Upgrade to v2.14.0 of the Vault Terraform Provider

pulumi · Sep 17, 2020 · 653cddb · 653cddb
1 parent 51d6d57
commit 653cddb
Show file tree

Hide file tree

Showing 16 changed files with 537 additions and 35 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,7 +2,7 @@ CHANGELOG
 =========
 
 ## HEAD (Unreleased)
-* Upgrade to v2.13.0 of the Vault Terraform Provider
+* Upgrade to v2.14.0 of the Vault Terraform Provider
 
 ---
 

diff --git a/provider/cmd/pulumi-resource-vault/schema.json b/provider/cmd/pulumi-resource-vault/schema.json
@@ -2958,7 +2958,7 @@
                 },
                 "resolveAwsUniqueIds": {
                     "type": "boolean",
-                    "description": "If set to `true`, the\n`bound_iam_principal_arns` are resolved to [AWS Unique\nIDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)\nfor the bound principal ARN. This field is ignored when a\n`bound_iam_principal_arn` ends in a wildcard. Resolving to unique IDs more\nclosely mimics the behavior of AWS services in that if an IAM user or role is\ndeleted and a new one is recreated with the same name, those new users or\nroles won't get access to roles in Vault that were permissioned to the prior\nprincipals of the same name. Defaults to `true`.\nOnce set to `true`, this cannot be changed to `false` without recreating the role.\n"
+                    "description": "Only valid when\n`auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are\nresolved to [AWS Unique\nIDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)\nfor the bound principal ARN. This field is ignored when a\n`bound_iam_principal_arn` ends in a wildcard. Resolving to unique IDs more\nclosely mimics the behavior of AWS services in that if an IAM user or role is\ndeleted and a new one is recreated with the same name, those new users or\nroles won't get access to roles in Vault that were permissioned to the prior\nprincipals of the same name. Defaults to `true`.\nOnce set to `true`, this cannot be changed to `false` without recreating the role.\n"
                 },
                 "role": {
                     "type": "string",
@@ -3127,7 +3127,7 @@
                 },
                 "resolveAwsUniqueIds": {
                     "type": "boolean",
-                    "description": "If set to `true`, the\n`bound_iam_principal_arns` are resolved to [AWS Unique\nIDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)\nfor the bound principal ARN. This field is ignored when a\n`bound_iam_principal_arn` ends in a wildcard. Resolving to unique IDs more\nclosely mimics the behavior of AWS services in that if an IAM user or role is\ndeleted and a new one is recreated with the same name, those new users or\nroles won't get access to roles in Vault that were permissioned to the prior\nprincipals of the same name. Defaults to `true`.\nOnce set to `true`, this cannot be changed to `false` without recreating the role.\n"
+                    "description": "Only valid when\n`auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are\nresolved to [AWS Unique\nIDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)\nfor the bound principal ARN. This field is ignored when a\n`bound_iam_principal_arn` ends in a wildcard. Resolving to unique IDs more\nclosely mimics the behavior of AWS services in that if an IAM user or role is\ndeleted and a new one is recreated with the same name, those new users or\nroles won't get access to roles in Vault that were permissioned to the prior\nprincipals of the same name. Defaults to `true`.\nOnce set to `true`, this cannot be changed to `false` without recreating the role.\n"
                 },
                 "role": {
                     "type": "string",
@@ -3298,7 +3298,7 @@
                     },
                     "resolveAwsUniqueIds": {
                         "type": "boolean",
-                        "description": "If set to `true`, the\n`bound_iam_principal_arns` are resolved to [AWS Unique\nIDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)\nfor the bound principal ARN. This field is ignored when a\n`bound_iam_principal_arn` ends in a wildcard. Resolving to unique IDs more\nclosely mimics the behavior of AWS services in that if an IAM user or role is\ndeleted and a new one is recreated with the same name, those new users or\nroles won't get access to roles in Vault that were permissioned to the prior\nprincipals of the same name. Defaults to `true`.\nOnce set to `true`, this cannot be changed to `false` without recreating the role.\n"
