VaultConfig
class flow_api.vault_config.VaultConfig
(select=None, cls=None, init=None, by='name', allow_normal=True, allow_deleted=False, approle_path=[class 'flow_api.system.NotSet'], bundle_id=[class 'flow_api.system.NotSet'], bundle_name=[class 'flow_api.system.NotSet'], cacert=[class 'flow_api.system.NotSet'], commit_message=[class 'flow_api.system.NotSet'], description=[class 'flow_api.system.NotSet'], engine_path=[class 'flow_api.system.NotSet'], is_auto_renew_enabled=[class 'flow_api.system.NotSet'], is_enabled=[class 'flow_api.system.NotSet'], is_readonly=[class 'flow_api.system.NotSet'], name=[class 'flow_api.system.NotSet'], project_id=[class 'flow_api.system.NotSet'], project_name=[class 'flow_api.system.NotSet'], runner_role_id=[class 'flow_api.system.NotSet'], runner_role_name=[class 'flow_api.system.NotSet'], token=[class 'flow_api.system.NotSet'], vault_url=[class 'flow_api.system.NotSet'], worker_role_id=[class 'flow_api.system.NotSet'], worker_secret_id=[class 'flow_api.system.NotSet'], debug=False
)
Base class: Resource
A configuration about a HashiCorp Vault which Cloudomation can access to fetch secrets.
Either a vault token or the AppRoles authentification method can be used.
See the corresponding Resources class at VaultConfig
Parameters
Name | Type | Description |
---|---|---|
allow_deleted | bool | |
allow_normal | bool | |
approle_path | typing.Union[ flow_api.system.NotSet, str, NoneType ] | Path for AppRole authentification method (final path for this authentification method will be "/auth/<approle_path>" and must be the same path where you enabled this method on your Vault) |
bundle_id | typing.Union[ flow_api.system.NotSet, str, NoneType ] | Reference to the bundle this record is associated with. Allowed for BUNDLE_REPOSITORY, CONNECTOR, CUSTOM_OBJECT, FILE, FLOW, LDAP_CONFIG, OAUTH, OBJECT_TEMPLATE, PLUGIN, ROLE, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for BUNDLE, EXECUTION, MESSAGE, ORGANIZATION, PROCESS, PROJECT, USER, WORKSPACE. Mutually exclusive with project_id |
bundle_name | typing.Union[ flow_api.system.NotSet, str, NoneType ] | The name of the bundle. Will look up the bundle and set bundle_id. |
by | str | |
cacert | typing.Union[ flow_api.system.NotSet, str, NoneType ] | A certificate to verify the identity of the vault. Only needed if the Vault installation uses a self-signed certificate. |
cls | typing.Union[ type, NoneType ] | |
commit_message | typing.Union[ flow_api.system.NotSet, str, NoneType ] | The commit message for this change. |
debug | bool | if set, the content of the data being written will be logged. |
description | typing.Union[ flow_api.system.NotSet, str, NoneType ] | A multiline description of what this record is and does. |
engine_path | typing.Union[ flow_api.system.NotSet, str ] | The Vault engine to use, often secret or kv . |
init | typing.Union[ dict, NoneType ] | |
is_auto_renew_enabled | typing.Union[ flow_api.system.NotSet, bool ] | If set, Engine will try to renew the token before it expires. Renewal will only succeed if the MAX_TTL of the token is not reached. Please refer to token renew for details. |
is_enabled | typing.Union[ flow_api.system.NotSet, bool ] | A flag to control of the vault config is enabled. |
is_readonly | typing.Union[ flow_api.system.NotSet, bool ] | A flag to control if the record can be modified. Allowed for BUNDLE, BUNDLE_REPOSITORY, CONNECTOR, CUSTOM_OBJECT, FILE, FLOW, OAUTH, OBJECT_TEMPLATE, PLUGIN, PROJECT, ROLE, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for EXECUTION, LDAP_CONFIG, MESSAGE, ORGANIZATION, PROCESS, USER, WORKSPACE |
name | typing.Union[ flow_api.system.NotSet, str ] | The name of this record. Must be unique across a workspace. |
project_id | typing.Union[ flow_api.system.NotSet, str, NoneType ] | Reference to the project this record is associated with. Allowed for CONNECTOR, CUSTOM_OBJECT, EXECUTION, FILE, FLOW, MESSAGE, OAUTH, OBJECT_TEMPLATE, PLUGIN, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for BUNDLE, BUNDLE_REPOSITORY, LDAP_CONFIG, ORGANIZATION, PROCESS, PROJECT, ROLE, USER, WORKSPACE. Mutually exclusive with bundle_id. |
project_name | typing.Union[ flow_api.system.NotSet, str, NoneType ] | The name of the project. Will look up the project and set project_id. |
runner_role_id | typing.Union[ flow_api.system.NotSet, str, NoneType ] | For AppRole authentification: RoleID for the runner. |
runner_role_name | typing.Union[ flow_api.system.NotSet, str, NoneType ] | For AppRole authentification: name of a role used by a runner, with permission to retrieve secrets from vault. |
select | typing.Union[ str, NoneType ] | |
token | typing.Union[ flow_api.system.NotSet, str, NoneType ] | A Vault access token which is used to fetch secrets. |
vault_url | typing.Union[ flow_api.system.NotSet, str, NoneType ] | The URL to your vault installation |
worker_role_id | typing.Union[ flow_api.system.NotSet, str, NoneType ] | For AppRole authentification: RoleID of worker. Associated with a role with permission to request wrapped SecretIDs. |
worker_secret_id | typing.Union[ flow_api.system.NotSet, str, NoneType ] | For AppRole authentification: SecretID of worker. |