pulumi-vault 5.19.0a1705474292__py3-none-any.whl → 5.20.0__py3-none-any.whl

pulumi_vault/gcp/_inputs.py

@@ -11,6 +11,7 @@ from .. import _utilities
 
 __all__ = [
     'AuthBackendCustomEndpointArgs',
+    'AuthBackendTuneArgs',
     'SecretRolesetBindingArgs',
     'SecretStaticAccountBindingArgs',
 ]
@@ -28,8 +29,6 @@ class AuthBackendCustomEndpointArgs:
                
                The endpoint value provided for a given key has the form of `scheme://host:port`.
                The `scheme://` and `:port` portions of the endpoint value are optional.
-               
-               For more details on the usage of each argument consult the [Vault GCP API documentation](https://www.vaultproject.io/api-docs/auth/gcp#configure).
         :param pulumi.Input[str] crm: Replaces the service endpoint used in API requests to `https://cloudresourcemanager.googleapis.com`.
         :param pulumi.Input[str] iam: Replaces the service endpoint used in API requests to `https://iam.googleapis.com`.
         """
@@ -62,8 +61,6 @@ class AuthBackendCustomEndpointArgs:
 
         The endpoint value provided for a given key has the form of `scheme://host:port`.
         The `scheme://` and `:port` portions of the endpoint value are optional.
-
-        For more details on the usage of each argument consult the [Vault GCP API documentation](https://www.vaultproject.io/api-docs/auth/gcp#configure).
         """
         return pulumi.get(self, "compute")
 
@@ -96,6 +93,167 @@ class AuthBackendCustomEndpointArgs:
         pulumi.set(self, "iam", value)
 
 
+@pulumi.input_type
+class AuthBackendTuneArgs:
+    def __init__(__self__, *,
+                 allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 default_lease_ttl: Optional[pulumi.Input[str]] = None,
+                 listing_visibility: Optional[pulumi.Input[str]] = None,
+                 max_lease_ttl: Optional[pulumi.Input[str]] = None,
+                 passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 token_type: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to whitelist and allowing
+               a plugin to include them in the response.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will
+               not be HMAC'd by audit devices in the request data object.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will
+               not be HMAC'd by audit devices in the response data object.
+        :param pulumi.Input[str] default_lease_ttl: Specifies the default time-to-live.
+               If set, this overrides the global default.
+               Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
+        :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in
+               the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
+        :param pulumi.Input[str] max_lease_ttl: Specifies the maximum time-to-live.
+               If set, this overrides the global default.
+               Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to whitelist and
+               pass from the request to the backend.
+        :param pulumi.Input[str] token_type: Specifies the type of tokens that should be returned by
+               the mount. Valid values are "default-service", "default-batch", "service", "batch".
+               
+               
+               For more details on the usage of each argument consult the [Vault GCP API documentation](https://www.vaultproject.io/api-docs/auth/gcp#configure).
+        """
+        if allowed_response_headers is not None:
+            pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
+        if audit_non_hmac_request_keys is not None:
+            pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
+        if audit_non_hmac_response_keys is not None:
+            pulumi.set(__self__, "audit_non_hmac_response_keys", audit_non_hmac_response_keys)
+        if default_lease_ttl is not None:
+            pulumi.set(__self__, "default_lease_ttl", default_lease_ttl)
+        if listing_visibility is not None:
+            pulumi.set(__self__, "listing_visibility", listing_visibility)
+        if max_lease_ttl is not None:
+            pulumi.set(__self__, "max_lease_ttl", max_lease_ttl)
+        if passthrough_request_headers is not None:
+            pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
+        if token_type is not None:
+            pulumi.set(__self__, "token_type", token_type)
+
+    @property
+    @pulumi.getter(name="allowedResponseHeaders")
+    def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        List of headers to whitelist and allowing
+        a plugin to include them in the response.
+        """
+        return pulumi.get(self, "allowed_response_headers")
+
+    @allowed_response_headers.setter
+    def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "allowed_response_headers", value)
+
+    @property
+    @pulumi.getter(name="auditNonHmacRequestKeys")
+    def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Specifies the list of keys that will
+        not be HMAC'd by audit devices in the request data object.
+        """
+        return pulumi.get(self, "audit_non_hmac_request_keys")
+
+    @audit_non_hmac_request_keys.setter
+    def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "audit_non_hmac_request_keys", value)
+
+    @property
+    @pulumi.getter(name="auditNonHmacResponseKeys")
+    def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Specifies the list of keys that will
+        not be HMAC'd by audit devices in the response data object.
+        """
+        return pulumi.get(self, "audit_non_hmac_response_keys")
+
+    @audit_non_hmac_response_keys.setter
+    def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "audit_non_hmac_response_keys", value)
+
+    @property
+    @pulumi.getter(name="defaultLeaseTtl")
+    def default_lease_ttl(self) -> Optional[pulumi.Input[str]]:
+        """
+        Specifies the default time-to-live.
+        If set, this overrides the global default.
+        Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
+        """
+        return pulumi.get(self, "default_lease_ttl")
+
+    @default_lease_ttl.setter
+    def default_lease_ttl(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "default_lease_ttl", value)
+
+    @property
+    @pulumi.getter(name="listingVisibility")
+    def listing_visibility(self) -> Optional[pulumi.Input[str]]:
+        """
+        Specifies whether to show this mount in
+        the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
+        """
+        return pulumi.get(self, "listing_visibility")
+
+    @listing_visibility.setter
+    def listing_visibility(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "listing_visibility", value)
+
+    @property
+    @pulumi.getter(name="maxLeaseTtl")
+    def max_lease_ttl(self) -> Optional[pulumi.Input[str]]:
+        """
+        Specifies the maximum time-to-live.
+        If set, this overrides the global default.
+        Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
+        """
+        return pulumi.get(self, "max_lease_ttl")
+
+    @max_lease_ttl.setter
+    def max_lease_ttl(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "max_lease_ttl", value)
+
+    @property
+    @pulumi.getter(name="passthroughRequestHeaders")
+    def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        List of headers to whitelist and
+        pass from the request to the backend.
+        """
+        return pulumi.get(self, "passthrough_request_headers")
+
+    @passthrough_request_headers.setter
+    def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "passthrough_request_headers", value)
+
+    @property
+    @pulumi.getter(name="tokenType")
+    def token_type(self) -> Optional[pulumi.Input[str]]:
+        """
+        Specifies the type of tokens that should be returned by
+        the mount. Valid values are "default-service", "default-batch", "service", "batch".
+
+
+        For more details on the usage of each argument consult the [Vault GCP API documentation](https://www.vaultproject.io/api-docs/auth/gcp#configure).
+        """
+        return pulumi.get(self, "token_type")
+
+    @token_type.setter
+    def token_type(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "token_type", value)
+
+
 @pulumi.input_type
 class SecretRolesetBindingArgs:
     def __init__(__self__, *,