+                        "description": "Only valid when\n`auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are\nresolved to [AWS Unique\nIDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)\nfor the bound principal ARN. This field is ignored when a\n`bound_iam_principal_arn` ends in a wildcard. Resolving to unique IDs more\nclosely mimics the behavior of AWS services in that if an IAM user or role is\ndeleted and a new one is recreated with the same name, those new users or\nroles won't get access to roles in Vault that were permissioned to the prior\nprincipals of the same name. Defaults to `true`.\nOnce set to `true`, this cannot be changed to `false` without recreating the role.\n"
                     },
                     "role": {
                         "type": "string",
@@ -8834,6 +8834,61 @@
                 "type": "object"
             }
         },
+        "vault:index/quotaRateLimit:QuotaRateLimit": {
+            "properties": {
+                "name": {
+                    "type": "string",
+                    "description": "The name of the quota.\n"
+                },
+                "path": {
+                    "type": "string",
+                    "description": "Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota.\n"
+                },
+                "rate": {
+                    "type": "number",
+                    "description": "The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive.\n"
+                }
+            },
+            "required": [
+                "name",
+                "rate"
+            ],
+            "inputProperties": {
+                "name": {
+                    "type": "string",
+                    "description": "The name of the quota.\n"
+                },
+                "path": {
+                    "type": "string",
+                    "description": "Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota.\n"
+                },
+                "rate": {
+                    "type": "number",
+                    "description": "The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive.\n"
+                }
+            },
+            "requiredInputs": [
+                "rate"
+            ],
+            "stateInputs": {
+                "description": "Input properties used for looking up and filtering QuotaRateLimit resources.\n",
+                "properties": {
+                    "name": {
+                        "type": "string",
+                        "description": "The name of the quota.\n"
+                    },
+                    "path": {
+                        "type": "string",
+                        "description": "Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota.\n"
+                    },
+                    "rate": {
+                        "type": "number",
+                        "description": "The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive.\n"
+                    }
+                },
+                "type": "object"
+            }
+        },
         "vault:index/rgpPolicy:RgpPolicy": {
             "description": "Provides a resource to manage Role Governing Policy (RGP) via [Sentinel](https://www.vaultproject.io/docs/enterprise/sentinel/index.html).\n\n**Note** this feature is available only with Vault Enterprise.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst allow_all = new vault.RgpPolicy(\"allow-all\", {\n    enforcementLevel: \"soft-mandatory\",\n    policy: `main = rule {\n  true\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\nallow_all = vault.RgpPolicy(\"allow-all\",\n    enforcement_level=\"soft-mandatory\",\n    policy=\"\"\"main = rule {\n  true\n}\n\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nclass MyStack : Stack\n{\n    public MyStack()\n    {\n        var allow_all = new Vault.RgpPolicy(\"allow-all\", new Vault.RgpPolicyArgs\n        {\n            EnforcementLevel = \"soft-mandatory\",\n            Policy = @\"main = rule {\n  true\n}\n\n\",\n        });\n    }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-vault/sdk/v2/go/vault\"\n\t\"github.com/pulumi/pulumi/sdk/v2/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vault.NewRgpPolicy(ctx, \"allow_all\", \u0026vault.RgpPolicyArgs{\n\t\t\tEnforcementLevel: pulumi.String(\"soft-mandatory\"),\n\t\t\tPolicy:           pulumi.String(fmt.Sprintf(\"%v%v%v%v\", \"main = rule {\\n\", \"  true\\n\", \"}\\n\", \"\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}",
             "properties": {

