diff --git a/CHANGELOG.md b/CHANGELOG.md index 82413f12b..6ee5220f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ CHANGELOG ========= ## HEAD (Unreleased) -* Upgrade to v2.13.0 of the Vault Terraform Provider +* Upgrade to v2.14.0 of the Vault Terraform Provider --- diff --git a/provider/cmd/pulumi-resource-vault/schema.json b/provider/cmd/pulumi-resource-vault/schema.json index 5f2bb01d3..5fac11be5 100644 --- a/provider/cmd/pulumi-resource-vault/schema.json +++ b/provider/cmd/pulumi-resource-vault/schema.json @@ -2958,7 +2958,7 @@ }, "resolveAwsUniqueIds": { "type": "boolean", - "description": "If set to `true`, the\n`bound_iam_principal_arns` are resolved to [AWS Unique\nIDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)\nfor the bound principal ARN. This field is ignored when a\n`bound_iam_principal_arn` ends in a wildcard. Resolving to unique IDs more\nclosely mimics the behavior of AWS services in that if an IAM user or role is\ndeleted and a new one is recreated with the same name, those new users or\nroles won't get access to roles in Vault that were permissioned to the prior\nprincipals of the same name. Defaults to `true`.\nOnce set to `true`, this cannot be changed to `false` without recreating the role.\n" + "description": "Only valid when\n`auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are\nresolved to [AWS Unique\nIDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)\nfor the bound principal ARN. This field is ignored when a\n`bound_iam_principal_arn` ends in a wildcard. Resolving to unique IDs more\nclosely mimics the behavior of AWS services in that if an IAM user or role is\ndeleted and a new one is recreated with the same name, those new users or\nroles won't get access to roles in Vault that were permissioned to the prior\nprincipals of the same name. Defaults to `true`.\nOnce set to `true`, this cannot be changed to `false` without recreating the role.\n" }, "role": { "type": "string", @@ -3127,7 +3127,7 @@ }, "resolveAwsUniqueIds": { "type": "boolean", - "description": "If set to `true`, the\n`bound_iam_principal_arns` are resolved to [AWS Unique\nIDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)\nfor the bound principal ARN. This field is ignored when a\n`bound_iam_principal_arn` ends in a wildcard. Resolving to unique IDs more\nclosely mimics the behavior of AWS services in that if an IAM user or role is\ndeleted and a new one is recreated with the same name, those new users or\nroles won't get access to roles in Vault that were permissioned to the prior\nprincipals of the same name. Defaults to `true`.\nOnce set to `true`, this cannot be changed to `false` without recreating the role.\n" + "description": "Only valid when\n`auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are\nresolved to [AWS Unique\nIDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)\nfor the bound principal ARN. This field is ignored when a\n`bound_iam_principal_arn` ends in a wildcard. Resolving to unique IDs more\nclosely mimics the behavior of AWS services in that if an IAM user or role is\ndeleted and a new one is recreated with the same name, those new users or\nroles won't get access to roles in Vault that were permissioned to the prior\nprincipals of the same name. Defaults to `true`.\nOnce set to `true`, this cannot be changed to `false` without recreating the role.\n" }, "role": { "type": "string", @@ -3298,7 +3298,7 @@ }, "resolveAwsUniqueIds": { "type": "boolean", - "description": "If set to `true`, the\n`bound_iam_principal_arns` are resolved to [AWS Unique\nIDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)\nfor the bound principal ARN. This field is ignored when a\n`bound_iam_principal_arn` ends in a wildcard. Resolving to unique IDs more\nclosely mimics the behavior of AWS services in that if an IAM user or role is\ndeleted and a new one is recreated with the same name, those new users or\nroles won't get access to roles in Vault that were permissioned to the prior\nprincipals of the same name. Defaults to `true`.\nOnce set to `true`, this cannot be changed to `false` without recreating the role.\n" + "description": "Only valid when\n`auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are\nresolved to [AWS Unique\nIDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)\nfor the bound principal ARN. This field is ignored when a\n`bound_iam_principal_arn` ends in a wildcard. Resolving to unique IDs more\nclosely mimics the behavior of AWS services in that if an IAM user or role is\ndeleted and a new one is recreated with the same name, those new users or\nroles won't get access to roles in Vault that were permissioned to the prior\nprincipals of the same name. Defaults to `true`.