pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
@@ -100,7 +105,7 @@ class AuthBackendRoleArgs:
100
105
  This only applies when `auth_type` is set to `iam`.
101
106
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
102
107
  The value should not contain leading or trailing forward slashes.
103
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
108
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
104
109
  *Available only for Vault Enterprise*.
105
110
  :param pulumi.Input[bool] resolve_aws_unique_ids: Only valid when
106
111
  `auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are
@@ -117,32 +122,15 @@ class AuthBackendRoleArgs:
117
122
  for this field should be the key of the tag on the EC2 instance. `auth_type`
118
123
  must be set to `ec2` or `inferred_entity_type` must be set to `ec2_instance`
119
124
  to use this constraint.
120
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
121
- addresses which can authenticate successfully, and ties the resulting token to these blocks
122
- as well.
123
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
124
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
125
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
126
- `token_max_ttl` would otherwise allow a renewal.
127
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
128
- Its current value will be referenced at renewal time.
129
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
130
- generated tokens; otherwise it will be added to the policies set in token_policies.
131
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/auth/aws#token_num_uses)
132
- of times a generated token may be used (within its lifetime); 0 means unlimited.
133
- :param pulumi.Input[int] token_period: If set, indicates that the
134
- token generated using this role should never expire. The token should be renewed within the
135
- duration specified by this value. At each renewal, the token's TTL will be set to the
136
- value of this field. Specified in seconds.
137
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
138
- on the auth method, this list may be supplemented by user/group/other values.
139
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
140
- Its current value will be referenced at renewal time.
141
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
142
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
143
- `service` tokens). For token store roles, there are two additional possibilities:
144
- `default-service` and `default-batch` which specify the type to return unless the client
145
- requests a different type at generation time.
125
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
126
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
127
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
128
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
129
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
130
+ :param pulumi.Input[int] token_period: Generated Token's Period
131
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
132
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
133
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
146
134
  """
147
135
  pulumi.set(__self__, "role", role)
148
136
  if allow_instance_migration is not None:
@@ -436,7 +424,7 @@ class AuthBackendRoleArgs:
436
424
  """
437
425
  The namespace to provision the resource in.
438
426
  The value should not contain leading or trailing forward slashes.
439
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
427
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
440
428
  *Available only for Vault Enterprise*.
441
429
  """
442
430
  return pulumi.get(self, "namespace")
@@ -486,9 +474,7 @@ class AuthBackendRoleArgs:
486
474
  @pulumi.getter(name="tokenBoundCidrs")
487
475
  def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
488
476
  """
489
- List of CIDR blocks; if set, specifies blocks of IP
490
- addresses which can authenticate successfully, and ties the resulting token to these blocks
491
- as well.
477
+ Specifies the blocks of IP addresses which are allowed to use the generated token
492
478
  """
493
479
  return pulumi.get(self, "token_bound_cidrs")
494
480
 
@@ -500,10 +486,7 @@ class AuthBackendRoleArgs:
500
486
  @pulumi.getter(name="tokenExplicitMaxTtl")
501
487
  def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
502
488
  """
503
- If set, will encode an
504
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
505
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
506
- `token_max_ttl` would otherwise allow a renewal.
489
+ Generated Token's Explicit Maximum TTL in seconds
507
490
  """
508
491
  return pulumi.get(self, "token_explicit_max_ttl")
509
492
 
@@ -515,8 +498,7 @@ class AuthBackendRoleArgs:
515
498
  @pulumi.getter(name="tokenMaxTtl")
516
499
  def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
517
500
  """
518
- The maximum lifetime for generated tokens in number of seconds.
519
- Its current value will be referenced at renewal time.
501
+ The maximum lifetime of the generated token
520
502
  """
521
503
  return pulumi.get(self, "token_max_ttl")
522
504
 
@@ -528,8 +510,7 @@ class AuthBackendRoleArgs:
528
510
  @pulumi.getter(name="tokenNoDefaultPolicy")
529
511
  def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
530
512
  """
531
- If set, the default policy will not be set on
532
- generated tokens; otherwise it will be added to the policies set in token_policies.
513
+ If true, the 'default' policy will not automatically be added to generated tokens
533
514
  """
534
515
  return pulumi.get(self, "token_no_default_policy")
535
516
 
