pulumi-azure-native 2.24.0__py3-none-any.whl → 2.24.1a1704477298__py3-none-any.whl

pulumi_azure_native/__init__.py

@@ -7829,6 +7829,7 @@ _utilities.register(
   "mod": "keyvault",
   "fqn": "pulumi_azure_native.keyvault",
   "classes": {
+   "azure-native:keyvault:AccessPolicy": "AccessPolicy",
    "azure-native:keyvault:Key": "Key",
    "azure-native:keyvault:MHSMPrivateEndpointConnection": "MHSMPrivateEndpointConnection",
    "azure-native:keyvault:ManagedHsm": "ManagedHsm",

pulumi_azure_native/keyvault/__init__.py

@@ -6,6 +6,7 @@ from .. import _utilities
 import typing
 # Export this package's modules as members:
 from ._enums import *
+from .access_policy import *
 from .get_key import *
 from .get_managed_hsm import *
 from .get_mhsm_private_endpoint_connection import *

pulumi_azure_native/keyvault/_inputs.py

@@ -1309,6 +1309,7 @@ class VaultPropertiesArgs:
         :param pulumi.Input['SkuArgs'] sku: SKU details
         :param pulumi.Input[str] tenant_id: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
         :param pulumi.Input[Sequence[pulumi.Input['AccessPolicyEntryArgs']]] access_policies: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required.
+               These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
         :param pulumi.Input['CreateMode'] create_mode: The vault's create mode to indicate whether the vault need to be recovered or not.
         :param pulumi.Input[bool] enable_purge_protection: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
         :param pulumi.Input[bool] enable_rbac_authorization: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be  ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
@@ -1388,6 +1389,7 @@ class VaultPropertiesArgs:
     def access_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AccessPolicyEntryArgs']]]]:
         """
         An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required.
+        These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
         """
         return pulumi.get(self, "access_policies")
 