\nOnce set to `true`, this cannot be changed to `false` without recreating the role.\n" }, "role": { "type": "string", @@ -8834,6 +8834,61 @@ "type": "object" } }, + "vault:index/quotaRateLimit:QuotaRateLimit": { + "properties": { + "name": { + "type": "string", + "description": "The name of the quota.\n" + }, + "path": { + "type": "string", + "description": "Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota.\n" + }, + "rate": { + "type": "number", + "description": "The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive.\n" + } + }, + "required": [ + "name", + "rate" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name of the quota.\n" + }, + "path": { + "type": "string", + "description": "Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota.\n" + }, + "rate": { + "type": "number", + "description": "The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive.\n" + } + }, + "requiredInputs": [ + "rate" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering QuotaRateLimit resources.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the quota.\n" + }, + "path": { + "type": "string", + "description": "Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota.\n" + }, + "rate": { + "type": "number", + "description": "The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive.\n" + } + }, + "type": "object" + } + }, "vault:index/rgpPolicy:RgpPolicy": { "description": "Provides a resource to manage Role Governing Policy (RGP) via [Sentinel](https://www.vaultproject.io/docs/enterprise/sentinel/index.html).\n\n**Note** this feature is available only with Vault Enterprise.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as vault from \"@pulumi/vault\";\n\nconst allow_all = new vault.RgpPolicy(\"allow-all\", {\n enforcementLevel: \"soft-mandatory\",\n policy: `main = rule {\n true\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_vault as vault\n\nallow_all = vault.RgpPolicy(\"allow-all\",\n enforcement_level=\"soft-mandatory\",\n policy=\"\"\"main = rule {\n true\n}\n\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Vault = Pulumi.Vault;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var allow_all = new Vault.RgpPolicy(\"allow-all\", new Vault.RgpPolicyArgs\n {\n EnforcementLevel = \"soft-mandatory\",\n Policy = @\"main = rule {\n true\n}\n\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-vault/sdk/v2/go/vault\"\n\t\"github.com/pulumi/pulumi/sdk/v2/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vault.NewRgpPolicy(ctx, \"allow_all\", \u0026vault.RgpPolicyArgs{\n\t\t\tEnforcementLevel: pulumi.String(\"soft-mandatory\"),\n\t\t\tPolicy: pulumi.String(fmt.Sprintf(\"%v%v%v%v\", \"main = rule {\\n\", \" true\\n\", \"}\\n\", \"\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", "properties": { diff --git a/provider/go.mod b/provider/go.mod index b8e26ecf7..8bc9281e4 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -6,7 +6,7 @@ require ( github.com/hashicorp/terraform-plugin-sdk v1.7.0 github.com/pulumi/pulumi-terraform-bridge/v2 v2.5.2 github.com/pulumi/pulumi/sdk/v2 v2.5.1-0.20200630091945-bb358c4d2173 - github.com/terraform-providers/terraform-provider-vault v1.9.1-0.20200827211630-a5872f788451 + github.com/terraform-providers/terraform-provider-vault v1.9.1-0.20200915193603-5fba2971f6a6 ) replace github.com/Azure/go-autorest => github.com/Azure/go-autorest v12.4.3+incompatible diff --git a/provider/go.sum b/provider/go.sum index 922f03c36..0acd3b24d 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -797,6 +797,8 @@ github.com/terraform-providers/terraform-provider-vault v1.9.1-0.20200731142559- github.com/terraform-providers/terraform-provider-vault v1.9.1-0.20200731142559-29ea3d57dad9/go.mod h1:i1MvL2JVgwvGSIq2hwlwGeRR5BJ4vcfEnDHzGOB22CM= github.com/terraform-providers/terraform-provider-vault v1.9.1-0.20200827211630-a5872f788451 h1:3Xw9ixEFAmVy+7Nbg9Ebp00aSQxi0vD/L/rYEKuyk6Q= github.com/terraform-providers/terraform-provider-vault v1.9.1-0.20200827211630-a5872f788451/go.mod h1:i1MvL2JVgwvGSIq2hwlwGeRR5BJ4vcfEnDHzGOB22CM= +github.com/terraform-providers/terraform-provider-vault v1.9.1-0.20200915193603-5fba2971f6a6 