Okta organization. This will be the first part of the url `https://XXX.okta.com`\n" + "description": "Generated Token's Policies\n" }, - "path": { - "type": "string", - "description": "Path to mount the Okta auth backend. Default to path `okta`.\n" + "tokenTtl": { + "type": "integer", + "description": "The initial ttl of the token to generate in seconds\n" }, - "token": { + "tokenType": { "type": "string", - "description": "The Okta API token. This is required to query Okta for user group membership.\nIf this is not supplied only locally configured groups will be enabled.\n", - "secret": true + "description": "The type of token to generate, service or batch\n" }, "ttl": { "type": "string", - "description": "Duration after which authentication will be expired.\n[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).\n" + "description": "Duration after which authentication will be expired.\n[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).\n", + "deprecationMessage": "Deprecated. Please use `token_ttl` instead." }, "users": { "type": "array", @@ -23074,7 +24085,8 @@ }, "maxTtl": { "type": "string", - "description": "Maximum duration after which authentication will be expired\n[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).\n" + "description": "Maximum duration after which authentication will be expired\n[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).\n", + "deprecationMessage": "Deprecated. Please use `token_max_ttl` instead." }, "namespace": { "type": "string", @@ -23094,9 +24106,52 @@ "description": "The Okta API token. This is required to query Okta for user group membership.\nIf this is not supplied only locally configured groups will be enabled.\n", "secret": true }, + "tokenBoundCidrs": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies the blocks of IP addresses which are allowed to use the generated token\n" + }, + "tokenExplicitMaxTtl": { + "type": "integer", + "description": "Generated Token's Explicit Maximum TTL in seconds\n" + }, + "tokenMaxTtl": { + "type": "integer", + "description": "The maximum lifetime of the generated token\n" + }, + "tokenNoDefaultPolicy": { + "type": "boolean", + "description": "If true, the 'default' policy will not automatically be added to generated tokens\n" + }, + "tokenNumUses": { + "type": "integer", + "description": "The maximum number of times a token may be used, a value of zero means unlimited\n" + }, + "tokenPeriod": { + "type": "integer", + "description": "Generated Token's Period\n" + }, + "tokenPolicies": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Generated Token's Policies\n" + }, + "tokenTtl": { + "type": "integer", + "description": "The initial ttl of the token to generate in seconds\n" + }, + "tokenType": { + "type": "string", + "description": "The type of token to generate, service or batch\n" + }, "ttl": { "type": "string", - "description": "Duration after which authentication will be expired.\n[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).\n" + "description": "Duration after which authentication will be expired.\n[See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).\n", + "deprecationMessage": "Deprecated. Please use `token_ttl` instead." }, "users": { "type": "array", @@ -23369,6 +24424,166 @@ "type": "object" } }, + "vault:pkiSecret/backendConfigEst:BackendConfigEst": { + "description": "Allows setting the EST configuration on a PKI Secret Backend\n\n## Import\n\nThe PKI config cluster can be imported using the resource's `id`.\nIn the case of the example above the `id` would be `pki-root/config/est`,\nwhere the `pki-root` component is the resource's `backend`, e.g.\n\n```sh\n$ pulumi import vault:pkiSecret/backendConfigEst:BackendConfigEst example pki-root/config/est\n```\n", + "properties": { + "auditFields": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.\n\n\u003ca id=\"nestedatt--authenticators\"\u003e\u003c/a\u003e\n" + }, + "authenticators": { + "$ref": "#/types/vault:pkiSecret/BackendConfigEstAuthenticators:BackendConfigEstAuthenticators", + "description": "Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).\n" + }, + "backend": { + "type": "string", + "description": "The path to the PKI secret backend to\nread the EST configuration from, with no leading or trailing `/`s.\n" + }, + "defaultMount": { + "type": "boolean", + "description": "If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.\n" + }, + "defaultPathPolicy": { + "type": "string", + "description": "Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:\u003crole_name\u003e.\n" + }, + "enableSentinelParsing": { + "type": "boolean", + "description": "If set, parse out fields from the provided CSR making them available for Sentinel policies.\n" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether EST is enabled.\n" + }, + "labelToPathPolicy": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:\u003crole_name\u003e. Labels must be unique across Vault cluster, and will register .well-known/est/\u003clabel\u003e URL paths.\n" + }, + "lastUpdated": { + "type": "string", + "description": "A read-only timestamp representing the last time the configuration was updated.\n" + }, + "namespace": { + "type": "string", + "description": "The namespace of the target resource.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n" + } + }, + "required": [ + "auditFields", + "authenticators", + "backend", + "lastUpdated" + ], + "inputProperties": { + "auditFields": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.\n\n\u003ca id=\"nestedatt--authenticators\"\u003e\u003c/a\u003e\n" + }, + "authenticators": { + "$ref": "#/types/vault:pkiSecret/BackendConfigEstAuthenticators:BackendConfigEstAuthenticators", + "description": "Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).\n" + }, + "backend": { + "type": "string", + "description": "The path to the PKI secret backend to\nread the EST configuration from, with no leading or trailing `/`s.\n", + "willReplaceOnChanges": true + }, + "defaultMount": { + "type": "boolean", + "description": "If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.\n" + }, + "defaultPathPolicy": { + "type": "string", + "description": "Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:\u003crole_name\u003e.\n" + }, + "enableSentinelParsing": { + "type": "boolean", + "description": "If set, parse out fields from the provided CSR making them available for Sentinel policies.\n" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether EST is enabled.\n" + }, + "labelToPathPolicy": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:\u003crole_name\u003e. Labels must be unique across Vault cluster, and will register .well-known/est/\u003clabel\u003e URL paths.\n" + }, + "namespace": { + "type": "string", + "description": "The namespace of the target resource.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n", + "willReplaceOnChanges": true + } + }, + "requiredInputs": [ + "backend" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering BackendConfigEst resources.\n", + "properties": { + "auditFields": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.\n\n\u003ca id=\"nestedatt--authenticators\"\u003e\u003c/a\u003e\n" + }, + "authenticators": { + "$ref": "#/types/vault:pkiSecret/BackendConfigEstAuthenticators:BackendConfigEstAuthenticators", + "description": "Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).\n" + }, + "backend": { + "type": "string", + "description": "The path to the PKI secret backend to\nread the EST configuration from, with no leading or trailing `/`s.\n", + "willReplaceOnChanges": true + }, + "defaultMount": { + "type": "boolean", + "description": "If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.\n" + }, + "defaultPathPolicy": { + "type": "string", + "description": "Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:\u003crole_name\u003e.\n" + }, + "enableSentinelParsing": { + "type": "boolean", + "description": "If set, parse out fields from the provided CSR making them available for Sentinel policies.\n" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether EST is enabled.\n" + }, + "labelToPathPolicy": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:\u003crole_name\u003e. Labels must be unique across Vault cluster, and will register .well-known/est/\u003clabel\u003e URL paths.\n" + }, + "lastUpdated": { + "type": "string", + "description": "A read-only timestamp representing the last time the configuration was updated.\n" + }, + "namespace": { + "type": "string", + "description": "The namespace of the target resource.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, "vault:pkiSecret/secretBackendCert:SecretBackendCert": { "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst app = new vault.pkisecret.SecretBackendCert(\"app\", {\n backend: intermediate.path,\n name: test.name,\n commonName: \"app.my.domain\",\n}, {\n dependsOn: [admin],\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\napp = vault.pki_secret.SecretBackendCert(\"app\",\n backend=intermediate[\"path\"],\n name=test[\"name\"],\n common_name=\"app.my.domain\",\n opts=pulumi.ResourceOptions(depends_on=[admin]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var app = new Vault.PkiSecret.SecretBackendCert(\"app\", new()\n {\n Backend = intermediate.Path,\n Name = test.Name,\n CommonName = \"app.my.domain\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n admin,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/pkiSecret\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pkiSecret.NewSecretBackendCert(ctx, \"app\", \u0026pkiSecret.SecretBackendCertArgs{\n\t\t\tBackend: pulumi.Any(intermediate.Path),\n\t\t\tName: pulumi.Any(test.Name),\n\t\t\tCommonName: pulumi.String(\"app.my.domain\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tadmin,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.pkiSecret.SecretBackendCert;\nimport com.pulumi.vault.pkiSecret.SecretBackendCertArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var app = new SecretBackendCert(\"app\", SecretBackendCertArgs.builder()\n .backend(intermediate.path())\n .name(test.name())\n .commonName(\"app.my.domain\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(admin)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n app:\n type: vault:pkiSecret:SecretBackendCert\n properties:\n backend: ${intermediate.path}\n name: ${test.name}\n commonName: app.my.domain\n options:\n dependson:\n - ${admin}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { @@ -28828,6 +30043,14 @@ "type": "boolean", "description": "Whether Vault should generate the signing key pair internally. Defaults to true\n" }, + "keyBits": { + "type": "integer", + "description": "Specifies the desired key bits for the generated SSH CA key when `generate_signing_key` is set to `true`.\n" + }, + "keyType": { + "type": "string", + "description": "Specifies the desired key type for the generated SSH CA key when `generate_signing_key` is set to `true`.\n" + }, "namespace": { "type": "string", "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n" @@ -28857,6 +30080,16 @@ "description": "Whether Vault should generate the signing key pair internally. Defaults to true\n", "willReplaceOnChanges": true }, + "keyBits": { + "type": "integer", + "description": "Specifies the desired key bits for the generated SSH CA key when `generate_signing_key` is set to `true`.\n", + "willReplaceOnChanges": true + }, + "keyType": { + "type": "string", + "description": "Specifies the desired key type for the generated SSH CA key when `generate_signing_key` is set to `true`.\n", + "willReplaceOnChanges": true + }, "namespace": { "type": "string", "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n", @@ -28887,6 +30120,16 @@ "description": "Whether Vault should generate the signing key pair internally. Defaults to true\n", "willReplaceOnChanges": true }, + "keyBits": { + "type": "integer", + "description": "Specifies the desired key bits for the generated SSH CA key when `generate_signing_key` is set to `true`.\n", + "willReplaceOnChanges": true + }, + "keyType": { + "type": "string", + "description": "Specifies the desired key type for the generated SSH CA key when `generate_signing_key` is set to `true`.\n", + "willReplaceOnChanges": true + }, "namespace": { "type": "string", "description": "The namespace to provision the resource in.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n", @@ -33278,6 +34521,97 @@ "type": "object" } }, + "vault:pkiSecret/getBackendConfigEst:getBackendConfigEst": { + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst pki = new vault.Mount(\"pki\", {\n path: \"pki\",\n type: \"pki\",\n description: \"PKI secret engine mount\",\n});\nconst estConfig = vault.pkiSecret.getBackendConfigEstOutput({\n backend: pki.path,\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\npki = vault.Mount(\"pki\",\n path=\"pki\",\n type=\"pki\",\n description=\"PKI secret engine mount\")\nest_config = vault.pkiSecret.get_backend_config_est_output(backend=pki.path)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pki = new Vault.Mount(\"pki\", new()\n {\n Path = \"pki\",\n Type = \"pki\",\n Description = \"PKI secret engine mount\",\n });\n\n var estConfig = Vault.PkiSecret.GetBackendConfigEst.Invoke(new()\n {\n Backend = pki.Path,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault\"\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/pkiSecret\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpki, err := vault.NewMount(ctx, \"pki\", \u0026vault.MountArgs{\n\t\t\tPath: pulumi.String(\"pki\"),\n\t\t\tType: pulumi.String(\"pki\"),\n\t\t\tDescription: pulumi.String(\"PKI secret engine mount\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_ = pkiSecret.GetBackendConfigEstOutput(ctx, pkisecret.GetBackendConfigEstOutputArgs{\n\t\t\tBackend: pki.Path,\n\t\t}, nil)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.Mount;\nimport com.pulumi.vault.MountArgs;\nimport com.pulumi.vault.pkiSecret.PkiSecretFunctions;\nimport com.pulumi.vault.pkiSecret.inputs.GetBackendConfigEstArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pki = new Mount(\"pki\", MountArgs.builder()\n .path(\"pki\")\n .type(\"pki\")\n .description(\"PKI secret engine mount\")\n .build());\n\n final var estConfig = PkiSecretFunctions.getBackendConfigEst(GetBackendConfigEstArgs.builder()\n .backend(pki.path())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pki:\n type: vault:Mount\n properties:\n path: pki\n type: pki\n description: PKI secret engine mount\nvariables:\n estConfig:\n fn::invoke:\n Function: vault:pkiSecret:getBackendConfigEst\n Arguments:\n backend: ${pki.path}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "inputs": { + "description": "A collection of arguments for invoking getBackendConfigEst.\n", + "properties": { + "backend": { + "type": "string", + "description": "The path to the PKI secret backend to\nread the EST configuration from, with no leading or trailing `/`s.\n", + "willReplaceOnChanges": true + }, + "namespace": { + "type": "string", + "description": "The namespace of the target resource.\nThe value should not contain leading or trailing forward slashes.\nThe `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).\n*Available only for Vault Enterprise*.\n", + "willReplaceOnChanges": true + } + }, + "type": "object", + "required": [ + "backend" + ] + }, + "outputs": { + "description": "A collection of values returned by getBackendConfigEst.\n", + "properties": { + "auditFields": { + "description": "Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.\n", + "items": { + "type": "string" + }, + "type": "array" + }, + "authenticators": { + "description": "Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema).\n", + "items": { + "$ref": "#/types/vault:pkiSecret/getBackendConfigEstAuthenticator:getBackendConfigEstAuthenticator" + }, + "type": "array" + }, + "backend": { + "type": "string" + }, + "defaultMount": { + "description": "If set, this mount is registered as the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster.\n", + "type": "boolean" + }, + "defaultPathPolicy": { + "description": "Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:\u003crole_name\u003e.\n", + "type": "string" + }, + "enableSentinelParsing": { + "description": "If set, parse out fields from the provided CSR making them available for Sentinel policies.\n", + "type": "boolean" + }, + "enabled": { + "description": "Specifies whether EST is enabled.\n", + "type": "boolean" + }, + "id": { + "description": "The provider-assigned unique ID for this managed resource.\n", + "type": "string" + }, + "labelToPathPolicy": { + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:\u003crole_name\u003e. Labels must be unique across Vault cluster, and will register .well-known/est/\u003clabel\u003e URL paths.\n", + "type": "object" + }, + "lastUpdated": { + "description": "A read-only timestamp representing the last time the configuration was updated.\n", + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "auditFields", + "authenticators", + "backend", + "defaultMount", + "defaultPathPolicy", + "enableSentinelParsing", + "enabled", + "labelToPathPolicy", + "lastUpdated", + "id" + ], + "type": "object" + } + }, "vault:pkiSecret/getBackendIssuer:getBackendIssuer": { "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst pki = new vault.Mount(\"pki\", {\n path: \"pki\",\n type: \"pki\",\n description: \"PKI secret engine mount\",\n});\nconst root = new vault.pkisecret.SecretBackendRootCert(\"root\", {\n backend: pki.path,\n type: \"internal\",\n commonName: \"example\",\n ttl: \"86400\",\n issuerName: \"example\",\n});\nconst example = root.issuerId.apply(issuerId =\u003e vault.pkiSecret.getBackendIssuerOutput({\n backend: root.path,\n issuerRef: issuerId,\n}));\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\npki = vault.Mount(\"pki\",\n path=\"pki\",\n type=\"pki\",\n description=\"PKI secret engine mount\")\nroot = vault.pki_secret.SecretBackendRootCert(\"root\",\n backend=pki.path,\n type=\"internal\",\n common_name=\"example\",\n ttl=\"86400\",\n issuer_name=\"example\")\nexample = root.issuer_id.apply(lambda issuer_id: vault.pkiSecret.get_backend_issuer_output(backend=root.path,\n issuer_ref=issuer_id))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pki = new Vault.Mount(\"pki\", new()\n {\n Path = \"pki\",\n Type = \"pki\",\n Description = \"PKI secret engine mount\",\n });\n\n var root = new Vault.PkiSecret.SecretBackendRootCert(\"root\", new()\n {\n Backend = pki.Path,\n Type = \"internal\",\n CommonName = \"example\",\n Ttl = \"86400\",\n IssuerName = \"example\",\n });\n\n var example = Vault.PkiSecret.GetBackendIssuer.Invoke(new()\n {\n Backend = root.Path,\n IssuerRef = root.IssuerId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault\"\n\t\"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/pkiSecret\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpki, err := vault.NewMount(ctx, \"pki\", \u0026vault.MountArgs{\n\t\t\tPath: pulumi.String(\"pki\"),\n\t\t\tType: pulumi.String(\"pki\"),\n\t\t\tDescription: pulumi.String(\"PKI secret engine mount\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\troot, err := pkiSecret.NewSecretBackendRootCert(ctx, \"root\", \u0026pkiSecret.SecretBackendRootCertArgs{\n\t\t\tBackend: pki.Path,\n\t\t\tType: pulumi.String(\"internal\"),\n\t\t\tCommonName: pulumi.String(\"example\"),\n\t\t\tTtl: pulumi.String(\"86400\"),\n\t\t\tIssuerName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_ = root.IssuerId.ApplyT(func(issuerId string) (pkisecret.GetBackendIssuerResult, error) {\n\t\t\treturn pkiSecret.GetBackendIssuerOutput(ctx, pkisecret.GetBackendIssuerOutputArgs{\n\t\t\t\tBackend: root.Path,\n\t\t\t\tIssuerRef: issuerId,\n\t\t\t}, nil), nil\n\t\t}).(pkisecret.GetBackendIssuerResultOutput)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.vault.Mount;\nimport com.pulumi.vault.MountArgs;\nimport com.pulumi.vault.pkiSecret.SecretBackendRootCert;\nimport com.pulumi.vault.pkiSecret.SecretBackendRootCertArgs;\nimport com.pulumi.vault.pkiSecret.PkiSecretFunctions;\nimport com.pulumi.vault.pkiSecret.inputs.GetBackendIssuerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pki = new Mount(\"pki\", MountArgs.builder()\n .path(\"pki\")\n .type(\"pki\")\n .description(\"PKI secret engine mount\")\n .build());\n\n var root = new SecretBackendRootCert(\"root\", SecretBackendRootCertArgs.builder()\n .backend(pki.path())\n .type(\"internal\")\n .commonName(\"example\")\n .ttl(\"86400\")\n .issuerName(\"example\")\n .build());\n\n final var example = PkiSecretFunctions.getBackendIssuer(GetBackendIssuerArgs.builder()\n .backend(root.path())\n .issuerRef(root.issuerId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n pki:\n type: vault:Mount\n properties:\n path: pki\n type: pki\n description: PKI secret engine mount\n root:\n type: vault:pkiSecret:SecretBackendRootCert\n properties:\n backend: ${pki.path}\n type: internal\n commonName: example\n ttl: '86400'\n issuerName: example\nvariables:\n example:\n fn::invoke:\n Function: vault:pkiSecret:getBackendIssuer\n Arguments:\n backend: ${root.path}\n issuerRef: ${root.issuerId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { diff --git a/provider/go.mod b/provider/go.mod index 989b70d14..9163dafad 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -18,30 +18,17 @@ require ( cloud.google.com/go/kms v1.15.7 // indirect cloud.google.com/go/logging v1.9.0 // indirect cloud.google.com/go/longrunning v0.5.5 // indirect - cloud.google.com/go/monitoring v1.18.0 // indirect cloud.google.com/go/storage v1.39.1 // indirect dario.cat/mergo v1.0.0 // indirect - github.com/Azure/azure-sdk-for-go v66.0.0+incompatible // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 // indirect - github.com/Azure/go-autorest v14.2.0+incompatible // indirect - github.com/Azure/go-autorest/autorest v0.11.29 // indirect - github.com/Azure/go-autorest/autorest/adal v0.9.22 // indirect - github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 // indirect - github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect - github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect - github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect - github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect - github.com/Azure/go-autorest/logger v0.2.1 // indirect - github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect github.com/BurntSushi/toml v1.3.2 // indirect - github.com/DataDog/datadog-go v3.2.0+incompatible // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver v1.5.0 // indirect github.com/Masterminds/semver/v3 v3.2.1 // indirect @@ -50,12 +37,10 @@ require ( github.com/ProtonMail/go-crypto v1.1.0-alpha.0 // indirect github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect github.com/agext/levenshtein v1.2.3 // indirect - github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190620160927-9418d7b0cd0f // indirect github.com/apparentlymart/go-cidr v1.1.0 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/armon/go-metrics v0.4.1 // indirect github.com/armon/go-radix v1.0.0 // indirect - github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect github.com/atotto/clipboard v0.1.4 // indirect github.com/aws/aws-sdk-go v1.50.36 // indirect github.com/aws/aws-sdk-go-v2 v1.26.1 // indirect @@ -73,27 +58,22 @@ require ( github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect github.com/aws/smithy-go v1.20.2 // indirect github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect - github.com/beorn7/perks v1.0.1 // indirect github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect github.com/bgentry/speakeasy v0.1.0 // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/cenkalti/backoff/v3 v3.2.2 // indirect github.com/cenkalti/backoff/v4 v4.2.1 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/charmbracelet/bubbles v0.16.1 // indirect github.com/charmbracelet/bubbletea v0.24.2 // indirect github.com/charmbracelet/lipgloss v0.7.1 // indirect github.com/cheggaaa/pb v1.0.29 // indirect - github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible // indirect - github.com/circonus-labs/circonusllhist v0.1.3 // indirect github.com/cloudflare/circl v1.3.7 // indirect github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 // indirect - github.com/coreos/go-oidc/v3 v3.5.0 // indirect + github.com/coreos/go-oidc/v3 v3.10.0 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/deckarep/golang-set/v2 v2.5.0 // indirect - github.com/dimchansky/utfbom v1.1.1 // indirect - github.com/distribution/reference v0.5.0 // indirect + github.com/distribution/reference v0.6.0 // indirect github.com/djherbis/times v1.5.0 // indirect github.com/docker/docker v25.0.5+incompatible // indirect github.com/docker/go-connections v0.4.0 // indirect @@ -111,19 +91,18 @@ require ( github.com/go-git/go-billy/v5 v5.5.0 // indirect github.com/go-git/go-git/v5 v5.12.0 // indirect github.com/go-jose/go-jose/v3 v3.0.3 // indirect - github.com/go-ldap/ldap/v3 v3.4.4 // indirect + github.com/go-jose/go-jose/v4 v4.0.1 // indirect + github.com/go-ldap/ldap/v3 v3.4.6 // indirect github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/gofrs/uuid v4.3.0+incompatible // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect github.com/golang/glog v1.2.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/golang/snappy v0.0.4 // indirect github.com/google/go-cmp v0.6.0 // indirect - github.com/google/go-metrics-stackdriver v0.2.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/s2a-go v0.1.7 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect @@ -135,21 +114,20 @@ require ( github.com/gosimple/slug v1.13.1 // indirect github.com/gosimple/unidecode v1.0.1 // indirect github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect - github.com/hashicorp/cap v0.5.0 // indirect - github.com/hashicorp/cap/ldap v0.0.0-20230914221201-c4eecc7e31f7 // indirect + github.com/hashicorp/cap v0.6.0 // indirect + github.com/hashicorp/cap/ldap v0.0.0-20240328153749-fcfe271d0227 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-checkpoint v0.5.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-cty v1.4.1-0.20200723130312-85980079f637 // indirect github.com/hashicorp/go-getter v1.7.1 // indirect - github.com/hashicorp/go-hclog v1.6.2 // indirect + github.com/hashicorp/go-hclog v1.6.3 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect - github.com/hashicorp/go-kms-wrapping v0.7.0 // indirect github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.1 // indirect github.com/hashicorp/go-kms-wrapping/v2 v2.0.16 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-plugin v1.6.0 // indirect - github.com/hashicorp/go-retryablehttp v0.7.5 // indirect + github.com/hashicorp/go-retryablehttp v0.7.6 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-safetemp v1.0.0 // indirect github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0 // indirect @@ -175,12 +153,11 @@ require ( github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0 // indirect github.com/hashicorp/terraform-registry-address v0.2.3 // indirect github.com/hashicorp/terraform-svchost v0.1.1 // indirect - github.com/hashicorp/vault v1.11.3 // indirect - github.com/hashicorp/vault-plugin-auth-jwt v0.20.1 // indirect + github.com/hashicorp/vault-plugin-auth-jwt v0.20.3 // indirect github.com/hashicorp/vault-plugin-auth-kerberos v0.11.0 // indirect github.com/hashicorp/vault-plugin-auth-oci v0.15.1 // indirect - github.com/hashicorp/vault/api v1.12.2 // indirect - github.com/hashicorp/vault/sdk v0.11.0 // indirect + github.com/hashicorp/vault/api v1.14.0 // indirect + github.com/hashicorp/vault/sdk v0.13.0 // indirect github.com/hashicorp/yamux v0.1.1 // indirect github.com/huandu/xstrings v1.4.0 // indirect github.com/iancoleman/strcase v0.3.0 // indirect @@ -203,7 +180,6 @@ require ( github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-localereader v0.0.1 // indirect github.com/mattn/go-runewidth v0.0.15 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/mitchellh/cli v1.1.5 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect @@ -214,7 +190,6 @@ require ( github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/pointerstructure v1.2.1 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect - github.com/moby/sys/user v0.1.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect @@ -230,9 +205,9 @@ require ( github.com/opencontainers/runc v1.1.12 // indirect github.com/opentracing/basictracer-go v1.1.0 // indirect github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect - github.com/oracle/oci-go-sdk v24.3.0+incompatible // indirect github.com/oracle/oci-go-sdk/v59 v59.0.0 // indirect github.com/patrickmn/go-cache v2.1.0+incompatible // indirect + github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5 // indirect github.com/pgavlin/fx v0.1.6 // indirect github.com/pgavlin/goldmark v1.1.33-0.20200616210433-b5eb04559386 // indirect github.com/pierrec/lz4 v2.6.1+incompatible // indirect @@ -242,10 +217,6 @@ require ( github.com/pkg/term v1.1.0 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/posener/complete v1.2.3 // indirect - github.com/prometheus/client_golang v1.14.0 // indirect - github.com/prometheus/client_model v0.4.0 // indirect - github.com/prometheus/common v0.37.0 // indirect - github.com/prometheus/procfs v0.8.0 // indirect github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect github.com/pulumi/esc v0.6.2 // indirect github.com/pulumi/pulumi-java/pkg v0.11.0 // indirect @@ -260,6 +231,7 @@ require ( github.com/ryanuber/go-glob v1.0.0 // indirect github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect github.com/santhosh-tekuri/jsonschema/v5 v5.0.0 // indirect + github.com/sasha-s/go-deadlock v0.2.0 // indirect github.com/segmentio/asm v1.1.3 // indirect github.com/segmentio/encoding v0.3.5 // indirect github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect @@ -271,7 +243,6 @@ require ( github.com/spf13/cobra v1.8.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/texttheater/golang-levenshtein v1.0.1 // indirect - github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c // indirect github.com/tweekmonster/luser v0.0.0-20161003172636-3fa38070dbd7 // indirect github.com/uber/jaeger-client-go v2.30.0+incompatible // indirect github.com/uber/jaeger-lib v2.4.1+incompatible // indirect @@ -294,7 +265,7 @@ require ( gocloud.dev v0.37.0 // indirect gocloud.dev/secrets/hashivault v0.37.0 // indirect golang.org/x/crypto v0.24.0 // indirect - golang.org/x/exp v0.0.0-20240213143201-ec583247a57a // indirect + golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 // indirect golang.org/x/mod v0.17.0 // indirect golang.org/x/net v0.26.0 // indirect golang.org/x/oauth2 v0.18.0 // indirect @@ -311,10 +282,8 @@ require ( google.golang.org/genproto/googleapis/api v0.0.0-20240311173647-c811ad7063a7 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240311173647-c811ad7063a7 // indirect google.golang.org/grpc v1.63.2 // indirect - google.golang.org/protobuf v1.34.0 // indirect - gopkg.in/ini.v1 v1.62.0 // indirect + google.golang.org/protobuf v1.34.1 // indirect gopkg.in/jcmturner/goidentity.v3 v3.0.0 // indirect - gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/provider/go.sum b/provider/go.sum index fe85f4fe8..30efd70fc 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -3,7 +3,6 @@ bazil.org/fuse v0.0.0-20200407214033-5883e5a4b512/go.mod h1:FbcW6z/2VytnFDhZfumh cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.39.0/go.mod h1:rVLT6fkc8chs9sfPtFc1SBH6em7n+ZoXaG+87tDISts= cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= @@ -725,8 +724,6 @@ cloud.google.com/go/monitoring v1.16.0/go.mod h1:Ptp15HgAyM1fNICAojDMoNc/wUmn67m cloud.google.com/go/monitoring v1.16.1/go.mod h1:6HsxddR+3y9j+o/cMJH6q/KJ/CBTvM/38L/1m7bTRJ4= cloud.google.com/go/monitoring v1.16.2/go.mod h1:B44KGwi4ZCF8Rk/5n+FWeispDXoKSk9oss2QNlXJBgc= cloud.google.com/go/monitoring v1.16.3/go.mod h1:KwSsX5+8PnXv5NJnICZzW2R8pWTis8ypC4zmdRD63Tw= -cloud.google.com/go/monitoring v1.18.0 h1:NfkDLQDG2UR3WYZVQE8kwSbUIEyIqJUPl+aOQdFH1T4= -cloud.google.com/go/monitoring v1.18.0/go.mod h1:c92vVBCeq/OB4Ioyo+NbN2U7tlg5ZH41PZcdvfc+Lcg= cloud.google.com/go/networkconnectivity v1.4.0/go.mod h1:nOl7YL8odKyAOtzNX73/M5/mGZgqqMeryi6UPZTk/rA= cloud.google.com/go/networkconnectivity v1.5.0/go.mod h1:3GzqJx7uhtlM3kln0+x5wyFvuVH1pIBJjhCpjzSt75o= cloud.google.com/go/networkconnectivity v1.6.0/go.mod h1:OJOoEXW+0LAxHh89nXd64uGG+FbQoeH8DtxCHVOMlaM= @@ -1166,10 +1163,8 @@ github.com/AdaLogics/go-fuzz-headers v0.0.0-20221206110420-d395f97c4830/go.mod h github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0= github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20221215162035-5330a85ea652/go.mod h1:OahwfttHWG6eJ0clwcfBAHoDI6X/LV/15hx/wlMZSrU= github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v36.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v56.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v66.0.0+incompatible h1:bmmC38SlE8/E81nNADlgmVGurPWMHDX2YNXVQMrBpEE= -github.com/Azure/azure-sdk-for-go v66.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo= @@ -1194,56 +1189,20 @@ github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= -github.com/Azure/go-autorest/autorest v0.9.3/go.mod h1:GsRuLYvwzLjjjRoWEIyMUaYq8GNUx2nRB378IPt/1p0= -github.com/Azure/go-autorest/autorest v0.10.1/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630= github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= -github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw= -github.com/Azure/go-autorest/autorest v0.11.29/go.mod h1:ZtEzC4Jy2JDrZLxvWs8LrBWEBycl1hbT1eknI8MtfAs= -github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= -github.com/Azure/go-autorest/autorest/adal v0.8.0/go.mod h1:Z6vX6WXXuyieHAXwMj0S6HY6e6wcHn37qQMBQlvY3lc= -github.com/Azure/go-autorest/autorest/adal v0.8.1/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q= -github.com/Azure/go-autorest/autorest/adal v0.8.2/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q= github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/adal v0.9.22 h1:/GblQdIudfEM3AWWZ0mrYJQSd7JS4S/Mbzh6F0ov0Xc= -github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk= -github.com/Azure/go-autorest/autorest/azure/auth v0.4.2/go.mod h1:90gmfKdlmKgfjUpnCEpOJzsUEjrWDSLwHIG73tSXddM= -github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 h1:P6bYXFoao05z5uhOQzbC3Qd8JqF3jUoocoTeIxkp2cA= -github.com/Azure/go-autorest/autorest/azure/auth v0.5.11/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg= -github.com/Azure/go-autorest/autorest/azure/cli v0.3.1/go.mod h1:ZG5p860J94/0kI9mNJVoIoLgXcirM2gF5i2kWloofxw= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWVUNamOgh8YNrv4p27l3Wc55oVfpzg= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 h1:w77/uPk80ZET2F+AfQExZyEWtn+0Rk/uw17m9fv5Ajc= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.6/go.mod h1:piCfgPho7BiIDdEQ1+g4VmKyD5y+p/XtSNqE6Hc4QD0= -github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= -github.com/Azure/go-autorest/autorest/date v0.2.0/go.mod h1:vcORJHLJEh643/Ioh9+vPmf1Ij9AEBM5FuBIXLmIy0g= -github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= -github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= -github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= -github.com/Azure/go-autorest/autorest/mocks v0.3.0/go.mod h1:a8FDP3DYzQ4RYfVAxAN3SVSiiO77gL2j2ronKKP0syM= github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= -github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw= -github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU= -github.com/Azure/go-autorest/autorest/to v0.3.0/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA= -github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk= github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= -github.com/Azure/go-autorest/autorest/validation v0.2.0/go.mod h1:3EEqHnBxQGHXRYq3HT1WyXAvT7LLY3tl70hw6tQIbjI= -github.com/Azure/go-autorest/autorest/validation v0.3.1 h1:AgyqjAd94fwNAoTjl/WQXg4VvFeRFpO+UhNyRXqF1ac= -github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= -github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= -github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= -github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= -github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= @@ -1257,7 +1216,6 @@ github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbi github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/DataDog/datadog-go v3.2.0+incompatible h1:qSG2N4FghB1He/r2mFrWKCaL7dXCilEuNEeAn20fdD4= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob0t8PQPMybUNFM= github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= @@ -1334,12 +1292,11 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= +github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA= +github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY9UnI16Z+UJqRyk= github.com/alexflint/go-filemutex v1.2.0/go.mod h1:mYyQSWvw9Tx2/H2n9qXPb52tTYfE0pZAWcBq5mK025c= -github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190620160927-9418d7b0cd0f h1:oRD16bhpKNAanfcDDVU+J0NXqsgHIvGbbe/sy+r6Rs0= -github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190620160927-9418d7b0cd0f/go.mod h1:myCDvQSzCW+wB1WAlocEru4wMGJxy+vlxHdhegi1CDQ= -github.com/aliyun/aliyun-oss-go-sdk v0.0.0-20190307165228-86c17b95fcd5/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= @@ -1365,8 +1322,6 @@ github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmms github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= -github.com/armon/go-metrics v0.3.0/go.mod h1:zXjbSimjXTd7vOpY8B0/2LpvNvDoXBuplAD+gJD3GYs= -github.com/armon/go-metrics v0.3.3/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-metrics v0.3.9/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA= github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4= @@ -1375,15 +1330,12 @@ github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4= github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI= github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM= github.com/aws/aws-sdk-go v1.25.3/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.34.