pulumi_azure_native/keyvault/access_policy.py

@@ -0,0 +1,183 @@
+# coding=utf-8
+# *** WARNING: this file was generated by pulumi-language-python. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+from .. import _utilities
+from . import outputs
+from ._enums import *
+from ._inputs import *
+
+__all__ = ['AccessPolicyArgs', 'AccessPolicy']
+
+@pulumi.input_type
+class AccessPolicyArgs:
+    def __init__(__self__, *,
+                 policy: pulumi.Input['AccessPolicyEntryArgs'],
+                 resource_group_name: pulumi.Input[str],
+                 vault_name: pulumi.Input[str]):
+        """
+        The set of arguments for constructing a AccessPolicy resource.
+        :param pulumi.Input['AccessPolicyEntryArgs'] policy: The definition of the access policy.
+        :param pulumi.Input[str] resource_group_name: Name of the resource group that contains the vault.
+        :param pulumi.Input[str] vault_name: Name of the Key Vault.
+        """
+        pulumi.set(__self__, "policy", policy)
+        pulumi.set(__self__, "resource_group_name", resource_group_name)
+        pulumi.set(__self__, "vault_name", vault_name)
+
+    @property
+    @pulumi.getter
+    def policy(self) -> pulumi.Input['AccessPolicyEntryArgs']:
+        """
+        The definition of the access policy.
+        """
+        return pulumi.get(self, "policy")
+
+    @policy.setter
+    def policy(self, value: pulumi.Input['AccessPolicyEntryArgs']):
+        pulumi.set(self, "policy", value)
+
+    @property
+    @pulumi.getter(name="resourceGroupName")
+    def resource_group_name(self) -> pulumi.Input[str]:
+        """
+        Name of the resource group that contains the vault.
+        """
+        return pulumi.get(self, "resource_group_name")
+
+    @resource_group_name.setter
+    def resource_group_name(self, value: pulumi.Input[str]):
+        pulumi.set(self, "resource_group_name", value)
+
+    @property
+    @pulumi.getter(name="vaultName")
+    def vault_name(self) -> pulumi.Input[str]:
+        """
+        Name of the Key Vault.
+        """
+        return pulumi.get(self, "vault_name")
+
+    @vault_name.setter
+    def vault_name(self, value: pulumi.Input[str]):
+        pulumi.set(self, "vault_name", value)
+
+
+class AccessPolicy(pulumi.CustomResource):
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 policy: Optional[pulumi.Input[pulumi.InputType['AccessPolicyEntryArgs']]] = None,
+                 resource_group_name: Optional[pulumi.Input[str]] = None,
+                 vault_name: Optional[pulumi.Input[str]] = None,
+                 __props__=None):
+        """
+        Key Vault Access Policy for managing policies on existing vaults.
+
+        :param str resource_name: The name of the resource.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[pulumi.InputType['AccessPolicyEntryArgs']] policy: The definition of the access policy.
+        :param pulumi.Input[str] resource_group_name: Name of the resource group that contains the vault.
+        :param pulumi.Input[str] vault_name: Name of the Key Vault.
+        """
+        ...
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 args: AccessPolicyArgs,
+                 opts: Optional[pulumi.ResourceOptions] = None):
+        """
+        Key Vault Access Policy for managing policies on existing vaults.
+
+        :param str resource_name: The name of the resource.
+        :param AccessPolicyArgs args: The arguments to use to populate this resource's properties.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        ...
+    def __init__(__self__, resource_name: str, *args, **kwargs):
+        resource_args, opts = _utilities.get_resource_args_opts(AccessPolicyArgs, pulumi.ResourceOptions, *args, **kwargs)
+        if resource_args is not None:
+            __self__._internal_init(resource_name, opts, **resource_args.__dict__)
+        else:
+            __self__._internal_init(resource_name, *args, **kwargs)
+
+    def _internal_init(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 policy: Optional[pulumi.Input[pulumi.InputType['AccessPolicyEntryArgs']]] = None,
+                 resource_group_name: Optional[pulumi.Input[str]] = None,
+                 vault_name: Optional[pulumi.Input[str]] = None,
+                 __props__=None):
+        opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
+        if not isinstance(opts, pulumi.ResourceOptions):
+            raise TypeError('Expected resource options to be a ResourceOptions instance')
+        if opts.id is None:
+            if __props__ is not None:
+                raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
+            __props__ = AccessPolicyArgs.__new__(AccessPolicyArgs)
+
+            if policy is None and not opts.urn:
+                raise TypeError("Missing required property 'policy'")
+            __props__.__dict__["policy"] = policy
+            if resource_group_name is None and not opts.urn:
+                raise TypeError("Missing required property 'resource_group_name'")
+            __props__.__dict__["resource_group_name"] = resource_group_name
+            if vault_name is None and not opts.urn:
+                raise TypeError("Missing required property 'vault_name'")
+            __props__.__dict__["vault_name"] = vault_name
+        super(AccessPolicy, __self__).__init__(
+            'azure-native:keyvault:AccessPolicy',
+            resource_name,
+            __props__,
+            opts)
+
+    @staticmethod
+    def get(resource_name: str,
+            id: pulumi.Input[str],
+            opts: Optional[pulumi.ResourceOptions] = None) -> 'AccessPolicy':
+        """
+        Get an existing AccessPolicy resource's state with the given name, id, and optional extra
+        properties used to qualify the lookup.
+
+        :param str resource_name: The unique name of the resulting resource.
+        :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
+
+        __props__ = AccessPolicyArgs.__new__(AccessPolicyArgs)
+
+        __props__.__dict__["policy"] = None
+        __props__.__dict__["resource_group_name"] = None
+        __props__.__dict__["vault_name"] = None
+        return AccessPolicy(resource_name, opts=opts, __props__=__props__)
+
+    @property
+    @pulumi.getter
+    def policy(self) -> pulumi.Output[Optional['outputs.AccessPolicyEntry']]:
+        """
+        The definition of the access policy.
+        """
+        return pulumi.get(self, "policy")
+
+    @property
+    @pulumi.getter(name="resourceGroupName")
+    def resource_group_name(self) -> pulumi.Output[Optional[str]]:
+        """
+        Name of the resource group that contains the vault.
+        """
+        return pulumi.get(self, "resource_group_name")
+
+    @property
+    @pulumi.getter(name="vaultName")
+    def vault_name(self) -> pulumi.Output[Optional[str]]:
+        """
+        Name of the Key Vault.
+        """
+        return pulumi.get(self, "vault_name")
+