pulumi_vault/gcp/auth_backend.py

@@ -26,7 +26,8 @@ class AuthBackendArgs:
                  namespace: Optional[pulumi.Input[str]] = None,
                  path: Optional[pulumi.Input[str]] = None,
                  private_key_id: Optional[pulumi.Input[str]] = None,
-                 project_id: Optional[pulumi.Input[str]] = None):
+                 project_id: Optional[pulumi.Input[str]] = None,
+                 tune: Optional[pulumi.Input['AuthBackendTuneArgs']] = None):
         """
         The set of arguments for constructing a AuthBackend resource.
         :param pulumi.Input[str] client_email: The clients email associated with the credentials
@@ -50,6 +51,9 @@ class AuthBackendArgs:
         :param pulumi.Input[str] path: The path to mount the auth method — this defaults to 'gcp'.
         :param pulumi.Input[str] private_key_id: The ID of the private key from the credentials
         :param pulumi.Input[str] project_id: The GCP Project ID
+        :param pulumi.Input['AuthBackendTuneArgs'] tune: Extra configuration block. Structure is documented below.
+               
+               The `tune` block is used to tune the auth backend:
         """
         if client_email is not None:
             pulumi.set(__self__, "client_email", client_email)
@@ -73,6 +77,8 @@ class AuthBackendArgs:
             pulumi.set(__self__, "private_key_id", private_key_id)
         if project_id is not None:
             pulumi.set(__self__, "project_id", project_id)
+        if tune is not None:
+            pulumi.set(__self__, "tune", tune)
 
     @property
     @pulumi.getter(name="clientEmail")
@@ -216,6 +222,20 @@ class AuthBackendArgs:
     def project_id(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "project_id", value)
 