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.43.9/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go v1.43.16/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= @@ -1433,13 +1385,11 @@ github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= -github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= -github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4= @@ -1466,7 +1416,6 @@ github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0Bsq github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bytecodealliance/wasmtime-go v0.36.0/go.mod h1:q320gUxqyI8yB+ZqRuaJOEnGkAnHh6WtJjMaT2CW4wI= -github.com/c2h5oh/datasize v0.0.0-20200112174442-28bbd4740fee/go.mod h1:S/7n9copUssQ56c7aAgHqftWO4LTf4xY6CGWt8Bc+3M= github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= @@ -1486,7 +1435,6 @@ github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/charmbracelet/bubbles v0.16.1 h1:6uzpAAaT9ZqKssntbvZMlksWHruQLNxg49H5WdeuYSY= github.com/charmbracelet/bubbles v0.16.1/go.mod h1:2QCp9LFlEsBQMvIYERr7Ww2H2bA7xen1idUDIzm/+Xc= @@ -1510,9 +1458,7 @@ github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJ github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= github.com/cilium/ebpf v0.9.1/go.mod h1:+OhNOIXx/Fnu1IE8bJz2dzOA+VSfyTfdNUVdlQnxUFY= -github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible h1:C29Ae4G5GtYyYMm1aztcyj/J5ckgJm2zwdDajFbx1NY= github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= -github.com/circonus-labs/circonusllhist v0.1.3 h1:TJH+oke8D16535+jHExHj4nQvzlZrj7ug5D7I/orNUA= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= @@ -1571,7 +1517,6 @@ github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go. github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.3.1-0.20191213020239-082f7e3aed57/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.3.4/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.4.0-beta.2.0.20200729163537-40b22ef07410/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= @@ -1593,7 +1538,6 @@ github.com/containerd/containerd v1.7.12/go.mod h1:/5OMpE1p0ylxtEUGY8kuCYkDRzJm9 github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= -github.com/containerd/continuity v0.0.0-20200709052629-daa8e1ccc0bc/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo= github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo= github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y= github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ= @@ -1677,8 +1621,8 @@ github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmeka github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= -github.com/coreos/go-oidc/v3 v3.5.0 h1:VxKtbccHZxs8juq7RdJntSqtXFtde9YpNpGn0yqgEHw= -github.com/coreos/go-oidc/v3 v3.5.0/go.mod h1:ecXRtV4romGPeO6ieExAsUK9cb/3fp9hXNz1tlv8PIM= +github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoEaJU= +github.com/coreos/go-oidc/v3 v3.10.0/go.mod h1:5j11xcw0D3+SGxn6Z/WFADsgcWVMyNAlSQupk0KK3ac= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= @@ -1731,12 +1675,9 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZm github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= -github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= -github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= -github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269/go.mod h1:28YO/VJk9/64+sTGNuYaBjWxrXTPrj0C0XmgTIOjxX4= -github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= -github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= +github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= +github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/djherbis/times v1.5.0 h1:79myA211VwPhFTqUk8xehWrsEO+zcIZj0zT8mXPVARU= github.com/djherbis/times v1.5.0/go.mod h1:5q7FDLvbNg1L/KaBmPcWlVR9NmoKo3+ucqUA3ijQhA0= github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= @@ -1752,7 +1693,6 @@ github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4Kfc github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v1.4.2-0.20200319182547-c7ad2b866182/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.17+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.20+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= @@ -1895,21 +1835,22 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-ini/ini v1.66.6/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= -github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U= +github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U= github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk= -github.com/go-ldap/ldap/v3 v3.1.3/go.mod h1:3rbOH3jRS2u6jg2rJnKAMLE/xQyCKIveG2Sa/Cohzb8= github.com/go-ldap/ldap/v3 v3.1.10/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q= github.com/go-ldap/ldap/v3 v3.4.1/go.mod h1:iYS1MdmrmceOJ1QOTnRXrIs7i3kloqtmGQjRvjKpyMg= -github.com/go-ldap/ldap/v3 v3.4.4 h1:qPjipEpt+qDa6SI/h1fzuGWoRUY+qqQ9sOZq67/PYUs= github.com/go-ldap/ldap/v3 v3.4.4/go.mod h1:fe1MsuN5eJJ1FeLT/LEBVdWfNWKh459R7aXgXtJC+aI= +github.com/go-ldap/ldap/v3 v3.4.6 h1:ert95MdbiG7aWo/oPYp9btL3KJlMPKnP58r09rI8T+A= +github.com/go-ldap/ldap/v3 v3.4.6/go.mod h1:IGMQANNtxpsOzj7uUAMjpGBaOVTC4DYyIy8VsTdxmtc= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= @@ -1953,7 +1894,6 @@ github.com/go-sql-driver/mysql v1.8.0/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqw github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= -github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= @@ -1980,11 +1920,9 @@ github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= @@ -2067,8 +2005,6 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0= github.com/google/go-containerregistry v0.13.0/go.mod h1:J9FQ+eSS4a1aC2GNZxvNpbWhgp0487v+cgiilB4FqDo= -github.com/google/go-metrics-stackdriver v0.2.0 h1:rbs2sxHAPn2OtUj9JdR/Gij1YKGl0BTVD0augB+HEjE= -github.com/google/go-metrics-stackdriver v0.2.0/go.mod h1:KLcPyp3dWJAFD+yHisGlJSZktIsTjb50eB72U2YZ9K0= github.com/google/go-pkcs11 v0.2.0/go.mod h1:6eQoGcuNJpa7jnd5pMGdkSaQpNDYvPlXWMcjXXThLlY= github.com/google/go-pkcs11 v0.2.1-0.20230907215043-c6f79328ddf9/go.mod h1:6eQoGcuNJpa7jnd5pMGdkSaQpNDYvPlXWMcjXXThLlY= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= @@ -2155,13 +2091,11 @@ github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2c github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= -github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ= github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q= github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= -github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ= @@ -2190,14 +2124,14 @@ github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rH github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg= github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 h1:MJG/KsmcqMwFAkh8mTnAwhyKoB+sTAnY4CACC110tbU= github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645/go.mod h1:6iZfnjpejD4L/4DwD7NryNaJyCQdzwWwH2MWhCA90Kw= -github.com/hashicorp/cap v0.5.0 h1:YIlAYxdXXtx2IL1JDvP2OyEl55Ooi0yl573kSB9Orlw= -github.com/hashicorp/cap v0.5.0/go.mod h1:IAy00Er+ZFpMo+5x6B4bkO2HgpzgrkfsuDWMmHAuKUE= -github.com/hashicorp/cap/ldap v0.0.0-20230914221201-c4eecc7e31f7 h1:jgVdtp5YMn++PxnYhAFfrURfLf+nlqzBeddbvRG+tTg= -github.com/hashicorp/cap/ldap v0.0.0-20230914221201-c4eecc7e31f7/go.mod h1:q+c9XV1VqloZFZMu+zdvfb0cm7UrvKbvtmTF5wX5Q9o= +github.com/hashicorp/cap v0.6.0 h1:uOSdbtXu8zsbRyjwpiTy6QiuX3+5paAbNkYlop7QexM= +github.com/hashicorp/cap v0.6.0/go.mod h1:DwzHkoG6pxSARiqwvAgxmCPUpTTCCw2wVuPrIFOzpe0= +github.com/hashicorp/cap/ldap v0.0.0-20240328153749-fcfe271d0227 h1:R5CMNyBNZqODw2DcGaSa2X96AgtLotXsH7aOa07zTTI= +github.com/hashicorp/cap/ldap v0.0.0-20240328153749-fcfe271d0227/go.mod h1:Ofp5fMLl1ImcwjNGu9FtEwNOdxA0LYoWpcWQE2vltuI= github.com/hashicorp/cli v1.1.6/go.mod h1:MPon5QYlgjjo0BSoAiN0ESeT5fRzDjVRp+uioJ0piz4= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= -github.com/hashicorp/consul/api v1.14.0 h1:Y64GIJ8hYTu+tuGekwO4G4ardXoiCivX9wv1iP/kihk= -github.com/hashicorp/consul/api v1.14.0/go.mod h1:bcaw5CSZ7NE9qfOfKCI1xb7ZKjzu/MyvQkCLTfqLqxQ= +github.com/hashicorp/consul/api v1.27.0 h1:gmJ6DPKQog1426xsdmgk5iqDyoRiNc+ipBdJOqKQFjc= +github.com/hashicorp/consul/api v1.27.0/go.mod h1:JkekNRSou9lANFdt+4IKx3Za7XY0JzzpQjEb4Ivo1c8= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -2216,19 +2150,15 @@ github.com/hashicorp/go-getter v1.4.0 h1:ENHNi8494porjD0ZhIrjlAHnveSFhY7hvOJrV/f github.com/hashicorp/go-getter v1.4.0/go.mod h1:7qxyCd8rBfcShwsvxgIguu4KbS3l8bUCwg2Umn7RjeY= github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= -github.com/hashicorp/go-hclog v0.16.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= -github.com/hashicorp/go-hclog v1.6.2 h1:NOtoftovWkDheyUM/8JW3QMiXyxJK3uHRK7wV04nD2I= github.com/hashicorp/go-hclog v1.6.2/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= +github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-immutable-radix v1.1.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc= github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-kms-wrapping v0.7.0 h1:UBagVJn4nSNOSjjtpkR370VOEBLnGMXfQcIlE/WL/7o= -github.com/hashicorp/go-kms-wrapping v0.7.0/go.mod h1:rmGmNzO/DIBzUyisFjeocXvazOlxgO5K8vsFQkUn7Hk= github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g= github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.0/go.mod h1:xvb32K2keAc+R8DSFG2IwDcydK9DBQE+fGA5fsw6hSk= github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.1 h1:KIge4FHZEDb2/xjaWgmBheCTgRL6HV4sgTfDsH876L8= @@ -2239,7 +2169,6 @@ github.com/hashicorp/go-kms-wrapping/v2 v2.0.16/go.mod h1:ZiKZctjRTLEppuRwrttWkp github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= -github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-plugin v1.0.1/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn3cQptSMzBuY= @@ -2249,18 +2178,15 @@ github.com/hashicorp/go-plugin v1.5.2/go.mod h1:w1sAEES3g3PuV/RzUrgow20W2uErMly8 github.com/hashicorp/go-plugin v1.6.0 h1:wgd4KxHJTVGGqWBq4QPB1i5BZNEx9BR8+OFmHDmTk8A= github.com/hashicorp/go-plugin v1.6.0/go.mod h1:lBS5MtSSBZk0SHc66KACcjjlU6WzEVP/8pwz68aMkCI= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= -github.com/hashicorp/go-retryablehttp v0.6.2/go.mod h1:gEx6HMUGxYYhJScX7W1Il64m6cc2C1mDaW3NQ9sY1FY= github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= -github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M= -github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= +github.com/hashicorp/go-retryablehttp v0.7.6 h1:TwRYfx2z2C4cLbXmT8I5PgP/xmuqASDyiVuGYfs9GZM= +github.com/hashicorp/go-retryablehttp v0.7.6/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= -github.com/hashicorp/go-rootcerts v1.0.1/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo= github.com/hashicorp/go-safetemp v1.0.0/go.mod h1:oaerMy3BhqiTbVye6QuFhFtIceqFoDHxNAB65b+Rj1I= -github.com/hashicorp/go-secure-stdlib/awsutil v0.1.2/go.mod h1:QRJZ7siKie+SZJB9jLbfKrs0Gd0yPWMtbneg0iU1PrY= github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0 h1:I8bynUKMh9I7JdwtW9voJ0xmHvBpxQtLjrMFDYmhOxY= github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0/go.mod h1:oKHSQs4ivIfZ3fbXGQOop1XuDfdSb8RIsWTGaAanSfg= github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw= @@ -2303,7 +2229,6 @@ github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09 github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.3/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c= github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= @@ -2324,8 +2249,8 @@ github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= -github.com/hashicorp/serf v0.9.7 h1:hkdgbqizGQHuU5IPqYM1JdSMV8nKfpuOnZYXssk9muY= -github.com/hashicorp/serf v0.9.7/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= +github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY= +github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4= github.com/hashicorp/terraform-config-inspect v0.0.0-20191115094559-17f92b0546e8/go.mod h1:p+ivJws3dpqbp1iP84+npOyAmTTOLMgCzrXd3GSdn/A= github.com/hashicorp/terraform-exec v0.20.0 h1:DIZnPsqzPGuUnq6cH8jWcPunBfY+C+M8JyYF3vpnuEo= github.com/hashicorp/terraform-exec v0.20.0/go.mod h1:ckKGkJWbsNqFKV1itgMnE0hY9IYf1HoiekpuN0eWoDw= @@ -2346,27 +2271,21 @@ github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVf github.com/hashicorp/terraform-svchost v0.0.0-20191011084731-65d371908596/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg= github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= github.com/hashicorp/terraform-svchost v0.1.1/go.mod h1:mNsjQfZyf/Jhz35v6/0LWcv26+X7JPS+buii2c9/ctc= -github.com/hashicorp/vault v1.11.3 h1:KROmJz/YRIaYVpwJaWYNfHDcchtugCP8GTRz+939eT8= -github.com/hashicorp/vault v1.11.3/go.mod h1:shpQ0ikGOzP07k/TJG54VNzbOIISS4h/2UKRD4xjpj8= -github.com/hashicorp/vault-plugin-auth-jwt v0.20.1 h1:98BDtyvh+43u7SkMWN1rIzSGHMhXqD4xt8XniB3R9EU= -github.com/hashicorp/vault-plugin-auth-jwt v0.20.1/go.mod h1:yGd5YGkjbnW9xAarwjSHVR+t8lp7HDfTY+qn/UB/gpE= +github.com/hashicorp/vault-plugin-auth-jwt v0.20.3 h1:mLsdorH4m43rBqybHDZKl33rrmc80ens4hSB6E7i9o0= +github.com/hashicorp/vault-plugin-auth-jwt v0.20.3/go.mod h1:1IQjNAZ2z8GdTPM/XizC6eA4X9brnOXiwSoYEOfuDlM= github.com/hashicorp/vault-plugin-auth-kerberos v0.11.0 h1:XjdH8nqosqgKeAwBptMS7DoXsdi8IKL2fbBSyvL/HRM= github.com/hashicorp/vault-plugin-auth-kerberos v0.11.0/go.mod h1:xupzh9O6Us6bqKLZ6wfRsjqlf1Mb1TRylKpxZPJd5rA= github.com/hashicorp/vault-plugin-auth-oci v0.15.1 h1:frikend6vdC09I60qmFkRwBVgXLlBz2qe1869bC5J5s= github.com/hashicorp/vault-plugin-auth-oci v0.15.1/go.mod h1:i3KYRLQFpAIJuvbXHBMgXzw0563Sp/2mMpAFU5F6Z9I= -github.com/hashicorp/vault/api v1.0.5-0.20200519221902-385fac77e20f/go.mod h1:euTFbi2YJgwcju3imEt919lhJKF68nN1cQPq3aA+kBE= -github.com/hashicorp/vault/api v1.1.1/go.mod h1:29UXcn/1cLOPHQNMWA7bCz2By4PSd0VKPAydKXS5yN0= github.com/hashicorp/vault/api v1.4.1/go.mod h1:LkMdrZnWNrFaQyYYazWVn7KshilfDidgVBq6YiTq/bM= github.com/hashicorp/vault/api v1.9.1/go.mod h1:78kktNcQYbBGSrOjQfHjXN32OhhxXnbYl3zxpd2uPUs= github.com/hashicorp/vault/api v1.11.0/go.mod h1:si+lJCYO7oGkIoNPAN8j3azBLTn9SjMGS+jFaHd1Cck= -github.com/hashicorp/vault/api v1.12.2 h1:7YkCTE5Ni90TcmYHDBExdt4WGJxhpzaHqR6uGbQb/rE= -github.com/hashicorp/vault/api v1.12.2/go.mod h1:LSGf1NGT1BnvFFnKVtnvcaLBM2Lz+gJdpL6HUYed8KE= -github.com/hashicorp/vault/sdk v0.1.14-0.20200519221530-14615acda45f/go.mod h1:WX57W2PwkrOPQ6rVQk+dy5/htHIaB4aBM70EwKThu10= -github.com/hashicorp/vault/sdk v0.2.1/go.mod h1:WfUiO1vYzfBkz1TmoE4ZGU7HD0T0Cl/rZwaxjBkgN4U= +github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU= +github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk= github.com/hashicorp/vault/sdk v0.4.1/go.mod h1:aZ3fNuL5VNydQk8GcLJ2TV8YCRVvyaakYkhZRoVuhj0= github.com/hashicorp/vault/sdk v0.10.2/go.mod h1:VxJIQgftEX7FCDM3i6TTLjrZszAeLhqPicNbCVNRg4I= -github.com/hashicorp/vault/sdk v0.11.0 h1:KP/tBUywaVcvOebAfMPNCCiXKeCNEbm3JauYmrZd7RI= -github.com/hashicorp/vault/sdk v0.11.0/go.mod h1:cG0OZ7Ebq09Xn2N7OWtHbVqq6LpYP6fkyWo0PIvkLsA= +github.com/hashicorp/vault/sdk v0.13.0 h1:UmcLF+7r70gy1igU44Suflgio30P2GOL4MkHPhJuiP8= +github.com/hashicorp/vault/sdk v0.13.0/go.mod h1:LxhNTWRG99mXg9xijBCnCnIus+brLC5uFsQUQ4zgOnU= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE= @@ -2385,7 +2304,6 @@ github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU= github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/huaweicloud/golangsdk v0.0.0-20200304081349-45ec0797f2a4/go.mod h1:WQBcHRNX9shz3928lWEvstQJtAtYI7ks6XlgtRT9Tcw= github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/iancoleman/strcase v0.3.0 h1:nTXanmYxhfFAMjZL34Ov6gkzEsSJZ5DbhxWjvSASxEI= github.com/iancoleman/strcase v0.3.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= @@ -2470,8 +2388,8 @@ github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyX github.com/jhump/protoreflect v1.11.0/go.mod h1:U7aMIjN0NWq9swDP7xDdoMfRHb35uiuTd3Z9nFXJf5E= github.com/jhump/protoreflect v1.15.1 h1:HUMERORf3I3ZdX05WaQ6MIpd/NJ434hTp5YiKgfCL6c= github.com/jhump/protoreflect v1.15.1/go.mod h1:jD/2GMKKE6OqX8qTjhADU1e6DShO+gavG9e0Q693nKo= -github.com/jimlambrt/gldap v0.1.4 h1:PoB5u4ND0E+6W99JtQJvcjGFw+iKi3Gx3M60oOJBOqE= -github.com/jimlambrt/gldap v0.1.4/go.mod h1:ia/l4Jhm+tdupLvZe7tRCbpv+HyXr1B5QFirsewfWEA= +github.com/jimlambrt/gldap v0.1.13 h1:jxmVQn0lfmFbM9jglueoau5LLF/IGRti0SKf0vB753M= +github.com/jimlambrt/gldap v0.1.13/go.mod h1:nlC30c7xVphjImg6etk7vg7ZewHCCvl1dfAhO3ZJzPg= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= @@ -2489,7 +2407,6 @@ github.com/joshlf/go-acl v0.0.0-20200411065538-eae00ae38531/go.mod h1:fqTUQpVYBv github.com/joshlf/testutil v0.0.0-20170608050642-b5d8aa79d93d h1:J8tJzRyiddAFF65YVgxli+TyWBi0f79Sld6rJP6CBcY= github.com/joshlf/testutil v0.0.0-20170608050642-b5d8aa79d93d/go.mod h1:b+Q3v8Yrg5o15d71PSUraUzYb+jWl6wQMSBXSGS/hv0= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= -github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= @@ -2499,7 +2416,6 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= @@ -2521,8 +2437,9 @@ github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47e github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= -github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI= github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I= +github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -2608,7 +2525,6 @@ github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/matttproud/golang_protobuf_extensions v1.0.2/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= -github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY= github.com/microsoft/go-mssqldb v1.5.0/go.mod h1:lmWsjHD8XX/Txr0f8ZqgbEZSC+BZjmEQy/Ms+rLrvho= @@ -2647,7 +2563,6 @@ github.com/mitchellh/hashstructure v1.1.0/go.mod h1:xUDAozZz0Wmdiufv0uyhnHkUTN6/ github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= @@ -2834,12 +2749,8 @@ github.com/opentracing/basictracer-go v1.1.0/go.mod h1:V2HZueSJEp879yv285Aap1BS6 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk v13.1.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888= -github.com/oracle/oci-go-sdk v24.3.0+incompatible h1:x4mcfb4agelf1O4/1/auGlZ1lr97jXRSSN5MxTgG/zU= -github.com/oracle/oci-go-sdk v24.3.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888= github.com/oracle/oci-go-sdk/v59 v59.0.0 h1:+zTvWfj9ZK0OwLRyXjUkZ8dPN3WvkQSRd3iooaOxNVs= github.com/oracle/oci-go-sdk/v59 v59.0.0/go.mod h1:PWyWRn+xkQxwwmLq/oO03X3tN1tk2vEIE2tFaJmldHM= -github.com/ory/dockertest v3.3.5+incompatible h1:iLLK6SQwIhcbrG783Dghaaa3WPzGc+4Emza6EbVUUGA= github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4aNE4= github.com/ory/dockertest/v3 v3.10.0/go.mod h1:nr57ZbRWMqfsdGdFNLHz5jjNdDb7VVFnzAeW1n5N1Lg= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= @@ -2853,6 +2764,8 @@ github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCko github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/peterh/liner v0.0.0-20170211195444-bf27d3ba8e1d/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc= +github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5 h1:q2e307iGHPdTGp0hoxKjt1H5pDo6utceo3dQVK3I5XQ= +github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5/go.mod h1:jvVRKCrJTQWu0XVbaOlby/2lO20uSCHEMzzplHXte1o= github.com/pgavlin/fx v0.1.6 h1:r9jEg69DhNoCd3Xh0+5mIbdbS3PqWrVWujkY76MFRTU= github.com/pgavlin/fx v0.1.6/go.mod h1:KWZJ6fqBBSh8GxHYqwYCf3rYE7Gp2p0N8tJp8xv9u9M= github.com/pgavlin/goldmark v1.1.33-0.20200616210433-b5eb04559386 h1:LoCV5cscNVWyK5ChN/uCoIFJz8jZD63VQiGJIRgr6uo= @@ -2893,7 +2806,6 @@ github.com/pquerna/cachecontrol v0.1.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQ github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U= github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= @@ -2904,7 +2816,6 @@ github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqr github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ= -github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw= github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= @@ -2912,11 +2823,9 @@ github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1: github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= -github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= @@ -2925,11 +2834,9 @@ github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB8 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.30.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE= github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -2940,7 +2847,6 @@ github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4O github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo= github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435cARxCW6q9gc0S/Yxz7Mkd38pOb0= @@ -3005,6 +2911,8 @@ github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1/go.mod h1:Z0q5wiB github.com/safchain/ethtool v0.2.0/go.mod h1:WkKB1DnNtvsMlDmQ50sgwowDJV/hGbJSOvJoEXs1AJQ= github.com/santhosh-tekuri/jsonschema/v5 v5.0.0 h1:TToq11gyfNlrMFZiYujSekIsPd9AmsA2Bj/iv+s4JHE= github.com/santhosh-tekuri/jsonschema/v5 v5.0.0/go.mod h1:FKdcjfQW6rpZSnxxUvEA5H/cDPdvJ/SZJQLWWXWGrZ0= +github.com/sasha-s/go-deadlock v0.2.0 h1:lMqc+fUb7RrFS3gQLtoQsJ7/6TV/pAIFvBsqX73DK8Y= +github.com/sasha-s/go-deadlock v0.2.0/go.mod h1:StQn567HiB1fF2yJ44N9au7wOhrPS3iZqiDbRupzT10= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw= github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U= @@ -3041,10 +2949,8 @@ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVs github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A= github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= -github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= @@ -3117,7 +3023,6 @@ github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= -github.com/tencentcloud/tencentcloud-sdk-go v1.0.162/go.mod h1:asUz5BPXxgoPGaRgZaVm1iGcUAuHyYUo1nXqKa83cvI= github.com/texttheater/golang-levenshtein v1.0.1 h1:+cRNoVrfiwufQPhoMzB6N0Yf/Mqajr6t1lOv8GyGE2U= github.com/texttheater/golang-levenshtein v1.0.1/go.mod h1:PYAKrbF5sAiq9wd+H82hs7gNaen0CplQ9uvm6+enD/8= github.com/tidwall/gjson v1.17.0 h1:/Jocvlh98kcTfpN2+JzGQWQcqrPQwDrVEMApx/M5ZwM= @@ -3132,7 +3037,6 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= -github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c h1:u6SKchux2yDvFQnDHS3lPnIRmfVJ5Sxy3ao2SIdysLQ= github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c/go.mod h1:hzIxponao9Kjc7aWznkXaL4U4TWaDSs8zcsY4Ka08nM= github.com/tweekmonster/luser v0.0.0-20161003172636-3fa38070dbd7 h1:X9dsIWPuuEJlPX//UmRKophhOKCGXc46RVIGuttks68= github.com/tweekmonster/luser v0.0.0-20161003172636-3fa38070dbd7/go.mod h1:UxoP3EypF8JfGEjAII8jx1q8rQyDnX8qdTCs/UQBVIE= @@ -3188,8 +3092,6 @@ github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= -github.com/yandex-cloud/go-genproto v0.0.0-20200722140432-762fe965ce77/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= -github.com/yandex-cloud/go-sdk v0.0.0-20200722140627-2194e5077f13/go.mod h1:LEdAMqa1v/7KYe4b13ALLkonuDxLph57ibUb50ctvJk= github.com/yashtewari/glob-intersection v0.1.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -3360,7 +3262,6 @@ golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= -golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -3370,7 +3271,6 @@ golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -3431,8 +3331,8 @@ golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20220827204233-334a2380cb91/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= -golang.org/x/exp v0.0.0-20240213143201-ec583247a57a h1:HinSgX1tJRX3KsL//Gxynpw5CTOAIPhgL4W8PNiIpVE= -golang.org/x/exp v0.0.0-20240213143201-ec583247a57a/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc= +golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ= +golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc= golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= @@ -3518,7 +3418,6 @@ golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200320220750-118fecf932d8/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= @@ -3526,7 +3425,6 @@ golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= @@ -3611,7 +3509,6 @@ golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri golang.org/x/oauth2 v0.0.0-20221006150949-b44042a4b9c1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A= -golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec= golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= @@ -3710,7 +3607,6 @@ golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -3991,7 +3887,6 @@ gonum.org/v1/plot v0.9.0/go.mod h1:3Pcqqmp6RHvJI72kgb8fThyUnav364FOsdDo2aGW5lY= gonum.org/v1/plot v0.10.1/go.mod h1:VZW5OlhkL1mysU9vaqNHnsy86inf6Ot+jB3r+BczCEo= google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.5.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= @@ -4075,7 +3970,6 @@ google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRn google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190508193815-b515fa19cec8/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190522204451-c2c4e71fbf69/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= @@ -4093,7 +3987,6 @@ google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200323114720-3f67cca34472/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= @@ -4282,7 +4175,6 @@ google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZi google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA= @@ -4357,8 +4249,8 @@ google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= -google.golang.org/protobuf v1.34.0 h1:Qo/qEd2RZPCf2nKuorzksSknv0d3ERwp1vFG38gSmH4= -google.golang.org/protobuf v1.34.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= +google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -4375,10 +4267,7 @@ gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMy gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.62.0 h1:duBzk771uxoUuOlyRLkHsygud9+5lrlGjdFBb4mSKDU= -gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/jcmturner/goidentity.v3 v3.0.0 h1:1duIyWiTaYvVx3YX2CYtpJbUFd7/UuPYCfgXtQ3VTbI= gopkg.in/jcmturner/goidentity.v3 v3.0.0/go.mod h1:oG2kH0IvSYNIu80dVAyu/yoefjq1mNfM5bm88whjWx4= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= @@ -4386,7 +4275,6 @@ gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= -gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI= gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= diff --git a/provider/resources.go b/provider/resources.go index b6d816d33..a1591ca54 100644 --- a/provider/resources.go +++ b/provider/resources.go @@ -159,6 +159,7 @@ func Provider() tfbridge.ProviderInfo { Version: version.Version, MetadataInfo: tfbridge.NewProviderMetadata(metadata), UpstreamRepoPath: "./upstream", + DocRules: &tfbridge.DocRuleInfo{EditRules: docEditRules}, Config: map[string]*tfbridge.SchemaInfo{ "skip_tls_verify": { @@ -540,7 +541,7 @@ func Provider() tfbridge.ProviderInfo { }, } - prov.MustComputeTokens(tks.MappedModules("vault_", "", moduleMap, + prov.MustComputeTokens(tks.MappedModules("vault_", "index", moduleMap, func(module, name string) (string, error) { return string(makeResource(module, name)), nil })) @@ -551,4 +552,20 @@ func Provider() tfbridge.ProviderInfo { return prov } +func docEditRules(defaults []tfbridge.DocsEdit) []tfbridge.DocsEdit { + return append(defaults, oktaAuthBackedUserImport) +} + +var oktaAuthBackedUserImport = tfbridge.DocsEdit{ + Path: "okta_auth_backend_user.html.md", + Edit: func(_ string, content []byte) ([]byte, error) { + content = append(content, []byte("\n\n## Import\n\n"+ + "Okta authentication backend users can be imported using its `path/user` ID format, e.g.\n"+ + "```\n"+ + "$ terraform import vault_okta_auth_backend_user.example okta/foo\n"+ + "```\n")...) + return content, nil + }, +} + var missingDocs = &tfbridge.DocInfo{AllowMissing: true} diff --git a/scripts/upstream.sh b/scripts/upstream.sh index d35932e0e..23ba94673 100755 --- a/scripts/upstream.sh +++ b/scripts/upstream.sh @@ -138,7 +138,7 @@ apply() { # apply the patch using a 3-way merge strategy. This mirrors the default behavior of 'git merge' cd upstream for patch in ../patches/*.patch; do - if ! git apply --3way "$patch"; then + if ! git apply --3way "$patch" --allow-empty; then cat < DisableRemount { get; private set; } = null!; + /// + /// The key to use for signing identity tokens. + /// + [Output("identityTokenKey")] + public Output IdentityTokenKey { get; private set; } = null!; + /// /// Specifies if the auth method is local only. /// @@ -134,6 +140,12 @@ public sealed class AuthBackendArgs : global::Pulumi.ResourceArgs [Input("disableRemount")] public Input? DisableRemount { get; set; } + /// + /// The key to use for signing identity tokens. + /// + [Input("identityTokenKey")] + public Input? IdentityTokenKey { get; set; } + /// /// Specifies if the auth method is local only. /// @@ -196,6 +208,12 @@ public sealed class AuthBackendState : global::Pulumi.ResourceArgs [Input("disableRemount")] public Input? DisableRemount { get; set; } + /// + /// The key to use for signing identity tokens. + /// + [Input("identityTokenKey")] + public Input? IdentityTokenKey { get; set; } + /// /// Specifies if the auth method is local only. /// diff --git a/sdk/dotnet/Aws/AuthBackendClient.cs b/sdk/dotnet/Aws/AuthBackendClient.cs index 15d5d4d76..6b1337283 100644 --- a/sdk/dotnet/Aws/AuthBackendClient.cs +++ b/sdk/dotnet/Aws/AuthBackendClient.cs @@ -12,6 +12,30 @@ namespace Pulumi.Vault.Aws /// /// ## Example Usage /// + /// You can setup the AWS auth engine with Workload Identity Federation (WIF) for a secret-less configuration: + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Vault = Pulumi.Vault; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var example = new Vault.AuthBackend("example", new() + /// { + /// Type = "aws", + /// }); + /// + /// var exampleAuthBackendClient = new Vault.Aws.AuthBackendClient("example", new() + /// { + /// IdentityTokenAudience = "<TOKEN_AUDIENCE>", + /// IdentityTokenTtl = "<TOKEN_TTL>", + /// RoleArn = "<AWS_ROLE_ARN>", + /// }); + /// + /// }); + /// ``` + /// /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -48,7 +72,7 @@ public partial class AuthBackendClient : global::Pulumi.CustomResource { /// /// The AWS access key that Vault should use for the - /// auth backend. + /// auth backend. Mutually exclusive with `identity_token_audience`. /// [Output("accessKey")] public Output AccessKey { get; private set; } = null!; @@ -82,6 +106,27 @@ public partial class AuthBackendClient : global::Pulumi.CustomResource [Output("iamServerIdHeaderValue")] public Output IamServerIdHeaderValue { get; private set; } = null!; + /// + /// The audience claim value. Mutually exclusive with `access_key`. + /// Requires Vault 1.17+. *Available only for Vault Enterprise* + /// + [Output("identityTokenAudience")] + public Output IdentityTokenAudience { get; private set; } = null!; + + /// + /// The TTL of generated identity tokens in seconds. Requires Vault 1.17+. + /// *Available only for Vault Enterprise* + /// + [Output("identityTokenTtl")] + public Output IdentityTokenTtl { get; private set; } = null!; + + /// + /// Number of max retries the client should use for recoverable errors. + /// The default `-1` falls back to the AWS SDK's default behavior. + /// + [Output("maxRetries")] + public Output MaxRetries { get; private set; } = null!; + /// /// The namespace to provision the resource in. /// The value should not contain leading or trailing forward slashes. @@ -91,6 +136,13 @@ public partial class AuthBackendClient : global::Pulumi.CustomResource [Output("namespace")] public Output Namespace { get; private set; } = null!; + /// + /// Role ARN to assume for plugin identity token federation. Requires Vault 1.17+. + /// *Available only for Vault Enterprise* + /// + [Output("roleArn")] + public Output RoleArn { get; private set; } = null!; + /// /// The AWS secret key that Vault should use for the /// auth backend. @@ -178,7 +230,7 @@ public sealed class AuthBackendClientArgs : global::Pulumi.ResourceArgs /// /// The AWS access key that Vault should use for the - /// auth backend. + /// auth backend. Mutually exclusive with `identity_token_audience`. /// public Input? AccessKey { @@ -219,6 +271,27 @@ public Input? AccessKey [Input("iamServerIdHeaderValue")] public Input? IamServerIdHeaderValue { get; set; } + /// + /// The audience claim value. Mutually exclusive with `access_key`. + /// Requires Vault 1.17+. *Available only for Vault Enterprise* + /// + [Input("identityTokenAudience")] + public Input? IdentityTokenAudience { get; set; } + + /// + /// The TTL of generated identity tokens in seconds. Requires Vault 1.17+. + /// *Available only for Vault Enterprise* + /// + [Input("identityTokenTtl")] + public Input? IdentityTokenTtl { get; set; } + + /// + /// Number of max retries the client should use for recoverable errors. + /// The default `-1` falls back to the AWS SDK's default behavior. + /// + [Input("maxRetries")] + public Input? MaxRetries { get; set; } + /// /// The namespace to provision the resource in. /// The value should not contain leading or trailing forward slashes. @@ -228,6 +301,13 @@ public Input? AccessKey [Input("namespace")] public Input? Namespace { get; set; } + /// + /// Role ARN to assume for plugin identity token federation. Requires Vault 1.17+. + /// *Available only for Vault Enterprise* + /// + [Input("roleArn")] + public Input? RoleArn { get; set; } + [Input("secretKey")] private Input? _secretKey; @@ -282,7 +362,7 @@ public sealed class AuthBackendClientState : global::Pulumi.ResourceArgs /// /// The AWS access key that Vault should use for the - /// auth backend. + /// auth backend. Mutually exclusive with `identity_token_audience`. /// public Input? AccessKey { @@ -323,6 +403,27 @@ public Input? AccessKey [Input("iamServerIdHeaderValue")] public Input? IamServerIdHeaderValue { get; set; } + /// + /// The audience claim value. Mutually exclusive with `access_key`. + /// Requires Vault 1.17+. *Available only for Vault Enterprise* + /// + [Input("identityTokenAudience")] + public Input? IdentityTokenAudience { get; set; } + + /// + /// The TTL of generated identity tokens in seconds. Requires Vault 1.17+. + /// *Available only for Vault Enterprise* + /// + [Input("identityTokenTtl")] + public Input? IdentityTokenTtl { get; set; } + + /// + /// Number of max retries the client should use for recoverable errors. + /// The default `-1` falls back to the AWS SDK's default behavior. + /// + [Input("maxRetries")] + public Input? MaxRetries { get; set; } + /// /// The namespace to provision the resource in. /// The value should not contain leading or trailing forward slashes. @@ -332,6 +433,13 @@ public Input? AccessKey [Input("namespace")] public Input? Namespace { get; set; } + /// + /// Role ARN to assume for plugin identity token federation. Requires Vault 1.17+. + /// *Available only for Vault Enterprise* + /// + [Input("roleArn")] + public Input? RoleArn { get; set; } + [Input("secretKey")] private Input? _secretKey; diff --git a/sdk/dotnet/Aws/SecretBackendRole.cs b/sdk/dotnet/Aws/SecretBackendRole.cs index 574065d9a..337016d98 100644 --- a/sdk/dotnet/Aws/SecretBackendRole.cs +++ b/sdk/dotnet/Aws/SecretBackendRole.cs @@ -94,6 +94,13 @@ public partial class SecretBackendRole : global::Pulumi.CustomResource [Output("iamGroups")] public Output> IamGroups { get; private set; } = null!; + /// + /// A map of strings representing key/value pairs + /// to be used as tags for any IAM user that is created by this role. + /// + [Output("iamTags")] + public Output?