pulumi_azure_native/keyvault/outputs.py

@@ -12,6 +12,7 @@ from . import outputs
 from ._enums import *
 
 __all__ = [
+    'AccessPolicyEntry',
     'AccessPolicyEntryResponse',
     'ActionResponse',
     'IPRuleResponse',
@@ -30,6 +31,7 @@ __all__ = [
     'ManagedHsmPropertiesResponse',
     'ManagedHsmSkuResponse',
     'NetworkRuleSetResponse',
+    'Permissions',
     'PermissionsResponse',
     'PrivateEndpointConnectionItemResponse',
     'PrivateEndpointResponse',
@@ -44,6 +46,83 @@ __all__ = [
     'VirtualNetworkRuleResponse',
 ]
 
+@pulumi.output_type
+class AccessPolicyEntry(dict):
+    """
+    An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID.
+    """
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "objectId":
+            suggest = "object_id"
+        elif key == "tenantId":
+            suggest = "tenant_id"
+        elif key == "applicationId":
+            suggest = "application_id"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in AccessPolicyEntry. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        AccessPolicyEntry.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        AccessPolicyEntry.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 object_id: str,
+                 permissions: 'outputs.Permissions',
+                 tenant_id: str,
+                 application_id: Optional[str] = None):
+        """
+        An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID.
+        :param str object_id: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
+        :param 'Permissions' permissions: Permissions the identity has for keys, secrets and certificates.
+        :param str tenant_id: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
+        :param str application_id:  Application ID of the client making request on behalf of a principal
+        """
+        pulumi.set(__self__, "object_id", object_id)
+        pulumi.set(__self__, "permissions", permissions)
+        pulumi.set(__self__, "tenant_id", tenant_id)
+        if application_id is not None:
+            pulumi.set(__self__, "application_id", application_id)
+
+    @property
+    @pulumi.getter(name="objectId")
+    def object_id(self) -> str:
+        """
+        The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
+        """
+        return pulumi.get(self, "object_id")
+
+    @property
+    @pulumi.getter
+    def permissions(self) -> 'outputs.Permissions':
+        """
+        Permissions the identity has for keys, secrets and certificates.
+        """
+        return pulumi.get(self, "permissions")
+
+    @property
+    @pulumi.getter(name="tenantId")
+    def tenant_id(self) -> str:
+        """
+        The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
+        """
+        return pulumi.get(self, "tenant_id")
+
+    @property
+    @pulumi.getter(name="applicationId")
+    def application_id(self) -> Optional[str]:
+        """
+         Application ID of the client making request on behalf of a principal
+        """
+        return pulumi.get(self, "application_id")
+
+
 @pulumi.output_type
 class AccessPolicyEntryResponse(dict):
     """
@@ -1167,6 +1246,65 @@ class NetworkRuleSetResponse(dict):
         return pulumi.get(self, "virtual_network_rules")
 