+    @property
+    @pulumi.getter
+    def tune(self) -> Optional[pulumi.Input['AuthBackendTuneArgs']]:
+        """
+        Extra configuration block. Structure is documented below.
+
+        The `tune` block is used to tune the auth backend:
+        """
+        return pulumi.get(self, "tune")
+
+    @tune.setter
+    def tune(self, value: Optional[pulumi.Input['AuthBackendTuneArgs']]):
+        pulumi.set(self, "tune", value)
+
 
 @pulumi.input_type
 class _AuthBackendState:
@@ -231,7 +251,8 @@ class _AuthBackendState:
                  namespace: Optional[pulumi.Input[str]] = None,
                  path: Optional[pulumi.Input[str]] = None,
                  private_key_id: Optional[pulumi.Input[str]] = None,
-                 project_id: Optional[pulumi.Input[str]] = None):
+                 project_id: Optional[pulumi.Input[str]] = None,
+                 tune: Optional[pulumi.Input['AuthBackendTuneArgs']] = None):
         """
         Input properties used for looking up and filtering AuthBackend resources.
         :param pulumi.Input[str] accessor: The mount accessor related to the auth mount. It is useful for integration with [Identity Secrets Engine](https://www.vaultproject.io/docs/secrets/identity/index.html).
@@ -256,6 +277,9 @@ class _AuthBackendState:
         :param pulumi.Input[str] path: The path to mount the auth method — this defaults to 'gcp'.
         :param pulumi.Input[str] private_key_id: The ID of the private key from the credentials
         :param pulumi.Input[str] project_id: The GCP Project ID
+        :param pulumi.Input['AuthBackendTuneArgs'] tune: Extra configuration block. Structure is documented below.
+               
+               The `tune` block is used to tune the auth backend:
         """
         if accessor is not None:
             pulumi.set(__self__, "accessor", accessor)
@@ -281,6 +305,8 @@ class _AuthBackendState:
             pulumi.set(__self__, "private_key_id", private_key_id)
         if project_id is not None:
             pulumi.set(__self__, "project_id", project_id)
+        if tune is not None:
+            pulumi.set(__self__, "tune", tune)
 
     @property
     @pulumi.getter
@@ -436,6 +462,20 @@ class _AuthBackendState:
     def project_id(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "project_id", value)
 
+    @property
+    @pulumi.getter
+    def tune(self) -> Optional[pulumi.Input['AuthBackendTuneArgs']]:
+        """
+        Extra configuration block. Structure is documented below.
+
+        The `tune` block is used to tune the auth backend:
+        """
+        return pulumi.get(self, "tune")
+
+    @tune.setter
+    def tune(self, value: Optional[pulumi.Input['AuthBackendTuneArgs']]):
+        pulumi.set(self, "tune", value)
+
 