> IamTags { get; private set; } = null!; + /// /// The max allowed TTL in seconds for STS credentials /// (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is @@ -252,6 +259,19 @@ public InputList IamGroups set => _iamGroups = value; } + [Input("iamTags")] + private InputMap? _iamTags; + + /// + /// A map of strings representing key/value pairs + /// to be used as tags for any IAM user that is created by this role. + /// + public InputMap IamTags + { + get => _iamTags ?? (_iamTags = new InputMap()); + set => _iamTags = value; + } + /// /// The max allowed TTL in seconds for STS credentials /// (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is @@ -384,6 +404,19 @@ public InputList IamGroups set => _iamGroups = value; } + [Input("iamTags")] + private InputMap? _iamTags; + + /// + /// A map of strings representing key/value pairs + /// to be used as tags for any IAM user that is created by this role. + /// + public InputMap IamTags + { + get => _iamTags ?? (_iamTags = new InputMap()); + set => _iamTags = value; + } + /// /// The max allowed TTL in seconds for STS credentials /// (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is diff --git a/sdk/dotnet/Azure/AuthBackendConfig.cs b/sdk/dotnet/Azure/AuthBackendConfig.cs index 9cfe328bf..61db3729e 100644 --- a/sdk/dotnet/Azure/AuthBackendConfig.cs +++ b/sdk/dotnet/Azure/AuthBackendConfig.cs @@ -12,6 +12,33 @@ namespace Pulumi.Vault.Azure /// /// ## Example Usage /// + /// You can setup the Azure auth engine with Workload Identity Federation (WIF) for a secret-less configuration: + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Vault = Pulumi.Vault; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var example = new Vault.AuthBackend("example", new() + /// { + /// Type = "azure", + /// IdentityTokenKey = "example-key", + /// }); + /// + /// var exampleAuthBackendConfig = new Vault.Azure.AuthBackendConfig("example", new() + /// { + /// Backend = example.Path, + /// TenantId = "11111111-2222-3333-4444-555555555555", + /// ClientId = "11111111-2222-3333-4444-555555555555", + /// IdentityTokenAudience = "<TOKEN_AUDIENCE>", + /// IdentityTokenTtl = "<TOKEN_TTL>", + /// }); + /// + /// }); + /// ``` + /// /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -77,6 +104,19 @@ public partial class AuthBackendConfig : global::Pulumi.CustomResource [Output("environment")] public Output Environment { get; private set; } = null!; + /// + /// The audience claim value for plugin identity tokens. Requires Vault 1.17+. + /// *Available only for Vault Enterprise* + /// + [Output("identityTokenAudience")] + public Output IdentityTokenAudience { get; private set; } = null!; + + /// + /// The TTL of generated identity tokens in seconds. + /// + [Output("identityTokenTtl")] + public Output IdentityTokenTtl { get; private set; } = null!; + /// /// The namespace to provision the resource in. /// The value should not contain leading or trailing forward slashes. @@ -201,6 +241,19 @@ public Input? ClientSecret [Input("environment")] public Input? Environment { get; set; } + /// + /// The audience claim value for plugin identity tokens. Requires Vault 1.17+. + /// *Available only for Vault Enterprise* + /// + [Input("identityTokenAudience")] + public Input? IdentityTokenAudience { get; set; } + + /// + /// The TTL of generated identity tokens in seconds. + /// + [Input("identityTokenTtl")] + public Input? IdentityTokenTtl { get; set; } + /// /// The namespace to provision the resource in. /// The value should not contain leading or trailing forward slashes. @@ -291,6 +344,19 @@ public Input? ClientSecret [Input("environment")] public Input? Environment { get; set; } + /// + /// The audience claim value for plugin identity tokens. Requires Vault 1.17+. + /// *Available only for Vault Enterprise* + /// + [Input("identityTokenAudience")] + public Input? IdentityTokenAudience { get; set; } + + /// + /// The TTL of generated identity tokens in seconds. + /// + [Input("identityTokenTtl")] + public Input? IdentityTokenTtl { get; set; } + /// /// The namespace to provision the resource in. /// The value should not contain leading or trailing forward slashes. diff --git a/sdk/dotnet/Azure/Backend.cs b/sdk/dotnet/Azure/Backend.cs index 58570e397..353ff0483 100644 --- a/sdk/dotnet/Azure/Backend.cs +++ b/sdk/dotnet/Azure/Backend.cs @@ -14,6 +14,27 @@ namespace Pulumi.Vault.Azure /// /// ### *Vault-1.9 And Above* /// + /// You can setup the Azure secrets engine with Workload Identity Federation (WIF) for a secret-less configuration: + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Vault = Pulumi.Vault; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var azure = new Vault.Azure.Backend("azure", new() + /// { + /// SubscriptionId = "11111111-2222-3333-4444-111111111111", + /// TenantId = "11111111-2222-3333-4444-222222222222", + /// ClientId = "11111111-2222-3333-4444-333333333333", + /// IdentityTokenAudience = "<TOKEN_AUDIENCE>", + /// IdentityTokenTtl = "<TOKEN_TTL>", + /// }); + /// + /// }); + /// ``` + /// /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -92,6 +113,27 @@ public partial class Backend : global::Pulumi.CustomResource [Output("environment")] public Output Environment { get; private set; } = null!; + /// + /// The audience claim value. Requires Vault 1.17+. + /// *Available only for Vault Enterprise* + /// + [Output("identityTokenAudience")] + public Output IdentityTokenAudience { get; private set; } = null!; + + /// + /// The key to use for signing identity tokens. Requires Vault 1.17+. + /// *Available only for Vault Enterprise* + /// + [Output("identityTokenKey")] + public Output IdentityTokenKey { get; private set; } = null!; + + /// + /// The TTL of generated identity tokens in seconds. Requires Vault 1.17+. + /// *Available only for Vault Enterprise* + /// + [Output("identityTokenTtl")] + public Output IdentityTokenTtl { get; private set; } = null!; + /// /// The namespace to provision the resource in. /// The value should not contain leading or trailing forward slashes. @@ -229,6 +271,27 @@ public Input? ClientSecret [Input("environment")] public Input? Environment { get; set; } + /// + /// The audience claim value. Requires Vault 1.17+. + /// *Available only for Vault Enterprise* + /// + [Input("identityTokenAudience")] + public Input? IdentityTokenAudience { get; set; } + + /// + /// The key to use for signing identity tokens. Requires Vault 1.17+. + /// *Available only for Vault Enterprise* + /// + [Input("identityTokenKey")] + public Input? IdentityTokenKey { get; set; } + + /// + /// The TTL of generated identity tokens in seconds. Requires Vault 1.17+. + /// *Available only for Vault Enterprise* + /// + [Input("identityTokenTtl")] + public Input? IdentityTokenTtl { get; set; } + /// /// The namespace to provision the resource in. /// The value should not contain leading or trailing forward slashes. @@ -341,6 +404,27 @@ public Input? ClientSecret [Input("environment")] public Input? Environment { get; set; } + /// + /// The audience claim value. Requires Vault 1.17+. + /// *Available only for Vault Enterprise* + /// + [Input("identityTokenAudience")] + public Input? IdentityTokenAudience { get; set; } + + /// + /// The key to use for signing identity tokens. Requires Vault 1.17+. + /// *Available only for Vault Enterprise* + /// + [Input("identityTokenKey")] + public Input? IdentityTokenKey { get; set; } + + /// + /// The TTL of generated identity tokens in seconds. Requires Vault 1.17+. + /// *Available only for Vault Enterprise* + /// + [Input("identityTokenTtl")] + public Input? IdentityTokenTtl { get; set; } + /// /// The namespace to provision the resource in. /// The value should not contain leading or trailing forward slashes. diff --git a/sdk/dotnet/Database/SecretsMount.cs b/sdk/dotnet/Database/SecretsMount.cs index 776a6d38a..5f922b522 100644 --- a/sdk/dotnet/Database/SecretsMount.cs +++ b/sdk/dotnet/Database/SecretsMount.cs @@ -107,6 +107,12 @@ public partial class SecretsMount : global::Pulumi.CustomResource [Output("allowedManagedKeys")] public Output> AllowedManagedKeys { get; private set; } = null!; + /// + /// List of headers to allow and pass from the request to the plugin + /// + [Output("allowedResponseHeaders")] + public Output> AllowedResponseHeaders { get; private set; } = null!; + /// /// Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. /// @@ -139,6 +145,12 @@ public partial class SecretsMount : global::Pulumi.CustomResource [Output("defaultLeaseTtlSeconds")] public Output DefaultLeaseTtlSeconds { get; private set; } = null!; + /// + /// List of headers to allow and pass from the request to the plugin + /// + [Output("delegatedAuthAccessors")] + public Output> DelegatedAuthAccessors { get; private set; } = null!; + /// /// Human-friendly description of the mount /// @@ -171,6 +183,12 @@ public partial class SecretsMount : global::Pulumi.CustomResource [Output("hanas")] public Output> Hanas { get; private set; } = null!; + /// + /// The key to use for signing plugin workload identity tokens + /// + [Output("identityTokenKey")] + public Output IdentityTokenKey { get; private set; } = null!; + /// /// A nested block containing configuration options for InfluxDB connections. /// *See Configuration Options for more info* @@ -178,6 +196,12 @@ public partial class SecretsMount : global::Pulumi.CustomResource [Output("influxdbs")] public Output> Influxdbs { get; private set; } = null!; + /// + /// Specifies whether to show this mount in the UI-specific listing endpoint + /// + [Output("listingVisibility")] + public Output ListingVisibility { get; private set; } = null!; + /// /// Boolean flag that can be explicitly set to true to enforce local mount in HA environment /// @@ -258,12 +282,24 @@ public partial class SecretsMount : global::Pulumi.CustomResource [Output("oracles")] public Output> Oracles { get; private set; } = null!; + /// + /// List of headers to allow and pass from the request to the plugin + /// + [Output("passthroughRequestHeaders")] + public Output> PassthroughRequestHeaders { get; private set; } = null!; + /// /// Where the secret backend will be mounted /// [Output("path")] public Output Path { get; private set; } = null!; + /// + /// Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + /// + [Output("pluginVersion")] + public Output PluginVersion { get; private set; } = null!; + /// /// A nested block containing configuration options for PostgreSQL connections. /// *See Configuration Options for more info* @@ -365,6 +401,18 @@ public InputList AllowedManagedKeys set => _allowedManagedKeys = value; } + [Input("allowedResponseHeaders")] + private InputList? _allowedResponseHeaders; + + /// + /// List of headers to allow and pass from the request to the plugin + /// + public InputList AllowedResponseHeaders + { + get => _allowedResponseHeaders ?? (_allowedResponseHeaders = new InputList()); + set => _allowedResponseHeaders = value; + } + [Input("auditNonHmacRequestKeys")] private InputList? _auditNonHmacRequestKeys; @@ -421,6 +469,18 @@ public InputList Couchbases [Input("defaultLeaseTtlSeconds")] public Input? DefaultLeaseTtlSeconds { get; set; } + [Input("delegatedAuthAccessors")] + private InputList? _delegatedAuthAccessors; + + /// + /// List of headers to allow and pass from the request to the plugin + /// + public InputList DelegatedAuthAccessors + { + get => _delegatedAuthAccessors ?? (_delegatedAuthAccessors = new InputList()); + set => _delegatedAuthAccessors = value; + } + /// /// Human-friendly description of the mount /// @@ -459,6 +519,12 @@ public InputList Hanas set => _hanas = value; } + /// + /// The key to use for signing plugin workload identity tokens + /// + [Input("identityTokenKey")] + public Input? IdentityTokenKey { get; set; } + [Input("influxdbs")] private InputList? _influxdbs; @@ -472,6 +538,12 @@ public InputList Influxdbs set => _influxdbs = value; } + /// + /// Specifies whether to show this mount in the UI-specific listing endpoint + /// + [Input("listingVisibility")] + public Input? ListingVisibility { get; set; } + /// /// Boolean flag that can be explicitly set to true to enforce local mount in HA environment /// @@ -606,12 +678,30 @@ public InputList Oracles set => _oracles = value; } + [Input("passthroughRequestHeaders")] + private InputList? _passthroughRequestHeaders; + + /// + /// List of headers to allow and pass from the request to the plugin + /// + public InputList PassthroughRequestHeaders + { + get => _passthroughRequestHeaders ?? (_passthroughRequestHeaders = new InputList()); + set => _passthroughRequestHeaders = value; + } + /// /// Where the secret backend will be mounted /// [Input("path", required: true)] public Input Path { get; set; } = null!; + /// + /// Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + /// + [Input("pluginVersion")] + public Input? PluginVersion { get; set; } + [Input("postgresqls")] private InputList? _postgresqls; @@ -711,6 +801,18 @@ public InputList AllowedManagedKeys set => _allowedManagedKeys = value; } + [Input("allowedResponseHeaders")] + private InputList? _allowedResponseHeaders; + + /// + /// List of headers to allow and pass from the request to the plugin + /// + public InputList AllowedResponseHeaders + { + get => _allowedResponseHeaders ?? (_allowedResponseHeaders = new InputList()); + set => _allowedResponseHeaders = value; + } + [Input("auditNonHmacRequestKeys")] private InputList? _auditNonHmacRequestKeys; @@ -767,6 +869,18 @@ public InputList Couchbases [Input("defaultLeaseTtlSeconds")] public Input? DefaultLeaseTtlSeconds { get; set; } + [Input("delegatedAuthAccessors")] + private InputList? _delegatedAuthAccessors; + + /// + /// List of headers to allow and pass from the request to the plugin + /// + public InputList DelegatedAuthAccessors + { + get => _delegatedAuthAccessors ?? (_delegatedAuthAccessors = new InputList()); + set => _delegatedAuthAccessors = value; + } + /// /// Human-friendly description of the mount /// @@ -811,6 +925,12 @@ public InputList Hanas set => _hanas = value; } + /// + /// The key to use for signing plugin workload identity tokens + /// + [Input("identityTokenKey")] + public Input? IdentityTokenKey { get; set; } + [Input("influxdbs")] private InputList? _influxdbs; @@ -824,6 +944,12 @@ public InputList Influxdbs set => _influxdbs = value; } + /// + /// Specifies whether to show this mount in the UI-specific listing endpoint + /// + [Input("listingVisibility")] + public Input? ListingVisibility { get; set; } + /// /// Boolean flag that can be explicitly set to true to enforce local mount in HA environment /// @@ -958,12 +1084,30 @@ public InputList Oracles set => _oracles = value; } + [Input("passthroughRequestHeaders")] + private InputList? _passthroughRequestHeaders; + + /// + /// List of headers to allow and pass from the request to the plugin + /// + public InputList PassthroughRequestHeaders + { + get => _passthroughRequestHeaders ?? (_passthroughRequestHeaders = new InputList()); + set => _passthroughRequestHeaders = value; + } + /// /// Where the secret backend will be mounted /// [Input("path")] public Input? Path { get; set; } + /// + /// Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + /// + [Input("pluginVersion")] + public Input? PluginVersion { get; set; } + [Input("postgresqls")] private InputList? _postgresqls; diff --git a/sdk/dotnet/Gcp/AuthBackend.cs b/sdk/dotnet/Gcp/AuthBackend.cs index 8caddb7b6..5ef8117f3 100644 --- a/sdk/dotnet/Gcp/AuthBackend.cs +++ b/sdk/dotnet/Gcp/AuthBackend.cs @@ -12,6 +12,28 @@ namespace Pulumi.Vault.Gcp /// /// Provides a resource to configure the [GCP auth backend within Vault](https://www.vaultproject.io/docs/auth/gcp.html). /// + /// ## Example Usage + /// + /// You can setup the GCP auth backend with Workload Identity Federation (WIF) for a secret-less configuration: + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Vault = Pulumi.Vault; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var gcp = new Vault.Gcp.AuthBackend("gcp", new() + /// { + /// IdentityTokenKey = "example-key", + /// IdentityTokenTtl = 1800, + /// IdentityTokenAudience = "<TOKEN_AUDIENCE>", + /// ServiceAccountEmail = "<SERVICE_ACCOUNT_EMAIL>", + /// }); + /// + /// }); + /// ``` + /// /// ## Import /// /// GCP authentication backends can be imported using the backend name, e.g. @@ -72,6 +94,27 @@ public partial class AuthBackend : global::Pulumi.CustomResource [Output("disableRemount")] public Output DisableRemount { get; private set; } = null!; + /// + /// The audience claim value for plugin identity + /// tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare). + /// Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + /// + [Output("identityTokenAudience")] + public Output IdentityTokenAudience { get; private set; } = null!; + + /// + /// The key to use for signing plugin identity + /// tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*. + /// + [Output("identityTokenKey")] + public Output IdentityTokenKey { get; private set; } = null!; + + /// + /// The TTL of generated tokens. + /// + [Output("identityTokenTtl")] + public Output IdentityTokenTtl { get; private set; } = null!; + /// /// Specifies if the auth method is local only. /// @@ -105,6 +148,13 @@ public partial class AuthBackend : global::Pulumi.CustomResource [Output("projectId")] public Output ProjectId { get; private set; } = null!; + /// + /// Service Account to impersonate for plugin workload identity federation. + /// Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + /// + [Output("serviceAccountEmail")] + public Output ServiceAccountEmail { get; private set; } = null!; + /// /// Extra configuration block. Structure is documented below. /// @@ -216,6 +266,27 @@ public Input? Credentials [Input("disableRemount")] public Input? DisableRemount { get; set; } + /// + /// The audience claim value for plugin identity + /// tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare). + /// Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + /// + [Input("identityTokenAudience")] + public Input? IdentityTokenAudience { get; set; } + + /// + /// The key to use for signing plugin identity + /// tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*. + /// + [Input("identityTokenKey")] + public Input? IdentityTokenKey { get; set; } + + /// + /// The TTL of generated tokens. + /// + [Input("identityTokenTtl")] + public Input? IdentityTokenTtl { get; set; } + /// /// Specifies if the auth method is local only. /// @@ -249,6 +320,13 @@ public Input? Credentials [Input("projectId")] public Input? ProjectId { get; set; } + /// + /// Service Account to impersonate for plugin workload identity federation. + /// Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + /// + [Input("serviceAccountEmail")] + public Input? ServiceAccountEmail { get; set; } + /// /// Extra configuration block. Structure is documented below. /// @@ -324,6 +402,27 @@ public Input? Credentials [Input("disableRemount")] public Input? DisableRemount { get; set; } + /// + /// The audience claim value for plugin identity + /// tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare). + /// Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + /// + [Input("identityTokenAudience")] + public Input? IdentityTokenAudience { get; set; } + + /// + /// The key to use for signing plugin identity + /// tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*. + /// + [Input("identityTokenKey")] + public Input? IdentityTokenKey { get; set; } + + /// + /// The TTL of generated tokens. + /// + [Input("identityTokenTtl")] + public Input? IdentityTokenTtl { get; set; } + /// /// Specifies if the auth method is local only. /// @@ -357,6 +456,13 @@ public Input? Credentials [Input("projectId")] public Input? ProjectId { get; set; } + /// + /// Service Account to impersonate for plugin workload identity federation. + /// Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + /// + [Input("serviceAccountEmail")] + public Input? ServiceAccountEmail { get; set; } + /// /// Extra configuration block. Structure is documented below. /// diff --git a/sdk/dotnet/Gcp/SecretBackend.cs b/sdk/dotnet/Gcp/SecretBackend.cs index 377b57d21..eeed6a567 100644 --- a/sdk/dotnet/Gcp/SecretBackend.cs +++ b/sdk/dotnet/Gcp/SecretBackend.cs @@ -12,6 +12,26 @@ namespace Pulumi.Vault.Gcp /// /// ## Example Usage /// + /// You can setup the GCP secret backend with Workload Identity Federation (WIF) for a secret-less configuration: + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Vault = Pulumi.Vault; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var gcp = new Vault.Gcp.SecretBackend("gcp", new() + /// { + /// IdentityTokenKey = "example-key", + /// IdentityTokenTtl = 1800, + /// IdentityTokenAudience = "<TOKEN_AUDIENCE>", + /// ServiceAccountEmail = "<SERVICE_ACCOUNT_EMAIL>", + /// }); + /// + /// }); + /// ``` + /// /// ```csharp /// using System.Collections.Generic; /// using System.Linq; @@ -35,6 +55,12 @@ namespace Pulumi.Vault.Gcp [VaultResourceType("vault:gcp/secretBackend:SecretBackend")] public partial class SecretBackend : global::Pulumi.CustomResource { + /// + /// The accessor of the created GCP mount. + /// + [Output("accessor")] + public Output Accessor { get; private set; } = null!; + /// /// JSON-encoded credentials to use to connect to GCP /// @@ -61,6 +87,27 @@ public partial class SecretBackend : global::Pulumi.CustomResource [Output("disableRemount")] public Output DisableRemount { get; private set; } = null!; + /// + /// The audience claim value for plugin identity + /// tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare). + /// Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + /// + [Output("identityTokenAudience")] + public Output IdentityTokenAudience { get; private set; } = null!; + + /// + /// The key to use for signing plugin identity + /// tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*. + /// + [Output("identityTokenKey")] + public Output IdentityTokenKey { get; private set; } = null!; + + /// + /// The TTL of generated tokens. + /// + [Output("identityTokenTtl")] + public Output IdentityTokenTtl { get; private set; } = null!; + /// /// Boolean flag that can be explicitly set to true to enforce local mount in HA environment /// @@ -90,6 +137,13 @@ public partial class SecretBackend : global::Pulumi.CustomResource [Output("path")] public Output Path { get; private set; } = null!; + /// + /// Service Account to impersonate for plugin workload identity federation. + /// Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + /// + [Output("serviceAccountEmail")] + public Output ServiceAccountEmail { get; private set; } = null!; + /// /// Create a SecretBackend resource with the given unique name, arguments, and options. @@ -176,6 +230,27 @@ public Input? Credentials [Input("disableRemount")] public Input? DisableRemount { get; set; } + /// + /// The audience claim value for plugin identity + /// tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare). + /// Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + /// + [Input("identityTokenAudience")] + public Input? IdentityTokenAudience { get; set; } + + /// + /// The key to use for signing plugin identity + /// tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*. + /// + [Input("identityTokenKey")] + public Input? IdentityTokenKey { get; set; } + + /// + /// The TTL of generated tokens. + /// + [Input("identityTokenTtl")] + public Input? IdentityTokenTtl { get; set; } + /// /// Boolean flag that can be explicitly set to true to enforce local mount in HA environment /// @@ -205,6 +280,13 @@ public Input? Credentials [Input("path")] public Input? Path { get; set; } + /// + /// Service Account to impersonate for plugin workload identity federation. + /// Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + /// + [Input("serviceAccountEmail")] + public Input? ServiceAccountEmail { get; set; } + public SecretBackendArgs() { } @@ -213,6 +295,12 @@ public SecretBackendArgs() public sealed class SecretBackendState : global::Pulumi.ResourceArgs { + /// + /// The accessor of the created GCP mount. + /// + [Input("accessor")] + public Input? Accessor { get; set; } + [Input("credentials")] private Input? _credentials; @@ -249,6 +337,27 @@ public Input? Credentials [Input("disableRemount")] public Input? DisableRemount { get; set; } + /// + /// The audience claim value for plugin identity + /// tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare). + /// Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + /// + [Input("identityTokenAudience")] + public Input? IdentityTokenAudience { get; set; } + + /// + /// The key to use for signing plugin identity + /// tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*. + /// + [Input("identityTokenKey")] + public Input? IdentityTokenKey { get; set; } + + /// + /// The TTL of generated tokens. + /// + [Input("identityTokenTtl")] + public Input? IdentityTokenTtl { get; set; } + /// /// Boolean flag that can be explicitly set to true to enforce local mount in HA environment /// @@ -278,6 +387,13 @@ public Input? Credentials [Input("path")] public Input? Path { get; set; } + /// + /// Service Account to impersonate for plugin workload identity federation. + /// Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + /// + [Input("serviceAccountEmail")] + public Input? ServiceAccountEmail { get; set; } + public SecretBackendState() { } diff --git a/sdk/dotnet/Jwt/AuthBackendRole.cs b/sdk/dotnet/Jwt/AuthBackendRole.cs index 80524d239..c49839ec5 100644 --- a/sdk/dotnet/Jwt/AuthBackendRole.cs +++ b/sdk/dotnet/Jwt/AuthBackendRole.cs @@ -119,9 +119,8 @@ public partial class AuthBackendRole : global::Pulumi.CustomResource public Output Backend { get; private set; } = null!; /// - /// (For "jwt" roles, at least one of `bound_audiences`, `bound_subject`, `bound_claims` - /// or `token_bound_cidrs` is required. Optional for "oidc" roles.) List of `aud` claims to match against. - /// Any match is sufficient. + /// (Required for roles of type `jwt`, optional for roles of + /// type `oidc`) List of `aud` claims to match against. Any match is sufficient. /// [Output("boundAudiences")] public Output> BoundAudiences { get; private set; } = null!; @@ -172,7 +171,7 @@ public partial class AuthBackendRole : global::Pulumi.CustomResource /// /// The amount of leeway to add to expiration (`exp`) claims to account for - /// clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`. + /// clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`. /// Only applicable with "jwt" roles. /// [Output("expirationLeeway")] @@ -205,7 +204,7 @@ public partial class AuthBackendRole : global::Pulumi.CustomResource /// /// The amount of leeway to add to not before (`nbf`) claims to account for - /// clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`. + /// clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`. /// Only applicable with "jwt" roles. /// [Output("notBeforeLeeway")] @@ -379,9 +378,8 @@ public InputList AllowedRedirectUris private InputList? _boundAudiences; /// - /// (For "jwt" roles, at least one of `bound_audiences`, `bound_subject`, `bound_claims` - /// or `token_bound_cidrs` is required. Optional for "oidc" roles.) List of `aud` claims to match against. - /// Any match is sufficient. + /// (Required for roles of type `jwt`, optional for roles of + /// type `oidc`) List of `aud` claims to match against. Any match is sufficient. /// public InputList BoundAudiences { @@ -447,7 +445,7 @@ public InputMap ClaimMappings /// /// The amount of leeway to add to expiration (`exp`) claims to account for - /// clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`. + /// clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`. /// Only applicable with "jwt" roles. /// [Input("expirationLeeway")] @@ -480,7 +478,7 @@ public InputMap ClaimMappings /// /// The amount of leeway to add to not before (`nbf`) claims to account for - /// clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`. + /// clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`. /// Only applicable with "jwt" roles. /// [Input("notBeforeLeeway")] @@ -634,9 +632,8 @@ public InputList AllowedRedirectUris private InputList? _boundAudiences; /// - /// (For "jwt" roles, at least one of `bound_audiences`, `bound_subject`, `bound_claims` - /// or `token_bound_cidrs` is required. Optional for "oidc" roles.) List of `aud` claims to match against. - /// Any match is sufficient. + /// (Required for roles of type `jwt`, optional for roles of + /// type `oidc`) List of `aud` claims to match against. Any match is sufficient. /// public InputList BoundAudiences { @@ -702,7 +699,7 @@ public InputMap ClaimMappings /// /// The amount of leeway to add to expiration (`exp`) claims to account for - /// clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`. + /// clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`. /// Only applicable with "jwt" roles. /// [Input("expirationLeeway")] @@ -735,7 +732,7 @@ public InputMap ClaimMappings /// /// The amount of leeway to add to not before (`nbf`) claims to account for - /// clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`. + /// clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`. /// Only applicable with "jwt" roles. /// [Input("notBeforeLeeway")] diff --git a/sdk/dotnet/Kubernetes/SecretBackend.cs b/sdk/dotnet/Kubernetes/SecretBackend.cs index a69bca8d0..bd79241d5 100644 --- a/sdk/dotnet/Kubernetes/SecretBackend.cs +++ b/sdk/dotnet/Kubernetes/SecretBackend.cs @@ -65,6 +65,12 @@ public partial class SecretBackend : global::Pulumi.CustomResource [Output("allowedManagedKeys")] public Output> AllowedManagedKeys { get; private set; } = null!; + /// + /// List of headers to allow and pass from the request to the plugin + /// + [Output("allowedResponseHeaders")] + public Output> AllowedResponseHeaders { get; private set; } = null!; + /// /// Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. /// @@ -83,6 +89,12 @@ public partial class SecretBackend : global::Pulumi.CustomResource [Output("defaultLeaseTtlSeconds")] public Output DefaultLeaseTtlSeconds { get; private set; } = null!; + /// + /// List of headers to allow and pass from the request to the plugin + /// + [Output("delegatedAuthAccessors")] + public Output> DelegatedAuthAccessors { get; private set; } = null!; + /// /// Human-friendly description of the mount /// @@ -102,6 +114,12 @@ public partial class SecretBackend : global::Pulumi.CustomResource [Output("externalEntropyAccess")] public Output ExternalEntropyAccess { get; private set; } = null!; + /// + /// The key to use for signing plugin workload identity tokens + /// + [Output("identityTokenKey")] + public Output IdentityTokenKey { get; private set; } = null!; + /// /// A PEM-encoded CA certificate used by the /// secrets engine to verify the Kubernetes API server certificate. Defaults to the local @@ -119,6 +137,12 @@ public partial class SecretBackend : global::Pulumi.CustomResource [Output("kubernetesHost")] public Output KubernetesHost { get; private set; } = null!; + /// + /// Specifies whether to show this mount in the UI-specific listing endpoint + /// + [Output("listingVisibility")] + public Output ListingVisibility { get; private set; } = null!; + /// /// Local mount flag that can be explicitly set to true to enforce local mount in HA environment /// @@ -146,12 +170,24 @@ public partial class SecretBackend : global::Pulumi.CustomResource [Output("options")] public Output?> Options { get; private set; } = null!; + /// + /// List of headers to allow and pass from the request to the plugin + /// + [Output("passthroughRequestHeaders")] + public Output> PassthroughRequestHeaders { get; private set; } = null!; + /// /// Where the secret backend will be mounted /// [Output("path")] public Output Path { get; private set; } = null!; + /// + /// Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + /// + [Output("pluginVersion")] + public Output PluginVersion { get; private set; } = null!; + /// /// Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability /// @@ -228,6 +264,18 @@ public InputList AllowedManagedKeys set => _allowedManagedKeys = value; } + [Input("allowedResponseHeaders")] + private InputList? _allowedResponseHeaders; + + /// + /// List of headers to allow and pass from the request to the plugin + /// + public InputList AllowedResponseHeaders + { + get => _allowedResponseHeaders ?? (_allowedResponseHeaders = new InputList()); + set => _allowedResponseHeaders = value; + } + [Input("auditNonHmacRequestKeys")] private InputList? _auditNonHmacRequestKeys; @@ -258,6 +306,18 @@ public InputList AuditNonHmacResponseKeys [Input("defaultLeaseTtlSeconds")] public Input? DefaultLeaseTtlSeconds { get; set; } + [Input("delegatedAuthAccessors")] + private InputList? _delegatedAuthAccessors; + + /// + /// List of headers to allow and pass from the request to the plugin + /// + public InputList DelegatedAuthAccessors + { + get => _delegatedAuthAccessors ?? (_delegatedAuthAccessors = new InputList()); + set => _delegatedAuthAccessors = value; + } + /// /// Human-friendly description of the mount /// @@ -277,6 +337,12 @@ public InputList AuditNonHmacResponseKeys [Input("externalEntropyAccess")] public Input? ExternalEntropyAccess { get; set; } + /// + /// The key to use for signing plugin workload identity tokens + /// + [Input("identityTokenKey")] + public Input? IdentityTokenKey { get; set; } + /// /// A PEM-encoded CA certificate used by the /// secrets engine to verify the Kubernetes API server certificate. Defaults to the local @@ -294,6 +360,12 @@ public InputList AuditNonHmacResponseKeys [Input("kubernetesHost")] public Input? KubernetesHost { get; set; } + /// + /// Specifies whether to show this mount in the UI-specific listing endpoint + /// + [Input("listingVisibility")] + public Input? ListingVisibility { get; set; } + /// /// Local mount flag that can be explicitly set to true to enforce local mount in HA environment /// @@ -327,12 +399,30 @@ public InputMap Options set => _options = value; } + [Input("passthroughRequestHeaders")] + private InputList? _passthroughRequestHeaders; + + /// + /// List of headers to allow and pass from the request to the plugin + /// + public InputList PassthroughRequestHeaders + { + get => _passthroughRequestHeaders ?? (_passthroughRequestHeaders = new InputList()); + set => _passthroughRequestHeaders = value; + } + /// /// Where the secret backend will be mounted /// [Input("path", required: true)] public Input Path { get; set; } = null!; + /// + /// Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + /// + [Input("pluginVersion")] + public Input? PluginVersion { get; set; } + /// /// Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability /// @@ -383,6 +473,18 @@ public InputList AllowedManagedKeys set => _allowedManagedKeys = value; } + [Input("allowedResponseHeaders")] + private InputList? _allowedResponseHeaders; + + /// + /// List of headers to allow and pass from the request to the plugin + /// + public InputList AllowedResponseHeaders + { + get => _allowedResponseHeaders ?? (_allowedResponseHeaders = new InputList()); + set => _allowedResponseHeaders = value; + } + [Input("auditNonHmacRequestKeys")] private InputList? _auditNonHmacRequestKeys; @@ -413,6 +515,18 @@ public InputList AuditNonHmacResponseKeys [Input("defaultLeaseTtlSeconds")] public Input? DefaultLeaseTtlSeconds { get; set; } + [Input("delegatedAuthAccessors")] + private InputList? _delegatedAuthAccessors; + + /// + /// List of headers to allow and pass from the request to the plugin + /// + public InputList DelegatedAuthAccessors + { + get => _delegatedAuthAccessors ?? (_delegatedAuthAccessors = new InputList()); + set => _delegatedAuthAccessors = value; + } + /// /// Human-friendly description of the mount /// @@ -432,6 +546,12 @@ public InputList AuditNonHmacResponseKeys [Input("externalEntropyAccess")] public Input? ExternalEntropyAccess { get; set; } + /// + /// The key to use for signing plugin workload identity tokens + /// + [Input("identityTokenKey")] + public Input? IdentityTokenKey { get; set; } + /// /// A PEM-encoded CA certificate used by the /// secrets engine to verify the Kubernetes API server certificate. Defaults to the local @@ -449,6 +569,12 @@ public InputList AuditNonHmacResponseKeys [Input("kubernetesHost")] public Input? KubernetesHost { get; set; } + /// + /// Specifies whether to show this mount in the UI-specific listing endpoint + /// + [Input("listingVisibility")] + public Input? ListingVisibility { get; set; } + /// /// Local mount flag that can be explicitly set to true to enforce local mount in HA environment /// @@ -482,12 +608,30 @@ public InputMap Options set => _options = value; } + [Input("passthroughRequestHeaders")] + private InputList? _passthroughRequestHeaders; + + /// + /// List of headers to allow and pass from the request to the plugin + /// + public InputList PassthroughRequestHeaders + { + get => _passthroughRequestHeaders ?? (_passthroughRequestHeaders = new InputList()); + set => _passthroughRequestHeaders = value; + } + /// /// Where the secret backend will be mounted /// [Input("path")] public Input? Path { get; set; } + /// + /// Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + /// + [Input("pluginVersion")] + public Input? PluginVersion { get; set; } + /// /// Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability /// diff --git a/sdk/dotnet/Ldap/SecretBackend.cs b/sdk/dotnet/Ldap/SecretBackend.cs index c4d5a39a8..23ed398f0 100644 --- a/sdk/dotnet/Ldap/SecretBackend.cs +++ b/sdk/dotnet/Ldap/SecretBackend.cs @@ -56,6 +56,12 @@ public partial class SecretBackend : global::Pulumi.CustomResource [Output("allowedManagedKeys")] public Output> AllowedManagedKeys { get; private set; } = null!; + /// + /// List of headers to allow and pass from the request to the plugin + /// + [Output("allowedResponseHeaders")] + public Output> AllowedResponseHeaders { get; private set; } = null!; + /// /// Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. /// @@ -112,6 +118,12 @@ public partial class SecretBackend : global::Pulumi.CustomResource [Output("defaultLeaseTtlSeconds")] public Output DefaultLeaseTtlSeconds { get; private set; } = null!; + /// + /// List of headers to allow and pass from the request to the plugin + /// + [Output("delegatedAuthAccessors")] + public Output> DelegatedAuthAccessors { get; private set; } = null!; + /// /// Human-friendly description of the mount for the Active Directory backend. /// @@ -130,6 +142,12 @@ public partial class SecretBackend : global::Pulumi.CustomResource [Output("externalEntropyAccess")] public Output ExternalEntropyAccess { get; private set; } = null!; + /// + /// The key to use for signing plugin workload identity tokens + /// + [Output("identityTokenKey")] + public Output IdentityTokenKey { get; private set; } = null!; + /// /// Skip LDAP server SSL Certificate verification. This is not recommended for production. /// Defaults to `false`. @@ -137,6 +155,12 @@ public partial class SecretBackend : global::Pulumi.CustomResource [Output("insecureTls")] public Output InsecureTls { get; private set; } = null!; + /// + /// Specifies whether to show this mount in the UI-specific listing endpoint + /// + [Output("listingVisibility")] + public Output ListingVisibility { get; private set; } = null!; + /// /// Mark the secrets engine as local-only. Local engines are not replicated or removed by /// replication.Tolerance duration to use when checking the last rotation time. @@ -165,6 +189,12 @@ public partial class SecretBackend : global::Pulumi.CustomResource [Output("options")] public Output?