 
+@pulumi.output_type
+class Permissions(dict):
+    """
+    Permissions the identity has for keys, secrets, certificates and storage.
+    """
+    def __init__(__self__, *,
+                 certificates: Optional[Sequence[str]] = None,
+                 keys: Optional[Sequence[str]] = None,
+                 secrets: Optional[Sequence[str]] = None,
+                 storage: Optional[Sequence[str]] = None):
+        """
+        Permissions the identity has for keys, secrets, certificates and storage.
+        :param Sequence[Union[str, 'CertificatePermissions']] certificates: Permissions to certificates
+        :param Sequence[Union[str, 'KeyPermissions']] keys: Permissions to keys
+        :param Sequence[Union[str, 'SecretPermissions']] secrets: Permissions to secrets
+        :param Sequence[Union[str, 'StoragePermissions']] storage: Permissions to storage accounts
+        """
+        if certificates is not None:
+            pulumi.set(__self__, "certificates", certificates)
+        if keys is not None:
+            pulumi.set(__self__, "keys", keys)
+        if secrets is not None:
+            pulumi.set(__self__, "secrets", secrets)
+        if storage is not None:
+            pulumi.set(__self__, "storage", storage)
+
+    @property
+    @pulumi.getter
+    def certificates(self) -> Optional[Sequence[str]]:
+        """
+        Permissions to certificates
+        """
+        return pulumi.get(self, "certificates")
+
+    @property
+    @pulumi.getter
+    def keys(self) -> Optional[Sequence[str]]:
+        """
+        Permissions to keys
+        """
+        return pulumi.get(self, "keys")
+
+    @property
+    @pulumi.getter
+    def secrets(self) -> Optional[Sequence[str]]:
+        """
+        Permissions to secrets
+        """
+        return pulumi.get(self, "secrets")
+
+    @property
+    @pulumi.getter
+    def storage(self) -> Optional[Sequence[str]]:
+        """
+        Permissions to storage accounts
+        """
+        return pulumi.get(self, "storage")
+
+
 @pulumi.output_type
 class PermissionsResponse(dict):
     """
@@ -1894,6 +2032,7 @@ class VaultPropertiesResponse(dict):
         :param 'SkuResponse' sku: SKU details
         :param str tenant_id: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
         :param Sequence['AccessPolicyEntryResponse'] access_policies: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required.
+               These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
         :param bool enable_purge_protection: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
         :param bool enable_rbac_authorization: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be  ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
         :param bool enable_soft_delete: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
@@ -1980,6 +2119,7 @@ class VaultPropertiesResponse(dict):
     def access_policies(self) -> Optional[Sequence['outputs.AccessPolicyEntryResponse']]:
         """
         An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required.
+        These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
         """
         return pulumi.get(self, "access_policies")
 

pulumi_azure_native/keyvault/v20230201/_inputs.py

@@ -1309,6 +1309,7 @@ class VaultPropertiesArgs:
         :param pulumi.Input['SkuArgs'] sku: SKU details
         :param pulumi.Input[str] tenant_id: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
         :param pulumi.Input[Sequence[pulumi.Input['AccessPolicyEntryArgs']]] access_policies: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required.
+               These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
         :param pulumi.Input['CreateMode'] create_mode: The vault's create mode to indicate whether the vault need to be recovered or not.
         :param pulumi.Input[bool] enable_purge_protection: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
         :param pulumi.Input[bool] enable_rbac_authorization: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be  ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
@@ -1388,6 +1389,7 @@ class VaultPropertiesArgs:
     def access_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AccessPolicyEntryArgs']]]]:
         """
         An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required.
+        These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
         """
         return pulumi.get(self, "access_policies")
 

pulumi_azure_native/keyvault/v20230201/outputs.py

@@ -1894,6 +1894,7 @@ class VaultPropertiesResponse(dict):
         :param 'SkuResponse' sku: SKU details
         :param str tenant_id: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
         :param Sequence['AccessPolicyEntryResponse'] access_policies: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required.
+               These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
         :param bool enable_purge_protection: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
         :param bool enable_rbac_authorization: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be  ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
         :param bool enable_soft_delete: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
@@ -1980,6 +1981,7 @@ class VaultPropertiesResponse(dict):
     def access_policies(self) -> Optional[Sequence['outputs.AccessPolicyEntryResponse']]:
         """
         An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required.
+        These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
         """
         return pulumi.get(self, "access_policies")
 