@@ -541,8 +522,7 @@ class AuthBackendRoleArgs:
541
522
  @pulumi.getter(name="tokenNumUses")
542
523
  def token_num_uses(self) -> Optional[pulumi.Input[int]]:
543
524
  """
544
- The [maximum number](https://www.vaultproject.io/api-docs/auth/aws#token_num_uses)
545
- of times a generated token may be used (within its lifetime); 0 means unlimited.
525
+ The maximum number of times a token may be used, a value of zero means unlimited
546
526
  """
547
527
  return pulumi.get(self, "token_num_uses")
548
528
 
@@ -554,10 +534,7 @@ class AuthBackendRoleArgs:
554
534
  @pulumi.getter(name="tokenPeriod")
555
535
  def token_period(self) -> Optional[pulumi.Input[int]]:
556
536
  """
557
- If set, indicates that the
558
- token generated using this role should never expire. The token should be renewed within the
559
- duration specified by this value. At each renewal, the token's TTL will be set to the
560
- value of this field. Specified in seconds.
537
+ Generated Token's Period
561
538
  """
562
539
  return pulumi.get(self, "token_period")
563
540
 
@@ -569,8 +546,7 @@ class AuthBackendRoleArgs:
569
546
  @pulumi.getter(name="tokenPolicies")
570
547
  def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
571
548
  """
572
- List of policies to encode onto generated tokens. Depending
573
- on the auth method, this list may be supplemented by user/group/other values.
549
+ Generated Token's Policies
574
550
  """
575
551
  return pulumi.get(self, "token_policies")
576
552
 
@@ -582,8 +558,7 @@ class AuthBackendRoleArgs:
582
558
  @pulumi.getter(name="tokenTtl")
583
559
  def token_ttl(self) -> Optional[pulumi.Input[int]]:
584
560
  """
585
- The incremental lifetime for generated tokens in number of seconds.
586
- Its current value will be referenced at renewal time.
561
+ The initial ttl of the token to generate in seconds
587
562
  """
588
563
  return pulumi.get(self, "token_ttl")
589
564
 
@@ -595,11 +570,7 @@ class AuthBackendRoleArgs:
595
570
  @pulumi.getter(name="tokenType")
596
571
  def token_type(self) -> Optional[pulumi.Input[str]]:
597
572
  """
598
- The type of token that should be generated. Can be `service`,
599
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
600
- `service` tokens). For token store roles, there are two additional possibilities:
601
- `default-service` and `default-batch` which specify the type to return unless the client
602
- requests a different type at generation time.
573
+ The type of token to generate, service or batch
603
574
  """
604
575
  return pulumi.get(self, "token_type")
605
576
 