 class AuthBackend(pulumi.CustomResource):
     @overload
@@ -453,6 +493,7 @@ class AuthBackend(pulumi.CustomResource):
                  path: Optional[pulumi.Input[str]] = None,
                  private_key_id: Optional[pulumi.Input[str]] = None,
                  project_id: Optional[pulumi.Input[str]] = None,
+                 tune: Optional[pulumi.Input[pulumi.InputType['AuthBackendTuneArgs']]] = None,
                  __props__=None):
         """
         Provides a resource to configure the [GCP auth backend within Vault](https://www.vaultproject.io/docs/auth/gcp.html).
@@ -504,6 +545,9 @@ class AuthBackend(pulumi.CustomResource):
         :param pulumi.Input[str] path: The path to mount the auth method — this defaults to 'gcp'.
         :param pulumi.Input[str] private_key_id: The ID of the private key from the credentials
         :param pulumi.Input[str] project_id: The GCP Project ID
+        :param pulumi.Input[pulumi.InputType['AuthBackendTuneArgs']] tune: Extra configuration block. Structure is documented below.
+               
+               The `tune` block is used to tune the auth backend:
         """
         ...
     @overload
@@ -564,6 +608,7 @@ class AuthBackend(pulumi.CustomResource):
                  path: Optional[pulumi.Input[str]] = None,
                  private_key_id: Optional[pulumi.Input[str]] = None,
                  project_id: Optional[pulumi.Input[str]] = None,
+                 tune: Optional[pulumi.Input[pulumi.InputType['AuthBackendTuneArgs']]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -584,6 +629,7 @@ class AuthBackend(pulumi.CustomResource):
             __props__.__dict__["path"] = path
             __props__.__dict__["private_key_id"] = private_key_id
             __props__.__dict__["project_id"] = project_id
+            __props__.__dict__["tune"] = tune
             __props__.__dict__["accessor"] = None
         secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["credentials"])
         opts = pulumi.ResourceOptions.merge(opts, secret_opts)
@@ -608,7 +654,8 @@ class AuthBackend(pulumi.CustomResource):
             namespace: Optional[pulumi.Input[str]] = None,
             path: Optional[pulumi.Input[str]] = None,
             private_key_id: Optional[pulumi.Input[str]] = None,
-            project_id: Optional[pulumi.Input[str]] = None) -> 'AuthBackend':
+            project_id: Optional[pulumi.Input[str]] = None,
+            tune: Optional[pulumi.Input[pulumi.InputType['AuthBackendTuneArgs']]] = None) -> 'AuthBackend':
         """
         Get an existing AuthBackend resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -638,6 +685,9 @@ class AuthBackend(pulumi.CustomResource):
         :param pulumi.Input[str] path: The path to mount the auth method — this defaults to 'gcp'.
         :param pulumi.Input[str] private_key_id: The ID of the private key from the credentials
         :param pulumi.Input[str] project_id: The GCP Project ID
+        :param pulumi.Input[pulumi.InputType['AuthBackendTuneArgs']] tune: Extra configuration block. Structure is documented below.
+               
+               The `tune` block is used to tune the auth backend:
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
@@ -655,6 +705,7 @@ class AuthBackend(pulumi.CustomResource):
         __props__.__dict__["path"] = path
         __props__.__dict__["private_key_id"] = private_key_id
         __props__.__dict__["project_id"] = project_id
+        __props__.__dict__["tune"] = tune
         return AuthBackend(resource_name, opts=opts, __props__=__props__)
 
     @property
@@ -763,3 +814,13 @@ class AuthBackend(pulumi.CustomResource):
         """
         return pulumi.get(self, "project_id")
 
+    @property
+    @pulumi.getter
+    def tune(self) -> pulumi.Output['outputs.AuthBackendTune']:
+        """
+        Extra configuration block. Structure is documented below.
+
+        The `tune` block is used to tune the auth backend:
+        """
+        return pulumi.get(self, "tune")
+

pulumi_vault/gcp/outputs.py

@@ -11,6 +11,7 @@ from .. import _utilities
 
 __all__ = [
     'AuthBackendCustomEndpoint',
+    'AuthBackendTune',
     'SecretRolesetBinding',
     'SecretStaticAccountBinding',
 ]
@@ -28,8 +29,6 @@ class AuthBackendCustomEndpoint(dict):
                
                The endpoint value provided for a given key has the form of `scheme://host:port`.
                The `scheme://` and `:port` portions of the endpoint value are optional.
-               
-               For more details on the usage of each argument consult the [Vault GCP API documentation](https://www.vaultproject.io/api-docs/auth/gcp#configure).
         :param str crm: Replaces the service endpoint used in API requests to `https://cloudresourcemanager.googleapis.com`.
         :param str iam: Replaces the service endpoint used in API requests to `https://iam.googleapis.com`.
         """
@@ -58,8 +57,6 @@ class AuthBackendCustomEndpoint(dict):
 
         The endpoint value provided for a given key has the form of `scheme://host:port`.
         The `scheme://` and `:port` portions of the endpoint value are optional.
-
-        For more details on the usage of each argument consult the [Vault GCP API documentation](https://www.vaultproject.io/api-docs/auth/gcp#configure).
         """
         return pulumi.get(self, "compute")
 
@@ -80,6 +77,166 @@ class AuthBackendCustomEndpoint(dict):
         return pulumi.get(self, "iam")
 