> Options { get; private set; } = null!; + /// + /// List of headers to allow and pass from the request to the plugin + /// + [Output("passthroughRequestHeaders")] + public Output> PassthroughRequestHeaders { get; private set; } = null!; + /// /// Name of the password policy to use to generate passwords. /// @@ -178,6 +208,12 @@ public partial class SecretBackend : global::Pulumi.CustomResource [Output("path")] public Output Path { get; private set; } = null!; + /// + /// Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + /// + [Output("pluginVersion")] + public Output PluginVersion { get; private set; } = null!; + /// /// Timeout, in seconds, for the connection when making requests against the server /// before returning back an error. @@ -299,6 +335,18 @@ public InputList AllowedManagedKeys set => _allowedManagedKeys = value; } + [Input("allowedResponseHeaders")] + private InputList? _allowedResponseHeaders; + + /// + /// List of headers to allow and pass from the request to the plugin + /// + public InputList AllowedResponseHeaders + { + get => _allowedResponseHeaders ?? (_allowedResponseHeaders = new InputList()); + set => _allowedResponseHeaders = value; + } + [Input("auditNonHmacRequestKeys")] private InputList? _auditNonHmacRequestKeys; @@ -397,6 +445,18 @@ public Input? ClientTlsKey [Input("defaultLeaseTtlSeconds")] public Input? DefaultLeaseTtlSeconds { get; set; } + [Input("delegatedAuthAccessors")] + private InputList? _delegatedAuthAccessors; + + /// + /// List of headers to allow and pass from the request to the plugin + /// + public InputList DelegatedAuthAccessors + { + get => _delegatedAuthAccessors ?? (_delegatedAuthAccessors = new InputList()); + set => _delegatedAuthAccessors = value; + } + /// /// Human-friendly description of the mount for the Active Directory backend. /// @@ -415,6 +475,12 @@ public Input? ClientTlsKey [Input("externalEntropyAccess")] public Input? ExternalEntropyAccess { get; set; } + /// + /// The key to use for signing plugin workload identity tokens + /// + [Input("identityTokenKey")] + public Input? IdentityTokenKey { get; set; } + /// /// Skip LDAP server SSL Certificate verification. This is not recommended for production. /// Defaults to `false`. @@ -422,6 +488,12 @@ public Input? ClientTlsKey [Input("insecureTls")] public Input? InsecureTls { get; set; } + /// + /// Specifies whether to show this mount in the UI-specific listing endpoint + /// + [Input("listingVisibility")] + public Input? ListingVisibility { get; set; } + /// /// Mark the secrets engine as local-only. Local engines are not replicated or removed by /// replication.Tolerance duration to use when checking the last rotation time. @@ -456,6 +528,18 @@ public InputMap Options set => _options = value; } + [Input("passthroughRequestHeaders")] + private InputList? _passthroughRequestHeaders; + + /// + /// List of headers to allow and pass from the request to the plugin + /// + public InputList PassthroughRequestHeaders + { + get => _passthroughRequestHeaders ?? (_passthroughRequestHeaders = new InputList()); + set => _passthroughRequestHeaders = value; + } + /// /// Name of the password policy to use to generate passwords. /// @@ -469,6 +553,12 @@ public InputMap Options [Input("path")] public Input? Path { get; set; } + /// + /// Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + /// + [Input("pluginVersion")] + public Input? PluginVersion { get; set; } + /// /// Timeout, in seconds, for the connection when making requests against the server /// before returning back an error. @@ -552,6 +642,18 @@ public InputList AllowedManagedKeys set => _allowedManagedKeys = value; } + [Input("allowedResponseHeaders")] + private InputList? _allowedResponseHeaders; + + /// + /// List of headers to allow and pass from the request to the plugin + /// + public InputList AllowedResponseHeaders + { + get => _allowedResponseHeaders ?? (_allowedResponseHeaders = new InputList()); + set => _allowedResponseHeaders = value; + } + [Input("auditNonHmacRequestKeys")] private InputList? _auditNonHmacRequestKeys; @@ -650,6 +752,18 @@ public Input? ClientTlsKey [Input("defaultLeaseTtlSeconds")] public Input? DefaultLeaseTtlSeconds { get; set; } + [Input("delegatedAuthAccessors")] + private InputList? _delegatedAuthAccessors; + + /// + /// List of headers to allow and pass from the request to the plugin + /// + public InputList DelegatedAuthAccessors + { + get => _delegatedAuthAccessors ?? (_delegatedAuthAccessors = new InputList()); + set => _delegatedAuthAccessors = value; + } + /// /// Human-friendly description of the mount for the Active Directory backend. /// @@ -668,6 +782,12 @@ public Input? ClientTlsKey [Input("externalEntropyAccess")] public Input? ExternalEntropyAccess { get; set; } + /// + /// The key to use for signing plugin workload identity tokens + /// + [Input("identityTokenKey")] + public Input? IdentityTokenKey { get; set; } + /// /// Skip LDAP server SSL Certificate verification. This is not recommended for production. /// Defaults to `false`. @@ -675,6 +795,12 @@ public Input? ClientTlsKey [Input("insecureTls")] public Input? InsecureTls { get; set; } + /// + /// Specifies whether to show this mount in the UI-specific listing endpoint + /// + [Input("listingVisibility")] + public Input? ListingVisibility { get; set; } + /// /// Mark the secrets engine as local-only. Local engines are not replicated or removed by /// replication.Tolerance duration to use when checking the last rotation time. @@ -709,6 +835,18 @@ public InputMap Options set => _options = value; } + [Input("passthroughRequestHeaders")] + private InputList? _passthroughRequestHeaders; + + /// + /// List of headers to allow and pass from the request to the plugin + /// + public InputList PassthroughRequestHeaders + { + get => _passthroughRequestHeaders ?? (_passthroughRequestHeaders = new InputList()); + set => _passthroughRequestHeaders = value; + } + /// /// Name of the password policy to use to generate passwords. /// @@ -722,6 +860,12 @@ public InputMap Options [Input("path")] public Input? Path { get; set; } + /// + /// Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + /// + [Input("pluginVersion")] + public Input? PluginVersion { get; set; } + /// /// Timeout, in seconds, for the connection when making requests against the server /// before returning back an error. diff --git a/sdk/dotnet/Mount.cs b/sdk/dotnet/Mount.cs index 688f44b94..d770c1b37 100644 --- a/sdk/dotnet/Mount.cs +++ b/sdk/dotnet/Mount.cs @@ -120,6 +120,13 @@ public partial class Mount : global::Pulumi.CustomResource [Output("allowedManagedKeys")] public Output> AllowedManagedKeys { get; private set; } = null!; + /// + /// List of headers to allow, allowing a plugin to include + /// them in the response. + /// + [Output("allowedResponseHeaders")] + public Output> AllowedResponseHeaders { get; private set; } = null!; + /// /// Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. /// @@ -138,6 +145,13 @@ public partial class Mount : global::Pulumi.CustomResource [Output("defaultLeaseTtlSeconds")] public Output DefaultLeaseTtlSeconds { get; private set; } = null!; + /// + /// List of allowed authentication mount accessors the + /// backend can request delegated authentication for. + /// + [Output("delegatedAuthAccessors")] + public Output> DelegatedAuthAccessors { get; private set; } = null!; + /// /// Human-friendly description of the mount /// @@ -150,6 +164,19 @@ public partial class Mount : global::Pulumi.CustomResource [Output("externalEntropyAccess")] public Output ExternalEntropyAccess { get; private set; } = null!; + /// + /// The key to use for signing plugin workload identity tokens. If + /// not provided, this will default to Vault's OIDC default key. + /// + [Output("identityTokenKey")] + public Output IdentityTokenKey { get; private set; } = null!; + + /// + /// Specifies whether to show this mount in the UI-specific listing endpoint + /// + [Output("listingVisibility")] + public Output ListingVisibility { get; private set; } = null!; + /// /// Boolean flag that can be explicitly set to true to enforce local mount in HA environment /// @@ -177,12 +204,27 @@ public partial class Mount : global::Pulumi.CustomResource [Output("options")] public Output?> Options { get; private set; } = null!; + /// + /// List of headers to allow and pass from the request to + /// the plugin. + /// + [Output("passthroughRequestHeaders")] + public Output> PassthroughRequestHeaders { get; private set; } = null!; + /// /// Where the secret backend will be mounted /// [Output("path")] public Output Path { get; private set; } = null!; + /// + /// Specifies the semantic version of the plugin to use, e.g. "v1.0.0". + /// If unspecified, the server will select any matching unversioned plugin that may have been + /// registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence. + /// + [Output("pluginVersion")] + public Output PluginVersion { get; private set; } = null!; + /// /// Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability /// @@ -253,6 +295,19 @@ public InputList AllowedManagedKeys set => _allowedManagedKeys = value; } + [Input("allowedResponseHeaders")] + private InputList? _allowedResponseHeaders; + + /// + /// List of headers to allow, allowing a plugin to include + /// them in the response. + /// + public InputList AllowedResponseHeaders + { + get => _allowedResponseHeaders ?? (_allowedResponseHeaders = new InputList()); + set => _allowedResponseHeaders = value; + } + [Input("auditNonHmacRequestKeys")] private InputList? _auditNonHmacRequestKeys; @@ -283,6 +338,19 @@ public InputList AuditNonHmacResponseKeys [Input("defaultLeaseTtlSeconds")] public Input? DefaultLeaseTtlSeconds { get; set; } + [Input("delegatedAuthAccessors")] + private InputList? _delegatedAuthAccessors; + + /// + /// List of allowed authentication mount accessors the + /// backend can request delegated authentication for. + /// + public InputList DelegatedAuthAccessors + { + get => _delegatedAuthAccessors ?? (_delegatedAuthAccessors = new InputList()); + set => _delegatedAuthAccessors = value; + } + /// /// Human-friendly description of the mount /// @@ -295,6 +363,19 @@ public InputList AuditNonHmacResponseKeys [Input("externalEntropyAccess")] public Input? ExternalEntropyAccess { get; set; } + /// + /// The key to use for signing plugin workload identity tokens. If + /// not provided, this will default to Vault's OIDC default key. + /// + [Input("identityTokenKey")] + public Input? IdentityTokenKey { get; set; } + + /// + /// Specifies whether to show this mount in the UI-specific listing endpoint + /// + [Input("listingVisibility")] + public Input? ListingVisibility { get; set; } + /// /// Boolean flag that can be explicitly set to true to enforce local mount in HA environment /// @@ -328,12 +409,33 @@ public InputMap Options set => _options = value; } + [Input("passthroughRequestHeaders")] + private InputList? _passthroughRequestHeaders; + + /// + /// List of headers to allow and pass from the request to + /// the plugin. + /// + public InputList PassthroughRequestHeaders + { + get => _passthroughRequestHeaders ?? (_passthroughRequestHeaders = new InputList()); + set => _passthroughRequestHeaders = value; + } + /// /// Where the secret backend will be mounted /// [Input("path", required: true)] public Input Path { get; set; } = null!; + /// + /// Specifies the semantic version of the plugin to use, e.g. "v1.0.0". + /// If unspecified, the server will select any matching unversioned plugin that may have been + /// registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence. + /// + [Input("pluginVersion")] + public Input? PluginVersion { get; set; } + /// /// Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability /// @@ -372,6 +474,19 @@ public InputList AllowedManagedKeys set => _allowedManagedKeys = value; } + [Input("allowedResponseHeaders")] + private InputList? _allowedResponseHeaders; + + /// + /// List of headers to allow, allowing a plugin to include + /// them in the response. + /// + public InputList AllowedResponseHeaders + { + get => _allowedResponseHeaders ?? (_allowedResponseHeaders = new InputList()); + set => _allowedResponseHeaders = value; + } + [Input("auditNonHmacRequestKeys")] private InputList? _auditNonHmacRequestKeys; @@ -402,6 +517,19 @@ public InputList AuditNonHmacResponseKeys [Input("defaultLeaseTtlSeconds")] public Input? DefaultLeaseTtlSeconds { get; set; } + [Input("delegatedAuthAccessors")] + private InputList? _delegatedAuthAccessors; + + /// + /// List of allowed authentication mount accessors the + /// backend can request delegated authentication for. + /// + public InputList DelegatedAuthAccessors + { + get => _delegatedAuthAccessors ?? (_delegatedAuthAccessors = new InputList()); + set => _delegatedAuthAccessors = value; + } + /// /// Human-friendly description of the mount /// @@ -414,6 +542,19 @@ public InputList AuditNonHmacResponseKeys [Input("externalEntropyAccess")] public Input? ExternalEntropyAccess { get; set; } + /// + /// The key to use for signing plugin workload identity tokens. If + /// not provided, this will default to Vault's OIDC default key. + /// + [Input("identityTokenKey")] + public Input? IdentityTokenKey { get; set; } + + /// + /// Specifies whether to show this mount in the UI-specific listing endpoint + /// + [Input("listingVisibility")] + public Input? ListingVisibility { get; set; } + /// /// Boolean flag that can be explicitly set to true to enforce local mount in HA environment /// @@ -447,12 +588,33 @@ public InputMap Options set => _options = value; } + [Input("passthroughRequestHeaders")] + private InputList? _passthroughRequestHeaders; + + /// + /// List of headers to allow and pass from the request to + /// the plugin. + /// + public InputList PassthroughRequestHeaders + { + get => _passthroughRequestHeaders ?? (_passthroughRequestHeaders = new InputList()); + set => _passthroughRequestHeaders = value; + } + /// /// Where the secret backend will be mounted /// [Input("path")] public Input? Path { get; set; } + /// + /// Specifies the semantic version of the plugin to use, e.g. "v1.0.0". + /// If unspecified, the server will select any matching unversioned plugin that may have been + /// registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence. + /// + [Input("pluginVersion")] + public Input? PluginVersion { get; set; } + /// /// Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability /// diff --git a/sdk/dotnet/Okta/AuthBackend.cs b/sdk/dotnet/Okta/AuthBackend.cs index 42ecaa00e..35b2fc6c5 100644 --- a/sdk/dotnet/Okta/AuthBackend.cs +++ b/sdk/dotnet/Okta/AuthBackend.cs @@ -140,6 +140,60 @@ public partial class AuthBackend : global::Pulumi.CustomResource [Output("token")] public Output Token { get; private set; } = null!; + /// + /// Specifies the blocks of IP addresses which are allowed to use the generated token + /// + [Output("tokenBoundCidrs")] + public Output> TokenBoundCidrs { get; private set; } = null!; + + /// + /// Generated Token's Explicit Maximum TTL in seconds + /// + [Output("tokenExplicitMaxTtl")] + public Output TokenExplicitMaxTtl { get; private set; } = null!; + + /// + /// The maximum lifetime of the generated token + /// + [Output("tokenMaxTtl")] + public Output TokenMaxTtl { get; private set; } = null!; + + /// + /// If true, the 'default' policy will not automatically be added to generated tokens + /// + [Output("tokenNoDefaultPolicy")] + public Output TokenNoDefaultPolicy { get; private set; } = null!; + + /// + /// The maximum number of times a token may be used, a value of zero means unlimited + /// + [Output("tokenNumUses")] + public Output TokenNumUses { get; private set; } = null!; + + /// + /// Generated Token's Period + /// + [Output("tokenPeriod")] + public Output TokenPeriod { get; private set; } = null!; + + /// + /// Generated Token's Policies + /// + [Output("tokenPolicies")] + public Output> TokenPolicies { get; private set; } = null!; + + /// + /// The initial ttl of the token to generate in seconds + /// + [Output("tokenTtl")] + public Output TokenTtl { get; private set; } = null!; + + /// + /// The type of token to generate, service or batch + /// + [Output("tokenType")] + public Output TokenType { get; private set; } = null!; + /// /// Duration after which authentication will be expired. /// [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration). @@ -287,6 +341,72 @@ public Input? Token } } + [Input("tokenBoundCidrs")] + private InputList? _tokenBoundCidrs; + + /// + /// Specifies the blocks of IP addresses which are allowed to use the generated token + /// + public InputList TokenBoundCidrs + { + get => _tokenBoundCidrs ?? (_tokenBoundCidrs = new InputList()); + set => _tokenBoundCidrs = value; + } + + /// + /// Generated Token's Explicit Maximum TTL in seconds + /// + [Input("tokenExplicitMaxTtl")] + public Input? TokenExplicitMaxTtl { get; set; } + + /// + /// The maximum lifetime of the generated token + /// + [Input("tokenMaxTtl")] + public Input? TokenMaxTtl { get; set; } + + /// + /// If true, the 'default' policy will not automatically be added to generated tokens + /// + [Input("tokenNoDefaultPolicy")] + public Input? TokenNoDefaultPolicy { get; set; } + + /// + /// The maximum number of times a token may be used, a value of zero means unlimited + /// + [Input("tokenNumUses")] + public Input? TokenNumUses { get; set; } + + /// + /// Generated Token's Period + /// + [Input("tokenPeriod")] + public Input? TokenPeriod { get; set; } + + [Input("tokenPolicies")] + private InputList? _tokenPolicies; + + /// + /// Generated Token's Policies + /// + public InputList TokenPolicies + { + get => _tokenPolicies ?? (_tokenPolicies = new InputList()); + set => _tokenPolicies = value; + } + + /// + /// The initial ttl of the token to generate in seconds + /// + [Input("tokenTtl")] + public Input? TokenTtl { get; set; } + + /// + /// The type of token to generate, service or batch + /// + [Input("tokenType")] + public Input? TokenType { get; set; } + /// /// Duration after which authentication will be expired. /// [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration). @@ -404,6 +524,72 @@ public Input? Token } } + [Input("tokenBoundCidrs")] + private InputList? _tokenBoundCidrs; + + /// + /// Specifies the blocks of IP addresses which are allowed to use the generated token + /// + public InputList TokenBoundCidrs + { + get => _tokenBoundCidrs ?? (_tokenBoundCidrs = new InputList()); + set => _tokenBoundCidrs = value; + } + + /// + /// Generated Token's Explicit Maximum TTL in seconds + /// + [Input("tokenExplicitMaxTtl")] + public Input? TokenExplicitMaxTtl { get; set; } + + /// + /// The maximum lifetime of the generated token + /// + [Input("tokenMaxTtl")] + public Input? TokenMaxTtl { get; set; } + + /// + /// If true, the 'default' policy will not automatically be added to generated tokens + /// + [Input("tokenNoDefaultPolicy")] + public Input? TokenNoDefaultPolicy { get; set; } + + /// + /// The maximum number of times a token may be used, a value of zero means unlimited + /// + [Input("tokenNumUses")] + public Input? TokenNumUses { get; set; } + + /// + /// Generated Token's Period + /// + [Input("tokenPeriod")] + public Input? TokenPeriod { get; set; } + + [Input("tokenPolicies")] + private InputList? _tokenPolicies; + + /// + /// Generated Token's Policies + /// + public InputList TokenPolicies + { + get => _tokenPolicies ?? (_tokenPolicies = new InputList()); + set => _tokenPolicies = value; + } + + /// + /// The initial ttl of the token to generate in seconds + /// + [Input("tokenTtl")] + public Input? TokenTtl { get; set; } + + /// + /// The type of token to generate, service or batch + /// + [Input("tokenType")] + public Input? TokenType { get; set; } + /// /// Duration after which authentication will be expired. /// [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration). diff --git a/sdk/dotnet/PkiSecret/BackendConfigEst.cs b/sdk/dotnet/PkiSecret/BackendConfigEst.cs new file mode 100644 index 000000000..393194f5b --- /dev/null +++ b/sdk/dotnet/PkiSecret/BackendConfigEst.cs @@ -0,0 +1,303 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Vault.PkiSecret +{ + /// + /// Allows setting the EST configuration on a PKI Secret Backend + /// + /// ## Import + /// + /// The PKI config cluster can be imported using the resource's `id`. + /// In the case of the example above the `id` would be `pki-root/config/est`, + /// where the `pki-root` component is the resource's `backend`, e.g. + /// + /// ```sh + /// $ pulumi import vault:pkiSecret/backendConfigEst:BackendConfigEst example pki-root/config/est + /// ``` + /// + [VaultResourceType("vault:pkiSecret/backendConfigEst:BackendConfigEst")] + public partial class BackendConfigEst : global::Pulumi.CustomResource + { + /// + /// Fields parsed from the CSR that appear in the audit and can be used by sentinel policies. + /// + /// <a id="nestedatt--authenticators"></a> + /// + [Output("auditFields")] + public Output> AuditFields { get; private set; } = null!; + + /// + /// Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema). + /// + [Output("authenticators")] + public Output Authenticators { get; private set; } = null!; + + /// + /// The path to the PKI secret backend to + /// read the EST configuration from, with no leading or trailing `/`s. + /// + [Output("backend")] + public Output Backend { get; private set; } = null!; + + /// + /// If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster. + /// + [Output("defaultMount")] + public Output DefaultMount { get; private set; } = null!; + + /// + /// Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>. + /// + [Output("defaultPathPolicy")] + public Output DefaultPathPolicy { get; private set; } = null!; + + /// + /// If set, parse out fields from the provided CSR making them available for Sentinel policies. + /// + [Output("enableSentinelParsing")] + public Output EnableSentinelParsing { get; private set; } = null!; + + /// + /// Specifies whether EST is enabled. + /// + [Output("enabled")] + public Output Enabled { get; private set; } = null!; + + /// + /// Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths. + /// + [Output("labelToPathPolicy")] + public Output?> LabelToPathPolicy { get; private set; } = null!; + + /// + /// A read-only timestamp representing the last time the configuration was updated. + /// + [Output("lastUpdated")] + public Output LastUpdated { get; private set; } = null!; + + /// + /// The namespace of the target resource. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). + /// *Available only for Vault Enterprise*. + /// + [Output("namespace")] + public Output Namespace { get; private set; } = null!; + + + /// + /// Create a BackendConfigEst resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public BackendConfigEst(string name, BackendConfigEstArgs args, CustomResourceOptions? options = null) + : base("vault:pkiSecret/backendConfigEst:BackendConfigEst", name, args ?? new BackendConfigEstArgs(), MakeResourceOptions(options, "")) + { + } + + private BackendConfigEst(string name, Input id, BackendConfigEstState? state = null, CustomResourceOptions? options = null) + : base("vault:pkiSecret/backendConfigEst:BackendConfigEst", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing BackendConfigEst resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static BackendConfigEst Get(string name, Input id, BackendConfigEstState? state = null, CustomResourceOptions? options = null) + { + return new BackendConfigEst(name, id, state, options); + } + } + + public sealed class BackendConfigEstArgs : global::Pulumi.ResourceArgs + { + [Input("auditFields")] + private InputList? _auditFields; + + /// + /// Fields parsed from the CSR that appear in the audit and can be used by sentinel policies. + /// + /// <a id="nestedatt--authenticators"></a> + /// + public InputList AuditFields + { + get => _auditFields ?? (_auditFields = new InputList()); + set => _auditFields = value; + } + + /// + /// Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema). + /// + [Input("authenticators")] + public Input? Authenticators { get; set; } + + /// + /// The path to the PKI secret backend to + /// read the EST configuration from, with no leading or trailing `/`s. + /// + [Input("backend", required: true)] + public Input Backend { get; set; } = null!; + + /// + /// If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster. + /// + [Input("defaultMount")] + public Input? DefaultMount { get; set; } + + /// + /// Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>. + /// + [Input("defaultPathPolicy")] + public Input? DefaultPathPolicy { get; set; } + + /// + /// If set, parse out fields from the provided CSR making them available for Sentinel policies. + /// + [Input("enableSentinelParsing")] + public Input? EnableSentinelParsing { get; set; } + + /// + /// Specifies whether EST is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("labelToPathPolicy")] + private InputMap? _labelToPathPolicy; + + /// + /// Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths. + /// + public InputMap LabelToPathPolicy + { + get => _labelToPathPolicy ?? (_labelToPathPolicy = new InputMap()); + set => _labelToPathPolicy = value; + } + + /// + /// The namespace of the target resource. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). + /// *Available only for Vault Enterprise*. + /// + [Input("namespace")] + public Input? Namespace { get; set; } + + public BackendConfigEstArgs() + { + } + public static new BackendConfigEstArgs Empty => new BackendConfigEstArgs(); + } + + public sealed class BackendConfigEstState : global::Pulumi.ResourceArgs + { + [Input("auditFields")] + private InputList? _auditFields; + + /// + /// Fields parsed from the CSR that appear in the audit and can be used by sentinel policies. + /// + /// <a id="nestedatt--authenticators"></a> + /// + public InputList AuditFields + { + get => _auditFields ?? (_auditFields = new InputList()); + set => _auditFields = value; + } + + /// + /// Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema). + /// + [Input("authenticators")] + public Input? Authenticators { get; set; } + + /// + /// The path to the PKI secret backend to + /// read the EST configuration from, with no leading or trailing `/`s. + /// + [Input("backend")] + public Input? Backend { get; set; } + + /// + /// If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster. + /// + [Input("defaultMount")] + public Input? DefaultMount { get; set; } + + /// + /// Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>. + /// + [Input("defaultPathPolicy")] + public Input? DefaultPathPolicy { get; set; } + + /// + /// If set, parse out fields from the provided CSR making them available for Sentinel policies. + /// + [Input("enableSentinelParsing")] + public Input? EnableSentinelParsing { get; set; } + + /// + /// Specifies whether EST is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("labelToPathPolicy")] + private InputMap? _labelToPathPolicy; + + /// + /// Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths. + /// + public InputMap LabelToPathPolicy + { + get => _labelToPathPolicy ?? (_labelToPathPolicy = new InputMap()); + set => _labelToPathPolicy = value; + } + + /// + /// A read-only timestamp representing the last time the configuration was updated. + /// + [Input("lastUpdated")] + public Input? LastUpdated { get; set; } + + /// + /// The namespace of the target resource. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). + /// *Available only for Vault Enterprise*. + /// + [Input("namespace")] + public Input? Namespace { get; set; } + + public BackendConfigEstState() + { + } + public static new BackendConfigEstState Empty => new BackendConfigEstState(); + } +} diff --git a/sdk/dotnet/PkiSecret/GetBackendConfigEst.cs b/sdk/dotnet/PkiSecret/GetBackendConfigEst.cs new file mode 100644 index 000000000..a8716e2eb --- /dev/null +++ b/sdk/dotnet/PkiSecret/GetBackendConfigEst.cs @@ -0,0 +1,202 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Vault.PkiSecret +{ + public static class GetBackendConfigEst + { + /// + /// ## Example Usage + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Vault = Pulumi.Vault; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var pki = new Vault.Mount("pki", new() + /// { + /// Path = "pki", + /// Type = "pki", + /// Description = "PKI secret engine mount", + /// }); + /// + /// var estConfig = Vault.PkiSecret.GetBackendConfigEst.Invoke(new() + /// { + /// Backend = pki.Path, + /// }); + /// + /// }); + /// ``` + /// + public static Task InvokeAsync(GetBackendConfigEstArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.InvokeAsync("vault:pkiSecret/getBackendConfigEst:getBackendConfigEst", args ?? new GetBackendConfigEstArgs(), options.WithDefaults()); + + /// + /// ## Example Usage + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Vault = Pulumi.Vault; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var pki = new Vault.Mount("pki", new() + /// { + /// Path = "pki", + /// Type = "pki", + /// Description = "PKI secret engine mount", + /// }); + /// + /// var estConfig = Vault.PkiSecret.GetBackendConfigEst.Invoke(new() + /// { + /// Backend = pki.Path, + /// }); + /// + /// }); + /// ``` + /// + public static Output Invoke(GetBackendConfigEstInvokeArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.Invoke("vault:pkiSecret/getBackendConfigEst:getBackendConfigEst", args ?? new GetBackendConfigEstInvokeArgs(), options.WithDefaults()); + } + + + public sealed class GetBackendConfigEstArgs : global::Pulumi.InvokeArgs + { + /// + /// The path to the PKI secret backend to + /// read the EST configuration from, with no leading or trailing `/`s. + /// + [Input("backend", required: true)] + public string Backend { get; set; } = null!; + + /// + /// The namespace of the target resource. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). + /// *Available only for Vault Enterprise*. + /// + [Input("namespace")] + public string? Namespace { get; set; } + + public GetBackendConfigEstArgs() + { + } + public static new GetBackendConfigEstArgs Empty => new GetBackendConfigEstArgs(); + } + + public sealed class GetBackendConfigEstInvokeArgs : global::Pulumi.InvokeArgs + { + /// + /// The path to the PKI secret backend to + /// read the EST configuration from, with no leading or trailing `/`s. + /// + [Input("backend", required: true)] + public Input Backend { get; set; } = null!; + + /// + /// The namespace of the target resource. + /// The value should not contain leading or trailing forward slashes. + /// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). + /// *Available only for Vault Enterprise*. + /// + [Input("namespace")] + public Input? Namespace { get; set; } + + public GetBackendConfigEstInvokeArgs() + { + } + public static new GetBackendConfigEstInvokeArgs Empty => new GetBackendConfigEstInvokeArgs(); + } + + + [OutputType] + public sealed class GetBackendConfigEstResult + { + /// + /// Fields parsed from the CSR that appear in the audit and can be used by sentinel policies. + /// + public readonly ImmutableArray AuditFields; + /// + /// Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema). + /// + public readonly ImmutableArray Authenticators; + public readonly string Backend; + /// + /// If set, this mount is registered as the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster. + /// + public readonly bool DefaultMount; + /// + /// Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>. + /// + public readonly string DefaultPathPolicy; + /// + /// If set, parse out fields from the provided CSR making them available for Sentinel policies. + /// + public readonly bool EnableSentinelParsing; + /// + /// Specifies whether EST is enabled. + /// + public readonly bool Enabled; + /// + /// The provider-assigned unique ID for this managed resource. + /// + public readonly string Id; + /// + /// A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths. + /// + public readonly ImmutableDictionary LabelToPathPolicy; + /// + /// A read-only timestamp representing the last time the configuration was updated. + /// + public readonly string LastUpdated; + public readonly string? Namespace; + + [OutputConstructor] + private GetBackendConfigEstResult( + ImmutableArray auditFields, + + ImmutableArray authenticators, + + string backend, + + bool defaultMount, + + string defaultPathPolicy, + + bool enableSentinelParsing, + + bool enabled, + + string id, + + ImmutableDictionary labelToPathPolicy, + + string lastUpdated, + + string? @namespace) + { + AuditFields = auditFields; + Authenticators = authenticators; + Backend = backend; + DefaultMount = defaultMount; + DefaultPathPolicy = defaultPathPolicy; + EnableSentinelParsing = enableSentinelParsing; + Enabled = enabled; + Id = id; + LabelToPathPolicy = labelToPathPolicy; + LastUpdated = lastUpdated; + Namespace = @namespace; + } + } +} diff --git a/sdk/dotnet/PkiSecret/Inputs/BackendConfigEstAuthenticatorsArgs.cs b/sdk/dotnet/PkiSecret/Inputs/BackendConfigEstAuthenticatorsArgs.cs new file mode 100644 index 000000000..b9eb046aa --- /dev/null +++ b/sdk/dotnet/PkiSecret/Inputs/BackendConfigEstAuthenticatorsArgs.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Vault.PkiSecret.Inputs +{ + + public sealed class BackendConfigEstAuthenticatorsArgs : global::Pulumi.ResourceArgs + { + [Input("cert")] + private InputMap? _cert; + public InputMap Cert + { + get => _cert ?? (_cert = new InputMap()); + set => _cert = value; + } + + [Input("userpass")] + private InputMap? _userpass; + public InputMap Userpass + { + get => _userpass ?? (_userpass = new InputMap()); + set => _userpass = value; + } + + public BackendConfigEstAuthenticatorsArgs() + { + } + public static new BackendConfigEstAuthenticatorsArgs Empty => new BackendConfigEstAuthenticatorsArgs(); + } +} diff --git a/sdk/dotnet/PkiSecret/Inputs/BackendConfigEstAuthenticatorsGetArgs.cs b/sdk/dotnet/PkiSecret/Inputs/BackendConfigEstAuthenticatorsGetArgs.cs new file mode 100644 index 000000000..249267e28 --- /dev/null +++ b/sdk/dotnet/PkiSecret/Inputs/BackendConfigEstAuthenticatorsGetArgs.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Vault.PkiSecret.Inputs +{ + + public sealed class BackendConfigEstAuthenticatorsGetArgs : global::Pulumi.ResourceArgs + { + [Input("cert")] + private InputMap? _cert; + public InputMap Cert + { + get => _cert ?? (_cert = new InputMap()); + set => _cert = value; + } + + [Input("userpass")] + private InputMap? _userpass; + public InputMap Userpass + { + get => _userpass ?? (_userpass = new InputMap()); + set => _userpass = value; + } + + public BackendConfigEstAuthenticatorsGetArgs() + { + } + public static new BackendConfigEstAuthenticatorsGetArgs Empty => new BackendConfigEstAuthenticatorsGetArgs(); + } +} diff --git a/sdk/dotnet/PkiSecret/Outputs/BackendConfigEstAuthenticators.cs b/sdk/dotnet/PkiSecret/Outputs/BackendConfigEstAuthenticators.cs new file mode 100644 index 000000000..d355f2894 --- /dev/null +++ b/sdk/dotnet/PkiSecret/Outputs/BackendConfigEstAuthenticators.cs @@ -0,0 +1,29 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Vault.PkiSecret.Outputs +{ + + [OutputType] + public sealed class BackendConfigEstAuthenticators + { + public readonly ImmutableDictionary? Cert; + public readonly ImmutableDictionary? Userpass; + + [OutputConstructor] + private BackendConfigEstAuthenticators( + ImmutableDictionary? cert, + + ImmutableDictionary? userpass) + { + Cert = cert; + Userpass = userpass; + } + } +} diff --git a/sdk/dotnet/PkiSecret/Outputs/GetBackendConfigEstAuthenticatorResult.cs b/sdk/dotnet/PkiSecret/Outputs/GetBackendConfigEstAuthenticatorResult.cs new file mode 100644 index 000000000..23e030c7c --- /dev/null +++ b/sdk/dotnet/PkiSecret/Outputs/GetBackendConfigEstAuthenticatorResult.cs @@ -0,0 +1,35 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Vault.PkiSecret.Outputs +{ + + [OutputType] + public sealed class GetBackendConfigEstAuthenticatorResult + { + /// + /// "The accessor and cert_role properties for cert auth backends". + /// + public readonly ImmutableDictionary? Cert; + /// + /// "The accessor property for user pass auth backends". + /// + public readonly ImmutableDictionary? Userpass; + + [OutputConstructor] + private GetBackendConfigEstAuthenticatorResult( + ImmutableDictionary? cert, + + ImmutableDictionary? userpass) + { + Cert = cert; + Userpass = userpass; + } + } +} diff --git a/sdk/dotnet/Plugin.cs b/sdk/dotnet/Plugin.cs new file mode 100644 index 000000000..40113ed91 --- /dev/null +++ b/sdk/dotnet/Plugin.cs @@ -0,0 +1,321 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Vault +{ + /// + /// ## Example Usage + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Vault = Pulumi.Vault; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var jwt = new Vault.Plugin("jwt", new() + /// { + /// Type = "auth", + /// Name = "jwt", + /// Command = "vault-plugin-auth-jwt", + /// Version = "v0.17.0", + /// Sha256 = "6bd0a803ed742aa3ce35e4fa23d2c8d550e6c1567bf63410cec489c28b68b0fc", + /// Envs = new[] + /// { + /// "HTTP_PROXY=http://proxy.example.com:8080", + /// }, + /// }); + /// + /// var jwtAuth = new Vault.AuthBackend("jwt_auth", new() + /// { + /// Type = jwt.Name, + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// Plugins can be imported using `:type/name/:name` or `:type/version/:version/name/:name` as the ID if the version is non-empty, e.g. + /// + /// ```sh + /// $ pulumi import vault:index/plugin:Plugin jwt auth/name/jwt + /// ``` + /// ```sh + /// $ pulumi import vault:index/plugin:Plugin jwt auth/version/v0.17.0/name/jwt + /// ``` + /// + [VaultResourceType("vault:index/plugin:Plugin")] + public partial class Plugin : global::Pulumi.CustomResource + { + /// + /// List of additional args to pass to the plugin. + /// + [Output("args")] + public Output> Args { get; private set; } = null!; + + /// + /// Command to execute the plugin, relative to the server's configured `plugin_directory`. + /// + [Output("command")] + public Output Command { get; private set; } = null!; + + /// + /// List of additional environment variables to run the plugin with in KEY=VALUE form. + /// + [Output("envs")] + public Output> Envs { get; private set; } = null!; + + /// + /// Name of the plugin. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// Specifies OCI image to run. If specified, setting + /// `command`, `args`, and `env` will update the container's entrypoint, args, and + /// environment variables (append-only) respectively. + /// + [Output("ociImage")] + public Output OciImage { get; private set; } = null!; + + /// + /// Vault plugin runtime to use if `oci_image` is specified. + /// + [Output("runtime")] + public Output Runtime { get; private set; } = null!; + + /// + /// SHA256 sum of the plugin binary. + /// + [Output("sha256")] + public Output Sha256 { get; private set; } = null!; + + /// + /// Type of plugin; one of "auth", "secret", or "database". + /// + [Output("type")] + public Output Type { get; private set; } = null!; + + /// + /// Semantic version of the plugin. + /// + [Output("version")] + public Output Version { get; private set; } = null!; + + + /// + /// Create a Plugin resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public Plugin(string name, PluginArgs args, CustomResourceOptions? options = null) + : base("vault:index/plugin:Plugin", name, args ?? new PluginArgs(), MakeResourceOptions(options, "")) + { + } + + private Plugin(string name, Input id, PluginState? state = null, CustomResourceOptions? options = null) + : base("vault:index/plugin:Plugin", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + AdditionalSecretOutputs = + { + "envs", + }, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing Plugin resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static Plugin Get(string name, Input id, PluginState? state = null, CustomResourceOptions? options = null) + { + return new Plugin(name, id, state, options); + } + } + + public sealed class PluginArgs : global::Pulumi.ResourceArgs + { + [Input("args")] + private InputList? _args; + + /// + /// List of additional args to pass to the plugin. + /// + public InputList Args + { + get => _args ?? (_args = new InputList()); + set => _args = value; + } + + /// + /// Command to execute the plugin, relative to the server's configured `plugin_directory`. + /// + [Input("command", required: true)] + public Input Command { get; set; } = null!; + + [Input("envs")] + private InputList? _envs; + + /// + /// List of additional environment variables to run the plugin with in KEY=VALUE form. + /// + public InputList Envs + { + get => _envs ?? (_envs = new InputList()); + set + { + var emptySecret = Output.CreateSecret(ImmutableArray.Create()); + _envs = Output.All(value, emptySecret).Apply(v => v[0]); + } + } + + /// + /// Name of the plugin. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// Specifies OCI image to run. If specified, setting + /// `command`, `args`, and `env` will update the container's entrypoint, args, and + /// environment variables (append-only) respectively. + /// + [Input("ociImage")] + public Input? OciImage { get; set; } + + /// + /// Vault plugin runtime to use if `oci_image` is specified. + /// + [Input("runtime")] + public Input? Runtime { get; set; } + + /// + /// SHA256 sum of the plugin binary. + /// + [Input("sha256", required: true)] + public Input Sha256 { get; set; } = null!; + + /// + /// Type of plugin; one of "auth", "secret", or "database". + /// + [Input("type", required: true)] + public Input Type { get; set; } = null!; + + /// + /// Semantic version of the plugin. + /// + [Input("version")] + public Input? Version { get; set; } + + public PluginArgs() + { + } + public static new PluginArgs Empty => new PluginArgs(); + } + + public sealed class PluginState : global::Pulumi.ResourceArgs + { + [Input("args")] + private InputList? _args; + + /// + /// List of additional args to pass to the plugin. + /// + public InputList Args + { + get => _args ?? (_args = new InputList()); + set => _args = value; + } + + /// + /// Command to execute the plugin, relative to the server's configured `plugin_directory`. + /// + [Input("command")] + public Input? Command { get; set; } + + [Input("envs")] + private InputList? _envs; + + /// + /// List of additional environment variables to run the plugin with in KEY=VALUE form. + /// + public InputList Envs + { + get => _envs ?? (_envs = new InputList()); + set + { + var emptySecret = Output.CreateSecret(ImmutableArray.Create()); + _envs = Output.All(value, emptySecret).Apply(v => v[0]); + } + } + + /// + /// Name of the plugin. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// Specifies OCI image to run. If specified, setting + /// `command`, `args`, and `env` will update the container's entrypoint, args, and + /// environment variables (append-only) respectively. + /// + [Input("ociImage")] + public Input? OciImage { get; set; } + + /// + /// Vault plugin runtime to use if `oci_image` is specified. + /// + [Input("runtime")] + public Input? Runtime { get; set; } + + /// + /// SHA256 sum of the plugin binary. + /// + [Input("sha256")] + public Input? Sha256 { get; set; } + + /// + /// Type of plugin; one of "auth", "secret", or "database". + /// + [Input("type")] + public Input? Type { get; set; } + + /// + /// Semantic version of the plugin. + /// + [Input("version")] + public Input? Version { get; set; } + + public PluginState() + { + } + public static new PluginState Empty => new PluginState(); + } +} diff --git a/sdk/dotnet/PluginPinnedVersion.cs b/sdk/dotnet/PluginPinnedVersion.cs new file mode 100644 index 000000000..a142011d2 --- /dev/null +++ b/sdk/dotnet/PluginPinnedVersion.cs @@ -0,0 +1,175 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Vault +{ + /// + /// ## Example Usage + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Vault = Pulumi.Vault; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var jwt = new Vault.Plugin("jwt", new() + /// { + /// Type = "auth", + /// Name = "jwt", + /// Command = "vault-plugin-auth-jwt", + /// Version = "v0.17.0", + /// Sha256 = "6bd0a803ed742aa3ce35e4fa23d2c8d550e6c1567bf63410cec489c28b68b0fc", + /// Envs = new[] + /// { + /// "HTTP_PROXY=http://proxy.example.com:8080", + /// }, + /// }); + /// + /// var jwtPin = new Vault.PluginPinnedVersion("jwt_pin", new() + /// { + /// Type = jwt.Type, + /// Name = jwt.Name, + /// Version = jwt.Version, + /// }); + /// + /// var jwtAuth = new Vault.AuthBackend("jwt_auth", new() + /// { + /// Type = jwtPin.Name, + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// Pinned plugin versions can be imported using `type/name` as the ID, e.g. + /// + /// ```sh + /// $ pulumi import vault:index/pluginPinnedVersion:PluginPinnedVersion jwt_pin auth/jwt + /// ``` + /// + [VaultResourceType("vault:index/pluginPinnedVersion:PluginPinnedVersion")] + public partial class PluginPinnedVersion : global::Pulumi.CustomResource + { + /// + /// Name of the plugin. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// Type of plugin; one of "auth", "secret", or "database". + /// + [Output("type")] + public Output Type { get; private set; } = null!; + + /// + /// Semantic version of the plugin to pin. + /// + [Output("version")] + public Output Version { get; private set; } = null!; + + + /// + /// Create a PluginPinnedVersion resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public PluginPinnedVersion(string name, PluginPinnedVersionArgs args, CustomResourceOptions? options = null) + : base("vault:index/pluginPinnedVersion:PluginPinnedVersion", name, args ?? new PluginPinnedVersionArgs(), MakeResourceOptions(options, "")) + { + } + + private PluginPinnedVersion(string name, Input id, PluginPinnedVersionState? state = null, CustomResourceOptions? options = null) + : base("vault:index/pluginPinnedVersion:PluginPinnedVersion", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing PluginPinnedVersion resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static PluginPinnedVersion Get(string name, Input id, PluginPinnedVersionState? state = null, CustomResourceOptions? options = null) + { + return new PluginPinnedVersion(name, id, state, options); + } + } + + public sealed class PluginPinnedVersionArgs : global::Pulumi.ResourceArgs + { + /// + /// Name of the plugin. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// Type of plugin; one of "auth", "secret", or "database". + /// + [Input("type", required: true)] + public Input Type { get; set; } = null!; + + /// + /// Semantic version of the plugin to pin. + /// + [Input("version", required: true)] + public Input Version { get; set; } = null!; + + public PluginPinnedVersionArgs() + { + } + public static new PluginPinnedVersionArgs Empty => new PluginPinnedVersionArgs(); + } + + public sealed class PluginPinnedVersionState : global::Pulumi.ResourceArgs + { + /// + /// Name of the plugin. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// Type of plugin; one of "auth", "secret", or "database". + /// + [Input("type")] + public Input? Type { get; set; } + + /// + /// Semantic version of the plugin to pin. + /// + [Input("version")] + public Input? Version { get; set; } + + public PluginPinnedVersionState() + { + } + public static new PluginPinnedVersionState Empty => new PluginPinnedVersionState(); + } +} diff --git a/sdk/dotnet/QuotaLeaseCount.cs b/sdk/dotnet/QuotaLeaseCount.cs index 08b631bc8..69c8dd42c 100644 --- a/sdk/dotnet/QuotaLeaseCount.cs +++ b/sdk/dotnet/QuotaLeaseCount.cs @@ -50,6 +50,12 @@ namespace Pulumi.Vault [VaultResourceType("vault:index/quotaLeaseCount:QuotaLeaseCount")] public partial class QuotaLeaseCount : global::Pulumi.CustomResource { + /// + /// If set to `true` on a quota where path is set to a namespace, the same quota will be cumulatively applied to all child namespace. The inheritable parameter cannot be set to `true` if the path does not specify a namespace. Only the quotas associated with the root namespace are inheritable by default. Requires Vault 1.15+. + /// + [Output("inheritable")] + public Output Inheritable { get; private set; } = null!; + /// /// The maximum number of leases to be allowed by the quota /// rule. The `max_leases` must be positive. @@ -135,6 +141,12 @@ public static QuotaLeaseCount Get(string name, Input id, QuotaLeaseCount public sealed class QuotaLeaseCountArgs : global::Pulumi.ResourceArgs { + /// + /// If set to `true` on a quota where path is set to a namespace, the same quota will be cumulatively applied to all child namespace. The inheritable parameter cannot be set to `true` if the path does not specify a namespace. Only the quotas associated with the root namespace are inheritable by default. Requires Vault 1.15+. + /// + [Input("inheritable")] + public Input? Inheritable { get; set; } + /// /// The maximum number of leases to be allowed by the quota /// rule. The `max_leases` must be positive. @@ -182,6 +194,12 @@ public QuotaLeaseCountArgs() public sealed class QuotaLeaseCountState : global::Pulumi.ResourceArgs { + /// + /// If set to `true` on a quota where path is set to a namespace, the same quota will be cumulatively applied to all child namespace. The inheritable parameter cannot be set to `true` if the path does not specify a namespace. Only the quotas associated with the root namespace are inheritable by default. Requires Vault 1.15+. + /// + [Input("inheritable")] + public Input? Inheritable { get; set; } + /// /// The maximum number of leases to be allowed by the quota /// rule. The `max_leases` must be positive. diff --git a/sdk/dotnet/QuotaRateLimit.cs b/sdk/dotnet/QuotaRateLimit.cs index 885854aea..ec8c2fe28 100644 --- a/sdk/dotnet/QuotaRateLimit.cs +++ b/sdk/dotnet/QuotaRateLimit.cs @@ -55,6 +55,12 @@ public partial class QuotaRateLimit : global::Pulumi.CustomResource [Output("blockInterval")] public Output BlockInterval { get; private set; } = null!; + /// + /// If set to `true` on a quota where path is set to a namespace, the same quota will be cumulatively applied to all child namespace. The inheritable parameter cannot be set to `true` if the path does not specify a namespace. Only the quotas associated with the root namespace are inheritable by default. Requires Vault 1.15+. + /// + [Output("inheritable")] + public Output Inheritable { get; private set; } = null!; + /// /// The duration in seconds to enforce rate limiting for. /// @@ -153,6 +159,12 @@ public sealed class QuotaRateLimitArgs : global::Pulumi.ResourceArgs [Input("blockInterval")] public Input? BlockInterval { get; set; } + /// + /// If set to `true` on a quota where path is set to a namespace, the same quota will be cumulatively applied to all child namespace. The inheritable parameter cannot be set to `true` if the path does not specify a namespace. Only the quotas associated with the root namespace are inheritable by default. Requires Vault 1.15+. + /// + [Input("inheritable")] + public Input? Inheritable { get; set; } + /// /// The duration in seconds to enforce rate limiting for. /// @@ -213,6 +225,12 @@ public sealed class QuotaRateLimitState : global::Pulumi.ResourceArgs [Input("blockInterval")] public Input? BlockInterval { get; set; } + /// + /// If set to `true` on a quota where path is set to a namespace, the same quota will be cumulatively applied to all child namespace. The inheritable parameter cannot be set to `true` if the path does not specify a namespace. Only the quotas associated with the root namespace are inheritable by default. Requires Vault 1.15+. + /// + [Input("inheritable")] + public Input? Inheritable { get; set; } + /// /// The duration in seconds to enforce rate limiting for. /// diff --git a/sdk/dotnet/Ssh/SecretBackendCa.cs b/sdk/dotnet/Ssh/SecretBackendCa.cs index 27d816426..f45aa69e8 100644 --- a/sdk/dotnet/Ssh/SecretBackendCa.cs +++ b/sdk/dotnet/Ssh/SecretBackendCa.cs @@ -59,6 +59,18 @@ public partial class SecretBackendCa : global::Pulumi.CustomResource [Output("generateSigningKey")] public Output GenerateSigningKey { get; private set; } = null!; + /// + /// Specifies the desired key bits for the generated SSH CA key when `generate_signing_key` is set to `true`. + /// + [Output("keyBits")] + public Output KeyBits { get; private set; } = null!; + + /// + /// Specifies the desired key type for the generated SSH CA key when `generate_signing_key` is set to `true`. + /// + [Output("keyType")] + public Output KeyType { get; private set; } = null!; + /// /// The namespace to provision the resource in. /// The value should not contain leading or trailing forward slashes. @@ -142,6 +154,18 @@ public sealed class SecretBackendCaArgs : global::Pulumi.ResourceArgs [Input("generateSigningKey")] public Input? GenerateSigningKey { get; set; } + /// + /// Specifies the desired key bits for the generated SSH CA key when `generate_signing_key` is set to `true`. + /// + [Input("keyBits")] + public Input? KeyBits { get; set; } + + /// + /// Specifies the desired key type for the generated SSH CA key when `generate_signing_key` is set to `true`. + /// + [Input("keyType")] + public Input? KeyType { get; set; } + /// /// The namespace to provision the resource in. /// The value should not contain leading or trailing forward slashes. @@ -193,6 +217,18 @@ public sealed class SecretBackendCaState : global::Pulumi.ResourceArgs [Input("generateSigningKey")] public Input? GenerateSigningKey { get; set; } + /// + /// Specifies the desired key bits for the generated SSH CA key when `generate_signing_key` is set to `true`. + /// + [Input("keyBits")] + public Input? KeyBits { get; set; } + + /// + /// Specifies the desired key type for the generated SSH CA key when `generate_signing_key` is set to `true`. + /// + [Input("keyType")] + public Input? KeyType { get; set; } + /// /// The namespace to provision the resource in. /// The value should not contain leading or trailing forward slashes. diff --git a/sdk/go/vault/authBackend.go b/sdk/go/vault/authBackend.go index 70c53107e..9d51484e9 100644 --- a/sdk/go/vault/authBackend.go +++ b/sdk/go/vault/authBackend.go @@ -29,6 +29,8 @@ type AuthBackend struct { // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount pulumi.BoolPtrOutput `pulumi:"disableRemount"` + // The key to use for signing identity tokens. + IdentityTokenKey pulumi.StringPtrOutput `pulumi:"identityTokenKey"` // Specifies if the auth method is local only. Local pulumi.BoolPtrOutput `pulumi:"local"` // The namespace to provision the resource in. @@ -86,6 +88,8 @@ type authBackendState struct { // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount *bool `pulumi:"disableRemount"` + // The key to use for signing identity tokens. + IdentityTokenKey *string `pulumi:"identityTokenKey"` // Specifies if the auth method is local only. Local *bool `pulumi:"local"` // The namespace to provision the resource in. @@ -111,6 +115,8 @@ type AuthBackendState struct { // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount pulumi.BoolPtrInput + // The key to use for signing identity tokens. + IdentityTokenKey pulumi.StringPtrInput // Specifies if the auth method is local only. Local pulumi.BoolPtrInput // The namespace to provision the resource in. @@ -138,6 +144,8 @@ type authBackendArgs struct { // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount *bool `pulumi:"disableRemount"` + // The key to use for signing identity tokens. + IdentityTokenKey *string `pulumi:"identityTokenKey"` // Specifies if the auth method is local only. Local *bool `pulumi:"local"` // The namespace to provision the resource in. @@ -162,6 +170,8 @@ type AuthBackendArgs struct { // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount pulumi.BoolPtrInput + // The key to use for signing identity tokens. + IdentityTokenKey pulumi.StringPtrInput // Specifies if the auth method is local only. Local pulumi.BoolPtrInput // The namespace to provision the resource in. @@ -282,6 +292,11 @@ func (o AuthBackendOutput) DisableRemount() pulumi.BoolPtrOutput { return o.ApplyT(func(v *AuthBackend) pulumi.BoolPtrOutput { return v.DisableRemount }).(pulumi.BoolPtrOutput) } +// The key to use for signing identity tokens. +func (o AuthBackendOutput) IdentityTokenKey() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthBackend) pulumi.StringPtrOutput { return v.IdentityTokenKey }).(pulumi.StringPtrOutput) +} + // Specifies if the auth method is local only. func (o AuthBackendOutput) Local() pulumi.BoolPtrOutput { return o.ApplyT(func(v *AuthBackend) pulumi.BoolPtrOutput { return v.Local }).(pulumi.BoolPtrOutput) diff --git a/sdk/go/vault/aws/authBackendClient.go b/sdk/go/vault/aws/authBackendClient.go index d529698dc..beacf9deb 100644 --- a/sdk/go/vault/aws/authBackendClient.go +++ b/sdk/go/vault/aws/authBackendClient.go @@ -13,6 +13,40 @@ import ( // ## Example Usage // +// You can setup the AWS auth engine with Workload Identity Federation (WIF) for a secret-less configuration: +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-vault/sdk/v6/go/vault" +// "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/aws" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := vault.NewAuthBackend(ctx, "example", &vault.AuthBackendArgs{ +// Type: pulumi.String("aws"), +// }) +// if err != nil { +// return err +// } +// _, err = aws.NewAuthBackendClient(ctx, "example", &aws.AuthBackendClientArgs{ +// IdentityTokenAudience: pulumi.String(""), +// IdentityTokenTtl: pulumi.Int(""), +// RoleArn: pulumi.String(""), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// // ```go // package main // @@ -57,7 +91,7 @@ type AuthBackendClient struct { pulumi.CustomResourceState // The AWS access key that Vault should use for the - // auth backend. + // auth backend. Mutually exclusive with `identityTokenAudience`. AccessKey pulumi.StringPtrOutput `pulumi:"accessKey"` // The path the AWS auth backend being configured was // mounted at. Defaults to `aws`. @@ -72,11 +106,23 @@ type AuthBackendClient struct { // `X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests // that are used in the IAM auth method. IamServerIdHeaderValue pulumi.StringPtrOutput `pulumi:"iamServerIdHeaderValue"` + // The audience claim value. Mutually exclusive with `accessKey`. + // Requires Vault 1.17+. *Available only for Vault Enterprise* + IdentityTokenAudience pulumi.StringPtrOutput `pulumi:"identityTokenAudience"` + // The TTL of generated identity tokens in seconds. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenTtl pulumi.IntOutput `pulumi:"identityTokenTtl"` + // Number of max retries the client should use for recoverable errors. + // The default `-1` falls back to the AWS SDK's default behavior. + MaxRetries pulumi.IntPtrOutput `pulumi:"maxRetries"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrOutput `pulumi:"namespace"` + // Role ARN to assume for plugin identity token federation. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + RoleArn pulumi.StringPtrOutput `pulumi:"roleArn"` // The AWS secret key that Vault should use for the // auth backend. SecretKey pulumi.StringPtrOutput `pulumi:"secretKey"` @@ -136,7 +182,7 @@ func GetAuthBackendClient(ctx *pulumi.Context, // Input properties used for looking up and filtering AuthBackendClient resources. type authBackendClientState struct { // The AWS access key that Vault should use for the - // auth backend. + // auth backend. Mutually exclusive with `identityTokenAudience`. AccessKey *string `pulumi:"accessKey"` // The path the AWS auth backend being configured was // mounted at. Defaults to `aws`. @@ -151,11 +197,23 @@ type authBackendClientState struct { // `X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests // that are used in the IAM auth method. IamServerIdHeaderValue *string `pulumi:"iamServerIdHeaderValue"` + // The audience claim value. Mutually exclusive with `accessKey`. + // Requires Vault 1.17+. *Available only for Vault Enterprise* + IdentityTokenAudience *string `pulumi:"identityTokenAudience"` + // The TTL of generated identity tokens in seconds. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenTtl *int `pulumi:"identityTokenTtl"` + // Number of max retries the client should use for recoverable errors. + // The default `-1` falls back to the AWS SDK's default behavior. + MaxRetries *int `pulumi:"maxRetries"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace *string `pulumi:"namespace"` + // Role ARN to assume for plugin identity token federation. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + RoleArn *string `pulumi:"roleArn"` // The AWS secret key that Vault should use for the // auth backend. SecretKey *string `pulumi:"secretKey"` @@ -175,7 +233,7 @@ type authBackendClientState struct { type AuthBackendClientState struct { // The AWS access key that Vault should use for the - // auth backend. + // auth backend. Mutually exclusive with `identityTokenAudience`. AccessKey pulumi.StringPtrInput // The path the AWS auth backend being configured was // mounted at. Defaults to `aws`. @@ -190,11 +248,23 @@ type AuthBackendClientState struct { // `X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests // that are used in the IAM auth method. IamServerIdHeaderValue pulumi.StringPtrInput + // The audience claim value. Mutually exclusive with `accessKey`. + // Requires Vault 1.17+. *Available only for Vault Enterprise* + IdentityTokenAudience pulumi.StringPtrInput + // The TTL of generated identity tokens in seconds. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenTtl pulumi.IntPtrInput + // Number of max retries the client should use for recoverable errors. + // The default `-1` falls back to the AWS SDK's default behavior. + MaxRetries pulumi.IntPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput + // Role ARN to assume for plugin identity token federation. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + RoleArn pulumi.StringPtrInput // The AWS secret key that Vault should use for the // auth backend. SecretKey pulumi.StringPtrInput @@ -218,7 +288,7 @@ func (AuthBackendClientState) ElementType() reflect.Type { type authBackendClientArgs struct { // The AWS access key that Vault should use for the - // auth backend. + // auth backend. Mutually exclusive with `identityTokenAudience`. AccessKey *string `pulumi:"accessKey"` // The path the AWS auth backend being configured was // mounted at. Defaults to `aws`. @@ -233,11 +303,23 @@ type authBackendClientArgs struct { // `X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests // that are used in the IAM auth method. IamServerIdHeaderValue *string `pulumi:"iamServerIdHeaderValue"` + // The audience claim value. Mutually exclusive with `accessKey`. + // Requires Vault 1.17+. *Available only for Vault Enterprise* + IdentityTokenAudience *string `pulumi:"identityTokenAudience"` + // The TTL of generated identity tokens in seconds. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenTtl *int `pulumi:"identityTokenTtl"` + // Number of max retries the client should use for recoverable errors. + // The default `-1` falls back to the AWS SDK's default behavior. + MaxRetries *int `pulumi:"maxRetries"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace *string `pulumi:"namespace"` + // Role ARN to assume for plugin identity token federation. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + RoleArn *string `pulumi:"roleArn"` // The AWS secret key that Vault should use for the // auth backend. SecretKey *string `pulumi:"secretKey"` @@ -258,7 +340,7 @@ type authBackendClientArgs struct { // The set of arguments for constructing a AuthBackendClient resource. type AuthBackendClientArgs struct { // The AWS access key that Vault should use for the - // auth backend. + // auth backend. Mutually exclusive with `identityTokenAudience`. AccessKey pulumi.StringPtrInput // The path the AWS auth backend being configured was // mounted at. Defaults to `aws`. @@ -273,11 +355,23 @@ type AuthBackendClientArgs struct { // `X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests // that are used in the IAM auth method. IamServerIdHeaderValue pulumi.StringPtrInput + // The audience claim value. Mutually exclusive with `accessKey`. + // Requires Vault 1.17+. *Available only for Vault Enterprise* + IdentityTokenAudience pulumi.StringPtrInput + // The TTL of generated identity tokens in seconds. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenTtl pulumi.IntPtrInput + // Number of max retries the client should use for recoverable errors. + // The default `-1` falls back to the AWS SDK's default behavior. + MaxRetries pulumi.IntPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput + // Role ARN to assume for plugin identity token federation. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + RoleArn pulumi.StringPtrInput // The AWS secret key that Vault should use for the // auth backend. SecretKey pulumi.StringPtrInput @@ -383,7 +477,7 @@ func (o AuthBackendClientOutput) ToAuthBackendClientOutputWithContext(ctx contex } // The AWS access key that Vault should use for the -// auth backend. +// auth backend. Mutually exclusive with `identityTokenAudience`. func (o AuthBackendClientOutput) AccessKey() pulumi.StringPtrOutput { return o.ApplyT(func(v *AuthBackendClient) pulumi.StringPtrOutput { return v.AccessKey }).(pulumi.StringPtrOutput) } @@ -413,6 +507,24 @@ func (o AuthBackendClientOutput) IamServerIdHeaderValue() pulumi.StringPtrOutput return o.ApplyT(func(v *AuthBackendClient) pulumi.StringPtrOutput { return v.IamServerIdHeaderValue }).(pulumi.StringPtrOutput) } +// The audience claim value. Mutually exclusive with `accessKey`. +// Requires Vault 1.17+. *Available only for Vault Enterprise* +func (o AuthBackendClientOutput) IdentityTokenAudience() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthBackendClient) pulumi.StringPtrOutput { return v.IdentityTokenAudience }).(pulumi.StringPtrOutput) +} + +// The TTL of generated identity tokens in seconds. Requires Vault 1.17+. +// *Available only for Vault Enterprise* +func (o AuthBackendClientOutput) IdentityTokenTtl() pulumi.IntOutput { + return o.ApplyT(func(v *AuthBackendClient) pulumi.IntOutput { return v.IdentityTokenTtl }).(pulumi.IntOutput) +} + +// Number of max retries the client should use for recoverable errors. +// The default `-1` falls back to the AWS SDK's default behavior. +func (o AuthBackendClientOutput) MaxRetries() pulumi.IntPtrOutput { + return o.ApplyT(func(v *AuthBackendClient) pulumi.IntPtrOutput { return v.MaxRetries }).(pulumi.IntPtrOutput) +} + // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). @@ -421,6 +533,12 @@ func (o AuthBackendClientOutput) Namespace() pulumi.StringPtrOutput { return o.ApplyT(func(v *AuthBackendClient) pulumi.StringPtrOutput { return v.Namespace }).(pulumi.StringPtrOutput) } +// Role ARN to assume for plugin identity token federation. Requires Vault 1.17+. +// *Available only for Vault Enterprise* +func (o AuthBackendClientOutput) RoleArn() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthBackendClient) pulumi.StringPtrOutput { return v.RoleArn }).(pulumi.StringPtrOutput) +} + // The AWS secret key that Vault should use for the // auth backend. func (o AuthBackendClientOutput) SecretKey() pulumi.StringPtrOutput { diff --git a/sdk/go/vault/aws/secretBackendRole.go b/sdk/go/vault/aws/secretBackendRole.go index da5d3a23b..7afe00ea9 100644 --- a/sdk/go/vault/aws/secretBackendRole.go +++ b/sdk/go/vault/aws/secretBackendRole.go @@ -90,6 +90,9 @@ type SecretBackendRole struct { // policies from each group in `iamGroups` combined with the `policyDocument` // and `policyArns` parameters. IamGroups pulumi.StringArrayOutput `pulumi:"iamGroups"` + // A map of strings representing key/value pairs + // to be used as tags for any IAM user that is created by this role. + IamTags pulumi.StringMapOutput `pulumi:"iamTags"` // The max allowed TTL in seconds for STS credentials // (credentials TTL are capped to `maxStsTtl`). Valid only when `credentialType` is // one of `assumedRole` or `federationToken`. @@ -186,6 +189,9 @@ type secretBackendRoleState struct { // policies from each group in `iamGroups` combined with the `policyDocument` // and `policyArns` parameters. IamGroups []string `pulumi:"iamGroups"` + // A map of strings representing key/value pairs + // to be used as tags for any IAM user that is created by this role. + IamTags map[string]string `pulumi:"iamTags"` // The max allowed TTL in seconds for STS credentials // (credentials TTL are capped to `maxStsTtl`). Valid only when `credentialType` is // one of `assumedRole` or `federationToken`. @@ -247,6 +253,9 @@ type SecretBackendRoleState struct { // policies from each group in `iamGroups` combined with the `policyDocument` // and `policyArns` parameters. IamGroups pulumi.StringArrayInput + // A map of strings representing key/value pairs + // to be used as tags for any IAM user that is created by this role. + IamTags pulumi.StringMapInput // The max allowed TTL in seconds for STS credentials // (credentials TTL are capped to `maxStsTtl`). Valid only when `credentialType` is // one of `assumedRole` or `federationToken`. @@ -312,6 +321,9 @@ type secretBackendRoleArgs struct { // policies from each group in `iamGroups` combined with the `policyDocument` // and `policyArns` parameters. IamGroups []string `pulumi:"iamGroups"` + // A map of strings representing key/value pairs + // to be used as tags for any IAM user that is created by this role. + IamTags map[string]string `pulumi:"iamTags"` // The max allowed TTL in seconds for STS credentials // (credentials TTL are capped to `maxStsTtl`). Valid only when `credentialType` is // one of `assumedRole` or `federationToken`. @@ -374,6 +386,9 @@ type SecretBackendRoleArgs struct { // policies from each group in `iamGroups` combined with the `policyDocument` // and `policyArns` parameters. IamGroups pulumi.StringArrayInput + // A map of strings representing key/value pairs + // to be used as tags for any IAM user that is created by this role. + IamTags pulumi.StringMapInput // The max allowed TTL in seconds for STS credentials // (credentials TTL are capped to `maxStsTtl`). Valid only when `credentialType` is // one of `assumedRole` or `federationToken`. @@ -533,6 +548,12 @@ func (o SecretBackendRoleOutput) IamGroups() pulumi.StringArrayOutput { return o.ApplyT(func(v *SecretBackendRole) pulumi.StringArrayOutput { return v.IamGroups }).(pulumi.StringArrayOutput) } +// A map of strings representing key/value pairs +// to be used as tags for any IAM user that is created by this role. +func (o SecretBackendRoleOutput) IamTags() pulumi.StringMapOutput { + return o.ApplyT(func(v *SecretBackendRole) pulumi.StringMapOutput { return v.IamTags }).(pulumi.StringMapOutput) +} + // The max allowed TTL in seconds for STS credentials // (credentials TTL are capped to `maxStsTtl`). Valid only when `credentialType` is // one of `assumedRole` or `federationToken`. diff --git a/sdk/go/vault/azure/authBackendConfig.go b/sdk/go/vault/azure/authBackendConfig.go index fde5f9793..1e9176ce7 100644 --- a/sdk/go/vault/azure/authBackendConfig.go +++ b/sdk/go/vault/azure/authBackendConfig.go @@ -14,6 +14,43 @@ import ( // ## Example Usage // +// You can setup the Azure auth engine with Workload Identity Federation (WIF) for a secret-less configuration: +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-vault/sdk/v6/go/vault" +// "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/azure" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// example, err := vault.NewAuthBackend(ctx, "example", &vault.AuthBackendArgs{ +// Type: pulumi.String("azure"), +// IdentityTokenKey: pulumi.String("example-key"), +// }) +// if err != nil { +// return err +// } +// _, err = azure.NewAuthBackendConfig(ctx, "example", &azure.AuthBackendConfigArgs{ +// Backend: example.Path, +// TenantId: pulumi.String("11111111-2222-3333-4444-555555555555"), +// ClientId: pulumi.String("11111111-2222-3333-4444-555555555555"), +// IdentityTokenAudience: pulumi.String(""), +// IdentityTokenTtl: pulumi.Int(""), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// // ```go // package main // @@ -72,6 +109,11 @@ type AuthBackendConfig struct { // AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, // AzureGermanCloud. Defaults to `AzurePublicCloud`. Environment pulumi.StringPtrOutput `pulumi:"environment"` + // The audience claim value for plugin identity tokens. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenAudience pulumi.StringPtrOutput `pulumi:"identityTokenAudience"` + // The TTL of generated identity tokens in seconds. + IdentityTokenTtl pulumi.IntOutput `pulumi:"identityTokenTtl"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). @@ -149,6 +191,11 @@ type authBackendConfigState struct { // AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, // AzureGermanCloud. Defaults to `AzurePublicCloud`. Environment *string `pulumi:"environment"` + // The audience claim value for plugin identity tokens. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenAudience *string `pulumi:"identityTokenAudience"` + // The TTL of generated identity tokens in seconds. + IdentityTokenTtl *int `pulumi:"identityTokenTtl"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). @@ -176,6 +223,11 @@ type AuthBackendConfigState struct { // AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, // AzureGermanCloud. Defaults to `AzurePublicCloud`. Environment pulumi.StringPtrInput + // The audience claim value for plugin identity tokens. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenAudience pulumi.StringPtrInput + // The TTL of generated identity tokens in seconds. + IdentityTokenTtl pulumi.IntPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). @@ -207,6 +259,11 @@ type authBackendConfigArgs struct { // AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, // AzureGermanCloud. Defaults to `AzurePublicCloud`. Environment *string `pulumi:"environment"` + // The audience claim value for plugin identity tokens. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenAudience *string `pulumi:"identityTokenAudience"` + // The TTL of generated identity tokens in seconds. + IdentityTokenTtl *int `pulumi:"identityTokenTtl"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). @@ -235,6 +292,11 @@ type AuthBackendConfigArgs struct { // AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, // AzureGermanCloud. Defaults to `AzurePublicCloud`. Environment pulumi.StringPtrInput + // The audience claim value for plugin identity tokens. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenAudience pulumi.StringPtrInput + // The TTL of generated identity tokens in seconds. + IdentityTokenTtl pulumi.IntPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). @@ -360,6 +422,17 @@ func (o AuthBackendConfigOutput) Environment() pulumi.StringPtrOutput { return o.ApplyT(func(v *AuthBackendConfig) pulumi.StringPtrOutput { return v.Environment }).(pulumi.StringPtrOutput) } +// The audience claim value for plugin identity tokens. Requires Vault 1.17+. +// *Available only for Vault Enterprise* +func (o AuthBackendConfigOutput) IdentityTokenAudience() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthBackendConfig) pulumi.StringPtrOutput { return v.IdentityTokenAudience }).(pulumi.StringPtrOutput) +} + +// The TTL of generated identity tokens in seconds. +func (o AuthBackendConfigOutput) IdentityTokenTtl() pulumi.IntOutput { + return o.ApplyT(func(v *AuthBackendConfig) pulumi.IntOutput { return v.IdentityTokenTtl }).(pulumi.IntOutput) +} + // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). diff --git a/sdk/go/vault/azure/backend.go b/sdk/go/vault/azure/backend.go index cd9ea3596..5ebe34600 100644 --- a/sdk/go/vault/azure/backend.go +++ b/sdk/go/vault/azure/backend.go @@ -16,6 +16,35 @@ import ( // // ### *Vault-1.9 And Above* // +// You can setup the Azure secrets engine with Workload Identity Federation (WIF) for a secret-less configuration: +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/azure" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := azure.NewBackend(ctx, "azure", &azure.BackendArgs{ +// SubscriptionId: pulumi.String("11111111-2222-3333-4444-111111111111"), +// TenantId: pulumi.String("11111111-2222-3333-4444-222222222222"), +// ClientId: pulumi.String("11111111-2222-3333-4444-333333333333"), +// IdentityTokenAudience: pulumi.String(""), +// IdentityTokenTtl: pulumi.Int(""), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// // ```go // package main // @@ -89,6 +118,15 @@ type Backend struct { DisableRemount pulumi.BoolPtrOutput `pulumi:"disableRemount"` // The Azure environment. Environment pulumi.StringPtrOutput `pulumi:"environment"` + // The audience claim value. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenAudience pulumi.StringPtrOutput `pulumi:"identityTokenAudience"` + // The key to use for signing identity tokens. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenKey pulumi.StringPtrOutput `pulumi:"identityTokenKey"` + // The TTL of generated identity tokens in seconds. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenTtl pulumi.IntOutput `pulumi:"identityTokenTtl"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). @@ -101,6 +139,8 @@ type Backend struct { // The tenant id for the Azure Active Directory. TenantId pulumi.StringOutput `pulumi:"tenantId"` // Use the Microsoft Graph API. Should be set to true on vault-1.10+ + // + // Deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider. UseMicrosoftGraphApi pulumi.BoolOutput `pulumi:"useMicrosoftGraphApi"` } @@ -170,6 +210,15 @@ type backendState struct { DisableRemount *bool `pulumi:"disableRemount"` // The Azure environment. Environment *string `pulumi:"environment"` + // The audience claim value. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenAudience *string `pulumi:"identityTokenAudience"` + // The key to use for signing identity tokens. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenKey *string `pulumi:"identityTokenKey"` + // The TTL of generated identity tokens in seconds. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenTtl *int `pulumi:"identityTokenTtl"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). @@ -182,6 +231,8 @@ type backendState struct { // The tenant id for the Azure Active Directory. TenantId *string `pulumi:"tenantId"` // Use the Microsoft Graph API. Should be set to true on vault-1.10+ + // + // Deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider. UseMicrosoftGraphApi *bool `pulumi:"useMicrosoftGraphApi"` } @@ -197,6 +248,15 @@ type BackendState struct { DisableRemount pulumi.BoolPtrInput // The Azure environment. Environment pulumi.StringPtrInput + // The audience claim value. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenAudience pulumi.StringPtrInput + // The key to use for signing identity tokens. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenKey pulumi.StringPtrInput + // The TTL of generated identity tokens in seconds. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenTtl pulumi.IntPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). @@ -209,6 +269,8 @@ type BackendState struct { // The tenant id for the Azure Active Directory. TenantId pulumi.StringPtrInput // Use the Microsoft Graph API. Should be set to true on vault-1.10+ + // + // Deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider. UseMicrosoftGraphApi pulumi.BoolPtrInput } @@ -228,6 +290,15 @@ type backendArgs struct { DisableRemount *bool `pulumi:"disableRemount"` // The Azure environment. Environment *string `pulumi:"environment"` + // The audience claim value. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenAudience *string `pulumi:"identityTokenAudience"` + // The key to use for signing identity tokens. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenKey *string `pulumi:"identityTokenKey"` + // The TTL of generated identity tokens in seconds. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenTtl *int `pulumi:"identityTokenTtl"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). @@ -240,6 +311,8 @@ type backendArgs struct { // The tenant id for the Azure Active Directory. TenantId string `pulumi:"tenantId"` // Use the Microsoft Graph API. Should be set to true on vault-1.10+ + // + // Deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider. UseMicrosoftGraphApi *bool `pulumi:"useMicrosoftGraphApi"` } @@ -256,6 +329,15 @@ type BackendArgs struct { DisableRemount pulumi.BoolPtrInput // The Azure environment. Environment pulumi.StringPtrInput + // The audience claim value. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenAudience pulumi.StringPtrInput + // The key to use for signing identity tokens. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenKey pulumi.StringPtrInput + // The TTL of generated identity tokens in seconds. Requires Vault 1.17+. + // *Available only for Vault Enterprise* + IdentityTokenTtl pulumi.IntPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). @@ -268,6 +350,8 @@ type BackendArgs struct { // The tenant id for the Azure Active Directory. TenantId pulumi.StringInput // Use the Microsoft Graph API. Should be set to true on vault-1.10+ + // + // Deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider. UseMicrosoftGraphApi pulumi.BoolPtrInput } @@ -384,6 +468,24 @@ func (o BackendOutput) Environment() pulumi.StringPtrOutput { return o.ApplyT(func(v *Backend) pulumi.StringPtrOutput { return v.Environment }).(pulumi.StringPtrOutput) } +// The audience claim value. Requires Vault 1.17+. +// *Available only for Vault Enterprise* +func (o BackendOutput) IdentityTokenAudience() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Backend) pulumi.StringPtrOutput { return v.IdentityTokenAudience }).(pulumi.StringPtrOutput) +} + +// The key to use for signing identity tokens. Requires Vault 1.17+. +// *Available only for Vault Enterprise* +func (o BackendOutput) IdentityTokenKey() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Backend) pulumi.StringPtrOutput { return v.IdentityTokenKey }).(pulumi.StringPtrOutput) +} + +// The TTL of generated identity tokens in seconds. Requires Vault 1.17+. +// *Available only for Vault Enterprise* +func (o BackendOutput) IdentityTokenTtl() pulumi.IntOutput { + return o.ApplyT(func(v *Backend) pulumi.IntOutput { return v.IdentityTokenTtl }).(pulumi.IntOutput) +} + // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). @@ -408,6 +510,8 @@ func (o BackendOutput) TenantId() pulumi.StringOutput { } // Use the Microsoft Graph API. Should be set to true on vault-1.10+ +// +// Deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider. func (o BackendOutput) UseMicrosoftGraphApi() pulumi.BoolOutput { return o.ApplyT(func(v *Backend) pulumi.BoolOutput { return v.UseMicrosoftGraphApi }).(pulumi.BoolOutput) } diff --git a/sdk/go/vault/database/secretsMount.go b/sdk/go/vault/database/secretsMount.go index 7c2339cf0..4858144b0 100644 --- a/sdk/go/vault/database/secretsMount.go +++ b/sdk/go/vault/database/secretsMount.go @@ -106,6 +106,8 @@ type SecretsMount struct { // // The following arguments are common to all database engines: AllowedManagedKeys pulumi.StringArrayOutput `pulumi:"allowedManagedKeys"` + // List of headers to allow and pass from the request to the plugin + AllowedResponseHeaders pulumi.StringArrayOutput `pulumi:"allowedResponseHeaders"` // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys pulumi.StringArrayOutput `pulumi:"auditNonHmacRequestKeys"` // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. @@ -118,6 +120,8 @@ type SecretsMount struct { Couchbases SecretsMountCouchbaseArrayOutput `pulumi:"couchbases"` // Default lease duration for tokens and secrets in seconds DefaultLeaseTtlSeconds pulumi.IntOutput `pulumi:"defaultLeaseTtlSeconds"` + // List of headers to allow and pass from the request to the plugin + DelegatedAuthAccessors pulumi.StringArrayOutput `pulumi:"delegatedAuthAccessors"` // Human-friendly description of the mount Description pulumi.StringPtrOutput `pulumi:"description"` // A nested block containing configuration options for Elasticsearch connections.\ @@ -130,9 +134,13 @@ type SecretsMount struct { // A nested block containing configuration options for SAP HanaDB connections.\ // *See Configuration Options for more info* Hanas SecretsMountHanaArrayOutput `pulumi:"hanas"` + // The key to use for signing plugin workload identity tokens + IdentityTokenKey pulumi.StringPtrOutput `pulumi:"identityTokenKey"` // A nested block containing configuration options for InfluxDB connections.\ // *See Configuration Options for more info* Influxdbs SecretsMountInfluxdbArrayOutput `pulumi:"influxdbs"` + // Specifies whether to show this mount in the UI-specific listing endpoint + ListingVisibility pulumi.StringPtrOutput `pulumi:"listingVisibility"` // Boolean flag that can be explicitly set to true to enforce local mount in HA environment Local pulumi.BoolPtrOutput `pulumi:"local"` // Maximum possible lease duration for tokens and secrets in seconds @@ -165,8 +173,12 @@ type SecretsMount struct { // A nested block containing configuration options for Oracle connections.\ // *See Configuration Options for more info* Oracles SecretsMountOracleArrayOutput `pulumi:"oracles"` + // List of headers to allow and pass from the request to the plugin + PassthroughRequestHeaders pulumi.StringArrayOutput `pulumi:"passthroughRequestHeaders"` // Where the secret backend will be mounted Path pulumi.StringOutput `pulumi:"path"` + // Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + PluginVersion pulumi.StringPtrOutput `pulumi:"pluginVersion"` // A nested block containing configuration options for PostgreSQL connections.\ // *See Configuration Options for more info* Postgresqls SecretsMountPostgresqlArrayOutput `pulumi:"postgresqls"` @@ -225,6 +237,8 @@ type secretsMountState struct { // // The following arguments are common to all database engines: AllowedManagedKeys []string `pulumi:"allowedManagedKeys"` + // List of headers to allow and pass from the request to the plugin + AllowedResponseHeaders []string `pulumi:"allowedResponseHeaders"` // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys []string `pulumi:"auditNonHmacRequestKeys"` // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. @@ -237,6 +251,8 @@ type secretsMountState struct { Couchbases []SecretsMountCouchbase `pulumi:"couchbases"` // Default lease duration for tokens and secrets in seconds DefaultLeaseTtlSeconds *int `pulumi:"defaultLeaseTtlSeconds"` + // List of headers to allow and pass from the request to the plugin + DelegatedAuthAccessors []string `pulumi:"delegatedAuthAccessors"` // Human-friendly description of the mount Description *string `pulumi:"description"` // A nested block containing configuration options for Elasticsearch connections.\ @@ -249,9 +265,13 @@ type secretsMountState struct { // A nested block containing configuration options for SAP HanaDB connections.\ // *See Configuration Options for more info* Hanas []SecretsMountHana `pulumi:"hanas"` + // The key to use for signing plugin workload identity tokens + IdentityTokenKey *string `pulumi:"identityTokenKey"` // A nested block containing configuration options for InfluxDB connections.\ // *See Configuration Options for more info* Influxdbs []SecretsMountInfluxdb `pulumi:"influxdbs"` + // Specifies whether to show this mount in the UI-specific listing endpoint + ListingVisibility *string `pulumi:"listingVisibility"` // Boolean flag that can be explicitly set to true to enforce local mount in HA environment Local *bool `pulumi:"local"` // Maximum possible lease duration for tokens and secrets in seconds @@ -284,8 +304,12 @@ type secretsMountState struct { // A nested block containing configuration options for Oracle connections.\ // *See Configuration Options for more info* Oracles []SecretsMountOracle `pulumi:"oracles"` + // List of headers to allow and pass from the request to the plugin + PassthroughRequestHeaders []string `pulumi:"passthroughRequestHeaders"` // Where the secret backend will be mounted Path *string `pulumi:"path"` + // Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + PluginVersion *string `pulumi:"pluginVersion"` // A nested block containing configuration options for PostgreSQL connections.\ // *See Configuration Options for more info* Postgresqls []SecretsMountPostgresql `pulumi:"postgresqls"` @@ -312,6 +336,8 @@ type SecretsMountState struct { // // The following arguments are common to all database engines: AllowedManagedKeys pulumi.StringArrayInput + // List of headers to allow and pass from the request to the plugin + AllowedResponseHeaders pulumi.StringArrayInput // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys pulumi.StringArrayInput // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. @@ -324,6 +350,8 @@ type SecretsMountState struct { Couchbases SecretsMountCouchbaseArrayInput // Default lease duration for tokens and secrets in seconds DefaultLeaseTtlSeconds pulumi.IntPtrInput + // List of headers to allow and pass from the request to the plugin + DelegatedAuthAccessors pulumi.StringArrayInput // Human-friendly description of the mount Description pulumi.StringPtrInput // A nested block containing configuration options for Elasticsearch connections.\ @@ -336,9 +364,13 @@ type SecretsMountState struct { // A nested block containing configuration options for SAP HanaDB connections.\ // *See Configuration Options for more info* Hanas SecretsMountHanaArrayInput + // The key to use for signing plugin workload identity tokens + IdentityTokenKey pulumi.StringPtrInput // A nested block containing configuration options for InfluxDB connections.\ // *See Configuration Options for more info* Influxdbs SecretsMountInfluxdbArrayInput + // Specifies whether to show this mount in the UI-specific listing endpoint + ListingVisibility pulumi.StringPtrInput // Boolean flag that can be explicitly set to true to enforce local mount in HA environment Local pulumi.BoolPtrInput // Maximum possible lease duration for tokens and secrets in seconds @@ -371,8 +403,12 @@ type SecretsMountState struct { // A nested block containing configuration options for Oracle connections.\ // *See Configuration Options for more info* Oracles SecretsMountOracleArrayInput + // List of headers to allow and pass from the request to the plugin + PassthroughRequestHeaders pulumi.StringArrayInput // Where the secret backend will be mounted Path pulumi.StringPtrInput + // Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + PluginVersion pulumi.StringPtrInput // A nested block containing configuration options for PostgreSQL connections.\ // *See Configuration Options for more info* Postgresqls SecretsMountPostgresqlArrayInput @@ -401,6 +437,8 @@ type secretsMountArgs struct { // // The following arguments are common to all database engines: AllowedManagedKeys []string `pulumi:"allowedManagedKeys"` + // List of headers to allow and pass from the request to the plugin + AllowedResponseHeaders []string `pulumi:"allowedResponseHeaders"` // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys []string `pulumi:"auditNonHmacRequestKeys"` // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. @@ -413,6 +451,8 @@ type secretsMountArgs struct { Couchbases []SecretsMountCouchbase `pulumi:"couchbases"` // Default lease duration for tokens and secrets in seconds DefaultLeaseTtlSeconds *int `pulumi:"defaultLeaseTtlSeconds"` + // List of headers to allow and pass from the request to the plugin + DelegatedAuthAccessors []string `pulumi:"delegatedAuthAccessors"` // Human-friendly description of the mount Description *string `pulumi:"description"` // A nested block containing configuration options for Elasticsearch connections.\ @@ -423,9 +463,13 @@ type secretsMountArgs struct { // A nested block containing configuration options for SAP HanaDB connections.\ // *See Configuration Options for more info* Hanas []SecretsMountHana `pulumi:"hanas"` + // The key to use for signing plugin workload identity tokens + IdentityTokenKey *string `pulumi:"identityTokenKey"` // A nested block containing configuration options for InfluxDB connections.\ // *See Configuration Options for more info* Influxdbs []SecretsMountInfluxdb `pulumi:"influxdbs"` + // Specifies whether to show this mount in the UI-specific listing endpoint + ListingVisibility *string `pulumi:"listingVisibility"` // Boolean flag that can be explicitly set to true to enforce local mount in HA environment Local *bool `pulumi:"local"` // Maximum possible lease duration for tokens and secrets in seconds @@ -458,8 +502,12 @@ type secretsMountArgs struct { // A nested block containing configuration options for Oracle connections.\ // *See Configuration Options for more info* Oracles []SecretsMountOracle `pulumi:"oracles"` + // List of headers to allow and pass from the request to the plugin + PassthroughRequestHeaders []string `pulumi:"passthroughRequestHeaders"` // Where the secret backend will be mounted Path string `pulumi:"path"` + // Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + PluginVersion *string `pulumi:"pluginVersion"` // A nested block containing configuration options for PostgreSQL connections.\ // *See Configuration Options for more info* Postgresqls []SecretsMountPostgresql `pulumi:"postgresqls"` @@ -485,6 +533,8 @@ type SecretsMountArgs struct { // // The following arguments are common to all database engines: AllowedManagedKeys pulumi.StringArrayInput + // List of headers to allow and pass from the request to the plugin + AllowedResponseHeaders pulumi.StringArrayInput // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys pulumi.StringArrayInput // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. @@ -497,6 +547,8 @@ type SecretsMountArgs struct { Couchbases SecretsMountCouchbaseArrayInput // Default lease duration for tokens and secrets in seconds DefaultLeaseTtlSeconds pulumi.IntPtrInput + // List of headers to allow and pass from the request to the plugin + DelegatedAuthAccessors pulumi.StringArrayInput // Human-friendly description of the mount Description pulumi.StringPtrInput // A nested block containing configuration options for Elasticsearch connections.\ @@ -507,9 +559,13 @@ type SecretsMountArgs struct { // A nested block containing configuration options for SAP HanaDB connections.\ // *See Configuration Options for more info* Hanas SecretsMountHanaArrayInput + // The key to use for signing plugin workload identity tokens + IdentityTokenKey pulumi.StringPtrInput // A nested block containing configuration options for InfluxDB connections.\ // *See Configuration Options for more info* Influxdbs SecretsMountInfluxdbArrayInput + // Specifies whether to show this mount in the UI-specific listing endpoint + ListingVisibility pulumi.StringPtrInput // Boolean flag that can be explicitly set to true to enforce local mount in HA environment Local pulumi.BoolPtrInput // Maximum possible lease duration for tokens and secrets in seconds @@ -542,8 +598,12 @@ type SecretsMountArgs struct { // A nested block containing configuration options for Oracle connections.\ // *See Configuration Options for more info* Oracles SecretsMountOracleArrayInput + // List of headers to allow and pass from the request to the plugin + PassthroughRequestHeaders pulumi.StringArrayInput // Where the secret backend will be mounted Path pulumi.StringInput + // Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + PluginVersion pulumi.StringPtrInput // A nested block containing configuration options for PostgreSQL connections.\ // *See Configuration Options for more info* Postgresqls SecretsMountPostgresqlArrayInput @@ -662,6 +722,11 @@ func (o SecretsMountOutput) AllowedManagedKeys() pulumi.StringArrayOutput { return o.ApplyT(func(v *SecretsMount) pulumi.StringArrayOutput { return v.AllowedManagedKeys }).(pulumi.StringArrayOutput) } +// List of headers to allow and pass from the request to the plugin +func (o SecretsMountOutput) AllowedResponseHeaders() pulumi.StringArrayOutput { + return o.ApplyT(func(v *SecretsMount) pulumi.StringArrayOutput { return v.AllowedResponseHeaders }).(pulumi.StringArrayOutput) +} + // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. func (o SecretsMountOutput) AuditNonHmacRequestKeys() pulumi.StringArrayOutput { return o.ApplyT(func(v *SecretsMount) pulumi.StringArrayOutput { return v.AuditNonHmacRequestKeys }).(pulumi.StringArrayOutput) @@ -689,6 +754,11 @@ func (o SecretsMountOutput) DefaultLeaseTtlSeconds() pulumi.IntOutput { return o.ApplyT(func(v *SecretsMount) pulumi.IntOutput { return v.DefaultLeaseTtlSeconds }).(pulumi.IntOutput) } +// List of headers to allow and pass from the request to the plugin +func (o SecretsMountOutput) DelegatedAuthAccessors() pulumi.StringArrayOutput { + return o.ApplyT(func(v *SecretsMount) pulumi.StringArrayOutput { return v.DelegatedAuthAccessors }).(pulumi.StringArrayOutput) +} + // Human-friendly description of the mount func (o SecretsMountOutput) Description() pulumi.StringPtrOutput { return o.ApplyT(func(v *SecretsMount) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) @@ -716,12 +786,22 @@ func (o SecretsMountOutput) Hanas() SecretsMountHanaArrayOutput { return o.ApplyT(func(v *SecretsMount) SecretsMountHanaArrayOutput { return v.Hanas }).(SecretsMountHanaArrayOutput) } +// The key to use for signing plugin workload identity tokens +func (o SecretsMountOutput) IdentityTokenKey() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SecretsMount) pulumi.StringPtrOutput { return v.IdentityTokenKey }).(pulumi.StringPtrOutput) +} + // A nested block containing configuration options for InfluxDB connections.\ // *See Configuration Options for more info* func (o SecretsMountOutput) Influxdbs() SecretsMountInfluxdbArrayOutput { return o.ApplyT(func(v *SecretsMount) SecretsMountInfluxdbArrayOutput { return v.Influxdbs }).(SecretsMountInfluxdbArrayOutput) } +// Specifies whether to show this mount in the UI-specific listing endpoint +func (o SecretsMountOutput) ListingVisibility() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SecretsMount) pulumi.StringPtrOutput { return v.ListingVisibility }).(pulumi.StringPtrOutput) +} + // Boolean flag that can be explicitly set to true to enforce local mount in HA environment func (o SecretsMountOutput) Local() pulumi.BoolPtrOutput { return o.ApplyT(func(v *SecretsMount) pulumi.BoolPtrOutput { return v.Local }).(pulumi.BoolPtrOutput) @@ -790,11 +870,21 @@ func (o SecretsMountOutput) Oracles() SecretsMountOracleArrayOutput { return o.ApplyT(func(v *SecretsMount) SecretsMountOracleArrayOutput { return v.Oracles }).(SecretsMountOracleArrayOutput) } +// List of headers to allow and pass from the request to the plugin +func (o SecretsMountOutput) PassthroughRequestHeaders() pulumi.StringArrayOutput { + return o.ApplyT(func(v *SecretsMount) pulumi.StringArrayOutput { return v.PassthroughRequestHeaders }).(pulumi.StringArrayOutput) +} + // Where the secret backend will be mounted func (o SecretsMountOutput) Path() pulumi.StringOutput { return o.ApplyT(func(v *SecretsMount) pulumi.StringOutput { return v.Path }).(pulumi.StringOutput) } +// Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' +func (o SecretsMountOutput) PluginVersion() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SecretsMount) pulumi.StringPtrOutput { return v.PluginVersion }).(pulumi.StringPtrOutput) +} + // A nested block containing configuration options for PostgreSQL connections.\ // *See Configuration Options for more info* func (o SecretsMountOutput) Postgresqls() SecretsMountPostgresqlArrayOutput { diff --git a/sdk/go/vault/gcp/authBackend.go b/sdk/go/vault/gcp/authBackend.go index 8b7b0ff76..37b60b3d8 100644 --- a/sdk/go/vault/gcp/authBackend.go +++ b/sdk/go/vault/gcp/authBackend.go @@ -13,6 +13,36 @@ import ( // Provides a resource to configure the [GCP auth backend within Vault](https://www.vaultproject.io/docs/auth/gcp.html). // +// ## Example Usage +// +// You can setup the GCP auth backend with Workload Identity Federation (WIF) for a secret-less configuration: +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/gcp" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gcp.NewAuthBackend(ctx, "gcp", &gcp.AuthBackendArgs{ +// IdentityTokenKey: pulumi.String("example-key"), +// IdentityTokenTtl: pulumi.Int(1800), +// IdentityTokenAudience: pulumi.String(""), +// ServiceAccountEmail: pulumi.String(""), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// // ## Import // // GCP authentication backends can be imported using the backend name, e.g. @@ -44,6 +74,15 @@ type AuthBackend struct { // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount pulumi.BoolPtrOutput `pulumi:"disableRemount"` + // The audience claim value for plugin identity + // tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare). + // Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + IdentityTokenAudience pulumi.StringPtrOutput `pulumi:"identityTokenAudience"` + // The key to use for signing plugin identity + // tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*. + IdentityTokenKey pulumi.StringPtrOutput `pulumi:"identityTokenKey"` + // The TTL of generated tokens. + IdentityTokenTtl pulumi.IntPtrOutput `pulumi:"identityTokenTtl"` // Specifies if the auth method is local only. Local pulumi.BoolPtrOutput `pulumi:"local"` // The namespace to provision the resource in. @@ -57,6 +96,9 @@ type AuthBackend struct { PrivateKeyId pulumi.StringOutput `pulumi:"privateKeyId"` // The GCP Project ID ProjectId pulumi.StringOutput `pulumi:"projectId"` + // Service Account to impersonate for plugin workload identity federation. + // Required with `identityTokenAudience`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + ServiceAccountEmail pulumi.StringPtrOutput `pulumi:"serviceAccountEmail"` // Extra configuration block. Structure is documented below. // // The `tune` block is used to tune the auth backend: @@ -121,6 +163,15 @@ type authBackendState struct { // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount *bool `pulumi:"disableRemount"` + // The audience claim value for plugin identity + // tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare). + // Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + IdentityTokenAudience *string `pulumi:"identityTokenAudience"` + // The key to use for signing plugin identity + // tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*. + IdentityTokenKey *string `pulumi:"identityTokenKey"` + // The TTL of generated tokens. + IdentityTokenTtl *int `pulumi:"identityTokenTtl"` // Specifies if the auth method is local only. Local *bool `pulumi:"local"` // The namespace to provision the resource in. @@ -134,6 +185,9 @@ type authBackendState struct { PrivateKeyId *string `pulumi:"privateKeyId"` // The GCP Project ID ProjectId *string `pulumi:"projectId"` + // Service Account to impersonate for plugin workload identity federation. + // Required with `identityTokenAudience`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + ServiceAccountEmail *string `pulumi:"serviceAccountEmail"` // Extra configuration block. Structure is documented below. // // The `tune` block is used to tune the auth backend: @@ -162,6 +216,15 @@ type AuthBackendState struct { // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount pulumi.BoolPtrInput + // The audience claim value for plugin identity + // tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare). + // Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + IdentityTokenAudience pulumi.StringPtrInput + // The key to use for signing plugin identity + // tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*. + IdentityTokenKey pulumi.StringPtrInput + // The TTL of generated tokens. + IdentityTokenTtl pulumi.IntPtrInput // Specifies if the auth method is local only. Local pulumi.BoolPtrInput // The namespace to provision the resource in. @@ -175,6 +238,9 @@ type AuthBackendState struct { PrivateKeyId pulumi.StringPtrInput // The GCP Project ID ProjectId pulumi.StringPtrInput + // Service Account to impersonate for plugin workload identity federation. + // Required with `identityTokenAudience`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + ServiceAccountEmail pulumi.StringPtrInput // Extra configuration block. Structure is documented below. // // The `tune` block is used to tune the auth backend: @@ -205,6 +271,15 @@ type authBackendArgs struct { // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount *bool `pulumi:"disableRemount"` + // The audience claim value for plugin identity + // tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare). + // Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + IdentityTokenAudience *string `pulumi:"identityTokenAudience"` + // The key to use for signing plugin identity + // tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*. + IdentityTokenKey *string `pulumi:"identityTokenKey"` + // The TTL of generated tokens. + IdentityTokenTtl *int `pulumi:"identityTokenTtl"` // Specifies if the auth method is local only. Local *bool `pulumi:"local"` // The namespace to provision the resource in. @@ -218,6 +293,9 @@ type authBackendArgs struct { PrivateKeyId *string `pulumi:"privateKeyId"` // The GCP Project ID ProjectId *string `pulumi:"projectId"` + // Service Account to impersonate for plugin workload identity federation. + // Required with `identityTokenAudience`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + ServiceAccountEmail *string `pulumi:"serviceAccountEmail"` // Extra configuration block. Structure is documented below. // // The `tune` block is used to tune the auth backend: @@ -245,6 +323,15 @@ type AuthBackendArgs struct { // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount pulumi.BoolPtrInput + // The audience claim value for plugin identity + // tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare). + // Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + IdentityTokenAudience pulumi.StringPtrInput + // The key to use for signing plugin identity + // tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*. + IdentityTokenKey pulumi.StringPtrInput + // The TTL of generated tokens. + IdentityTokenTtl pulumi.IntPtrInput // Specifies if the auth method is local only. Local pulumi.BoolPtrInput // The namespace to provision the resource in. @@ -258,6 +345,9 @@ type AuthBackendArgs struct { PrivateKeyId pulumi.StringPtrInput // The GCP Project ID ProjectId pulumi.StringPtrInput + // Service Account to impersonate for plugin workload identity federation. + // Required with `identityTokenAudience`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + ServiceAccountEmail pulumi.StringPtrInput // Extra configuration block. Structure is documented below. // // The `tune` block is used to tune the auth backend: @@ -393,6 +483,24 @@ func (o AuthBackendOutput) DisableRemount() pulumi.BoolPtrOutput { return o.ApplyT(func(v *AuthBackend) pulumi.BoolPtrOutput { return v.DisableRemount }).(pulumi.BoolPtrOutput) } +// The audience claim value for plugin identity +// tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare). +// Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*. +func (o AuthBackendOutput) IdentityTokenAudience() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthBackend) pulumi.StringPtrOutput { return v.IdentityTokenAudience }).(pulumi.StringPtrOutput) +} + +// The key to use for signing plugin identity +// tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*. +func (o AuthBackendOutput) IdentityTokenKey() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthBackend) pulumi.StringPtrOutput { return v.IdentityTokenKey }).(pulumi.StringPtrOutput) +} + +// The TTL of generated tokens. +func (o AuthBackendOutput) IdentityTokenTtl() pulumi.IntPtrOutput { + return o.ApplyT(func(v *AuthBackend) pulumi.IntPtrOutput { return v.IdentityTokenTtl }).(pulumi.IntPtrOutput) +} + // Specifies if the auth method is local only. func (o AuthBackendOutput) Local() pulumi.BoolPtrOutput { return o.ApplyT(func(v *AuthBackend) pulumi.BoolPtrOutput { return v.Local }).(pulumi.BoolPtrOutput) @@ -421,6 +529,12 @@ func (o AuthBackendOutput) ProjectId() pulumi.StringOutput { return o.ApplyT(func(v *AuthBackend) pulumi.StringOutput { return v.ProjectId }).(pulumi.StringOutput) } +// Service Account to impersonate for plugin workload identity federation. +// Required with `identityTokenAudience`. Requires Vault 1.17+. *Available only for Vault Enterprise*. +func (o AuthBackendOutput) ServiceAccountEmail() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthBackend) pulumi.StringPtrOutput { return v.ServiceAccountEmail }).(pulumi.StringPtrOutput) +} + // Extra configuration block. Structure is documented below. // // The `tune` block is used to tune the auth backend: diff --git a/sdk/go/vault/gcp/secretBackend.go b/sdk/go/vault/gcp/secretBackend.go index 999c42012..5d277de2b 100644 --- a/sdk/go/vault/gcp/secretBackend.go +++ b/sdk/go/vault/gcp/secretBackend.go @@ -13,6 +13,34 @@ import ( // ## Example Usage // +// You can setup the GCP secret backend with Workload Identity Federation (WIF) for a secret-less configuration: +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/gcp" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gcp.NewSecretBackend(ctx, "gcp", &gcp.SecretBackendArgs{ +// IdentityTokenKey: pulumi.String("example-key"), +// IdentityTokenTtl: pulumi.Int(1800), +// IdentityTokenAudience: pulumi.String(""), +// ServiceAccountEmail: pulumi.String(""), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// // ```go // package main // @@ -46,6 +74,8 @@ import ( type SecretBackend struct { pulumi.CustomResourceState + // The accessor of the created GCP mount. + Accessor pulumi.StringOutput `pulumi:"accessor"` // JSON-encoded credentials to use to connect to GCP Credentials pulumi.StringPtrOutput `pulumi:"credentials"` // The default TTL for credentials @@ -56,6 +86,15 @@ type SecretBackend struct { // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount pulumi.BoolPtrOutput `pulumi:"disableRemount"` + // The audience claim value for plugin identity + // tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare). + // Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + IdentityTokenAudience pulumi.StringPtrOutput `pulumi:"identityTokenAudience"` + // The key to use for signing plugin identity + // tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*. + IdentityTokenKey pulumi.StringPtrOutput `pulumi:"identityTokenKey"` + // The TTL of generated tokens. + IdentityTokenTtl pulumi.IntPtrOutput `pulumi:"identityTokenTtl"` // Boolean flag that can be explicitly set to true to enforce local mount in HA environment Local pulumi.BoolPtrOutput `pulumi:"local"` // The maximum TTL that can be requested @@ -69,6 +108,9 @@ type SecretBackend struct { // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `gcp`. Path pulumi.StringPtrOutput `pulumi:"path"` + // Service Account to impersonate for plugin workload identity federation. + // Required with `identityTokenAudience`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + ServiceAccountEmail pulumi.StringPtrOutput `pulumi:"serviceAccountEmail"` } // NewSecretBackend registers a new resource with the given unique name, arguments, and options. @@ -108,6 +150,8 @@ func GetSecretBackend(ctx *pulumi.Context, // Input properties used for looking up and filtering SecretBackend resources. type secretBackendState struct { + // The accessor of the created GCP mount. + Accessor *string `pulumi:"accessor"` // JSON-encoded credentials to use to connect to GCP Credentials *string `pulumi:"credentials"` // The default TTL for credentials @@ -118,6 +162,15 @@ type secretBackendState struct { // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount *bool `pulumi:"disableRemount"` + // The audience claim value for plugin identity + // tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare). + // Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + IdentityTokenAudience *string `pulumi:"identityTokenAudience"` + // The key to use for signing plugin identity + // tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*. + IdentityTokenKey *string `pulumi:"identityTokenKey"` + // The TTL of generated tokens. + IdentityTokenTtl *int `pulumi:"identityTokenTtl"` // Boolean flag that can be explicitly set to true to enforce local mount in HA environment Local *bool `pulumi:"local"` // The maximum TTL that can be requested @@ -131,9 +184,14 @@ type secretBackendState struct { // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `gcp`. Path *string `pulumi:"path"` + // Service Account to impersonate for plugin workload identity federation. + // Required with `identityTokenAudience`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + ServiceAccountEmail *string `pulumi:"serviceAccountEmail"` } type SecretBackendState struct { + // The accessor of the created GCP mount. + Accessor pulumi.StringPtrInput // JSON-encoded credentials to use to connect to GCP Credentials pulumi.StringPtrInput // The default TTL for credentials @@ -144,6 +202,15 @@ type SecretBackendState struct { // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount pulumi.BoolPtrInput + // The audience claim value for plugin identity + // tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare). + // Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + IdentityTokenAudience pulumi.StringPtrInput + // The key to use for signing plugin identity + // tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*. + IdentityTokenKey pulumi.StringPtrInput + // The TTL of generated tokens. + IdentityTokenTtl pulumi.IntPtrInput // Boolean flag that can be explicitly set to true to enforce local mount in HA environment Local pulumi.BoolPtrInput // The maximum TTL that can be requested @@ -157,6 +224,9 @@ type SecretBackendState struct { // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `gcp`. Path pulumi.StringPtrInput + // Service Account to impersonate for plugin workload identity federation. + // Required with `identityTokenAudience`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + ServiceAccountEmail pulumi.StringPtrInput } func (SecretBackendState) ElementType() reflect.Type { @@ -174,6 +244,15 @@ type secretBackendArgs struct { // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount *bool `pulumi:"disableRemount"` + // The audience claim value for plugin identity + // tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare). + // Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + IdentityTokenAudience *string `pulumi:"identityTokenAudience"` + // The key to use for signing plugin identity + // tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*. + IdentityTokenKey *string `pulumi:"identityTokenKey"` + // The TTL of generated tokens. + IdentityTokenTtl *int `pulumi:"identityTokenTtl"` // Boolean flag that can be explicitly set to true to enforce local mount in HA environment Local *bool `pulumi:"local"` // The maximum TTL that can be requested @@ -187,6 +266,9 @@ type secretBackendArgs struct { // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `gcp`. Path *string `pulumi:"path"` + // Service Account to impersonate for plugin workload identity federation. + // Required with `identityTokenAudience`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + ServiceAccountEmail *string `pulumi:"serviceAccountEmail"` } // The set of arguments for constructing a SecretBackend resource. @@ -201,6 +283,15 @@ type SecretBackendArgs struct { // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount pulumi.BoolPtrInput + // The audience claim value for plugin identity + // tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare). + // Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + IdentityTokenAudience pulumi.StringPtrInput + // The key to use for signing plugin identity + // tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*. + IdentityTokenKey pulumi.StringPtrInput + // The TTL of generated tokens. + IdentityTokenTtl pulumi.IntPtrInput // Boolean flag that can be explicitly set to true to enforce local mount in HA environment Local pulumi.BoolPtrInput // The maximum TTL that can be requested @@ -214,6 +305,9 @@ type SecretBackendArgs struct { // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `gcp`. Path pulumi.StringPtrInput + // Service Account to impersonate for plugin workload identity federation. + // Required with `identityTokenAudience`. Requires Vault 1.17+. *Available only for Vault Enterprise*. + ServiceAccountEmail pulumi.StringPtrInput } func (SecretBackendArgs) ElementType() reflect.Type { @@ -303,6 +397,11 @@ func (o SecretBackendOutput) ToSecretBackendOutputWithContext(ctx context.Contex return o } +// The accessor of the created GCP mount. +func (o SecretBackendOutput) Accessor() pulumi.StringOutput { + return o.ApplyT(func(v *SecretBackend) pulumi.StringOutput { return v.Accessor }).(pulumi.StringOutput) +} + // JSON-encoded credentials to use to connect to GCP func (o SecretBackendOutput) Credentials() pulumi.StringPtrOutput { return o.ApplyT(func(v *SecretBackend) pulumi.StringPtrOutput { return v.Credentials }).(pulumi.StringPtrOutput) @@ -325,6 +424,24 @@ func (o SecretBackendOutput) DisableRemount() pulumi.BoolPtrOutput { return o.ApplyT(func(v *SecretBackend) pulumi.BoolPtrOutput { return v.DisableRemount }).(pulumi.BoolPtrOutput) } +// The audience claim value for plugin identity +// tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare). +// Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*. +func (o SecretBackendOutput) IdentityTokenAudience() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SecretBackend) pulumi.StringPtrOutput { return v.IdentityTokenAudience }).(pulumi.StringPtrOutput) +} + +// The key to use for signing plugin identity +// tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*. +func (o SecretBackendOutput) IdentityTokenKey() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SecretBackend) pulumi.StringPtrOutput { return v.IdentityTokenKey }).(pulumi.StringPtrOutput) +} + +// The TTL of generated tokens. +func (o SecretBackendOutput) IdentityTokenTtl() pulumi.IntPtrOutput { + return o.ApplyT(func(v *SecretBackend) pulumi.IntPtrOutput { return v.IdentityTokenTtl }).(pulumi.IntPtrOutput) +} + // Boolean flag that can be explicitly set to true to enforce local mount in HA environment func (o SecretBackendOutput) Local() pulumi.BoolPtrOutput { return o.ApplyT(func(v *SecretBackend) pulumi.BoolPtrOutput { return v.Local }).(pulumi.BoolPtrOutput) @@ -350,6 +467,12 @@ func (o SecretBackendOutput) Path() pulumi.StringPtrOutput { return o.ApplyT(func(v *SecretBackend) pulumi.StringPtrOutput { return v.Path }).(pulumi.StringPtrOutput) } +// Service Account to impersonate for plugin workload identity federation. +// Required with `identityTokenAudience`. Requires Vault 1.17+. *Available only for Vault Enterprise*. +func (o SecretBackendOutput) ServiceAccountEmail() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SecretBackend) pulumi.StringPtrOutput { return v.ServiceAccountEmail }).