1. Packages
  2. HashiCorp Vault Provider
  3. API Docs
  4. pkiSecret
  5. BackendConfigCmpv2
HashiCorp Vault v6.5.0 published on Thursday, Jan 16, 2025 by Pulumi

vault.pkiSecret.BackendConfigCmpv2

Explore with Pulumi AI

vault logo
HashiCorp Vault v6.5.0 published on Thursday, Jan 16, 2025 by Pulumi

    Allows setting the CMPv2 configuration on a PKI Secret Backend

    Create BackendConfigCmpv2 Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new BackendConfigCmpv2(name: string, args: BackendConfigCmpv2Args, opts?: CustomResourceOptions);
    @overload
    def BackendConfigCmpv2(resource_name: str,
                           args: BackendConfigCmpv2Args,
                           opts: Optional[ResourceOptions] = None)
    
    @overload
    def BackendConfigCmpv2(resource_name: str,
                           opts: Optional[ResourceOptions] = None,
                           backend: Optional[str] = None,
                           audit_fields: Optional[Sequence[str]] = None,
                           authenticators: Optional[_pkisecret.BackendConfigCmpv2AuthenticatorsArgs] = None,
                           default_path_policy: Optional[str] = None,
                           enable_sentinel_parsing: Optional[bool] = None,
                           enabled: Optional[bool] = None,
                           namespace: Optional[str] = None)
    func NewBackendConfigCmpv2(ctx *Context, name string, args BackendConfigCmpv2Args, opts ...ResourceOption) (*BackendConfigCmpv2, error)
    public BackendConfigCmpv2(string name, BackendConfigCmpv2Args args, CustomResourceOptions? opts = null)
    public BackendConfigCmpv2(String name, BackendConfigCmpv2Args args)
    public BackendConfigCmpv2(String name, BackendConfigCmpv2Args args, CustomResourceOptions options)
    
    type: vault:pkiSecret:BackendConfigCmpv2
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args BackendConfigCmpv2Args
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args BackendConfigCmpv2Args
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args BackendConfigCmpv2Args
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args BackendConfigCmpv2Args
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args BackendConfigCmpv2Args
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var backendConfigCmpv2Resource = new Vault.PkiSecret.BackendConfigCmpv2("backendConfigCmpv2Resource", new()
    {
        Backend = "string",
        AuditFields = new[]
        {
            "string",
        },
        Authenticators = new Vault.PkiSecret.Inputs.BackendConfigCmpv2AuthenticatorsArgs
        {
            Cert = 
            {
                { "string", "string" },
            },
        },
        DefaultPathPolicy = "string",
        EnableSentinelParsing = false,
        Enabled = false,
        Namespace = "string",
    });
    
    example, err := pkiSecret.NewBackendConfigCmpv2(ctx, "backendConfigCmpv2Resource", &pkiSecret.BackendConfigCmpv2Args{
    	Backend: pulumi.String("string"),
    	AuditFields: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Authenticators: &pkisecret.BackendConfigCmpv2AuthenticatorsArgs{
    		Cert: pulumi.StringMap{
    			"string": pulumi.String("string"),
    		},
    	},
    	DefaultPathPolicy:     pulumi.String("string"),
    	EnableSentinelParsing: pulumi.Bool(false),
    	Enabled:               pulumi.Bool(false),
    	Namespace:             pulumi.String("string"),
    })
    
    var backendConfigCmpv2Resource = new BackendConfigCmpv2("backendConfigCmpv2Resource", BackendConfigCmpv2Args.builder()
        .backend("string")
        .auditFields("string")
        .authenticators(BackendConfigCmpv2AuthenticatorsArgs.builder()
            .cert(Map.of("string", "string"))
            .build())
        .defaultPathPolicy("string")
        .enableSentinelParsing(false)
        .enabled(false)
        .namespace("string")
        .build());
    
    backend_config_cmpv2_resource = vault.pki_secret.BackendConfigCmpv2("backendConfigCmpv2Resource",
        backend="string",
        audit_fields=["string"],
        authenticators={
            "cert": {
                "string": "string",
            },
        },
        default_path_policy="string",
        enable_sentinel_parsing=False,
        enabled=False,
        namespace="string")
    