pulumi_azure_native/keyvault/v20230701/_inputs.py

@@ -1349,6 +1349,7 @@ class VaultPropertiesArgs:
         :param pulumi.Input['SkuArgs'] sku: SKU details
         :param pulumi.Input[str] tenant_id: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
         :param pulumi.Input[Sequence[pulumi.Input['AccessPolicyEntryArgs']]] access_policies: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required.
+               These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
         :param pulumi.Input['CreateMode'] create_mode: The vault's create mode to indicate whether the vault need to be recovered or not.
         :param pulumi.Input[bool] enable_purge_protection: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
         :param pulumi.Input[bool] enable_rbac_authorization: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be  ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
@@ -1428,6 +1429,7 @@ class VaultPropertiesArgs:
     def access_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AccessPolicyEntryArgs']]]]:
         """
         An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required.
+        These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
         """
         return pulumi.get(self, "access_policies")
 

pulumi_azure_native/keyvault/v20230701/outputs.py

@@ -2025,6 +2025,7 @@ class VaultPropertiesResponse(dict):
         :param 'SkuResponse' sku: SKU details
         :param str tenant_id: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
         :param Sequence['AccessPolicyEntryResponse'] access_policies: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required.
+               These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
         :param bool enable_purge_protection: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
         :param bool enable_rbac_authorization: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be  ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
         :param bool enable_soft_delete: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
@@ -2111,6 +2112,7 @@ class VaultPropertiesResponse(dict):
     def access_policies(self) -> Optional[Sequence['outputs.AccessPolicyEntryResponse']]:
         """
         An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required.
+        These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
         """
         return pulumi.get(self, "access_policies")
 

{pulumi_azure_native-2.24.0.dist-info → pulumi_azure_native-2.24.1a1704477298.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: pulumi_azure_native
-Version: 2.24.0
+Version: 2.24.1a1704477298
 Summary: A native Pulumi package for creating and managing Azure resources.
 License: Apache-2.0
 Project-URL: Homepage, https://pulumi.com
@@ -74,6 +74,12 @@ quality and higher fidelity with the Azure platform.
 
 To learn how to configure credentials refer to the [Azure configuration options](https://www.pulumi.com/registry/packages/azure-native/installation-configuration/#configuration-options).
 
+## Other Configuration
+
+In addition to the configuration options in the official documentation linked above, the following environment variables can be used to tweak lower-level behavior of the provider:
+
+  - `PULUMI_FORCE_NEW_FROM_SUBTYPES`: if, after a change in your program, the provider does not replace a resource that should be replaced because it cannot be updated, setting this variable to `true` might allow the provider to infer the correct behavior. For more details please see PR #2970. We're planning to make this behavior the default in the future.
+
 ## Building
 
 See [contributing](CONTRIBUTING.md) for details on how to build and contribute to this provider.

{pulumi_azure_native-2.24.0.dist-info → pulumi_azure_native-2.24.1a1704477298.dist-info}/RECORD