(pulumi.StringPtrOutput) +} + type SecretBackendArrayOutput struct{ *pulumi.OutputState } func (SecretBackendArrayOutput) ElementType() reflect.Type { diff --git a/sdk/go/vault/init.go b/sdk/go/vault/init.go index 232ba158b..25cb815bc 100644 --- a/sdk/go/vault/init.go +++ b/sdk/go/vault/init.go @@ -49,6 +49,10 @@ func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi r = &NomadSecretRole{} case "vault:index/passwordPolicy:PasswordPolicy": r = &PasswordPolicy{} + case "vault:index/plugin:Plugin": + r = &Plugin{} + case "vault:index/pluginPinnedVersion:PluginPinnedVersion": + r = &PluginPinnedVersion{} case "vault:index/policy:Policy": r = &Policy{} case "vault:index/quotaLeaseCount:QuotaLeaseCount": @@ -164,6 +168,16 @@ func init() { "index/passwordPolicy", &module{version}, ) + pulumi.RegisterResourceModule( + "vault", + "index/plugin", + &module{version}, + ) + pulumi.RegisterResourceModule( + "vault", + "index/pluginPinnedVersion", + &module{version}, + ) pulumi.RegisterResourceModule( "vault", "index/policy", diff --git a/sdk/go/vault/jwt/authBackendRole.go b/sdk/go/vault/jwt/authBackendRole.go index 5f48e79b0..b9063ebc1 100644 --- a/sdk/go/vault/jwt/authBackendRole.go +++ b/sdk/go/vault/jwt/authBackendRole.go @@ -124,9 +124,8 @@ type AuthBackendRole struct { // The unique name of the auth backend to configure. // Defaults to `jwt`. Backend pulumi.StringPtrOutput `pulumi:"backend"` - // (For "jwt" roles, at least one of `boundAudiences`, `boundSubject`, `boundClaims` - // or `tokenBoundCidrs` is required. Optional for "oidc" roles.) List of `aud` claims to match against. - // Any match is sufficient. + // (Required for roles of type `jwt`, optional for roles of + // type `oidc`) List of `aud` claims to match against. Any match is sufficient. BoundAudiences pulumi.StringArrayOutput `pulumi:"boundAudiences"` // If set, a map of claims to values to match against. // A claim's value must be a string, which may contain one value or multiple @@ -149,7 +148,7 @@ type AuthBackendRole struct { // Disable bound claim value parsing. Useful when values contain commas. DisableBoundClaimsParsing pulumi.BoolPtrOutput `pulumi:"disableBoundClaimsParsing"` // The amount of leeway to add to expiration (`exp`) claims to account for - // clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`. + // clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`. // Only applicable with "jwt" roles. ExpirationLeeway pulumi.IntPtrOutput `pulumi:"expirationLeeway"` // The claim to use to uniquely identify @@ -166,7 +165,7 @@ type AuthBackendRole struct { // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // The amount of leeway to add to not before (`nbf`) claims to account for - // clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`. + // clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`. // Only applicable with "jwt" roles. NotBeforeLeeway pulumi.IntPtrOutput `pulumi:"notBeforeLeeway"` // If set, a list of OIDC scopes to be used with an OIDC role. @@ -251,9 +250,8 @@ type authBackendRoleState struct { // The unique name of the auth backend to configure. // Defaults to `jwt`. Backend *string `pulumi:"backend"` - // (For "jwt" roles, at least one of `boundAudiences`, `boundSubject`, `boundClaims` - // or `tokenBoundCidrs` is required. Optional for "oidc" roles.) List of `aud` claims to match against. - // Any match is sufficient. + // (Required for roles of type `jwt`, optional for roles of + // type `oidc`) List of `aud` claims to match against. Any match is sufficient. BoundAudiences []string `pulumi:"boundAudiences"` // If set, a map of claims to values to match against. // A claim's value must be a string, which may contain one value or multiple @@ -276,7 +274,7 @@ type authBackendRoleState struct { // Disable bound claim value parsing. Useful when values contain commas. DisableBoundClaimsParsing *bool `pulumi:"disableBoundClaimsParsing"` // The amount of leeway to add to expiration (`exp`) claims to account for - // clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`. + // clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`. // Only applicable with "jwt" roles. ExpirationLeeway *int `pulumi:"expirationLeeway"` // The claim to use to uniquely identify @@ -293,7 +291,7 @@ type authBackendRoleState struct { // *Available only for Vault Enterprise*. Namespace *string `pulumi:"namespace"` // The amount of leeway to add to not before (`nbf`) claims to account for - // clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`. + // clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`. // Only applicable with "jwt" roles. NotBeforeLeeway *int `pulumi:"notBeforeLeeway"` // If set, a list of OIDC scopes to be used with an OIDC role. @@ -343,9 +341,8 @@ type AuthBackendRoleState struct { // The unique name of the auth backend to configure. // Defaults to `jwt`. Backend pulumi.StringPtrInput - // (For "jwt" roles, at least one of `boundAudiences`, `boundSubject`, `boundClaims` - // or `tokenBoundCidrs` is required. Optional for "oidc" roles.) List of `aud` claims to match against. - // Any match is sufficient. + // (Required for roles of type `jwt`, optional for roles of + // type `oidc`) List of `aud` claims to match against. Any match is sufficient. BoundAudiences pulumi.StringArrayInput // If set, a map of claims to values to match against. // A claim's value must be a string, which may contain one value or multiple @@ -368,7 +365,7 @@ type AuthBackendRoleState struct { // Disable bound claim value parsing. Useful when values contain commas. DisableBoundClaimsParsing pulumi.BoolPtrInput // The amount of leeway to add to expiration (`exp`) claims to account for - // clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`. + // clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`. // Only applicable with "jwt" roles. ExpirationLeeway pulumi.IntPtrInput // The claim to use to uniquely identify @@ -385,7 +382,7 @@ type AuthBackendRoleState struct { // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // The amount of leeway to add to not before (`nbf`) claims to account for - // clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`. + // clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`. // Only applicable with "jwt" roles. NotBeforeLeeway pulumi.IntPtrInput // If set, a list of OIDC scopes to be used with an OIDC role. @@ -439,9 +436,8 @@ type authBackendRoleArgs struct { // The unique name of the auth backend to configure. // Defaults to `jwt`. Backend *string `pulumi:"backend"` - // (For "jwt" roles, at least one of `boundAudiences`, `boundSubject`, `boundClaims` - // or `tokenBoundCidrs` is required. Optional for "oidc" roles.) List of `aud` claims to match against. - // Any match is sufficient. + // (Required for roles of type `jwt`, optional for roles of + // type `oidc`) List of `aud` claims to match against. Any match is sufficient. BoundAudiences []string `pulumi:"boundAudiences"` // If set, a map of claims to values to match against. // A claim's value must be a string, which may contain one value or multiple @@ -464,7 +460,7 @@ type authBackendRoleArgs struct { // Disable bound claim value parsing. Useful when values contain commas. DisableBoundClaimsParsing *bool `pulumi:"disableBoundClaimsParsing"` // The amount of leeway to add to expiration (`exp`) claims to account for - // clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`. + // clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`. // Only applicable with "jwt" roles. ExpirationLeeway *int `pulumi:"expirationLeeway"` // The claim to use to uniquely identify @@ -481,7 +477,7 @@ type authBackendRoleArgs struct { // *Available only for Vault Enterprise*. Namespace *string `pulumi:"namespace"` // The amount of leeway to add to not before (`nbf`) claims to account for - // clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`. + // clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`. // Only applicable with "jwt" roles. NotBeforeLeeway *int `pulumi:"notBeforeLeeway"` // If set, a list of OIDC scopes to be used with an OIDC role. @@ -532,9 +528,8 @@ type AuthBackendRoleArgs struct { // The unique name of the auth backend to configure. // Defaults to `jwt`. Backend pulumi.StringPtrInput - // (For "jwt" roles, at least one of `boundAudiences`, `boundSubject`, `boundClaims` - // or `tokenBoundCidrs` is required. Optional for "oidc" roles.) List of `aud` claims to match against. - // Any match is sufficient. + // (Required for roles of type `jwt`, optional for roles of + // type `oidc`) List of `aud` claims to match against. Any match is sufficient. BoundAudiences pulumi.StringArrayInput // If set, a map of claims to values to match against. // A claim's value must be a string, which may contain one value or multiple @@ -557,7 +552,7 @@ type AuthBackendRoleArgs struct { // Disable bound claim value parsing. Useful when values contain commas. DisableBoundClaimsParsing pulumi.BoolPtrInput // The amount of leeway to add to expiration (`exp`) claims to account for - // clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`. + // clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`. // Only applicable with "jwt" roles. ExpirationLeeway pulumi.IntPtrInput // The claim to use to uniquely identify @@ -574,7 +569,7 @@ type AuthBackendRoleArgs struct { // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // The amount of leeway to add to not before (`nbf`) claims to account for - // clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`. + // clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`. // Only applicable with "jwt" roles. NotBeforeLeeway pulumi.IntPtrInput // If set, a list of OIDC scopes to be used with an OIDC role. @@ -716,9 +711,8 @@ func (o AuthBackendRoleOutput) Backend() pulumi.StringPtrOutput { return o.ApplyT(func(v *AuthBackendRole) pulumi.StringPtrOutput { return v.Backend }).(pulumi.StringPtrOutput) } -// (For "jwt" roles, at least one of `boundAudiences`, `boundSubject`, `boundClaims` -// or `tokenBoundCidrs` is required. Optional for "oidc" roles.) List of `aud` claims to match against. -// Any match is sufficient. +// (Required for roles of type `jwt`, optional for roles of +// type `oidc`) List of `aud` claims to match against. Any match is sufficient. func (o AuthBackendRoleOutput) BoundAudiences() pulumi.StringArrayOutput { return o.ApplyT(func(v *AuthBackendRole) pulumi.StringArrayOutput { return v.BoundAudiences }).(pulumi.StringArrayOutput) } @@ -762,7 +756,7 @@ func (o AuthBackendRoleOutput) DisableBoundClaimsParsing() pulumi.BoolPtrOutput } // The amount of leeway to add to expiration (`exp`) claims to account for -// clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`. +// clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`. // Only applicable with "jwt" roles. func (o AuthBackendRoleOutput) ExpirationLeeway() pulumi.IntPtrOutput { return o.ApplyT(func(v *AuthBackendRole) pulumi.IntPtrOutput { return v.ExpirationLeeway }).(pulumi.IntPtrOutput) @@ -791,7 +785,7 @@ func (o AuthBackendRoleOutput) Namespace() pulumi.StringPtrOutput { } // The amount of leeway to add to not before (`nbf`) claims to account for -// clock skew, in seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`. +// clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`. // Only applicable with "jwt" roles. func (o AuthBackendRoleOutput) NotBeforeLeeway() pulumi.IntPtrOutput { return o.ApplyT(func(v *AuthBackendRole) pulumi.IntPtrOutput { return v.NotBeforeLeeway }).(pulumi.IntPtrOutput) diff --git a/sdk/go/vault/kubernetes/secretBackend.go b/sdk/go/vault/kubernetes/secretBackend.go index e9967dbd1..b4020425d 100644 --- a/sdk/go/vault/kubernetes/secretBackend.go +++ b/sdk/go/vault/kubernetes/secretBackend.go @@ -72,12 +72,16 @@ type SecretBackend struct { Accessor pulumi.StringOutput `pulumi:"accessor"` // List of managed key registry entry names that the mount in question is allowed to access AllowedManagedKeys pulumi.StringArrayOutput `pulumi:"allowedManagedKeys"` + // List of headers to allow and pass from the request to the plugin + AllowedResponseHeaders pulumi.StringArrayOutput `pulumi:"allowedResponseHeaders"` // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys pulumi.StringArrayOutput `pulumi:"auditNonHmacRequestKeys"` // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. AuditNonHmacResponseKeys pulumi.StringArrayOutput `pulumi:"auditNonHmacResponseKeys"` // Default lease duration for tokens and secrets in seconds DefaultLeaseTtlSeconds pulumi.IntOutput `pulumi:"defaultLeaseTtlSeconds"` + // List of headers to allow and pass from the request to the plugin + DelegatedAuthAccessors pulumi.StringArrayOutput `pulumi:"delegatedAuthAccessors"` // Human-friendly description of the mount Description pulumi.StringPtrOutput `pulumi:"description"` // Disable defaulting to the local CA certificate and @@ -85,6 +89,8 @@ type SecretBackend struct { DisableLocalCaJwt pulumi.BoolPtrOutput `pulumi:"disableLocalCaJwt"` // Enable the secrets engine to access Vault's external entropy source ExternalEntropyAccess pulumi.BoolPtrOutput `pulumi:"externalEntropyAccess"` + // The key to use for signing plugin workload identity tokens + IdentityTokenKey pulumi.StringPtrOutput `pulumi:"identityTokenKey"` // A PEM-encoded CA certificate used by the // secrets engine to verify the Kubernetes API server certificate. Defaults to the local // pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where @@ -94,6 +100,8 @@ type SecretBackend struct { // standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT` // are not set on the host that Vault is running on. KubernetesHost pulumi.StringPtrOutput `pulumi:"kubernetesHost"` + // Specifies whether to show this mount in the UI-specific listing endpoint + ListingVisibility pulumi.StringPtrOutput `pulumi:"listingVisibility"` // Local mount flag that can be explicitly set to true to enforce local mount in HA environment Local pulumi.BoolPtrOutput `pulumi:"local"` // Maximum possible lease duration for tokens and secrets in seconds @@ -105,8 +113,12 @@ type SecretBackend struct { Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // Specifies mount type specific options that are passed to the backend Options pulumi.MapOutput `pulumi:"options"` + // List of headers to allow and pass from the request to the plugin + PassthroughRequestHeaders pulumi.StringArrayOutput `pulumi:"passthroughRequestHeaders"` // Where the secret backend will be mounted Path pulumi.StringOutput `pulumi:"path"` + // Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + PluginVersion pulumi.StringPtrOutput `pulumi:"pluginVersion"` // Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability SealWrap pulumi.BoolOutput `pulumi:"sealWrap"` // The JSON web token of the service account used by the @@ -159,12 +171,16 @@ type secretBackendState struct { Accessor *string `pulumi:"accessor"` // List of managed key registry entry names that the mount in question is allowed to access AllowedManagedKeys []string `pulumi:"allowedManagedKeys"` + // List of headers to allow and pass from the request to the plugin + AllowedResponseHeaders []string `pulumi:"allowedResponseHeaders"` // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys []string `pulumi:"auditNonHmacRequestKeys"` // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. AuditNonHmacResponseKeys []string `pulumi:"auditNonHmacResponseKeys"` // Default lease duration for tokens and secrets in seconds DefaultLeaseTtlSeconds *int `pulumi:"defaultLeaseTtlSeconds"` + // List of headers to allow and pass from the request to the plugin + DelegatedAuthAccessors []string `pulumi:"delegatedAuthAccessors"` // Human-friendly description of the mount Description *string `pulumi:"description"` // Disable defaulting to the local CA certificate and @@ -172,6 +188,8 @@ type secretBackendState struct { DisableLocalCaJwt *bool `pulumi:"disableLocalCaJwt"` // Enable the secrets engine to access Vault's external entropy source ExternalEntropyAccess *bool `pulumi:"externalEntropyAccess"` + // The key to use for signing plugin workload identity tokens + IdentityTokenKey *string `pulumi:"identityTokenKey"` // A PEM-encoded CA certificate used by the // secrets engine to verify the Kubernetes API server certificate. Defaults to the local // pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where @@ -181,6 +199,8 @@ type secretBackendState struct { // standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT` // are not set on the host that Vault is running on. KubernetesHost *string `pulumi:"kubernetesHost"` + // Specifies whether to show this mount in the UI-specific listing endpoint + ListingVisibility *string `pulumi:"listingVisibility"` // Local mount flag that can be explicitly set to true to enforce local mount in HA environment Local *bool `pulumi:"local"` // Maximum possible lease duration for tokens and secrets in seconds @@ -192,8 +212,12 @@ type secretBackendState struct { Namespace *string `pulumi:"namespace"` // Specifies mount type specific options that are passed to the backend Options map[string]interface{} `pulumi:"options"` + // List of headers to allow and pass from the request to the plugin + PassthroughRequestHeaders []string `pulumi:"passthroughRequestHeaders"` // Where the secret backend will be mounted Path *string `pulumi:"path"` + // Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + PluginVersion *string `pulumi:"pluginVersion"` // Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability SealWrap *bool `pulumi:"sealWrap"` // The JSON web token of the service account used by the @@ -207,12 +231,16 @@ type SecretBackendState struct { Accessor pulumi.StringPtrInput // List of managed key registry entry names that the mount in question is allowed to access AllowedManagedKeys pulumi.StringArrayInput + // List of headers to allow and pass from the request to the plugin + AllowedResponseHeaders pulumi.StringArrayInput // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys pulumi.StringArrayInput // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. AuditNonHmacResponseKeys pulumi.StringArrayInput // Default lease duration for tokens and secrets in seconds DefaultLeaseTtlSeconds pulumi.IntPtrInput + // List of headers to allow and pass from the request to the plugin + DelegatedAuthAccessors pulumi.StringArrayInput // Human-friendly description of the mount Description pulumi.StringPtrInput // Disable defaulting to the local CA certificate and @@ -220,6 +248,8 @@ type SecretBackendState struct { DisableLocalCaJwt pulumi.BoolPtrInput // Enable the secrets engine to access Vault's external entropy source ExternalEntropyAccess pulumi.BoolPtrInput + // The key to use for signing plugin workload identity tokens + IdentityTokenKey pulumi.StringPtrInput // A PEM-encoded CA certificate used by the // secrets engine to verify the Kubernetes API server certificate. Defaults to the local // pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where @@ -229,6 +259,8 @@ type SecretBackendState struct { // standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT` // are not set on the host that Vault is running on. KubernetesHost pulumi.StringPtrInput + // Specifies whether to show this mount in the UI-specific listing endpoint + ListingVisibility pulumi.StringPtrInput // Local mount flag that can be explicitly set to true to enforce local mount in HA environment Local pulumi.BoolPtrInput // Maximum possible lease duration for tokens and secrets in seconds @@ -240,8 +272,12 @@ type SecretBackendState struct { Namespace pulumi.StringPtrInput // Specifies mount type specific options that are passed to the backend Options pulumi.MapInput + // List of headers to allow and pass from the request to the plugin + PassthroughRequestHeaders pulumi.StringArrayInput // Where the secret backend will be mounted Path pulumi.StringPtrInput + // Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + PluginVersion pulumi.StringPtrInput // Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability SealWrap pulumi.BoolPtrInput // The JSON web token of the service account used by the @@ -257,12 +293,16 @@ func (SecretBackendState) ElementType() reflect.Type { type secretBackendArgs struct { // List of managed key registry entry names that the mount in question is allowed to access AllowedManagedKeys []string `pulumi:"allowedManagedKeys"` + // List of headers to allow and pass from the request to the plugin + AllowedResponseHeaders []string `pulumi:"allowedResponseHeaders"` // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys []string `pulumi:"auditNonHmacRequestKeys"` // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. AuditNonHmacResponseKeys []string `pulumi:"auditNonHmacResponseKeys"` // Default lease duration for tokens and secrets in seconds DefaultLeaseTtlSeconds *int `pulumi:"defaultLeaseTtlSeconds"` + // List of headers to allow and pass from the request to the plugin + DelegatedAuthAccessors []string `pulumi:"delegatedAuthAccessors"` // Human-friendly description of the mount Description *string `pulumi:"description"` // Disable defaulting to the local CA certificate and @@ -270,6 +310,8 @@ type secretBackendArgs struct { DisableLocalCaJwt *bool `pulumi:"disableLocalCaJwt"` // Enable the secrets engine to access Vault's external entropy source ExternalEntropyAccess *bool `pulumi:"externalEntropyAccess"` + // The key to use for signing plugin workload identity tokens + IdentityTokenKey *string `pulumi:"identityTokenKey"` // A PEM-encoded CA certificate used by the // secrets engine to verify the Kubernetes API server certificate. Defaults to the local // pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where @@ -279,6 +321,8 @@ type secretBackendArgs struct { // standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT` // are not set on the host that Vault is running on. KubernetesHost *string `pulumi:"kubernetesHost"` + // Specifies whether to show this mount in the UI-specific listing endpoint + ListingVisibility *string `pulumi:"listingVisibility"` // Local mount flag that can be explicitly set to true to enforce local mount in HA environment Local *bool `pulumi:"local"` // Maximum possible lease duration for tokens and secrets in seconds @@ -290,8 +334,12 @@ type secretBackendArgs struct { Namespace *string `pulumi:"namespace"` // Specifies mount type specific options that are passed to the backend Options map[string]interface{} `pulumi:"options"` + // List of headers to allow and pass from the request to the plugin + PassthroughRequestHeaders []string `pulumi:"passthroughRequestHeaders"` // Where the secret backend will be mounted Path string `pulumi:"path"` + // Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + PluginVersion *string `pulumi:"pluginVersion"` // Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability SealWrap *bool `pulumi:"sealWrap"` // The JSON web token of the service account used by the @@ -304,12 +352,16 @@ type secretBackendArgs struct { type SecretBackendArgs struct { // List of managed key registry entry names that the mount in question is allowed to access AllowedManagedKeys pulumi.StringArrayInput + // List of headers to allow and pass from the request to the plugin + AllowedResponseHeaders pulumi.StringArrayInput // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys pulumi.StringArrayInput // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. AuditNonHmacResponseKeys pulumi.StringArrayInput // Default lease duration for tokens and secrets in seconds DefaultLeaseTtlSeconds pulumi.IntPtrInput + // List of headers to allow and pass from the request to the plugin + DelegatedAuthAccessors pulumi.StringArrayInput // Human-friendly description of the mount Description pulumi.StringPtrInput // Disable defaulting to the local CA certificate and @@ -317,6 +369,8 @@ type SecretBackendArgs struct { DisableLocalCaJwt pulumi.BoolPtrInput // Enable the secrets engine to access Vault's external entropy source ExternalEntropyAccess pulumi.BoolPtrInput + // The key to use for signing plugin workload identity tokens + IdentityTokenKey pulumi.StringPtrInput // A PEM-encoded CA certificate used by the // secrets engine to verify the Kubernetes API server certificate. Defaults to the local // pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where @@ -326,6 +380,8 @@ type SecretBackendArgs struct { // standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT` // are not set on the host that Vault is running on. KubernetesHost pulumi.StringPtrInput + // Specifies whether to show this mount in the UI-specific listing endpoint + ListingVisibility pulumi.StringPtrInput // Local mount flag that can be explicitly set to true to enforce local mount in HA environment Local pulumi.BoolPtrInput // Maximum possible lease duration for tokens and secrets in seconds @@ -337,8 +393,12 @@ type SecretBackendArgs struct { Namespace pulumi.StringPtrInput // Specifies mount type specific options that are passed to the backend Options pulumi.MapInput + // List of headers to allow and pass from the request to the plugin + PassthroughRequestHeaders pulumi.StringArrayInput // Where the secret backend will be mounted Path pulumi.StringInput + // Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + PluginVersion pulumi.StringPtrInput // Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability SealWrap pulumi.BoolPtrInput // The JSON web token of the service account used by the @@ -444,6 +504,11 @@ func (o SecretBackendOutput) AllowedManagedKeys() pulumi.StringArrayOutput { return o.ApplyT(func(v *SecretBackend) pulumi.StringArrayOutput { return v.AllowedManagedKeys }).(pulumi.StringArrayOutput) } +// List of headers to allow and pass from the request to the plugin +func (o SecretBackendOutput) AllowedResponseHeaders() pulumi.StringArrayOutput { + return o.ApplyT(func(v *SecretBackend) pulumi.StringArrayOutput { return v.AllowedResponseHeaders }).(pulumi.StringArrayOutput) +} + // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. func (o SecretBackendOutput) AuditNonHmacRequestKeys() pulumi.StringArrayOutput { return o.ApplyT(func(v *SecretBackend) pulumi.StringArrayOutput { return v.AuditNonHmacRequestKeys }).(pulumi.StringArrayOutput) @@ -459,6 +524,11 @@ func (o SecretBackendOutput) DefaultLeaseTtlSeconds() pulumi.IntOutput { return o.ApplyT(func(v *SecretBackend) pulumi.IntOutput { return v.DefaultLeaseTtlSeconds }).(pulumi.IntOutput) } +// List of headers to allow and pass from the request to the plugin +func (o SecretBackendOutput) DelegatedAuthAccessors() pulumi.StringArrayOutput { + return o.ApplyT(func(v *SecretBackend) pulumi.StringArrayOutput { return v.DelegatedAuthAccessors }).(pulumi.StringArrayOutput) +} + // Human-friendly description of the mount func (o SecretBackendOutput) Description() pulumi.StringPtrOutput { return o.ApplyT(func(v *SecretBackend) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) @@ -475,6 +545,11 @@ func (o SecretBackendOutput) ExternalEntropyAccess() pulumi.BoolPtrOutput { return o.ApplyT(func(v *SecretBackend) pulumi.BoolPtrOutput { return v.ExternalEntropyAccess }).(pulumi.BoolPtrOutput) } +// The key to use for signing plugin workload identity tokens +func (o SecretBackendOutput) IdentityTokenKey() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SecretBackend) pulumi.StringPtrOutput { return v.IdentityTokenKey }).(pulumi.StringPtrOutput) +} + // A PEM-encoded CA certificate used by the // secrets engine to verify the Kubernetes API server certificate. Defaults to the local // pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where @@ -490,6 +565,11 @@ func (o SecretBackendOutput) KubernetesHost() pulumi.StringPtrOutput { return o.ApplyT(func(v *SecretBackend) pulumi.StringPtrOutput { return v.KubernetesHost }).(pulumi.StringPtrOutput) } +// Specifies whether to show this mount in the UI-specific listing endpoint +func (o SecretBackendOutput) ListingVisibility() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SecretBackend) pulumi.StringPtrOutput { return v.ListingVisibility }).(pulumi.StringPtrOutput) +} + // Local mount flag that can be explicitly set to true to enforce local mount in HA environment func (o SecretBackendOutput) Local() pulumi.BoolPtrOutput { return o.ApplyT(func(v *SecretBackend) pulumi.BoolPtrOutput { return v.Local }).(pulumi.BoolPtrOutput) @@ -513,11 +593,21 @@ func (o SecretBackendOutput) Options() pulumi.MapOutput { return o.ApplyT(func(v *SecretBackend) pulumi.MapOutput { return v.Options }).(pulumi.MapOutput) } +// List of headers to allow and pass from the request to the plugin +func (o SecretBackendOutput) PassthroughRequestHeaders() pulumi.StringArrayOutput { + return o.ApplyT(func(v *SecretBackend) pulumi.StringArrayOutput { return v.PassthroughRequestHeaders }).(pulumi.StringArrayOutput) +} + // Where the secret backend will be mounted func (o SecretBackendOutput) Path() pulumi.StringOutput { return o.ApplyT(func(v *SecretBackend) pulumi.StringOutput { return v.Path }).(pulumi.StringOutput) } +// Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' +func (o SecretBackendOutput) PluginVersion() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SecretBackend) pulumi.StringPtrOutput { return v.PluginVersion }).(pulumi.StringPtrOutput) +} + // Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability func (o SecretBackendOutput) SealWrap() pulumi.BoolOutput { return o.ApplyT(func(v *SecretBackend) pulumi.BoolOutput { return v.SealWrap }).(pulumi.BoolOutput) diff --git a/sdk/go/vault/ldap/secretBackend.go b/sdk/go/vault/ldap/secretBackend.go index c1f9464e1..ca9d210bc 100644 --- a/sdk/go/vault/ldap/secretBackend.go +++ b/sdk/go/vault/ldap/secretBackend.go @@ -57,6 +57,8 @@ type SecretBackend struct { Accessor pulumi.StringOutput `pulumi:"accessor"` // List of managed key registry entry names that the mount in question is allowed to access AllowedManagedKeys pulumi.StringArrayOutput `pulumi:"allowedManagedKeys"` + // List of headers to allow and pass from the request to the plugin + AllowedResponseHeaders pulumi.StringArrayOutput `pulumi:"allowedResponseHeaders"` // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys pulumi.StringArrayOutput `pulumi:"auditNonHmacRequestKeys"` // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. @@ -77,15 +79,21 @@ type SecretBackend struct { ConnectionTimeout pulumi.IntPtrOutput `pulumi:"connectionTimeout"` // Default lease duration for secrets in seconds. DefaultLeaseTtlSeconds pulumi.IntOutput `pulumi:"defaultLeaseTtlSeconds"` + // List of headers to allow and pass from the request to the plugin + DelegatedAuthAccessors pulumi.StringArrayOutput `pulumi:"delegatedAuthAccessors"` // Human-friendly description of the mount for the Active Directory backend. Description pulumi.StringPtrOutput `pulumi:"description"` // If set, opts out of mount migration on path updates. DisableRemount pulumi.BoolPtrOutput `pulumi:"disableRemount"` // Enable the secrets engine to access Vault's external entropy source ExternalEntropyAccess pulumi.BoolPtrOutput `pulumi:"externalEntropyAccess"` + // The key to use for signing plugin workload identity tokens + IdentityTokenKey pulumi.StringPtrOutput `pulumi:"identityTokenKey"` // Skip LDAP server SSL Certificate verification. This is not recommended for production. // Defaults to `false`. InsecureTls pulumi.BoolPtrOutput `pulumi:"insecureTls"` + // Specifies whether to show this mount in the UI-specific listing endpoint + ListingVisibility pulumi.StringPtrOutput `pulumi:"listingVisibility"` // Mark the secrets engine as local-only. Local engines are not replicated or removed by // replication.Tolerance duration to use when checking the last rotation time. Local pulumi.BoolPtrOutput `pulumi:"local"` @@ -98,11 +106,15 @@ type SecretBackend struct { Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // Specifies mount type specific options that are passed to the backend Options pulumi.MapOutput `pulumi:"options"` + // List of headers to allow and pass from the request to the plugin + PassthroughRequestHeaders pulumi.StringArrayOutput `pulumi:"passthroughRequestHeaders"` // Name of the password policy to use to generate passwords. PasswordPolicy pulumi.StringPtrOutput `pulumi:"passwordPolicy"` // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `ldap`. Path pulumi.StringPtrOutput `pulumi:"path"` + // Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + PluginVersion pulumi.StringPtrOutput `pulumi:"pluginVersion"` // Timeout, in seconds, for the connection when making requests against the server // before returning back an error. RequestTimeout pulumi.IntOutput `pulumi:"requestTimeout"` @@ -181,6 +193,8 @@ type secretBackendState struct { Accessor *string `pulumi:"accessor"` // List of managed key registry entry names that the mount in question is allowed to access AllowedManagedKeys []string `pulumi:"allowedManagedKeys"` + // List of headers to allow and pass from the request to the plugin + AllowedResponseHeaders []string `pulumi:"allowedResponseHeaders"` // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys []string `pulumi:"auditNonHmacRequestKeys"` // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. @@ -201,15 +215,21 @@ type secretBackendState struct { ConnectionTimeout *int `pulumi:"connectionTimeout"` // Default lease duration for secrets in seconds. DefaultLeaseTtlSeconds *int `pulumi:"defaultLeaseTtlSeconds"` + // List of headers to allow and pass from the request to the plugin + DelegatedAuthAccessors []string `pulumi:"delegatedAuthAccessors"` // Human-friendly description of the mount for the Active Directory backend. Description *string `pulumi:"description"` // If set, opts out of mount migration on path updates. DisableRemount *bool `pulumi:"disableRemount"` // Enable the secrets engine to access Vault's external entropy source ExternalEntropyAccess *bool `pulumi:"externalEntropyAccess"` + // The key to use for signing plugin workload identity tokens + IdentityTokenKey *string `pulumi:"identityTokenKey"` // Skip LDAP server SSL Certificate verification. This is not recommended for production. // Defaults to `false`. InsecureTls *bool `pulumi:"insecureTls"` + // Specifies whether to show this mount in the UI-specific listing endpoint + ListingVisibility *string `pulumi:"listingVisibility"` // Mark the secrets engine as local-only. Local engines are not replicated or removed by // replication.Tolerance duration to use when checking the last rotation time. Local *bool `pulumi:"local"` @@ -222,11 +242,15 @@ type secretBackendState struct { Namespace *string `pulumi:"namespace"` // Specifies mount type specific options that are passed to the backend Options map[string]interface{} `pulumi:"options"` + // List of headers to allow and pass from the request to the plugin + PassthroughRequestHeaders []string `pulumi:"passthroughRequestHeaders"` // Name of the password policy to use to generate passwords. PasswordPolicy *string `pulumi:"passwordPolicy"` // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `ldap`. Path *string `pulumi:"path"` + // Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + PluginVersion *string `pulumi:"pluginVersion"` // Timeout, in seconds, for the connection when making requests against the server // before returning back an error. RequestTimeout *int `pulumi:"requestTimeout"` @@ -255,6 +279,8 @@ type SecretBackendState struct { Accessor pulumi.StringPtrInput // List of managed key registry entry names that the mount in question is allowed to access AllowedManagedKeys pulumi.StringArrayInput + // List of headers to allow and pass from the request to the plugin + AllowedResponseHeaders pulumi.StringArrayInput // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys pulumi.StringArrayInput // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. @@ -275,15 +301,21 @@ type SecretBackendState struct { ConnectionTimeout pulumi.IntPtrInput // Default lease duration for secrets in seconds. DefaultLeaseTtlSeconds pulumi.IntPtrInput + // List of headers to allow and pass from the request to the plugin + DelegatedAuthAccessors pulumi.StringArrayInput // Human-friendly description of the mount for the Active Directory backend. Description pulumi.StringPtrInput // If set, opts out of mount migration on path updates. DisableRemount pulumi.BoolPtrInput // Enable the secrets engine to access Vault's external entropy source ExternalEntropyAccess pulumi.BoolPtrInput + // The key to use for signing plugin workload identity tokens + IdentityTokenKey pulumi.StringPtrInput // Skip LDAP server SSL Certificate verification. This is not recommended for production. // Defaults to `false`. InsecureTls pulumi.BoolPtrInput + // Specifies whether to show this mount in the UI-specific listing endpoint + ListingVisibility pulumi.StringPtrInput // Mark the secrets engine as local-only. Local engines are not replicated or removed by // replication.Tolerance duration to use when checking the last rotation time. Local pulumi.BoolPtrInput @@ -296,11 +328,15 @@ type SecretBackendState struct { Namespace pulumi.StringPtrInput // Specifies mount type specific options that are passed to the backend Options pulumi.MapInput + // List of headers to allow and pass from the request to the plugin + PassthroughRequestHeaders pulumi.StringArrayInput // Name of the password policy to use to generate passwords. PasswordPolicy pulumi.StringPtrInput // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `ldap`. Path pulumi.StringPtrInput + // Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + PluginVersion pulumi.StringPtrInput // Timeout, in seconds, for the connection when making requests against the server // before returning back an error. RequestTimeout pulumi.IntPtrInput @@ -331,6 +367,8 @@ func (SecretBackendState) ElementType() reflect.Type { type secretBackendArgs struct { // List of managed key registry entry names that the mount in question is allowed to access AllowedManagedKeys []string `pulumi:"allowedManagedKeys"` + // List of headers to allow and pass from the request to the plugin + AllowedResponseHeaders []string `pulumi:"allowedResponseHeaders"` // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys []string `pulumi:"auditNonHmacRequestKeys"` // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. @@ -351,15 +389,21 @@ type secretBackendArgs struct { ConnectionTimeout *int `pulumi:"connectionTimeout"` // Default lease duration for secrets in seconds. DefaultLeaseTtlSeconds *int `pulumi:"defaultLeaseTtlSeconds"` + // List of headers to allow and pass from the request to the plugin + DelegatedAuthAccessors []string `pulumi:"delegatedAuthAccessors"` // Human-friendly description of the mount for the Active Directory backend. Description *string `pulumi:"description"` // If set, opts out of mount migration on path updates. DisableRemount *bool `pulumi:"disableRemount"` // Enable the secrets engine to access Vault's external entropy source ExternalEntropyAccess *bool `pulumi:"externalEntropyAccess"` + // The key to use for signing plugin workload identity tokens + IdentityTokenKey *string `pulumi:"identityTokenKey"` // Skip LDAP server SSL Certificate verification. This is not recommended for production. // Defaults to `false`. InsecureTls *bool `pulumi:"insecureTls"` + // Specifies whether to show this mount in the UI-specific listing endpoint + ListingVisibility *string `pulumi:"listingVisibility"` // Mark the secrets engine as local-only. Local engines are not replicated or removed by // replication.Tolerance duration to use when checking the last rotation time. Local *bool `pulumi:"local"` @@ -372,11 +416,15 @@ type secretBackendArgs struct { Namespace *string `pulumi:"namespace"` // Specifies mount type specific options that are passed to the backend Options map[string]interface{} `pulumi:"options"` + // List of headers to allow and pass from the request to the plugin + PassthroughRequestHeaders []string `pulumi:"passthroughRequestHeaders"` // Name of the password policy to use to generate passwords. PasswordPolicy *string `pulumi:"passwordPolicy"` // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `ldap`. Path *string `pulumi:"path"` + // Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + PluginVersion *string `pulumi:"pluginVersion"` // Timeout, in seconds, for the connection when making requests against the server // before returning back an error. RequestTimeout *int `pulumi:"requestTimeout"` @@ -404,6 +452,8 @@ type secretBackendArgs struct { type SecretBackendArgs struct { // List of managed key registry entry names that the mount in question is allowed to access AllowedManagedKeys pulumi.StringArrayInput + // List of headers to allow and pass from the request to the plugin + AllowedResponseHeaders pulumi.StringArrayInput // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys pulumi.StringArrayInput // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. @@ -424,15 +474,21 @@ type SecretBackendArgs struct { ConnectionTimeout pulumi.IntPtrInput // Default lease duration for secrets in seconds. DefaultLeaseTtlSeconds pulumi.IntPtrInput + // List of headers to allow and pass from the request to the plugin + DelegatedAuthAccessors pulumi.StringArrayInput // Human-friendly description of the mount for the Active Directory backend. Description pulumi.StringPtrInput // If set, opts out of mount migration on path updates. DisableRemount pulumi.BoolPtrInput // Enable the secrets engine to access Vault's external entropy source ExternalEntropyAccess pulumi.BoolPtrInput + // The key to use for signing plugin workload identity tokens + IdentityTokenKey pulumi.StringPtrInput // Skip LDAP server SSL Certificate verification. This is not recommended for production. // Defaults to `false`. InsecureTls pulumi.BoolPtrInput + // Specifies whether to show this mount in the UI-specific listing endpoint + ListingVisibility pulumi.StringPtrInput // Mark the secrets engine as local-only. Local engines are not replicated or removed by // replication.Tolerance duration to use when checking the last rotation time. Local pulumi.BoolPtrInput @@ -445,11 +501,15 @@ type SecretBackendArgs struct { Namespace pulumi.StringPtrInput // Specifies mount type specific options that are passed to the backend Options pulumi.MapInput + // List of headers to allow and pass from the request to the plugin + PassthroughRequestHeaders pulumi.StringArrayInput // Name of the password policy to use to generate passwords. PasswordPolicy pulumi.StringPtrInput // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `ldap`. Path pulumi.StringPtrInput + // Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' + PluginVersion pulumi.StringPtrInput // Timeout, in seconds, for the connection when making requests against the server // before returning back an error. RequestTimeout pulumi.IntPtrInput @@ -570,6 +630,11 @@ func (o SecretBackendOutput) AllowedManagedKeys() pulumi.StringArrayOutput { return o.ApplyT(func(v *SecretBackend) pulumi.StringArrayOutput { return v.AllowedManagedKeys }).