 
+@pulumi.output_type
+class AuthBackendTune(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "allowedResponseHeaders":
+            suggest = "allowed_response_headers"
+        elif key == "auditNonHmacRequestKeys":
+            suggest = "audit_non_hmac_request_keys"
+        elif key == "auditNonHmacResponseKeys":
+            suggest = "audit_non_hmac_response_keys"
+        elif key == "defaultLeaseTtl":
+            suggest = "default_lease_ttl"
+        elif key == "listingVisibility":
+            suggest = "listing_visibility"
+        elif key == "maxLeaseTtl":
+            suggest = "max_lease_ttl"
+        elif key == "passthroughRequestHeaders":
+            suggest = "passthrough_request_headers"
+        elif key == "tokenType":
+            suggest = "token_type"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in AuthBackendTune. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        AuthBackendTune.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        AuthBackendTune.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 allowed_response_headers: Optional[Sequence[str]] = None,
+                 audit_non_hmac_request_keys: Optional[Sequence[str]] = None,
+                 audit_non_hmac_response_keys: Optional[Sequence[str]] = None,
+                 default_lease_ttl: Optional[str] = None,
+                 listing_visibility: Optional[str] = None,
+                 max_lease_ttl: Optional[str] = None,
+                 passthrough_request_headers: Optional[Sequence[str]] = None,
+                 token_type: Optional[str] = None):
+        """
+        :param Sequence[str] allowed_response_headers: List of headers to whitelist and allowing
+               a plugin to include them in the response.
+        :param Sequence[str] audit_non_hmac_request_keys: Specifies the list of keys that will
+               not be HMAC'd by audit devices in the request data object.
+        :param Sequence[str] audit_non_hmac_response_keys: Specifies the list of keys that will
+               not be HMAC'd by audit devices in the response data object.
+        :param str default_lease_ttl: Specifies the default time-to-live.
+               If set, this overrides the global default.
+               Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
+        :param str listing_visibility: Specifies whether to show this mount in
+               the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
+        :param str max_lease_ttl: Specifies the maximum time-to-live.
+               If set, this overrides the global default.
+               Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
+        :param Sequence[str] passthrough_request_headers: List of headers to whitelist and
+               pass from the request to the backend.
+        :param str token_type: Specifies the type of tokens that should be returned by
+               the mount. Valid values are "default-service", "default-batch", "service", "batch".
+               
+               
+               For more details on the usage of each argument consult the [Vault GCP API documentation](https://www.vaultproject.io/api-docs/auth/gcp#configure).
+        """
+        if allowed_response_headers is not None:
+            pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
+        if audit_non_hmac_request_keys is not None:
+            pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
+        if audit_non_hmac_response_keys is not None:
+            pulumi.set(__self__, "audit_non_hmac_response_keys", audit_non_hmac_response_keys)
+        if default_lease_ttl is not None:
+            pulumi.set(__self__, "default_lease_ttl", default_lease_ttl)
+        if listing_visibility is not None:
+            pulumi.set(__self__, "listing_visibility", listing_visibility)
+        if max_lease_ttl is not None:
+            pulumi.set(__self__, "max_lease_ttl", max_lease_ttl)
+        if passthrough_request_headers is not None:
+            pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
+        if token_type is not None:
+            pulumi.set(__self__, "token_type", token_type)
+
+    @property
+    @pulumi.getter(name="allowedResponseHeaders")
+    def allowed_response_headers(self) -> Optional[Sequence[str]]:
+        """
+        List of headers to whitelist and allowing
+        a plugin to include them in the response.
+        """
+        return pulumi.get(self, "allowed_response_headers")
+
+    @property
+    @pulumi.getter(name="auditNonHmacRequestKeys")
+    def audit_non_hmac_request_keys(self) -> Optional[Sequence[str]]:
+        """
+        Specifies the list of keys that will
+        not be HMAC'd by audit devices in the request data object.
+        """
+        return pulumi.get(self, "audit_non_hmac_request_keys")
+
+    @property
+    @pulumi.getter(name="auditNonHmacResponseKeys")
+    def audit_non_hmac_response_keys(self) -> Optional[Sequence[str]]:
+        """
+        Specifies the list of keys that will
+        not be HMAC'd by audit devices in the response data object.
+        """
+        return pulumi.get(self, "audit_non_hmac_response_keys")
+
+    @property
+    @pulumi.getter(name="defaultLeaseTtl")
+    def default_lease_ttl(self) -> Optional[str]:
+        """
+        Specifies the default time-to-live.
+        If set, this overrides the global default.
+        Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
+        """
+        return pulumi.get(self, "default_lease_ttl")
+
+    @property
+    @pulumi.getter(name="listingVisibility")
+    def listing_visibility(self) -> Optional[str]:
+        """
+        Specifies whether to show this mount in
+        the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
+        """
+        return pulumi.get(self, "listing_visibility")
+
+    @property
+    @pulumi.getter(name="maxLeaseTtl")
+    def max_lease_ttl(self) -> Optional[str]:
+        """
+        Specifies the maximum time-to-live.
+        If set, this overrides the global default.
+        Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
+        """
+        return pulumi.get(self, "max_lease_ttl")
+
+    @property
+    @pulumi.getter(name="passthroughRequestHeaders")
+    def passthrough_request_headers(self) -> Optional[Sequence[str]]:
+        """
+        List of headers to whitelist and
+        pass from the request to the backend.
+        """
+        return pulumi.get(self, "passthrough_request_headers")
+
+    @property
+    @pulumi.getter(name="tokenType")
+    def token_type(self) -> Optional[str]:
+        """
+        Specifies the type of tokens that should be returned by
+        the mount. Valid values are "default-service", "default-batch", "service", "batch".
+
+
+        For more details on the usage of each argument consult the [Vault GCP API documentation](https://www.vaultproject.io/api-docs/auth/gcp#configure).
+        """
+        return pulumi.get(self, "token_type")
+
+
 @pulumi.output_type
 class SecretRolesetBinding(dict):
     def __init__(__self__, *,