@@ -1,4 +1,4 @@
-pulumi_azure_native/__init__.py,sha256=9kKkZnZ8-6uyxQb7-lmrXQHeo2sueRx1hEr79SAc93c,743924
+pulumi_azure_native/__init__.py,sha256=RTNNiPhkg8BfGCyw21PB3FxHNlPKIgmbguRR6bDyIvU,743981
 pulumi_azure_native/_utilities.py,sha256=WjjUoMUWgEBJiE2KZ76Lihj4rx_1_v__96T1_-RwY0I,9231
 pulumi_azure_native/provider.py,sha256=LNUQF0if_Zo-PnKfRhLCMwTAj8sZScuh5SUu6m7_e3k,23122
 pulumi_azure_native/pulumi-plugin.json,sha256=V6SbnACkF8XN-KxV-K5PJhTTTqe9VRprRxzLHQ9nkO8,49
@@ -9372,9 +9372,10 @@ pulumi_azure_native/iotoperationsorchestrator/v20231004preview/instance.py,sha25
 pulumi_azure_native/iotoperationsorchestrator/v20231004preview/outputs.py,sha256=73MomPL6awjLy0E9XJK7vIPsKdWcXejdXXC8N4eFfuc,10645
 pulumi_azure_native/iotoperationsorchestrator/v20231004preview/solution.py,sha256=IBDFSzkUpldm_3B3wr2UAbHyv8_UfuELQb2SXJifCOI,13097
 pulumi_azure_native/iotoperationsorchestrator/v20231004preview/target.py,sha256=Km1QRbNgU6anMeBshTu8T_Hjp2a4ViRDNjF14nRbWIY,17293
-pulumi_azure_native/keyvault/__init__.py,sha256=IsDl9_0McoyWMjRB-VugXactXalGnBaGsWCgqM8V4ro,1113
+pulumi_azure_native/keyvault/__init__.py,sha256=26dXKLZKcrlFO_I0bOcC9AJmV2GAcE9bTw4EC5mDUXE,1142
 pulumi_azure_native/keyvault/_enums.py,sha256=0R0h_sfeWKsD7zMW-V2pPXF1L7zG6HjLRH5o3xvmYoM,5399
-pulumi_azure_native/keyvault/_inputs.py,sha256=qiRtaPU5SSQ58wmDwFA7hsiIzcfQ3ldj_dlHBKXYwoA,71533
+pulumi_azure_native/keyvault/_inputs.py,sha256=CVTYf4fhdxpG8qZr2k89hF-VCvoDpfQF88VjAHEVlTU,71880
+pulumi_azure_native/keyvault/access_policy.py,sha256=b63yqVVN89IJGfPGuFJO1X6VgoILcCMYjXnhts2DUZs,7487
 pulumi_azure_native/keyvault/get_key.py,sha256=l0Jhy95z5bdxs07lW9-OSShh5NHd_7sNuaEfqbPl3GE,9530
 pulumi_azure_native/keyvault/get_managed_hsm.py,sha256=WTF3HNt2b28vkBxpaiaHbAHXVfVaukPaE04Dh1F6vf0,5968
 pulumi_azure_native/keyvault/get_mhsm_private_endpoint_connection.py,sha256=TBlj2cvhcQT9LT420rUBZmrhQ82aw4iGzBaImjXHKrU,9119
@@ -9384,13 +9385,13 @@ pulumi_azure_native/keyvault/get_vault.py,sha256=rcQv0Bgpn1xAcOSBFr7VF7GWSZDsWkg
 pulumi_azure_native/keyvault/key.py,sha256=tIUXB7vXJVBNZwbrOBarqepXGYeU5WwuSZi6TIjrAGY,14249
 pulumi_azure_native/keyvault/managed_hsm.py,sha256=pxp43VHhVF0QMxXu7k6aYJtHaWBMLosQPUzYRFVYsaQ,12157
 pulumi_azure_native/keyvault/mhsm_private_endpoint_connection.py,sha256=w_TkbM26KQ4ATImxnrCi-gGhnWnsobrtnZdEgQh-Ynk,15829
-pulumi_azure_native/keyvault/outputs.py,sha256=2rHtbxePWwJxMDXp3jXck4so5VSitQAiQjpwGbhFPWg,86409
+pulumi_azure_native/keyvault/outputs.py,sha256=qJ9bFtL8-9X6NfdBrcdRVt8lbXDS7h38kxsJr6tbqA0,91960