(pulumi.StringArrayOutput) } +// List of headers to allow and pass from the request to the plugin +func (o SecretBackendOutput) AllowedResponseHeaders() pulumi.StringArrayOutput { + return o.ApplyT(func(v *SecretBackend) pulumi.StringArrayOutput { return v.AllowedResponseHeaders }).(pulumi.StringArrayOutput) +} + // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. func (o SecretBackendOutput) AuditNonHmacRequestKeys() pulumi.StringArrayOutput { return o.ApplyT(func(v *SecretBackend) pulumi.StringArrayOutput { return v.AuditNonHmacRequestKeys }).(pulumi.StringArrayOutput) @@ -617,6 +682,11 @@ func (o SecretBackendOutput) DefaultLeaseTtlSeconds() pulumi.IntOutput { return o.ApplyT(func(v *SecretBackend) pulumi.IntOutput { return v.DefaultLeaseTtlSeconds }).(pulumi.IntOutput) } +// List of headers to allow and pass from the request to the plugin +func (o SecretBackendOutput) DelegatedAuthAccessors() pulumi.StringArrayOutput { + return o.ApplyT(func(v *SecretBackend) pulumi.StringArrayOutput { return v.DelegatedAuthAccessors }).(pulumi.StringArrayOutput) +} + // Human-friendly description of the mount for the Active Directory backend. func (o SecretBackendOutput) Description() pulumi.StringPtrOutput { return o.ApplyT(func(v *SecretBackend) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) @@ -632,12 +702,22 @@ func (o SecretBackendOutput) ExternalEntropyAccess() pulumi.BoolPtrOutput { return o.ApplyT(func(v *SecretBackend) pulumi.BoolPtrOutput { return v.ExternalEntropyAccess }).(pulumi.BoolPtrOutput) } +// The key to use for signing plugin workload identity tokens +func (o SecretBackendOutput) IdentityTokenKey() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SecretBackend) pulumi.StringPtrOutput { return v.IdentityTokenKey }).(pulumi.StringPtrOutput) +} + // Skip LDAP server SSL Certificate verification. This is not recommended for production. // Defaults to `false`. func (o SecretBackendOutput) InsecureTls() pulumi.BoolPtrOutput { return o.ApplyT(func(v *SecretBackend) pulumi.BoolPtrOutput { return v.InsecureTls }).(pulumi.BoolPtrOutput) } +// Specifies whether to show this mount in the UI-specific listing endpoint +func (o SecretBackendOutput) ListingVisibility() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SecretBackend) pulumi.StringPtrOutput { return v.ListingVisibility }).(pulumi.StringPtrOutput) +} + // Mark the secrets engine as local-only. Local engines are not replicated or removed by // replication.Tolerance duration to use when checking the last rotation time. func (o SecretBackendOutput) Local() pulumi.BoolPtrOutput { @@ -662,6 +742,11 @@ func (o SecretBackendOutput) Options() pulumi.MapOutput { return o.ApplyT(func(v *SecretBackend) pulumi.MapOutput { return v.Options }).(pulumi.MapOutput) } +// List of headers to allow and pass from the request to the plugin +func (o SecretBackendOutput) PassthroughRequestHeaders() pulumi.StringArrayOutput { + return o.ApplyT(func(v *SecretBackend) pulumi.StringArrayOutput { return v.PassthroughRequestHeaders }).(pulumi.StringArrayOutput) +} + // Name of the password policy to use to generate passwords. func (o SecretBackendOutput) PasswordPolicy() pulumi.StringPtrOutput { return o.ApplyT(func(v *SecretBackend) pulumi.StringPtrOutput { return v.PasswordPolicy }).(pulumi.StringPtrOutput) @@ -673,6 +758,11 @@ func (o SecretBackendOutput) Path() pulumi.StringPtrOutput { return o.ApplyT(func(v *SecretBackend) pulumi.StringPtrOutput { return v.Path }).(pulumi.StringPtrOutput) } +// Specifies the semantic version of the plugin to use, e.g. 'v1.0.0' +func (o SecretBackendOutput) PluginVersion() pulumi.StringPtrOutput { + return o.ApplyT(func(v *SecretBackend) pulumi.StringPtrOutput { return v.PluginVersion }).(pulumi.StringPtrOutput) +} + // Timeout, in seconds, for the connection when making requests against the server // before returning back an error. func (o SecretBackendOutput) RequestTimeout() pulumi.IntOutput { diff --git a/sdk/go/vault/mount.go b/sdk/go/vault/mount.go index 0e219f2a0..4d032a6e2 100644 --- a/sdk/go/vault/mount.go +++ b/sdk/go/vault/mount.go @@ -143,16 +143,27 @@ type Mount struct { Accessor pulumi.StringOutput `pulumi:"accessor"` // Set of managed key registry entry names that the mount in question is allowed to access AllowedManagedKeys pulumi.StringArrayOutput `pulumi:"allowedManagedKeys"` + // List of headers to allow, allowing a plugin to include + // them in the response. + AllowedResponseHeaders pulumi.StringArrayOutput `pulumi:"allowedResponseHeaders"` // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys pulumi.StringArrayOutput `pulumi:"auditNonHmacRequestKeys"` // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. AuditNonHmacResponseKeys pulumi.StringArrayOutput `pulumi:"auditNonHmacResponseKeys"` // Default lease duration for tokens and secrets in seconds DefaultLeaseTtlSeconds pulumi.IntOutput `pulumi:"defaultLeaseTtlSeconds"` + // List of allowed authentication mount accessors the + // backend can request delegated authentication for. + DelegatedAuthAccessors pulumi.StringArrayOutput `pulumi:"delegatedAuthAccessors"` // Human-friendly description of the mount Description pulumi.StringPtrOutput `pulumi:"description"` // Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source ExternalEntropyAccess pulumi.BoolPtrOutput `pulumi:"externalEntropyAccess"` + // The key to use for signing plugin workload identity tokens. If + // not provided, this will default to Vault's OIDC default key. + IdentityTokenKey pulumi.StringPtrOutput `pulumi:"identityTokenKey"` + // Specifies whether to show this mount in the UI-specific listing endpoint + ListingVisibility pulumi.StringPtrOutput `pulumi:"listingVisibility"` // Boolean flag that can be explicitly set to true to enforce local mount in HA environment Local pulumi.BoolPtrOutput `pulumi:"local"` // Maximum possible lease duration for tokens and secrets in seconds @@ -164,8 +175,15 @@ type Mount struct { Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // Specifies mount type specific options that are passed to the backend Options pulumi.MapOutput `pulumi:"options"` + // List of headers to allow and pass from the request to + // the plugin. + PassthroughRequestHeaders pulumi.StringArrayOutput `pulumi:"passthroughRequestHeaders"` // Where the secret backend will be mounted Path pulumi.StringOutput `pulumi:"path"` + // Specifies the semantic version of the plugin to use, e.g. "v1.0.0". + // If unspecified, the server will select any matching unversioned plugin that may have been + // registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence. + PluginVersion pulumi.StringPtrOutput `pulumi:"pluginVersion"` // Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability SealWrap pulumi.BoolOutput `pulumi:"sealWrap"` // Type of the backend, such as "aws" @@ -212,16 +230,27 @@ type mountState struct { Accessor *string `pulumi:"accessor"` // Set of managed key registry entry names that the mount in question is allowed to access AllowedManagedKeys []string `pulumi:"allowedManagedKeys"` + // List of headers to allow, allowing a plugin to include + // them in the response. + AllowedResponseHeaders []string `pulumi:"allowedResponseHeaders"` // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys []string `pulumi:"auditNonHmacRequestKeys"` // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. AuditNonHmacResponseKeys []string `pulumi:"auditNonHmacResponseKeys"` // Default lease duration for tokens and secrets in seconds DefaultLeaseTtlSeconds *int `pulumi:"defaultLeaseTtlSeconds"` + // List of allowed authentication mount accessors the + // backend can request delegated authentication for. + DelegatedAuthAccessors []string `pulumi:"delegatedAuthAccessors"` // Human-friendly description of the mount Description *string `pulumi:"description"` // Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source ExternalEntropyAccess *bool `pulumi:"externalEntropyAccess"` + // The key to use for signing plugin workload identity tokens. If + // not provided, this will default to Vault's OIDC default key. + IdentityTokenKey *string `pulumi:"identityTokenKey"` + // Specifies whether to show this mount in the UI-specific listing endpoint + ListingVisibility *string `pulumi:"listingVisibility"` // Boolean flag that can be explicitly set to true to enforce local mount in HA environment Local *bool `pulumi:"local"` // Maximum possible lease duration for tokens and secrets in seconds @@ -233,8 +262,15 @@ type mountState struct { Namespace *string `pulumi:"namespace"` // Specifies mount type specific options that are passed to the backend Options map[string]interface{} `pulumi:"options"` + // List of headers to allow and pass from the request to + // the plugin. + PassthroughRequestHeaders []string `pulumi:"passthroughRequestHeaders"` // Where the secret backend will be mounted Path *string `pulumi:"path"` + // Specifies the semantic version of the plugin to use, e.g. "v1.0.0". + // If unspecified, the server will select any matching unversioned plugin that may have been + // registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence. + PluginVersion *string `pulumi:"pluginVersion"` // Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability SealWrap *bool `pulumi:"sealWrap"` // Type of the backend, such as "aws" @@ -246,16 +282,27 @@ type MountState struct { Accessor pulumi.StringPtrInput // Set of managed key registry entry names that the mount in question is allowed to access AllowedManagedKeys pulumi.StringArrayInput + // List of headers to allow, allowing a plugin to include + // them in the response. + AllowedResponseHeaders pulumi.StringArrayInput // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys pulumi.StringArrayInput // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. AuditNonHmacResponseKeys pulumi.StringArrayInput // Default lease duration for tokens and secrets in seconds DefaultLeaseTtlSeconds pulumi.IntPtrInput + // List of allowed authentication mount accessors the + // backend can request delegated authentication for. + DelegatedAuthAccessors pulumi.StringArrayInput // Human-friendly description of the mount Description pulumi.StringPtrInput // Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source ExternalEntropyAccess pulumi.BoolPtrInput + // The key to use for signing plugin workload identity tokens. If + // not provided, this will default to Vault's OIDC default key. + IdentityTokenKey pulumi.StringPtrInput + // Specifies whether to show this mount in the UI-specific listing endpoint + ListingVisibility pulumi.StringPtrInput // Boolean flag that can be explicitly set to true to enforce local mount in HA environment Local pulumi.BoolPtrInput // Maximum possible lease duration for tokens and secrets in seconds @@ -267,8 +314,15 @@ type MountState struct { Namespace pulumi.StringPtrInput // Specifies mount type specific options that are passed to the backend Options pulumi.MapInput + // List of headers to allow and pass from the request to + // the plugin. + PassthroughRequestHeaders pulumi.StringArrayInput // Where the secret backend will be mounted Path pulumi.StringPtrInput + // Specifies the semantic version of the plugin to use, e.g. "v1.0.0". + // If unspecified, the server will select any matching unversioned plugin that may have been + // registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence. + PluginVersion pulumi.StringPtrInput // Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability SealWrap pulumi.BoolPtrInput // Type of the backend, such as "aws" @@ -282,16 +336,27 @@ func (MountState) ElementType() reflect.Type { type mountArgs struct { // Set of managed key registry entry names that the mount in question is allowed to access AllowedManagedKeys []string `pulumi:"allowedManagedKeys"` + // List of headers to allow, allowing a plugin to include + // them in the response. + AllowedResponseHeaders []string `pulumi:"allowedResponseHeaders"` // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys []string `pulumi:"auditNonHmacRequestKeys"` // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. AuditNonHmacResponseKeys []string `pulumi:"auditNonHmacResponseKeys"` // Default lease duration for tokens and secrets in seconds DefaultLeaseTtlSeconds *int `pulumi:"defaultLeaseTtlSeconds"` + // List of allowed authentication mount accessors the + // backend can request delegated authentication for. + DelegatedAuthAccessors []string `pulumi:"delegatedAuthAccessors"` // Human-friendly description of the mount Description *string `pulumi:"description"` // Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source ExternalEntropyAccess *bool `pulumi:"externalEntropyAccess"` + // The key to use for signing plugin workload identity tokens. If + // not provided, this will default to Vault's OIDC default key. + IdentityTokenKey *string `pulumi:"identityTokenKey"` + // Specifies whether to show this mount in the UI-specific listing endpoint + ListingVisibility *string `pulumi:"listingVisibility"` // Boolean flag that can be explicitly set to true to enforce local mount in HA environment Local *bool `pulumi:"local"` // Maximum possible lease duration for tokens and secrets in seconds @@ -303,8 +368,15 @@ type mountArgs struct { Namespace *string `pulumi:"namespace"` // Specifies mount type specific options that are passed to the backend Options map[string]interface{} `pulumi:"options"` + // List of headers to allow and pass from the request to + // the plugin. + PassthroughRequestHeaders []string `pulumi:"passthroughRequestHeaders"` // Where the secret backend will be mounted Path string `pulumi:"path"` + // Specifies the semantic version of the plugin to use, e.g. "v1.0.0". + // If unspecified, the server will select any matching unversioned plugin that may have been + // registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence. + PluginVersion *string `pulumi:"pluginVersion"` // Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability SealWrap *bool `pulumi:"sealWrap"` // Type of the backend, such as "aws" @@ -315,16 +387,27 @@ type mountArgs struct { type MountArgs struct { // Set of managed key registry entry names that the mount in question is allowed to access AllowedManagedKeys pulumi.StringArrayInput + // List of headers to allow, allowing a plugin to include + // them in the response. + AllowedResponseHeaders pulumi.StringArrayInput // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys pulumi.StringArrayInput // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. AuditNonHmacResponseKeys pulumi.StringArrayInput // Default lease duration for tokens and secrets in seconds DefaultLeaseTtlSeconds pulumi.IntPtrInput + // List of allowed authentication mount accessors the + // backend can request delegated authentication for. + DelegatedAuthAccessors pulumi.StringArrayInput // Human-friendly description of the mount Description pulumi.StringPtrInput // Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source ExternalEntropyAccess pulumi.BoolPtrInput + // The key to use for signing plugin workload identity tokens. If + // not provided, this will default to Vault's OIDC default key. + IdentityTokenKey pulumi.StringPtrInput + // Specifies whether to show this mount in the UI-specific listing endpoint + ListingVisibility pulumi.StringPtrInput // Boolean flag that can be explicitly set to true to enforce local mount in HA environment Local pulumi.BoolPtrInput // Maximum possible lease duration for tokens and secrets in seconds @@ -336,8 +419,15 @@ type MountArgs struct { Namespace pulumi.StringPtrInput // Specifies mount type specific options that are passed to the backend Options pulumi.MapInput + // List of headers to allow and pass from the request to + // the plugin. + PassthroughRequestHeaders pulumi.StringArrayInput // Where the secret backend will be mounted Path pulumi.StringInput + // Specifies the semantic version of the plugin to use, e.g. "v1.0.0". + // If unspecified, the server will select any matching unversioned plugin that may have been + // registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence. + PluginVersion pulumi.StringPtrInput // Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability SealWrap pulumi.BoolPtrInput // Type of the backend, such as "aws" @@ -441,6 +531,12 @@ func (o MountOutput) AllowedManagedKeys() pulumi.StringArrayOutput { return o.ApplyT(func(v *Mount) pulumi.StringArrayOutput { return v.AllowedManagedKeys }).(pulumi.StringArrayOutput) } +// List of headers to allow, allowing a plugin to include +// them in the response. +func (o MountOutput) AllowedResponseHeaders() pulumi.StringArrayOutput { + return o.ApplyT(func(v *Mount) pulumi.StringArrayOutput { return v.AllowedResponseHeaders }).(pulumi.StringArrayOutput) +} + // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. func (o MountOutput) AuditNonHmacRequestKeys() pulumi.StringArrayOutput { return o.ApplyT(func(v *Mount) pulumi.StringArrayOutput { return v.AuditNonHmacRequestKeys }).(pulumi.StringArrayOutput) @@ -456,6 +552,12 @@ func (o MountOutput) DefaultLeaseTtlSeconds() pulumi.IntOutput { return o.ApplyT(func(v *Mount) pulumi.IntOutput { return v.DefaultLeaseTtlSeconds }).(pulumi.IntOutput) } +// List of allowed authentication mount accessors the +// backend can request delegated authentication for. +func (o MountOutput) DelegatedAuthAccessors() pulumi.StringArrayOutput { + return o.ApplyT(func(v *Mount) pulumi.StringArrayOutput { return v.DelegatedAuthAccessors }).(pulumi.StringArrayOutput) +} + // Human-friendly description of the mount func (o MountOutput) Description() pulumi.StringPtrOutput { return o.ApplyT(func(v *Mount) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) @@ -466,6 +568,17 @@ func (o MountOutput) ExternalEntropyAccess() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Mount) pulumi.BoolPtrOutput { return v.ExternalEntropyAccess }).(pulumi.BoolPtrOutput) } +// The key to use for signing plugin workload identity tokens. If +// not provided, this will default to Vault's OIDC default key. +func (o MountOutput) IdentityTokenKey() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Mount) pulumi.StringPtrOutput { return v.IdentityTokenKey }).(pulumi.StringPtrOutput) +} + +// Specifies whether to show this mount in the UI-specific listing endpoint +func (o MountOutput) ListingVisibility() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Mount) pulumi.StringPtrOutput { return v.ListingVisibility }).(pulumi.StringPtrOutput) +} + // Boolean flag that can be explicitly set to true to enforce local mount in HA environment func (o MountOutput) Local() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Mount) pulumi.BoolPtrOutput { return v.Local }).(pulumi.BoolPtrOutput) @@ -489,11 +602,24 @@ func (o MountOutput) Options() pulumi.MapOutput { return o.ApplyT(func(v *Mount) pulumi.MapOutput { return v.Options }).(pulumi.MapOutput) } +// List of headers to allow and pass from the request to +// the plugin. +func (o MountOutput) PassthroughRequestHeaders() pulumi.StringArrayOutput { + return o.ApplyT(func(v *Mount) pulumi.StringArrayOutput { return v.PassthroughRequestHeaders }).(pulumi.StringArrayOutput) +} + // Where the secret backend will be mounted func (o MountOutput) Path() pulumi.StringOutput { return o.ApplyT(func(v *Mount) pulumi.StringOutput { return v.Path }).(pulumi.StringOutput) } +// Specifies the semantic version of the plugin to use, e.g. "v1.0.0". +// If unspecified, the server will select any matching unversioned plugin that may have been +// registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence. +func (o MountOutput) PluginVersion() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Mount) pulumi.StringPtrOutput { return v.PluginVersion }).(pulumi.StringPtrOutput) +} + // Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability func (o MountOutput) SealWrap() pulumi.BoolOutput { return o.ApplyT(func(v *Mount) pulumi.BoolOutput { return v.SealWrap }).(pulumi.BoolOutput) diff --git a/sdk/go/vault/okta/authBackend.go b/sdk/go/vault/okta/authBackend.go index 2c952ee85..6a6a8a100 100644 --- a/sdk/go/vault/okta/authBackend.go +++ b/sdk/go/vault/okta/authBackend.go @@ -86,6 +86,8 @@ type AuthBackend struct { Groups AuthBackendGroupTypeArrayOutput `pulumi:"groups"` // Maximum duration after which authentication will be expired // [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration). + // + // Deprecated: Deprecated. Please use `tokenMaxTtl` instead. MaxTtl pulumi.StringPtrOutput `pulumi:"maxTtl"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. @@ -99,8 +101,28 @@ type AuthBackend struct { // The Okta API token. This is required to query Okta for user group membership. // If this is not supplied only locally configured groups will be enabled. Token pulumi.StringPtrOutput `pulumi:"token"` + // Specifies the blocks of IP addresses which are allowed to use the generated token + TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"` + // Generated Token's Explicit Maximum TTL in seconds + TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"` + // The maximum lifetime of the generated token + TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"` + // If true, the 'default' policy will not automatically be added to generated tokens + TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"` + // The maximum number of times a token may be used, a value of zero means unlimited + TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"` + // Generated Token's Period + TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"` + // Generated Token's Policies + TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"` + // The initial ttl of the token to generate in seconds + TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"` + // The type of token to generate, service or batch + TokenType pulumi.StringPtrOutput `pulumi:"tokenType"` // Duration after which authentication will be expired. // [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration). + // + // Deprecated: Deprecated. Please use `tokenTtl` instead. Ttl pulumi.StringPtrOutput `pulumi:"ttl"` // Associate Okta users with groups or policies within Vault. // See below for more details. @@ -163,6 +185,8 @@ type authBackendState struct { Groups []AuthBackendGroupType `pulumi:"groups"` // Maximum duration after which authentication will be expired // [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration). + // + // Deprecated: Deprecated. Please use `tokenMaxTtl` instead. MaxTtl *string `pulumi:"maxTtl"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. @@ -176,8 +200,28 @@ type authBackendState struct { // The Okta API token. This is required to query Okta for user group membership. // If this is not supplied only locally configured groups will be enabled. Token *string `pulumi:"token"` + // Specifies the blocks of IP addresses which are allowed to use the generated token + TokenBoundCidrs []string `pulumi:"tokenBoundCidrs"` + // Generated Token's Explicit Maximum TTL in seconds + TokenExplicitMaxTtl *int `pulumi:"tokenExplicitMaxTtl"` + // The maximum lifetime of the generated token + TokenMaxTtl *int `pulumi:"tokenMaxTtl"` + // If true, the 'default' policy will not automatically be added to generated tokens + TokenNoDefaultPolicy *bool `pulumi:"tokenNoDefaultPolicy"` + // The maximum number of times a token may be used, a value of zero means unlimited + TokenNumUses *int `pulumi:"tokenNumUses"` + // Generated Token's Period + TokenPeriod *int `pulumi:"tokenPeriod"` + // Generated Token's Policies + TokenPolicies []string `pulumi:"tokenPolicies"` + // The initial ttl of the token to generate in seconds + TokenTtl *int `pulumi:"tokenTtl"` + // The type of token to generate, service or batch + TokenType *string `pulumi:"tokenType"` // Duration after which authentication will be expired. // [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration). + // + // Deprecated: Deprecated. Please use `tokenTtl` instead. Ttl *string `pulumi:"ttl"` // Associate Okta users with groups or policies within Vault. // See below for more details. @@ -201,6 +245,8 @@ type AuthBackendState struct { Groups AuthBackendGroupTypeArrayInput // Maximum duration after which authentication will be expired // [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration). + // + // Deprecated: Deprecated. Please use `tokenMaxTtl` instead. MaxTtl pulumi.StringPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. @@ -214,8 +260,28 @@ type AuthBackendState struct { // The Okta API token. This is required to query Okta for user group membership. // If this is not supplied only locally configured groups will be enabled. Token pulumi.StringPtrInput + // Specifies the blocks of IP addresses which are allowed to use the generated token + TokenBoundCidrs pulumi.StringArrayInput + // Generated Token's Explicit Maximum TTL in seconds + TokenExplicitMaxTtl pulumi.IntPtrInput + // The maximum lifetime of the generated token + TokenMaxTtl pulumi.IntPtrInput + // If true, the 'default' policy will not automatically be added to generated tokens + TokenNoDefaultPolicy pulumi.BoolPtrInput + // The maximum number of times a token may be used, a value of zero means unlimited + TokenNumUses pulumi.IntPtrInput + // Generated Token's Period + TokenPeriod pulumi.IntPtrInput + // Generated Token's Policies + TokenPolicies pulumi.StringArrayInput + // The initial ttl of the token to generate in seconds + TokenTtl pulumi.IntPtrInput + // The type of token to generate, service or batch + TokenType pulumi.StringPtrInput // Duration after which authentication will be expired. // [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration). + // + // Deprecated: Deprecated. Please use `tokenTtl` instead. Ttl pulumi.StringPtrInput // Associate Okta users with groups or policies within Vault. // See below for more details. @@ -241,6 +307,8 @@ type authBackendArgs struct { Groups []AuthBackendGroupType `pulumi:"groups"` // Maximum duration after which authentication will be expired // [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration). + // + // Deprecated: Deprecated. Please use `tokenMaxTtl` instead. MaxTtl *string `pulumi:"maxTtl"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. @@ -254,8 +322,28 @@ type authBackendArgs struct { // The Okta API token. This is required to query Okta for user group membership. // If this is not supplied only locally configured groups will be enabled. Token *string `pulumi:"token"` + // Specifies the blocks of IP addresses which are allowed to use the generated token + TokenBoundCidrs []string `pulumi:"tokenBoundCidrs"` + // Generated Token's Explicit Maximum TTL in seconds + TokenExplicitMaxTtl *int `pulumi:"tokenExplicitMaxTtl"` + // The maximum lifetime of the generated token + TokenMaxTtl *int `pulumi:"tokenMaxTtl"` + // If true, the 'default' policy will not automatically be added to generated tokens + TokenNoDefaultPolicy *bool `pulumi:"tokenNoDefaultPolicy"` + // The maximum number of times a token may be used, a value of zero means unlimited + TokenNumUses *int `pulumi:"tokenNumUses"` + // Generated Token's Period + TokenPeriod *int `pulumi:"tokenPeriod"` + // Generated Token's Policies + TokenPolicies []string `pulumi:"tokenPolicies"` + // The initial ttl of the token to generate in seconds + TokenTtl *int `pulumi:"tokenTtl"` + // The type of token to generate, service or batch + TokenType *string `pulumi:"tokenType"` // Duration after which authentication will be expired. // [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration). + // + // Deprecated: Deprecated. Please use `tokenTtl` instead. Ttl *string `pulumi:"ttl"` // Associate Okta users with groups or policies within Vault. // See below for more details. @@ -278,6 +366,8 @@ type AuthBackendArgs struct { Groups AuthBackendGroupTypeArrayInput // Maximum duration after which authentication will be expired // [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration). + // + // Deprecated: Deprecated. Please use `tokenMaxTtl` instead. MaxTtl pulumi.StringPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. @@ -291,8 +381,28 @@ type AuthBackendArgs struct { // The Okta API token. This is required to query Okta for user group membership. // If this is not supplied only locally configured groups will be enabled. Token pulumi.StringPtrInput + // Specifies the blocks of IP addresses which are allowed to use the generated token + TokenBoundCidrs pulumi.StringArrayInput + // Generated Token's Explicit Maximum TTL in seconds + TokenExplicitMaxTtl pulumi.IntPtrInput + // The maximum lifetime of the generated token + TokenMaxTtl pulumi.IntPtrInput + // If true, the 'default' policy will not automatically be added to generated tokens + TokenNoDefaultPolicy pulumi.BoolPtrInput + // The maximum number of times a token may be used, a value of zero means unlimited + TokenNumUses pulumi.IntPtrInput + // Generated Token's Period + TokenPeriod pulumi.IntPtrInput + // Generated Token's Policies + TokenPolicies pulumi.StringArrayInput + // The initial ttl of the token to generate in seconds + TokenTtl pulumi.IntPtrInput + // The type of token to generate, service or batch + TokenType pulumi.StringPtrInput // Duration after which authentication will be expired. // [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration). + // + // Deprecated: Deprecated. Please use `tokenTtl` instead. Ttl pulumi.StringPtrInput // Associate Okta users with groups or policies within Vault. // See below for more details. @@ -420,6 +530,8 @@ func (o AuthBackendOutput) Groups() AuthBackendGroupTypeArrayOutput { // Maximum duration after which authentication will be expired // [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration). +// +// Deprecated: Deprecated. Please use `tokenMaxTtl` instead. func (o AuthBackendOutput) MaxTtl() pulumi.StringPtrOutput { return o.ApplyT(func(v *AuthBackend) pulumi.StringPtrOutput { return v.MaxTtl }).(pulumi.StringPtrOutput) } @@ -448,8 +560,55 @@ func (o AuthBackendOutput) Token() pulumi.StringPtrOutput { return o.ApplyT(func(v *AuthBackend) pulumi.StringPtrOutput { return v.Token }).(pulumi.StringPtrOutput) } +// Specifies the blocks of IP addresses which are allowed to use the generated token +func (o AuthBackendOutput) TokenBoundCidrs() pulumi.StringArrayOutput { + return o.ApplyT(func(v *AuthBackend) pulumi.StringArrayOutput { return v.TokenBoundCidrs }).(pulumi.StringArrayOutput) +} + +// Generated Token's Explicit Maximum TTL in seconds +func (o AuthBackendOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput { + return o.ApplyT(func(v *AuthBackend) pulumi.IntPtrOutput { return v.TokenExplicitMaxTtl }).(pulumi.IntPtrOutput) +} + +// The maximum lifetime of the generated token +func (o AuthBackendOutput) TokenMaxTtl() pulumi.IntPtrOutput { + return o.ApplyT(func(v *AuthBackend) pulumi.IntPtrOutput { return v.TokenMaxTtl }).(pulumi.IntPtrOutput) +} + +// If true, the 'default' policy will not automatically be added to generated tokens +func (o AuthBackendOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *AuthBackend) pulumi.BoolPtrOutput { return v.TokenNoDefaultPolicy }).(pulumi.BoolPtrOutput) +} + +// The maximum number of times a token may be used, a value of zero means unlimited +func (o AuthBackendOutput) TokenNumUses() pulumi.IntPtrOutput { + return o.ApplyT(func(v *AuthBackend) pulumi.IntPtrOutput { return v.TokenNumUses }).(pulumi.IntPtrOutput) +} + +// Generated Token's Period +func (o AuthBackendOutput) TokenPeriod() pulumi.IntPtrOutput { + return o.ApplyT(func(v *AuthBackend) pulumi.IntPtrOutput { return v.TokenPeriod }).(pulumi.IntPtrOutput) +} + +// Generated Token's Policies +func (o AuthBackendOutput) TokenPolicies() pulumi.StringArrayOutput { + return o.ApplyT(func(v *AuthBackend) pulumi.StringArrayOutput { return v.TokenPolicies }).(pulumi.StringArrayOutput) +} + +// The initial ttl of the token to generate in seconds +func (o AuthBackendOutput) TokenTtl() pulumi.IntPtrOutput { + return o.ApplyT(func(v *AuthBackend) pulumi.IntPtrOutput { return v.TokenTtl }).(pulumi.IntPtrOutput) +} + +// The type of token to generate, service or batch +func (o AuthBackendOutput) TokenType() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthBackend) pulumi.StringPtrOutput { return v.TokenType }).(pulumi.StringPtrOutput) +} + // Duration after which authentication will be expired. // [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration). +// +// Deprecated: Deprecated. Please use `tokenTtl` instead. func (o AuthBackendOutput) Ttl() pulumi.StringPtrOutput { return o.ApplyT(func(v *AuthBackend) pulumi.StringPtrOutput { return v.Ttl }).(pulumi.StringPtrOutput) } diff --git a/sdk/go/vault/pkisecret/backendConfigEst.go b/sdk/go/vault/pkisecret/backendConfigEst.go new file mode 100644 index 000000000..23fdf738f --- /dev/null +++ b/sdk/go/vault/pkisecret/backendConfigEst.go @@ -0,0 +1,396 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package pkisecret + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Allows setting the EST configuration on a PKI Secret Backend +// +// ## Import +// +// The PKI config cluster can be imported using the resource's `id`. +// In the case of the example above the `id` would be `pki-root/config/est`, +// where the `pki-root` component is the resource's `backend`, e.g. +// +// ```sh +// $ pulumi import vault:pkiSecret/backendConfigEst:BackendConfigEst example pki-root/config/est +// ``` +type BackendConfigEst struct { + pulumi.CustomResourceState + + // Fields parsed from the CSR that appear in the audit and can be used by sentinel policies. + // + // + AuditFields pulumi.StringArrayOutput `pulumi:"auditFields"` + // Lists the mount accessors EST should delegate authentication requests towards (see below for nested schema). + Authenticators BackendConfigEstAuthenticatorsOutput `pulumi:"authenticators"` + // The path to the PKI secret backend to + // read the EST configuration from, with no leading or trailing `/`s. + Backend pulumi.StringOutput `pulumi:"backend"` + // If set, this mount will register the default `.well-known/est` URL path. Only a single mount can enable this across a Vault cluster. + DefaultMount pulumi.BoolPtrOutput `pulumi:"defaultMount"` + // Required to be set if defaultMount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:. + DefaultPathPolicy pulumi.StringPtrOutput `pulumi:"defaultPathPolicy"` + // If set, parse out fields from the provided CSR making them available for Sentinel policies. + EnableSentinelParsing pulumi.BoolPtrOutput `pulumi:"enableSentinelParsing"` + // Specifies whether EST is enabled. + Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` + // Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:. Labels must be unique across Vault cluster, and will register .well-known/est/