    const backendConfigCmpv2Resource = new vault.pkisecret.BackendConfigCmpv2("backendConfigCmpv2Resource", {
        backend: "string",
        auditFields: ["string"],
        authenticators: {
            cert: {
                string: "string",
            },
        },
        defaultPathPolicy: "string",
        enableSentinelParsing: false,
        enabled: false,
        namespace: "string",
    });
    
    type: vault:pkiSecret:BackendConfigCmpv2
    properties:
        auditFields:
            - string
        authenticators:
            cert:
                string: string
        backend: string
        defaultPathPolicy: string
        enableSentinelParsing: false
        enabled: false
        namespace: string
    

    BackendConfigCmpv2 Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The BackendConfigCmpv2 resource accepts the following input properties:

    Backend string
    The path to the PKI secret backend to read the CMPv2 configuration from, with no leading or trailing /s.
    AuditFields List<string>

    Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

    Authenticators BackendConfigCmpv2Authenticators
    Lists the mount accessors CMPv2 should delegate authentication requests towards (see below for nested schema).
    DefaultPathPolicy string
    Specifies the behavior for requests using the non-role-qualified CMPv2 requests. Can be sign-verbatim or a role given by role:<role_name>.
    EnableSentinelParsing bool
    If set, parse out fields from the provided CSR making them available for Sentinel policies.
    Enabled bool
    Specifies whether CMPv2 is enabled.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    Backend string
    The path to the PKI secret backend to read the CMPv2 configuration from, with no leading or trailing /s.
    AuditFields []string

    Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

    Authenticators BackendConfigCmpv2AuthenticatorsArgs
    Lists the mount accessors CMPv2 should delegate authentication requests towards (see below for nested schema).
    DefaultPathPolicy string
    Specifies the behavior for requests using the non-role-qualified CMPv2 requests. Can be sign-verbatim or a role given by role:<role_name>.
    EnableSentinelParsing bool
    If set, parse out fields from the provided CSR making them available for Sentinel policies.
    Enabled bool
    Specifies whether CMPv2 is enabled.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    backend String
    The path to the PKI secret backend to read the CMPv2 configuration from, with no leading or trailing /s.
    auditFields List<String>

    Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

    authenticators BackendConfigCmpv2Authenticators
    Lists the mount accessors CMPv2 should delegate authentication requests towards (see below for nested schema).
    defaultPathPolicy String
    Specifies the behavior for requests using the non-role-qualified CMPv2 requests. Can be sign-verbatim or a role given by role:<role_name>.
    enableSentinelParsing Boolean
    If set, parse out fields from the provided CSR making them available for Sentinel policies.
    enabled Boolean
    Specifies whether CMPv2 is enabled.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    backend string
    The path to the PKI secret backend to read the CMPv2 configuration from, with no leading or trailing /s.
    auditFields string[]

    Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

    authenticators BackendConfigCmpv2Authenticators
    Lists the mount accessors CMPv2 should delegate authentication requests towards (see below for nested schema).
    defaultPathPolicy string
    Specifies the behavior for requests using the non-role-qualified CMPv2 requests. Can be sign-verbatim or a role given by role:<role_name>.
    enableSentinelParsing boolean
    If set, parse out fields from the provided CSR making them available for Sentinel policies.
    enabled boolean
    Specifies whether CMPv2 is enabled.
    namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    backend str
    The path to the PKI secret backend to read the CMPv2 configuration from, with no leading or trailing /s.
    audit_fields Sequence[str]

    Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

    authenticators pkisecret.BackendConfigCmpv2AuthenticatorsArgs
    Lists the mount accessors CMPv2 should delegate authentication requests towards (see below for nested schema).
    default_path_policy str
    Specifies the behavior for requests using the non-role-qualified CMPv2 requests. Can be sign-verbatim or a role given by role:<role_name>.
    enable_sentinel_parsing bool
    If set, parse out fields from the provided CSR making them available for Sentinel policies.
    enabled bool
    Specifies whether CMPv2 is enabled.
    namespace str
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    backend String
    The path to the PKI secret backend to read the CMPv2 configuration from, with no leading or trailing /s.
    auditFields List<String>

    Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

    authenticators Property Map
    Lists the mount accessors CMPv2 should delegate authentication requests towards (see below for nested schema).
    defaultPathPolicy String
    Specifies the behavior for requests using the non-role-qualified CMPv2 requests. Can be sign-verbatim or a role given by role:<role_name>.
    enableSentinelParsing Boolean
    If set, parse out fields from the provided CSR making them available for Sentinel policies.
    enabled Boolean
    Specifies whether CMPv2 is enabled.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the BackendConfigCmpv2 resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    LastUpdated string
    A read-only timestamp representing the last time the configuration was updated.
    Id string
    The provider-assigned unique ID for this managed resource.
    LastUpdated string
    A read-only timestamp representing the last time the configuration was updated.
    id String
    The provider-assigned unique ID for this managed resource.
    lastUpdated String
    A read-only timestamp representing the last time the configuration was updated.
    id string
    The provider-assigned unique ID for this managed resource.
    lastUpdated string
    A read-only timestamp representing the last time the configuration was updated.
    id str
    The provider-assigned unique ID for this managed resource.
    last_updated str
    A read-only timestamp representing the last time the configuration was updated.
    id String
    The provider-assigned unique ID for this managed resource.
    lastUpdated String
    A read-only timestamp representing the last time the configuration was updated.

    Look up Existing BackendConfigCmpv2 Resource

    Get an existing BackendConfigCmpv2 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: BackendConfigCmpv2State, opts?: CustomResourceOptions): BackendConfigCmpv2
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            audit_fields: Optional[Sequence[str]] = None,
            authenticators: Optional[_pkisecret.BackendConfigCmpv2AuthenticatorsArgs] = None,
            backend: Optional[str] = None,
            default_path_policy: Optional[str] = None,
            enable_sentinel_parsing: Optional[bool] = None,
            enabled: Optional[bool] = None,
            last_updated: Optional[str] = None,
            namespace: Optional[str] = None) -> BackendConfigCmpv2
    func GetBackendConfigCmpv2(ctx *Context, name string, id IDInput, state *BackendConfigCmpv2State, opts ...ResourceOption) (*BackendConfigCmpv2, error)
    public static BackendConfigCmpv2 Get(string name, Input<string> id, BackendConfigCmpv2State? state, CustomResourceOptions? opts = null)
    public static BackendConfigCmpv2 get(String name, Output<String> id, BackendConfigCmpv2State state, CustomResourceOptions options)
    resources:  _:    type: vault:pkiSecret:BackendConfigCmpv2    get:      id: ${id}
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AuditFields List<string>

    Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

    Authenticators BackendConfigCmpv2Authenticators
    Lists the mount accessors CMPv2 should delegate authentication requests towards (see below for nested schema).
    Backend string
    The path to the PKI secret backend to read the CMPv2 configuration from, with no leading or trailing /s.
    DefaultPathPolicy string
    Specifies the behavior for requests using the non-role-qualified CMPv2 requests. Can be sign-verbatim or a role given by role:<role_name>.
    EnableSentinelParsing bool
    If set, parse out fields from the provided CSR making them available for Sentinel policies.
    Enabled bool
    Specifies whether CMPv2 is enabled.
    LastUpdated string
    A read-only timestamp representing the last time the configuration was updated.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    AuditFields []string

    Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

    Authenticators BackendConfigCmpv2AuthenticatorsArgs
    Lists the mount accessors CMPv2 should delegate authentication requests towards (see below for nested schema).
    Backend string
    The path to the PKI secret backend to read the CMPv2 configuration from, with no leading or trailing /s.
    DefaultPathPolicy string
    Specifies the behavior for requests using the non-role-qualified CMPv2 requests. Can be sign-verbatim or a role given by role:<role_name>.
    EnableSentinelParsing bool
    If set, parse out fields from the provided CSR making them available for Sentinel policies.
    Enabled bool
    Specifies whether CMPv2 is enabled.
    LastUpdated string
    A read-only timestamp representing the last time the configuration was updated.
    Namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    auditFields List<String>

    Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

    authenticators BackendConfigCmpv2Authenticators
    Lists the mount accessors CMPv2 should delegate authentication requests towards (see below for nested schema).
    backend String
    The path to the PKI secret backend to read the CMPv2 configuration from, with no leading or trailing /s.
    defaultPathPolicy String
    Specifies the behavior for requests using the non-role-qualified CMPv2 requests. Can be sign-verbatim or a role given by role:<role_name>.
    enableSentinelParsing Boolean
    If set, parse out fields from the provided CSR making them available for Sentinel policies.
    enabled Boolean
    Specifies whether CMPv2 is enabled.
    lastUpdated String
    A read-only timestamp representing the last time the configuration was updated.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    auditFields string[]

    Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

    authenticators BackendConfigCmpv2Authenticators
    Lists the mount accessors CMPv2 should delegate authentication requests towards (see below for nested schema).
    backend string
    The path to the PKI secret backend to read the CMPv2 configuration from, with no leading or trailing /s.
    defaultPathPolicy string
    Specifies the behavior for requests using the non-role-qualified CMPv2 requests. Can be sign-verbatim or a role given by role:<role_name>.
    enableSentinelParsing boolean
    If set, parse out fields from the provided CSR making them available for Sentinel policies.
    enabled boolean
    Specifies whether CMPv2 is enabled.
    lastUpdated string
    A read-only timestamp representing the last time the configuration was updated.
    namespace string
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    audit_fields Sequence[str]

    Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

    authenticators pkisecret.BackendConfigCmpv2AuthenticatorsArgs
    Lists the mount accessors CMPv2 should delegate authentication requests towards (see below for nested schema).
    backend str
    The path to the PKI secret backend to read the CMPv2 configuration from, with no leading or trailing /s.
    default_path_policy str
    Specifies the behavior for requests using the non-role-qualified CMPv2 requests. Can be sign-verbatim or a role given by role:<role_name>.
    enable_sentinel_parsing bool
    If set, parse out fields from the provided CSR making them available for Sentinel policies.
    enabled bool
    Specifies whether CMPv2 is enabled.
    last_updated str
    A read-only timestamp representing the last time the configuration was updated.
    namespace str
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    auditFields List<String>

    Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.

    authenticators Property Map
    Lists the mount accessors CMPv2 should delegate authentication requests towards (see below for nested schema).
    backend String
    The path to the PKI secret backend to read the CMPv2 configuration from, with no leading or trailing /s.
    defaultPathPolicy String
    Specifies the behavior for requests using the non-role-qualified CMPv2 requests. Can be sign-verbatim or a role given by role:<role_name>.
    enableSentinelParsing Boolean
    If set, parse out fields from the provided CSR making them available for Sentinel policies.
    enabled Boolean
    Specifies whether CMPv2 is enabled.
    lastUpdated String
    A read-only timestamp representing the last time the configuration was updated.
    namespace String
    The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

    Supporting Types

    BackendConfigCmpv2Authenticators, BackendConfigCmpv2AuthenticatorsArgs

    Cert Dictionary<string, string>
    "The accessor (required) and cert_role (optional) properties for cert auth backends".
    Cert map[string]string
    "The accessor (required) and cert_role (optional) properties for cert auth backends".
    cert Map<String,String>
    "The accessor (required) and cert_role (optional) properties for cert auth backends".
    cert {[key: string]: string}
    "The accessor (required) and cert_role (optional) properties for cert auth backends".
    cert Mapping[str, str]
    "The accessor (required) and cert_role (optional) properties for cert auth backends".
    cert Map<String>
    "The accessor (required) and cert_role (optional) properties for cert auth backends".

    Import

    The PKI config cluster can be imported using the resource’s id. In the case of the example above the id would be pki-root/config/cmpv2, where the pki-root component is the resource’s backend, e.g.

    $ pulumi import vault:pkiSecret/backendConfigCmpv2:BackendConfigCmpv2 example pki-root/config/cmpv2
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v6.5.0 published on Thursday, Jan 16, 2025 by Pulumi