h1:+U0sf7C4PXtactYNVhKH0Co7hQTCs9PD6X4MhPtkARs= +github.com/terraform-providers/terraform-provider-vault v1.9.1-0.20200915193603-5fba2971f6a6/go.mod h1:i1MvL2JVgwvGSIq2hwlwGeRR5BJ4vcfEnDHzGOB22CM= github.com/texttheater/golang-levenshtein v0.0.0-20191208221605-eb6844b05fc6 h1:9VTskZOIRf2vKF3UL8TuWElry5pgUpV1tFSe/e/0m/E= github.com/texttheater/golang-levenshtein v0.0.0-20191208221605-eb6844b05fc6/go.mod h1:XDKHRm5ThF8YJjx001LtgelzsoaEcvnA7lVWz9EeX3g= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= diff --git a/provider/resources.go b/provider/resources.go index 8dbfa6b8e..a30b13ca4 100644 --- a/provider/resources.go +++ b/provider/resources.go @@ -217,8 +217,9 @@ func Provider() tfbridge.ProviderInfo { }, }, }, - "vault_rgp_policy": {Tok: makeResource(mainMod, "RgpPolicy")}, - "vault_token": {Tok: makeResource(mainMod, "Token")}, + "vault_rgp_policy": {Tok: makeResource(mainMod, "RgpPolicy")}, + "vault_token": {Tok: makeResource(mainMod, "Token")}, + "vault_quota_rate_limit": {Tok: makeResource(mainMod, "QuotaRateLimit")}, // AppRole "vault_approle_auth_backend_role": {Tok: makeResource(appRoleMod, "AuthBackendRole")}, diff --git a/sdk/dotnet/Aws/AuthBackendRole.cs b/sdk/dotnet/Aws/AuthBackendRole.cs index a0e364340..d18534b96 100644 --- a/sdk/dotnet/Aws/AuthBackendRole.cs +++ b/sdk/dotnet/Aws/AuthBackendRole.cs @@ -229,8 +229,9 @@ public partial class AuthBackendRole : Pulumi.CustomResource public Output> Policies { get; private set; } = null!; /// - /// If set to `true`, the - /// `bound_iam_principal_arns` are resolved to [AWS Unique + /// Only valid when + /// `auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are + /// resolved to [AWS Unique /// IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids) /// for the bound principal ARN. This field is ignored when a /// `bound_iam_principal_arn` ends in a wildcard. Resolving to unique IDs more @@ -596,8 +597,9 @@ public InputList Policies } /// - /// If set to `true`, the - /// `bound_iam_principal_arns` are resolved to [AWS Unique + /// Only valid when + /// `auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are + /// resolved to [AWS Unique /// IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids) /// for the bound principal ARN. This field is ignored when a /// `bound_iam_principal_arn` ends in a wildcard. Resolving to unique IDs more @@ -936,8 +938,9 @@ public InputList Policies } /// - /// If set to `true`, the - /// `bound_iam_principal_arns` are resolved to [AWS Unique + /// Only valid when + /// `auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are + /// resolved to [AWS Unique /// IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids) /// for the bound principal ARN. This field is ignored when a /// `bound_iam_principal_arn` ends in a wildcard. Resolving to unique IDs more diff --git a/sdk/dotnet/QuotaRateLimit.cs b/sdk/dotnet/QuotaRateLimit.cs new file mode 100644 index 000000000..ddabd4f01 --- /dev/null +++ b/sdk/dotnet/QuotaRateLimit.cs @@ -0,0 +1,125 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Vault +{ + public partial class QuotaRateLimit : Pulumi.CustomResource + { + /// + /// The name of the quota. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota. + /// + [Output("path")] + public Output Path { get; private set; } = null!; + + /// + /// The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive. + /// + [Output("rate")] + public Output Rate { get; private set; } = null!; + + + /// + /// Create a QuotaRateLimit resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public QuotaRateLimit(string name, QuotaRateLimitArgs args, CustomResourceOptions? options = null) + : base("vault:index/quotaRateLimit:QuotaRateLimit", name, args ?? new QuotaRateLimitArgs(), MakeResourceOptions(options, "")) + { + } + + private QuotaRateLimit(string name, Input id, QuotaRateLimitState? state = null, CustomResourceOptions? options = null) + : base("vault:index/quotaRateLimit:QuotaRateLimit", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing QuotaRateLimit resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static QuotaRateLimit Get(string name, Input id, QuotaRateLimitState? state = null, CustomResourceOptions? options = null) + { + return new QuotaRateLimit(name, id, state, options); + } + } + + public sealed class QuotaRateLimitArgs : Pulumi.ResourceArgs + { + /// + /// The name of the quota. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota. + /// + [Input("path")] + public Input? Path { get; set; } + + /// + /// The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive. + /// + [Input("rate", required: true)] + public Input Rate { get; set; } = null!; + + public QuotaRateLimitArgs() + { + } + } + + public sealed class QuotaRateLimitState : Pulumi.ResourceArgs + { + /// + /// The name of the quota. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota. + /// + [Input("path")] + public Input? Path { get; set; } + + /// + /// The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive. + /// + [Input("rate")] + public Input? Rate { get; set; } + + public QuotaRateLimitState() + { + } + } +} diff --git a/sdk/go/vault/aws/authBackendRole.go b/sdk/go/vault/aws/authBackendRole.go index e936b3784..d52c809b7 100644 --- a/sdk/go/vault/aws/authBackendRole.go +++ b/sdk/go/vault/aws/authBackendRole.go @@ -162,8 +162,9 @@ type AuthBackendRole struct { // // Deprecated: use `token_policies` instead if you are running Vault >= 1.2 Policies pulumi.StringArrayOutput `pulumi:"policies"` - // If set to `true`, the - // `boundIamPrincipalArns` are resolved to [AWS Unique + // Only valid when + // `authType` is `iam`. If set to `true`, the `boundIamPrincipalArns` are + // resolved to [AWS Unique // IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids) // for the bound principal ARN. This field is ignored when a // `boundIamPrincipalArn` ends in a wildcard. Resolving to unique IDs more @@ -339,8 +340,9 @@ type authBackendRoleState struct { // // Deprecated: use `token_policies` instead if you are running Vault >= 1.2 Policies []string `pulumi:"policies"` - // If set to `true`, the - // `boundIamPrincipalArns` are resolved to [AWS Unique + // Only valid when + // `authType` is `iam`. If set to `true`, the `boundIamPrincipalArns` are + // resolved to [AWS Unique // IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids) // for the bound principal ARN. This field is ignored when a // `boundIamPrincipalArn` ends in a wildcard. Resolving to unique IDs more @@ -486,8 +488,9 @@ type AuthBackendRoleState struct { // // Deprecated: use `token_policies` instead if you are running Vault >= 1.2 Policies pulumi.StringArrayInput - // If set to `true`, the - // `boundIamPrincipalArns` are resolved to [AWS Unique + // Only valid when + // `authType` is `iam`. If set to `true`, the `boundIamPrincipalArns` are + // resolved to [AWS Unique // IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids) // for the bound principal ARN. This field is ignored when a // `boundIamPrincipalArn` ends in a wildcard. Resolving to unique IDs more @@ -637,8 +640,9 @@ type authBackendRoleArgs struct { // // Deprecated: use `token_policies` instead if you are running Vault >= 1.2 Policies []string `pulumi:"policies"` - // If set to `true`, the - // `boundIamPrincipalArns` are resolved to [AWS Unique + // Only valid when + // `authType` is `iam`. If set to `true`, the `boundIamPrincipalArns` are + // resolved to [AWS Unique // IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids) // for the bound principal ARN. This field is ignored when a // `boundIamPrincipalArn` ends in a wildcard. Resolving to unique IDs more @@ -785,8 +789,9 @@ type AuthBackendRoleArgs struct { // // Deprecated: use `token_policies` instead if you are running Vault >= 1.2 Policies pulumi.StringArrayInput - // If set to `true`, the - // `boundIamPrincipalArns` are resolved to [AWS Unique + // Only valid when + // `authType` is `iam`. If set to `true`, the `boundIamPrincipalArns` are + // resolved to [AWS Unique // IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids) // for the bound principal ARN. This field is ignored when a // `boundIamPrincipalArn` ends in a wildcard. Resolving to unique IDs more diff --git a/sdk/go/vault/quotaRateLimit.go b/sdk/go/vault/quotaRateLimit.go new file mode 100644 index 000000000..aa0c12340 --- /dev/null +++ b/sdk/go/vault/quotaRateLimit.go @@ -0,0 +1,97 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package vault + +import ( + "reflect" + + "github.com/pkg/errors" + "github.com/pulumi/pulumi/sdk/v2/go/pulumi" +) + +type QuotaRateLimit struct { + pulumi.CustomResourceState + + // The name of the quota. + Name pulumi.StringOutput `pulumi:"name"` + // Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota. + Path pulumi.StringPtrOutput `pulumi:"path"` + // The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive. + Rate pulumi.Float64Output `pulumi:"rate"` +} + +// NewQuotaRateLimit registers a new resource with the given unique name, arguments, and options. +func NewQuotaRateLimit(ctx *pulumi.Context, + name string, args *QuotaRateLimitArgs, opts ...pulumi.ResourceOption) (*QuotaRateLimit, error) { + if args == nil || args.Rate == nil { + return nil, errors.New("missing required argument 'Rate'") + } + if args == nil { + args = &QuotaRateLimitArgs{} + } + var resource QuotaRateLimit + err := ctx.RegisterResource("vault:index/quotaRateLimit:QuotaRateLimit", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetQuotaRateLimit gets an existing QuotaRateLimit resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetQuotaRateLimit(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *QuotaRateLimitState, opts ...pulumi.ResourceOption) (*QuotaRateLimit, error) { + var resource QuotaRateLimit + err := ctx.ReadResource("vault:index/quotaRateLimit:QuotaRateLimit", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering QuotaRateLimit resources. +type quotaRateLimitState struct { + // The name of the quota. + Name *string `pulumi:"name"` + // Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota. + Path *string `pulumi:"path"` + // The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive. + Rate *float64 `pulumi:"rate"` +} + +type QuotaRateLimitState struct { + // The name of the quota. + Name pulumi.StringPtrInput + // Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota. + Path pulumi.StringPtrInput + // The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive. + Rate pulumi.Float64PtrInput +} + +func (QuotaRateLimitState) ElementType() reflect.Type { + return reflect.TypeOf((*quotaRateLimitState)(nil)).Elem() +} + +type quotaRateLimitArgs struct { + // The name of the quota. + Name *string `pulumi:"name"` + // Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota. + Path *string `pulumi:"path"` + // The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive. + Rate float64 `pulumi:"rate"` +} + +// The set of arguments for constructing a QuotaRateLimit resource. +type QuotaRateLimitArgs struct { + // The name of the quota. + Name pulumi.StringPtrInput + // Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota. + Path pulumi.StringPtrInput + // The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive. + Rate pulumi.Float64Input +} + +func (QuotaRateLimitArgs) ElementType() reflect.Type { + return reflect.TypeOf((*quotaRateLimitArgs)(nil)).Elem() +} diff --git a/sdk/nodejs/aws/authBackendRole.ts b/sdk/nodejs/aws/authBackendRole.ts index cbca880fd..f626986d7 100644 --- a/sdk/nodejs/aws/authBackendRole.ts +++ b/sdk/nodejs/aws/authBackendRole.ts @@ -190,8 +190,9 @@ export class AuthBackendRole extends pulumi.CustomResource { */ public readonly policies!: pulumi.Output; /** - * If set to `true`, the - * `boundIamPrincipalArns` are resolved to [AWS Unique + * Only valid when + * `authType` is `iam`. If set to `true`, the `boundIamPrincipalArns` are + * resolved to [AWS Unique * IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids) * for the bound principal ARN. This field is ignored when a * `boundIamPrincipalArn` ends in a wildcard. Resolving to unique IDs more @@ -492,8 +493,9 @@ export interface AuthBackendRoleState { */ readonly policies?: pulumi.Input[]>; /** - * If set to `true`, the - * `boundIamPrincipalArns` are resolved to [AWS Unique + * Only valid when + * `authType` is `iam`. If set to `true`, the `boundIamPrincipalArns` are + * resolved to [AWS Unique * IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids) * for the bound principal ARN. This field is ignored when a * `boundIamPrincipalArn` ends in a wildcard. Resolving to unique IDs more @@ -704,8 +706,9 @@ export interface AuthBackendRoleArgs { */ readonly policies?: pulumi.Input[]>; /** - * If set to `true`, the - * `boundIamPrincipalArns` are resolved to [AWS Unique + * Only valid when + * `authType` is `iam`. If set to `true`, the `boundIamPrincipalArns` are + * resolved to [AWS Unique * IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids) * for the bound principal ARN. This field is ignored when a * `boundIamPrincipalArn` ends in a wildcard. Resolving to unique IDs more diff --git a/sdk/nodejs/index.ts b/sdk/nodejs/index.ts index 76a7f3c5c..c3bb93b85 100644 --- a/sdk/nodejs/index.ts +++ b/sdk/nodejs/index.ts @@ -13,6 +13,7 @@ export * from "./mount"; export * from "./namespace"; export * from "./policy"; export * from "./provider"; +export * from "./quotaRateLimit"; export * from "./rgpPolicy"; export * from "./token"; diff --git a/sdk/nodejs/quotaRateLimit.ts b/sdk/nodejs/quotaRateLimit.ts new file mode 100644 index 000000000..1bccf9c25 --- /dev/null +++ b/sdk/nodejs/quotaRateLimit.ts @@ -0,0 +1,117 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "./utilities"; + +export class QuotaRateLimit extends pulumi.CustomResource { + /** + * Get an existing QuotaRateLimit resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: QuotaRateLimitState, opts?: pulumi.CustomResourceOptions): QuotaRateLimit { + return new QuotaRateLimit(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'vault:index/quotaRateLimit:QuotaRateLimit'; + + /** + * Returns true if the given object is an instance of QuotaRateLimit. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is QuotaRateLimit { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === QuotaRateLimit.__pulumiType; + } + + /** + * The name of the quota. + */ + public readonly name!: pulumi.Output; + /** + * Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota. + */ + public readonly path!: pulumi.Output; + /** + * The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive. + */ + public readonly rate!: pulumi.Output; + + /** + * Create a QuotaRateLimit resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: QuotaRateLimitArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: QuotaRateLimitArgs | QuotaRateLimitState, opts?: pulumi.CustomResourceOptions) { + let inputs: pulumi.Inputs = {}; + if (opts && opts.id) { + const state = argsOrState as QuotaRateLimitState | undefined; + inputs["name"] = state ? state.name : undefined; + inputs["path"] = state ? state.path : undefined; + inputs["rate"] = state ? state.rate : undefined; + } else { + const args = argsOrState as QuotaRateLimitArgs | undefined; + if (!args || args.rate === undefined) { + throw new Error("Missing required property 'rate'"); + } + inputs["name"] = args ? args.name : undefined; + inputs["path"] = args ? args.path : undefined; + inputs["rate"] = args ? args.rate : undefined; + } + if (!opts) { + opts = {} + } + + if (!opts.version) { + opts.version = utilities.getVersion(); + } + super(QuotaRateLimit.__pulumiType, name, inputs, opts); + } +} + +/** + * Input properties used for looking up and filtering QuotaRateLimit resources. + */ +export interface QuotaRateLimitState { + /** + * The name of the quota. + */ + readonly name?: pulumi.Input; + /** + * Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota. + */ + readonly path?: pulumi.Input; + /** + * The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive. + */ + readonly rate?: pulumi.Input; +} + +/** + * The set of arguments for constructing a QuotaRateLimit resource. + */ +export interface QuotaRateLimitArgs { + /** + * The name of the quota. + */ + readonly name?: pulumi.Input; + /** + * Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota. + */ + readonly path?: pulumi.Input; + /** + * The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive. + */ + readonly rate: pulumi.Input; +} diff --git a/sdk/nodejs/tsconfig.json b/sdk/nodejs/tsconfig.json index 087e395bd..3c93c8029 100644 --- a/sdk/nodejs/tsconfig.json +++ b/sdk/nodejs/tsconfig.json @@ -114,6 +114,7 @@ "pkiSecret/secretBackendSign.ts", "policy.ts", "provider.ts", + "quotaRateLimit.ts", "rabbitMq/index.ts", "rabbitMq/secretBackend.ts", "rabbitMq/secretBackendRole.ts", diff --git a/sdk/python/pulumi_vault/__init__.py b/sdk/python/pulumi_vault/__init__.py index e023d56a9..63eaa8476 100644 --- a/sdk/python/pulumi_vault/__init__.py +++ b/sdk/python/pulumi_vault/__init__.py @@ -15,6 +15,7 @@ from .namespace import * from .policy import * from .provider import * +from .quota_rate_limit import * from .rgp_policy import * from .token import * diff --git a/sdk/python/pulumi_vault/aws/auth_backend_role.py b/sdk/python/pulumi_vault/aws/auth_backend_role.py index 1128698d5..8e07b2ec2 100644 --- a/sdk/python/pulumi_vault/aws/auth_backend_role.py +++ b/sdk/python/pulumi_vault/aws/auth_backend_role.py @@ -127,8 +127,9 @@ class AuthBackendRole(pulumi.CustomResource): """ resolve_aws_unique_ids: pulumi.Output[bool] """ - If set to `true`, the - `bound_iam_principal_arns` are resolved to [AWS Unique + Only valid when + `auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are + resolved to [AWS Unique IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids) for