@@ -697,7 +668,7 @@ class _AuthBackendRoleState:
697
668
  This only applies when `auth_type` is set to `iam`.
698
669
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
699
670
  The value should not contain leading or trailing forward slashes.
700
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
671
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
701
672
  *Available only for Vault Enterprise*.
702
673
  :param pulumi.Input[bool] resolve_aws_unique_ids: Only valid when
703
674
  `auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are
@@ -716,32 +687,15 @@ class _AuthBackendRoleState:
716
687
  for this field should be the key of the tag on the EC2 instance. `auth_type`
717
688
  must be set to `ec2` or `inferred_entity_type` must be set to `ec2_instance`
718
689
  to use this constraint.
719
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
720
- addresses which can authenticate successfully, and ties the resulting token to these blocks
721
- as well.
722
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
723
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
724
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
725
- `token_max_ttl` would otherwise allow a renewal.
726
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
727
- Its current value will be referenced at renewal time.
728
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
729
- generated tokens; otherwise it will be added to the policies set in token_policies.
730
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/auth/aws#token_num_uses)
731
- of times a generated token may be used (within its lifetime); 0 means unlimited.
732
- :param pulumi.Input[int] token_period: If set, indicates that the
733
- token generated using this role should never expire. The token should be renewed within the
734
- duration specified by this value. At each renewal, the token's TTL will be set to the
735
- value of this field. Specified in seconds.
736
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
737
- on the auth method, this list may be supplemented by user/group/other values.
738
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
739
- Its current value will be referenced at renewal time.
740
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
741
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
742
- `service` tokens). For token store roles, there are two additional possibilities:
743
- `default-service` and `default-batch` which specify the type to return unless the client
744
- requests a different type at generation time.
690
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
691
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
692
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
693
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
694
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
695
+ :param pulumi.Input[int] token_period: Generated Token's Period
696
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
697
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
698
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
745
699
  """
746
700
  if allow_instance_migration is not None:
747
701
  pulumi.set(__self__, "allow_instance_migration", allow_instance_migration)
@@ -1026,7 +980,7 @@ class _AuthBackendRoleState:
1026
980
  """
1027
981
  The namespace to provision the resource in.
1028
982
  The value should not contain leading or trailing forward slashes.
1029
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
983
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1030
984
  *Available only for Vault Enterprise*.
1031
985
  """
1032
986
  return pulumi.get(self, "namespace")
@@ -1100,9 +1054,7 @@ class _AuthBackendRoleState:
1100
1054
  @pulumi.getter(name="tokenBoundCidrs")
1101
1055
  def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1102
1056
  """
1103
- List of CIDR blocks; if set, specifies blocks of IP
1104
- addresses which can authenticate successfully, and ties the resulting token to these blocks
1105
- as well.
1057
+ Specifies the blocks of IP addresses which are allowed to use the generated token
1106
1058
  """
1107
1059
  return pulumi.get(self, "token_bound_cidrs")
1108
1060
 
@@ -1114,10 +1066,7 @@ class _AuthBackendRoleState:
1114
1066
  @pulumi.getter(name="tokenExplicitMaxTtl")
1115
1067
  def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
1116
1068
  """
1117
- If set, will encode an
1118
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
1119
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
1120
- `token_max_ttl` would otherwise allow a renewal.
1069
+ Generated Token's Explicit Maximum TTL in seconds
1121
1070
  """
1122
1071
  return pulumi.get(self, "token_explicit_max_ttl")
1123
1072
 
@@ -1129,8 +1078,7 @@ class _AuthBackendRoleState:
1129
1078
  @pulumi.getter(name="tokenMaxTtl")
1130
1079
  def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
1131
1080
  """
1132
- The maximum lifetime for generated tokens in number of seconds.
1133
- Its current value will be referenced at renewal time.
1081
+ The maximum lifetime of the generated token
1134
1082
  """
1135
1083
  return pulumi.get(self, "token_max_ttl")
1136
1084
 
@@ -1142,8 +1090,7 @@ class _AuthBackendRoleState:
1142
1090
  @pulumi.getter(name="tokenNoDefaultPolicy")
1143
1091
  def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
1144
1092
  """
1145
- If set, the default policy will not be set on
1146
- generated tokens; otherwise it will be added to the policies set in token_policies.
1093
+ If true, the 'default' policy will not automatically be added to generated tokens
1147
1094
  """
1148
1095
  return pulumi.get(self, "token_no_default_policy")
1149
1096
 
@@ -1155,8 +1102,7 @@ class _AuthBackendRoleState:
1155
1102
  @pulumi.getter(name="tokenNumUses")
1156
1103
  def token_num_uses(self) -> Optional[pulumi.Input[int]]:
1157
1104
  """
1158
- The [maximum number](https://www.vaultproject.io/api-docs/auth/aws#token_num_uses)
1159
- of times a generated token may be used (within its lifetime); 0 means unlimited.
1105
+ The maximum number of times a token may be used, a value of zero means unlimited
1160
1106
  """
1161
1107
  return pulumi.get(self, "token_num_uses")
1162
1108
 
@@ -1168,10 +1114,7 @@ class _AuthBackendRoleState:
1168
1114
  @pulumi.getter(name="tokenPeriod")
1169
1115
  def token_period(self) -> Optional[pulumi.Input[int]]:
1170
1116
  """
1171
- If set, indicates that the
1172
- token generated using this role should never expire. The token should be renewed within the
1173
- duration specified by this value. At each renewal, the token's TTL will be set to the
1174
- value of this field. Specified in seconds.
1117
+ Generated Token's Period
1175
1118
  """
1176
1119
  return pulumi.get(self, "token_period")
1177
1120
 