diff --git a/provider/go.mod b/provider/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/hashicorp/terraform-plugin-sdk v1.7.0
 	github.com/pulumi/pulumi-terraform-bridge/v2 v2.5.2
 	github.com/pulumi/pulumi/sdk/v2 v2.5.1-0.20200630091945-bb358c4d2173
-	github.com/terraform-providers/terraform-provider-vault v1.9.1-0.20200827211630-a5872f788451
+	github.com/terraform-providers/terraform-provider-vault v1.9.1-0.20200915193603-5fba2971f6a6
 )
 
 replace github.com/Azure/go-autorest => github.com/Azure/go-autorest v12.4.3+incompatible
diff --git a/provider/go.sum b/provider/go.sum
@@ -797,6 +797,8 @@ github.com/terraform-providers/terraform-provider-vault v1.9.1-0.20200731142559-
 github.com/terraform-providers/terraform-provider-vault v1.9.1-0.20200731142559-29ea3d57dad9/go.mod h1:i1MvL2JVgwvGSIq2hwlwGeRR5BJ4vcfEnDHzGOB22CM=
 github.com/terraform-providers/terraform-provider-vault v1.9.1-0.20200827211630-a5872f788451 h1:3Xw9ixEFAmVy+7Nbg9Ebp00aSQxi0vD/L/rYEKuyk6Q=
 github.com/terraform-providers/terraform-provider-vault v1.9.1-0.20200827211630-a5872f788451/go.mod h1:i1MvL2JVgwvGSIq2hwlwGeRR5BJ4vcfEnDHzGOB22CM=
+github.com/terraform-providers/terraform-provider-vault v1.9.1-0.20200915193603-5fba2971f6a6 h1:+U0sf7C4PXtactYNVhKH0Co7hQTCs9PD6X4MhPtkARs=
+github.com/terraform-providers/terraform-provider-vault v1.9.1-0.20200915193603-5fba2971f6a6/go.mod h1:i1MvL2JVgwvGSIq2hwlwGeRR5BJ4vcfEnDHzGOB22CM=
 github.com/texttheater/golang-levenshtein v0.0.0-20191208221605-eb6844b05fc6 h1:9VTskZOIRf2vKF3UL8TuWElry5pgUpV1tFSe/e/0m/E=
 github.com/texttheater/golang-levenshtein v0.0.0-20191208221605-eb6844b05fc6/go.mod h1:XDKHRm5ThF8YJjx001LtgelzsoaEcvnA7lVWz9EeX3g=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=

diff --git a/provider/resources.go b/provider/resources.go
@@ -217,8 +217,9 @@ func Provider() tfbridge.ProviderInfo {
 					},
 				},
 			},
-			"vault_rgp_policy": {Tok: makeResource(mainMod, "RgpPolicy")},
-			"vault_token":      {Tok: makeResource(mainMod, "Token")},
+			"vault_rgp_policy":       {Tok: makeResource(mainMod, "RgpPolicy")},
+			"vault_token":            {Tok: makeResource(mainMod, "Token")},
+			"vault_quota_rate_limit": {Tok: makeResource(mainMod, "QuotaRateLimit")},
 
 			// AppRole
 			"vault_approle_auth_backend_role":           {Tok: makeResource(appRoleMod, "AuthBackendRole")},

diff --git a/sdk/dotnet/Aws/AuthBackendRole.cs b/sdk/dotnet/Aws/AuthBackendRole.cs
@@ -229,8 +229,9 @@ public partial class AuthBackendRole : Pulumi.CustomResource
         public Output<ImmutableArray<string>> Policies { get; private set; } = null!;
 
         /// <summary>
-        /// If set to `true`, the
-        /// `bound_iam_principal_arns` are resolved to [AWS Unique
+        /// Only valid when
+        /// `auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are
+        /// resolved to [AWS Unique
         /// IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)
         /// for the bound principal ARN. This field is ignored when a
         /// `bound_iam_principal_arn` ends in a wildcard. Resolving to unique IDs more
@@ -596,8 +597,9 @@ public InputList<string> Policies
         }
 
         /// <summary>
-        /// If set to `true`, the
-        /// `bound_iam_principal_arns` are resolved to [AWS Unique
+        /// Only valid when
+        /// `auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are
+        /// resolved to [AWS Unique
         /// IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)
         /// for the bound principal ARN. This field is ignored when a
         /// `bound_iam_principal_arn` ends in a wildcard. Resolving to unique IDs more
@@ -936,8 +938,9 @@ public InputList<string> Policies
         }
 