pulumi_vault/get_raft_autopilot_state.py

@@ -188,12 +188,6 @@ class AwaitableGetRaftAutopilotStateResult(GetRaftAutopilotStateResult):
 def get_raft_autopilot_state(namespace: Optional[str] = None,
                              opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetRaftAutopilotStateResult:
     """
-    Displays the state of the raft cluster under integrated storage as seen by
-    autopilot. It shows whether autopilot thinks the cluster is healthy or not, and
-    how many nodes could fail before the cluster becomes unhealthy ("Failure
-    Tolerance"). For more information, please refer to the
-    [Vault documentation](https://developer.hashicorp.com/vault/api-docs/system/storage/raftautopilot#get-cluster-state).
-
     ## Example Usage
 
     ```python
@@ -235,12 +229,6 @@ def get_raft_autopilot_state(namespace: Optional[str] = None,
 def get_raft_autopilot_state_output(namespace: Optional[pulumi.Input[Optional[str]]] = None,
                                     opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRaftAutopilotStateResult]:
     """
-    Displays the state of the raft cluster under integrated storage as seen by
-    autopilot. It shows whether autopilot thinks the cluster is healthy or not, and
-    how many nodes could fail before the cluster becomes unhealthy ("Failure
-    Tolerance"). For more information, please refer to the
-    [Vault documentation](https://developer.hashicorp.com/vault/api-docs/system/storage/raftautopilot#get-cluster-state).
-
     ## Example Usage
 
     ```python

pulumi_vault/identity/group_alias.py

@@ -199,16 +199,16 @@ class GroupAlias(pulumi.CustomResource):
 
         ## Import
 
-        The group alias can be imported with the group alias `id`, for example
+        The group alias can be imported with the group alias `id`, for example:
 
         ```sh
-         $ pulumi import vault:identity/groupAlias:GroupAlias group-alias id
+        $ pulumi import vault:identity/groupAlias:GroupAlias group-alias id
         ```
 
          Group aliases can also be imported using the UUID of the alias record, e.g.
 
         ```sh
-         $ pulumi import vault:identity/groupAlias:GroupAlias alias_name 63104e20-88e4-11eb-8d04-cf7ac9d60157
+        $ pulumi import vault:identity/groupAlias:GroupAlias alias_name 63104e20-88e4-11eb-8d04-cf7ac9d60157
         ```
 
         :param str resource_name: The name of the resource.
@@ -252,16 +252,16 @@ class GroupAlias(pulumi.CustomResource):
 
         ## Import
 
-        The group alias can be imported with the group alias `id`, for example
+        The group alias can be imported with the group alias `id`, for example:
 
         ```sh
-         $ pulumi import vault:identity/groupAlias:GroupAlias group-alias id
+        $ pulumi import vault:identity/groupAlias:GroupAlias group-alias id
         ```
 
          Group aliases can also be imported using the UUID of the alias record, e.g.
 
         ```sh
-         $ pulumi import vault:identity/groupAlias:GroupAlias alias_name 63104e20-88e4-11eb-8d04-cf7ac9d60157
+        $ pulumi import vault:identity/groupAlias:GroupAlias alias_name 63104e20-88e4-11eb-8d04-cf7ac9d60157
         ```
 
         :param str resource_name: The name of the resource.