@@ -1183,8 +1126,7 @@ class _AuthBackendRoleState:
1183
1126
  @pulumi.getter(name="tokenPolicies")
1184
1127
  def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1185
1128
  """
1186
- List of policies to encode onto generated tokens. Depending
1187
- on the auth method, this list may be supplemented by user/group/other values.
1129
+ Generated Token's Policies
1188
1130
  """
1189
1131
  return pulumi.get(self, "token_policies")
1190
1132
 
@@ -1196,8 +1138,7 @@ class _AuthBackendRoleState:
1196
1138
  @pulumi.getter(name="tokenTtl")
1197
1139
  def token_ttl(self) -> Optional[pulumi.Input[int]]:
1198
1140
  """
1199
- The incremental lifetime for generated tokens in number of seconds.
1200
- Its current value will be referenced at renewal time.
1141
+ The initial ttl of the token to generate in seconds
1201
1142
  """
1202
1143
  return pulumi.get(self, "token_ttl")
1203
1144
 
@@ -1209,11 +1150,7 @@ class _AuthBackendRoleState:
1209
1150
  @pulumi.getter(name="tokenType")
1210
1151
  def token_type(self) -> Optional[pulumi.Input[str]]:
1211
1152
  """
1212
- The type of token that should be generated. Can be `service`,
1213
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
1214
- `service` tokens). For token store roles, there are two additional possibilities:
1215
- `default-service` and `default-batch` which specify the type to return unless the client
1216
- requests a different type at generation time.
1153
+ The type of token to generate, service or batch
1217
1154
  """
1218
1155
  return pulumi.get(self, "token_type")
1219
1156
 
@@ -1296,7 +1233,7 @@ class AuthBackendRole(pulumi.CustomResource):
1296
1233
  AWS auth backend roles can be imported using `auth/`, the `backend` path, `/role/`, and the `role` name e.g.
1297
1234
 
1298
1235
  ```sh
1299
- $ pulumi import vault:aws/authBackendRole:AuthBackendRole example auth/aws/role/test-role
1236
+ $ pulumi import vault:aws/authBackendRole:AuthBackendRole example auth/aws/role/test-role
1300
1237
  ```
1301
1238
 
1302
1239
  :param str resource_name: The name of the resource.
@@ -1356,7 +1293,7 @@ class AuthBackendRole(pulumi.CustomResource):
1356
1293
  This only applies when `auth_type` is set to `iam`.
1357
1294
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1358
1295
  The value should not contain leading or trailing forward slashes.
1359
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1296
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1360
1297
  *Available only for Vault Enterprise*.
1361
1298
  :param pulumi.Input[bool] resolve_aws_unique_ids: Only valid when
1362
1299
  `auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are
@@ -1374,32 +1311,15 @@ class AuthBackendRole(pulumi.CustomResource):
1374
1311
  for this field should be the key of the tag on the EC2 instance. `auth_type`
1375
1312
  must be set to `ec2` or `inferred_entity_type` must be set to `ec2_instance`
1376
1313
  to use this constraint.
1377
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
1378
- addresses which can authenticate successfully, and ties the resulting token to these blocks
1379
- as well.
1380
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
1381
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
1382
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
1383
- `token_max_ttl` would otherwise allow a renewal.
1384
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
1385
- Its current value will be referenced at renewal time.
1386
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
1387
- generated tokens; otherwise it will be added to the policies set in token_policies.
1388
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/auth/aws#token_num_uses)
1389
- of times a generated token may be used (within its lifetime); 0 means unlimited.
1390
- :param pulumi.Input[int] token_period: If set, indicates that the
1391
- token generated using this role should never expire. The token should be renewed within the
1392
- duration specified by this value. At each renewal, the token's TTL will be set to the
1393
- value of this field. Specified in seconds.
1394
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
1395
- on the auth method, this list may be supplemented by user/group/other values.
1396
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
1397
- Its current value will be referenced at renewal time.
1398
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
1399
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
1400
- `service` tokens). For token store roles, there are two additional possibilities:
1401
- `default-service` and `default-batch` which specify the type to return unless the client
1402
- requests a different type at generation time.
1314
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
1315
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
1316
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
1317
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
1318
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
1319
+ :param pulumi.Input[int] token_period: Generated Token's Period
1320
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
1321
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
1322
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
1403
1323
  """
1404
1324
  ...
1405
1325
  @overload
@@ -1447,7 +1367,7 @@ class AuthBackendRole(pulumi.CustomResource):
1447
1367
  AWS auth backend roles can be imported using `auth/`, the `backend` path, `/role/`, and the `role` name e.g.
1448
1368
 