the bound principal ARN. This field is ignored when a `bound_iam_principal_arn` ends in a wildcard. Resolving to unique IDs more @@ -307,8 +308,9 @@ def __init__(__self__, resource_name, opts=None, allow_instance_migration=None, value of this field. Specified in seconds. :param pulumi.Input[list] policies: An array of strings specifying the policies to be set on tokens issued using this role. - :param pulumi.Input[bool] resolve_aws_unique_ids: If set to `true`, the - `bound_iam_principal_arns` are resolved to [AWS Unique + :param pulumi.Input[bool] resolve_aws_unique_ids: Only valid when + `auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are + resolved to [AWS Unique IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids) for the bound principal ARN. This field is ignored when a `bound_iam_principal_arn` ends in a wildcard. Resolving to unique IDs more @@ -490,8 +492,9 @@ def get(resource_name, id, opts=None, allow_instance_migration=None, auth_type=N value of this field. Specified in seconds. :param pulumi.Input[list] policies: An array of strings specifying the policies to be set on tokens issued using this role. - :param pulumi.Input[bool] resolve_aws_unique_ids: If set to `true`, the - `bound_iam_principal_arns` are resolved to [AWS Unique + :param pulumi.Input[bool] resolve_aws_unique_ids: Only valid when + `auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are + resolved to [AWS Unique IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids) for the bound principal ARN. This field is ignored when a `bound_iam_principal_arn` ends in a wildcard. Resolving to unique IDs more diff --git a/sdk/python/pulumi_vault/quota_rate_limit.py b/sdk/python/pulumi_vault/quota_rate_limit.py new file mode 100644 index 000000000..dcbf5aa01 --- /dev/null +++ b/sdk/python/pulumi_vault/quota_rate_limit.py @@ -0,0 +1,88 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import warnings +import pulumi +import pulumi.runtime +from typing import Union +from . import utilities, tables + + +class QuotaRateLimit(pulumi.CustomResource): + name: pulumi.Output[str] + """ + The name of the quota. + """ + path: pulumi.Output[str] + """ + Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota. + """ + rate: pulumi.Output[float] + """ + The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive. + """ + def __init__(__self__, resource_name, opts=None, name=None, path=None, rate=None, __props__=None, __name__=None, __opts__=None): + """ + Create a QuotaRateLimit resource with the given unique name, props, and options. + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] name: The name of the quota. + :param pulumi.Input[str] path: Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota. + :param pulumi.Input[float] rate: The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive. + """ + if __name__ is not None: + warnings.warn("explicit use of __name__ is deprecated", DeprecationWarning) + resource_name = __name__ + if __opts__ is not None: + warnings.warn("explicit use of __opts__ is deprecated, use 'opts' instead", DeprecationWarning) + opts = __opts__ + if opts is None: + opts = pulumi.ResourceOptions() + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.version is None: + opts.version = utilities.get_version() + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = dict() + + __props__['name'] = name + __props__['path'] = path + if rate is None: + raise TypeError("Missing required property 'rate'") + __props__['rate'] = rate + super(QuotaRateLimit, __self__).__init__( + 'vault:index/quotaRateLimit:QuotaRateLimit', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name, id, opts=None, name=None, path=None, rate=None): + """ + Get an existing QuotaRateLimit resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param str id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] name: The name of the quota. + :param pulumi.Input[str] path: Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota. + :param pulumi.Input[float] rate: The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = dict() + + __props__["name"] = name + __props__["path"] = path + __props__["rate"] = rate + return QuotaRateLimit(resource_name, opts=opts, __props__=__props__) + + def translate_output_property(self, prop): + return tables._CAMEL_TO_SNAKE_CASE_TABLE.get(prop) or prop + + def translate_input_property(self, prop): + return tables._SNAKE_TO_CAMEL_CASE_TABLE.get(prop) or prop