 pulumi_azure_native/keyvault/private_endpoint_connection.py,sha256=bfGrhpMf-WG-Wycx5DsbEctSLr1wqdSAcSuFwQcwi0Y,12821
 pulumi_azure_native/keyvault/secret.py,sha256=5cQDOIRD0hWKOa3kxMtzRJrFtqp9VuXJXD2ydvaaZvo,11499
 pulumi_azure_native/keyvault/vault.py,sha256=Z0aZzfyl1KLcEcwy7H8Nckfk3Oh1kLfY56OBsJ6Yuio,11412
 pulumi_azure_native/keyvault/v20230201/__init__.py,sha256=p2NBewW_qVLoI93T1icpgn9xDy16NtY3noUkbWMgIXc,703
 pulumi_azure_native/keyvault/v20230201/_enums.py,sha256=0R0h_sfeWKsD7zMW-V2pPXF1L7zG6HjLRH5o3xvmYoM,5399
-pulumi_azure_native/keyvault/v20230201/_inputs.py,sha256=S-ROXjtudCFMoasdB1LkcIyu1QKKF6JyQUiBKX-GwkY,71534
+pulumi_azure_native/keyvault/v20230201/_inputs.py,sha256=pX01lBQvFhFIn-2O1GDVEpK_vKlE950ufIbJh-B7dbk,71881
 pulumi_azure_native/keyvault/v20230201/get_key.py,sha256=hJdie__SSYCm8Ocb5V_lA6WWptNQWE4ywDpJyg3pAH8,9367
 pulumi_azure_native/keyvault/v20230201/get_managed_hsm.py,sha256=tCAGjkztbRQdVmMX6HzprW6sfo_E6grlohDMQLLU1BQ,5805
 pulumi_azure_native/keyvault/v20230201/get_mhsm_private_endpoint_connection.py,sha256=ZjmS6mCt-8sL78gf2CdVmF3SMHdaT-qSapuL7E4q6JA,8956
@@ -9400,13 +9401,13 @@ pulumi_azure_native/keyvault/v20230201/get_vault.py,sha256=VAORp6PBUVVIx-Z83gZ_C
 pulumi_azure_native/keyvault/v20230201/key.py,sha256=y2YWVkdCi2YXtmgeAdo8_w4kpFALmIfmJW7GafX12ps,13958
 pulumi_azure_native/keyvault/v20230201/managed_hsm.py,sha256=HPF7LM0DpUwV5eJo6KWIUMOQGQ2B-Wt9e6IgJ7MpcAo,11850
 pulumi_azure_native/keyvault/v20230201/mhsm_private_endpoint_connection.py,sha256=_cfZZiWmf7e0qxT2IaZRu2ZvU_9HnWftWd91vYUoKNQ,15522
-pulumi_azure_native/keyvault/v20230201/outputs.py,sha256=ilhh8WcXsyxWLl1cf7S9N1ZqkAy_Nyu5EUeVadwEAWM,86410
+pulumi_azure_native/keyvault/v20230201/outputs.py,sha256=5bCg_bmjKNnSOqbvoR4BwjXroct_inFz5-tCGKOYHks,86757
 pulumi_azure_native/keyvault/v20230201/private_endpoint_connection.py,sha256=TMbWucI74gx7Jy3ToA6fjQtEuKdsniGCleAT4zSeGj8,12530
 pulumi_azure_native/keyvault/v20230201/secret.py,sha256=avtZfiTZiprwb2MDZ2NqG6PqTyrrE1hQzwE1cLptSP0,11208
 pulumi_azure_native/keyvault/v20230201/vault.py,sha256=nfAVqnNsNJYGXvFrPxtQnhJdasf7Q-gL4FZSslOl_CY,11081
 pulumi_azure_native/keyvault/v20230701/__init__.py,sha256=p2NBewW_qVLoI93T1icpgn9xDy16NtY3noUkbWMgIXc,703
 pulumi_azure_native/keyvault/v20230701/_enums.py,sha256=iFdgoR7GSNKr5dqE4Rp5sf-eBZpJCHUKZBvgsxbeAQo,5544
-pulumi_azure_native/keyvault/v20230701/_inputs.py,sha256=9BJkbJhJWKkVjF4mgCIo_jIOEe_r5yveIUa5Scb8R_0,73846
+pulumi_azure_native/keyvault/v20230701/_inputs.py,sha256=AQVmR8G0zLXYWPIoftmGNJEAVld6KaXbv_zi_rUKD6s,74193
