Version: 11 - Zimtschnecke

VaultConfig

class resources.vault_config.VaultConfig

Base class: Resource

A configuration about a HashiCorp Vault which Cloudomation can access to fetch secrets.

Either a vault token, client certificate or userpass authentication method can be used. Currently, only the Key-Value engine version 2 is supported.

See the corresponding Flow Api class at VaultConfig

Property Description Type Import/Export

bundle_id Reference to the bundle this record is associated with. Allowed for BUNDLE_REPOSITORY, CONNECTOR, CUSTOM_OBJECT, DEVOLUTIONS_CONFIG, EXECUTION, FILE, FLOW, LDAP_CONFIG, MESSAGE, OAUTH, OBJECT_TEMPLATE, PLUGIN, ROLE, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for BUNDLE, ORGANIZATION, PROCESS, PROJECT, USER, WORKSPACE. Mutually exclusive with project_id UUID(as_uuid=False) both

bundle_name The name of the bundle. Will look up the bundle and set bundle_id. String(length=128) import only

check_hostname If set, the hostname of the server is checked against the CA certificate. Boolean() both

client_cert A client certificate used to authenticate the SSL transport. String(length=40960) both

client_key The key of the client certificate used to authenticate the SSL transport. String(length=40960) import only

commit_message The commit message for this change. Text() import only

created_at DateTime(timezone=True) export only

created_by UUID(as_uuid=False) export only

deleted_at DateTime(timezone=True) neither

deleted_by UUID(as_uuid=False) neither

description A multiline description of what this record is and does. Text() both

engine_path The Vault engine to use, often secret or kv. String(length=1024) both

has_client_key Boolean() neither

has_deprecation Boolean() export only

has_password Boolean() neither

has_syntax_error Boolean() export only

has_token Boolean() neither

id UUID(as_uuid=False) neither

is_auto_renew_enabled If set, Engine will try to renew the token before it expires. Renewal will only succeed if the MAX_TTL of the token is not reached. Please refer to token renew for details. Boolean() both

is_bundle_content A flag to control if the resource is considered bundle content. Changes in bundle content mark the bundle as modified. Updating the bundle will modify the bundle content. Boolean() both

is_bundle_readonly Boolean() neither

is_deleted Boolean() export only

is_enabled A flag to control of the vault config is enabled. Boolean() export only

is_project_readonly Boolean() neither

is_readonly A flag to control if the record can be modified. Allowed for BUNDLE, BUNDLE_REPOSITORY, CONNECTOR, CUSTOM_OBJECT, DEVOLUTIONS_CONFIG, FILE, FLOW, OAUTH, OBJECT_TEMPLATE, PLUGIN, PROJECT, ROLE, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for EXECUTION, LDAP_CONFIG, MESSAGE, ORGANIZATION, PROCESS, USER, WORKSPACE Boolean() both

location_inheritance

Controls the project/bundle association of a newly created record when no project_id/project_name/bundle_id/bundle_name is specified in the create request. Depending on the record type different options are available:

location_inheritance	record types	description
`created_by`	all	use the same location as the identity which creates the record
`default`	all	use the "Default project" where applicable or "Workspace" for record types which cannot be in a project
`wrapped_resource`	execution	use the same location as the innermost resource which is wrapped
`resource`	execution	use the same location as the resource on which the execution is based on

Notes:

If a project_id/project_name/bundle_id/bundle_name is specified in the request, it always takes precedence.
The options wrapped_resource and resource only work with executions which are based on a resource, not with ad-hoc connections or executions of type "SCRIPT". If used with ad-hoc connections or "SCRIPT" it will fall back to default.
If the record being created cannot be associated with the specified location, the fallback to default will be used.
If location_inheritance is unset, the default value used depends on the type of identity which creates the record as well as the type of record which is created. If an execution is created by any identity which is not an execution, it defaults to wrapped_resource. In all other cases it defaults to created_by.

String(length=128)

import only

modified_at DateTime(timezone=True) export only

modified_by UUID(as_uuid=False) export only

name The name of this record. Must be unique across a workspace. String(length=128) both

organization_id UUID(as_uuid=False) export only

password A password to authenticate. Either token, username and password, or client_cert and client_key must be set. String(length=1024) import only

project_id Reference to the project this record is associated with. Allowed for CONNECTOR, CUSTOM_OBJECT, DEVOLUTIONS_CONFIG, EXECUTION, FILE, FLOW, MESSAGE, OAUTH, OBJECT_TEMPLATE, PLUGIN, SCHEDULE, SCHEDULER, SCHEMA, SETTING, SYNC_CONFIG, TAG, VAULT_CONFIG, WEBHOOK, WRAPPER. Not allowed for BUNDLE, BUNDLE_REPOSITORY, LDAP_CONFIG, ORGANIZATION, PROCESS, PROJECT, ROLE, USER, WORKSPACE. Mutually exclusive with bundle_id. UUID(as_uuid=False) both

project_name The name of the project. Will look up the project and set project_id. String(length=128) import only

record_type Enum('BUNDLE', 'BUNDLE_REPOSITORY', 'CONNECTOR', 'CUSTOM_OBJECT', 'DEVOLUTIONS_CONFIG', 'EXECUTION', 'FILE', 'FLOW', 'LDAP_CONFIG', 'MESSAGE', 'OAUTH', 'OBJECT_TEMPLATE', 'ORGANIZATION', 'PLUGIN', 'PROCESS', 'PROJECT', 'ROLE', 'SCHEDULE', 'SCHEDULER', 'SCHEMA', 'SETTING', 'SYNC_CONFIG', 'TAG', 'USER', 'VAULT_CONFIG', 'WEBHOOK', 'WORKSPACE', 'WRAPPER', name='recordtype') neither

repository_path The path to the storing repository, relative to GIT_REPOSITORY_SAVE_PATH String(length=256) neither

resource_type Enum('BUNDLE', 'BUNDLE_REPOSITORY', 'CONNECTOR', 'CUSTOM_OBJECT', 'DEVOLUTIONS_CONFIG', 'FILE', 'FLOW', 'LDAP_CONFIG', 'OAUTH', 'OBJECT_TEMPLATE', 'ORGANIZATION', 'PLUGIN', 'PROJECT', 'ROLE', 'SCHEDULE', 'SCHEDULER', 'SCHEMA', 'SETTING', 'SYNC_CONFIG', 'TAG', 'USER', 'VAULT_CONFIG', 'WEBHOOK', 'WORKSPACE', 'WRAPPER', name='resourcetype') neither

schema_version String(length=128) both

server_ca The content of the server's CA certificates in PEM format. To be used for self-signed certificates. String(length=40960) both

token A Vault access token to authenticate. Either token, username and password, or client_cert and client_key must be set. String(length=1024) import only

track_in_git Should new records automatically be tracked in git. Boolean() both

username A Username to authenticate. Either token, username and password, or client_cert and client_key must be set. String(length=1024) both

vault_url The URL to your vault installation String(length=1024) both

verify_ssl Verify the server's SSL certificate. Strongly recommended. Can be disabled if using a self-signed certificate. Boolean() both

workspace_id UUID(as_uuid=False) export only