1449
1369
  ```sh
1450
- $ pulumi import vault:aws/authBackendRole:AuthBackendRole example auth/aws/role/test-role
1370
+ $ pulumi import vault:aws/authBackendRole:AuthBackendRole example auth/aws/role/test-role
1451
1371
  ```
1452
1372
 
1453
1373
  :param str resource_name: The name of the resource.
@@ -1634,7 +1554,7 @@ class AuthBackendRole(pulumi.CustomResource):
1634
1554
  This only applies when `auth_type` is set to `iam`.
1635
1555
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1636
1556
  The value should not contain leading or trailing forward slashes.
1637
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1557
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1638
1558
  *Available only for Vault Enterprise*.
1639
1559
  :param pulumi.Input[bool] resolve_aws_unique_ids: Only valid when
1640
1560
  `auth_type` is `iam`. If set to `true`, the `bound_iam_principal_arns` are
@@ -1653,32 +1573,15 @@ class AuthBackendRole(pulumi.CustomResource):
1653
1573
  for this field should be the key of the tag on the EC2 instance. `auth_type`
1654
1574
  must be set to `ec2` or `inferred_entity_type` must be set to `ec2_instance`
1655
1575
  to use this constraint.
1656
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
1657
- addresses which can authenticate successfully, and ties the resulting token to these blocks
1658
- as well.
1659
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
1660
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
1661
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
1662
- `token_max_ttl` would otherwise allow a renewal.
1663
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
1664
- Its current value will be referenced at renewal time.
1665
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
1666
- generated tokens; otherwise it will be added to the policies set in token_policies.
1667
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/auth/aws#token_num_uses)
1668
- of times a generated token may be used (within its lifetime); 0 means unlimited.
1669
- :param pulumi.Input[int] token_period: If set, indicates that the
1670
- token generated using this role should never expire. The token should be renewed within the
1671
- duration specified by this value. At each renewal, the token's TTL will be set to the
1672
- value of this field. Specified in seconds.
1673
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
1674
- on the auth method, this list may be supplemented by user/group/other values.
1675
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
1676
- Its current value will be referenced at renewal time.
1677
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
1678
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
1679
- `service` tokens). For token store roles, there are two additional possibilities:
1680
- `default-service` and `default-batch` which specify the type to return unless the client
1681
- requests a different type at generation time.
1576
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
1577
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
1578
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
1579
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
1580
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
1581
+ :param pulumi.Input[int] token_period: Generated Token's Period
1582
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
1583
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
1584
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
1682
1585
  """
1683
1586
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
1684
1587
 
@@ -1879,7 +1782,7 @@ class AuthBackendRole(pulumi.CustomResource):
1879
1782
  """
1880
1783
  The namespace to provision the resource in.
1881
1784
  The value should not contain leading or trailing forward slashes.
1882
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1785
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1883
1786
  *Available only for Vault Enterprise*.
1884
1787
  """
1885
1788
  return pulumi.get(self, "namespace")
@@ -1933,9 +1836,7 @@ class AuthBackendRole(pulumi.CustomResource):
1933
1836
  @pulumi.getter(name="tokenBoundCidrs")
1934
1837
  def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
1935
1838
  """
1936
- List of CIDR blocks; if set, specifies blocks of IP
1937
- addresses which can authenticate successfully, and ties the resulting token to these blocks
1938
- as well.
1839
+ Specifies the blocks of IP addresses which are allowed to use the generated token
1939
1840
  """
1940
1841
  return pulumi.get(self, "token_bound_cidrs")
1941
1842
 