 pulumi_azure_native/keyvault/v20230701/get_key.py,sha256=pVF2_wan-qrkHq1kA7nEaq9WJ1SO_Q-ntauVqSRDeKE,9367
 pulumi_azure_native/keyvault/v20230701/get_managed_hsm.py,sha256=ztHGlDuAAk0ab4HORcdIL-jPmLXIDLcSFSnO2LrSeMM,6349
 pulumi_azure_native/keyvault/v20230701/get_mhsm_private_endpoint_connection.py,sha256=jJ2s1cBRVtTlpvjhpHvrmXL_P_Cru-gG8Tj0vl1zYuc,9500
@@ -9416,7 +9417,7 @@ pulumi_azure_native/keyvault/v20230701/get_vault.py,sha256=fRSJJ0YK0jatcRRaiNUqB
 pulumi_azure_native/keyvault/v20230701/key.py,sha256=DXcLSb-Iiz0sXYkwBLmKGM5HK-boAN1vOHacd5XuhqE,13958
 pulumi_azure_native/keyvault/v20230701/managed_hsm.py,sha256=l7KhyFqT0xYG3mzcz3O8T9aUsieWun_mX8AnJhavRCo,13336
 pulumi_azure_native/keyvault/v20230701/mhsm_private_endpoint_connection.py,sha256=jGl-37SI3uGNKyJ_a3o9PFsAV2NXXZG-B1i9gxib4ZU,17008
-pulumi_azure_native/keyvault/v20230701/outputs.py,sha256=BV9QwzXidAaPxuTH5_ZT3ZsrZc6pBPRfysY1dvOWGik,91855
+pulumi_azure_native/keyvault/v20230701/outputs.py,sha256=y4J1hfqrOjrbx8kRvsO0J0o_4E1JKx6kjfKXV4vq7Z0,92202
 pulumi_azure_native/keyvault/v20230701/private_endpoint_connection.py,sha256=YKhmVYi4EmGGNWP7eCUOgaUGcFo49RIf1wsNiHykI58,12530
 pulumi_azure_native/keyvault/v20230701/secret.py,sha256=ghp2SyKkY0ljEcA5-IhV3OwLX8LEl2y1bCb83yfsaP0,11208
 pulumi_azure_native/keyvault/v20230701/vault.py,sha256=3h79HjoTFjT2aaf2ghXFpw1fRl7RQcIEZk20xpeT1yE,11081
@@ -19606,7 +19607,7 @@ pulumi_azure_native/workloads/v20231001preview/sap_central_instance.py,sha256=Ke
 pulumi_azure_native/workloads/v20231001preview/sap_database_instance.py,sha256=-aR0aCgupI8LNymrLC6Llgkky68v4ZTd2mawd9Lj13U,13907
 pulumi_azure_native/workloads/v20231001preview/sap_landscape_monitor.py,sha256=kh_uPVrU8zJqqfe7v2--2sR1w5evu1dVlo0K44bTAQ0,11157
 pulumi_azure_native/workloads/v20231001preview/sap_virtual_instance.py,sha256=dMa-ylYX90O5UGT8A5yheKhQqS2_1pLbw3OhbgCfLMQ,24031
-pulumi_azure_native-2.24.0.dist-info/METADATA,sha256=ck1S9GPsLl_z9KlZRU8wXQ8Vj1LynSfkG8QOztplCdU,3556
-pulumi_azure_native-2.24.0.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
-pulumi_azure_native-2.24.0.dist-info/top_level.txt,sha256=8Vl7910-df5jOZ9lvILrFhlMOEUrsaaX2dkztIt4Pkw,20
-pulumi_azure_native-2.24.0.dist-info/RECORD,,
+pulumi_azure_native-2.24.1a1704477298.dist-info/METADATA,sha256=XGaYB0iJJ3B2yvXPdKelz231Wq4PAr6vuuuY6WoRhHg,4132
+pulumi_azure_native-2.24.1a1704477298.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
+pulumi_azure_native-2.24.1a1704477298.dist-info/top_level.txt,sha256=8Vl7910-df5jOZ9lvILrFhlMOEUrsaaX2dkztIt4Pkw,20
+pulumi_azure_native-2.24.1a1704477298.dist-info/RECORD,,