         /// <summary>
-        /// If set to `true`, the
-        /// `bound_iam_principal_arns` are resolved to [AWS Unique
+        /// Only valid when
+        /// `auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are
+        /// resolved to [AWS Unique
         /// IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)
         /// for the bound principal ARN. This field is ignored when a
         /// `bound_iam_principal_arn` ends in a wildcard. Resolving to unique IDs more

diff --git a/sdk/dotnet/QuotaRateLimit.cs b/sdk/dotnet/QuotaRateLimit.cs
@@ -0,0 +1,125 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Vault
+{
+    public partial class QuotaRateLimit : Pulumi.CustomResource
+    {
+        /// <summary>
+        /// The name of the quota.
+        /// </summary>
+        [Output("name")]
+        public Output<string> Name { get; private set; } = null!;
+
+        /// <summary>
+        /// Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota.
+        /// </summary>
+        [Output("path")]
+        public Output<string?> Path { get; private set; } = null!;
+
+        /// <summary>
+        /// The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive.
+        /// </summary>
+        [Output("rate")]
+        public Output<double> Rate { get; private set; } = null!;
+
+
+        /// <summary>
+        /// Create a QuotaRateLimit resource with the given unique name, arguments, and options.
+        /// </summary>
+        ///
+        /// <param name="name">The unique name of the resource</param>
+        /// <param name="args">The arguments used to populate this resource's properties</param>
+        /// <param name="options">A bag of options that control this resource's behavior</param>
+        public QuotaRateLimit(string name, QuotaRateLimitArgs args, CustomResourceOptions? options = null)
+            : base("vault:index/quotaRateLimit:QuotaRateLimit", name, args ?? new QuotaRateLimitArgs(), MakeResourceOptions(options, ""))
+        {
+        }
+
+        private QuotaRateLimit(string name, Input<string> id, QuotaRateLimitState? state = null, CustomResourceOptions? options = null)
+            : base("vault:index/quotaRateLimit:QuotaRateLimit", name, state, MakeResourceOptions(options, id))
+        {
+        }
+
+        private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input<string>? id)
+        {
+            var defaultOptions = new CustomResourceOptions
+            {
+                Version = Utilities.Version,
+            };
+            var merged = CustomResourceOptions.Merge(defaultOptions, options);
+            // Override the ID if one was specified for consistency with other language SDKs.
+            merged.Id = id ?? merged.Id;
+            return merged;
+        }
+        /// <summary>
+        /// Get an existing QuotaRateLimit resource's state with the given name, ID, and optional extra
+        /// properties used to qualify the lookup.
+        /// </summary>
+        ///
+        /// <param name="name">The unique name of the resulting resource.</param>
+        /// <param name="id">The unique provider ID of the resource to lookup.</param>
+        /// <param name="state">Any extra arguments used during the lookup.</param>
+        /// <param name="options">A bag of options that control this resource's behavior</param>
+        public static QuotaRateLimit Get(string name, Input<string> id, QuotaRateLimitState? state = null, CustomResourceOptions? options = null)
+        {
+            return new QuotaRateLimit(name, id, state, options);
+        }
+    }
+
+    public sealed class QuotaRateLimitArgs : Pulumi.ResourceArgs
+    {
+        /// <summary>
+        /// The name of the quota.
+        /// </summary>
+        [Input("name")]
+        public Input<string>? Name { get; set; }
+
+        /// <summary>
+        /// Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota.
+        /// </summary>
+        [Input("path")]
+        public Input<string>? Path { get; set; }
+
+        /// <summary>
+        /// The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive.
+        /// </summary>
+        [Input("rate", required: true)]
+        public Input<double> Rate { get; set; } = null!;
+
+        public QuotaRateLimitArgs()
+        {
+        }
+    }
+
+    public sealed class QuotaRateLimitState : Pulumi.ResourceArgs
+    {
+        /// <summary>
+        /// The name of the quota.
+        /// </summary>
+        [Input("name")]
+        public Input<string>? Name { get; set; }
+
+        /// <summary>
+        /// Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota.
+        /// </summary>
+        [Input("path")]
+        public Input<string>? Path { get; set; }
+
+        /// <summary>
+        /// The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive.
+        /// </summary>
+        [Input("rate")]
+        public Input<double>? Rate { get; set; }
+
+        public QuotaRateLimitState()
+        {
+        }
+    }
+}