@@ -1943,10 +1844,7 @@ class AuthBackendRole(pulumi.CustomResource):
1943
1844
  @pulumi.getter(name="tokenExplicitMaxTtl")
1944
1845
  def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
1945
1846
  """
1946
- If set, will encode an
1947
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
1948
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
1949
- `token_max_ttl` would otherwise allow a renewal.
1847
+ Generated Token's Explicit Maximum TTL in seconds
1950
1848
  """
1951
1849
  return pulumi.get(self, "token_explicit_max_ttl")
1952
1850
 
@@ -1954,8 +1852,7 @@ class AuthBackendRole(pulumi.CustomResource):
1954
1852
  @pulumi.getter(name="tokenMaxTtl")
1955
1853
  def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
1956
1854
  """
1957
- The maximum lifetime for generated tokens in number of seconds.
1958
- Its current value will be referenced at renewal time.
1855
+ The maximum lifetime of the generated token
1959
1856
  """
1960
1857
  return pulumi.get(self, "token_max_ttl")
1961
1858
 
@@ -1963,8 +1860,7 @@ class AuthBackendRole(pulumi.CustomResource):
1963
1860
  @pulumi.getter(name="tokenNoDefaultPolicy")
1964
1861
  def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
1965
1862
  """
1966
- If set, the default policy will not be set on
1967
- generated tokens; otherwise it will be added to the policies set in token_policies.
1863
+ If true, the 'default' policy will not automatically be added to generated tokens
1968
1864
  """
1969
1865
  return pulumi.get(self, "token_no_default_policy")
1970
1866
 
@@ -1972,8 +1868,7 @@ class AuthBackendRole(pulumi.CustomResource):
1972
1868
  @pulumi.getter(name="tokenNumUses")
1973
1869
  def token_num_uses(self) -> pulumi.Output[Optional[int]]:
1974
1870
  """
1975
- The [maximum number](https://www.vaultproject.io/api-docs/auth/aws#token_num_uses)
1976
- of times a generated token may be used (within its lifetime); 0 means unlimited.
1871
+ The maximum number of times a token may be used, a value of zero means unlimited
1977
1872
  """
1978
1873
  return pulumi.get(self, "token_num_uses")
1979
1874
 
@@ -1981,10 +1876,7 @@ class AuthBackendRole(pulumi.CustomResource):
1981
1876
  @pulumi.getter(name="tokenPeriod")
1982
1877
  def token_period(self) -> pulumi.Output[Optional[int]]:
1983
1878
  """
1984
- If set, indicates that the
1985
- token generated using this role should never expire. The token should be renewed within the
1986
- duration specified by this value. At each renewal, the token's TTL will be set to the
1987
- value of this field. Specified in seconds.
1879
+ Generated Token's Period
1988
1880
  """
1989
1881
  return pulumi.get(self, "token_period")
1990
1882
 
@@ -1992,8 +1884,7 @@ class AuthBackendRole(pulumi.CustomResource):
1992
1884
  @pulumi.getter(name="tokenPolicies")
1993
1885
  def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
1994
1886
  """
1995
- List of policies to encode onto generated tokens. Depending
1996
- on the auth method, this list may be supplemented by user/group/other values.
1887
+ Generated Token's Policies
1997
1888
  """
1998
1889
  return pulumi.get(self, "token_policies")
1999
1890
 
@@ -2001,8 +1892,7 @@ class AuthBackendRole(pulumi.CustomResource):
2001
1892
  @pulumi.getter(name="tokenTtl")
2002
1893
  def token_ttl(self) -> pulumi.Output[Optional[int]]:
2003
1894
  """
2004
- The incremental lifetime for generated tokens in number of seconds.
2005
- Its current value will be referenced at renewal time.
1895
+ The initial ttl of the token to generate in seconds
2006
1896
  """
2007
1897
  return pulumi.get(self, "token_ttl")
2008
1898
 
@@ -2010,11 +1900,7 @@ class AuthBackendRole(pulumi.CustomResource):
2010
1900
  @pulumi.getter(name="tokenType")
2011
1901
  def token_type(self) -> pulumi.Output[Optional[str]]:
2012
1902
  """
2013
- The type of token that should be generated. Can be `service`,
2014
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
2015
- `service` tokens). For token store roles, there are two additional possibilities:
2016
- `default-service` and `default-batch` which specify the type to return unless the client
2017
- requests a different type at generation time.
1903
+ The type of token to generate, service or batch
2018
1904
  """
2019
1905
  return pulumi.get(self, "token_type")
2020
1906
 
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['AuthBackendRoleTagArgs', 'AuthBackendRoleTag']
@@ -34,7 +39,7 @@ class AuthBackendRoleTagArgs:
34
39
  :param pulumi.Input[str] max_ttl: The maximum TTL of the tokens issued using this role.
35
40
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
36
41
  The value should not contain leading or trailing forward slashes.
37
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
42
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
38
43
  *Available only for Vault Enterprise*.
39
44
  :param pulumi.Input[Sequence[pulumi.Input[str]]] policies: The policies to be associated with the tag. Must be a subset of the policies associated with the role.
40
45
  """
@@ -134,7 +139,7 @@ class AuthBackendRoleTagArgs:
134
139
  """
135
140
  The namespace to provision the resource in.
136
141
  The value should not contain leading or trailing forward slashes.
137
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
142
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
138
143
  *Available only for Vault Enterprise*.
139
144
  """
140
145
  return pulumi.get(self, "namespace")
@@ -179,7 +184,7 @@ class _AuthBackendRoleTagState:
179
184
  :param pulumi.Input[str] max_ttl: The maximum TTL of the tokens issued using this role.
180
185
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
181
186
  The value should not contain leading or trailing forward slashes.
182
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
187
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
183
188
  *Available only for Vault Enterprise*.
184
189
  :param pulumi.Input[Sequence[pulumi.Input[str]]] policies: The policies to be associated with the tag. Must be a subset of the policies associated with the role.
185
190
  :param pulumi.Input[str] role: The name of the AWS auth backend role to read
@@ -275,7 +280,7 @@ class _AuthBackendRoleTagState:
275
280
  """
276
281
  The namespace to provision the resource in.
277
282
  The value should not contain leading or trailing forward slashes.
278
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
283
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
279
284
  *Available only for Vault Enterprise*.
280
285
  """
281
286
  return pulumi.get(self, "namespace")
@@ -361,7 +366,7 @@ class AuthBackendRoleTag(pulumi.CustomResource):
361
366
  :param pulumi.Input[str] max_ttl: The maximum TTL of the tokens issued using this role.
362
367
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
363
368
  The value should not contain leading or trailing forward slashes.
364
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
369
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
365
370
  *Available only for Vault Enterprise*.
366
371
  :param pulumi.Input[Sequence[pulumi.Input[str]]] policies: The policies to be associated with the tag. Must be a subset of the policies associated with the role.
367
372
  :param pulumi.Input[str] role: The name of the AWS auth backend role to read
@@ -455,7 +460,7 @@ class AuthBackendRoleTag(pulumi.CustomResource):
455
460
  :param pulumi.Input[str] max_ttl: The maximum TTL of the tokens issued using this role.
456
461
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
457
462
  The value should not contain leading or trailing forward slashes.
458
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
463
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
459
464
  *Available only for Vault Enterprise*.
460
465
  :param pulumi.Input[Sequence[pulumi.Input[str]]] policies: The policies to be associated with the tag. Must be a subset of the policies associated with the role.
461
466
  :param pulumi.Input[str] role: The name of the AWS auth backend role to read
@@ -526,7 +531,7 @@ class AuthBackendRoleTag(pulumi.CustomResource):
526
531
  """
527
532
  The namespace to provision the resource in.
528
533
  The value should not contain leading or trailing forward slashes.
529
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
534
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
530
535
  *Available only for Vault Enterprise*.
531
536
  """
532
537
  return pulumi.get(self, "namespace")