pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['AuthBackendRoletagBlacklistArgs', 'AuthBackendRoletagBlacklist']
@@ -26,7 +31,7 @@ class AuthBackendRoletagBlacklistArgs:
26
31
  tidying of the roletag blacklist entries. Defaults to false.
27
32
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
28
33
  The value should not contain leading or trailing forward slashes.
29
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
34
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
30
35
  *Available only for Vault Enterprise*.
31
36
  :param pulumi.Input[int] safety_buffer: The amount of extra time that must have passed
32
37
  beyond the roletag expiration, before it is removed from the backend storage.
@@ -72,7 +77,7 @@ class AuthBackendRoletagBlacklistArgs:
72
77
  """
73
78
  The namespace to provision the resource in.
74
79
  The value should not contain leading or trailing forward slashes.
75
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
80
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
76
81
  *Available only for Vault Enterprise*.
77
82
  """
78
83
  return pulumi.get(self, "namespace")
@@ -111,7 +116,7 @@ class _AuthBackendRoletagBlacklistState:
111
116
  tidying of the roletag blacklist entries. Defaults to false.
112
117
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
113
118
  The value should not contain leading or trailing forward slashes.
114
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
119
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
115
120
  *Available only for Vault Enterprise*.
116
121
  :param pulumi.Input[int] safety_buffer: The amount of extra time that must have passed
117
122
  beyond the roletag expiration, before it is removed from the backend storage.
@@ -158,7 +163,7 @@ class _AuthBackendRoletagBlacklistState:
158
163
  """
159
164
  The namespace to provision the resource in.
160
165
  The value should not contain leading or trailing forward slashes.
161
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
166
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
162
167
  *Available only for Vault Enterprise*.
163
168
  """
164
169
  return pulumi.get(self, "namespace")
@@ -201,9 +206,9 @@ class AuthBackendRoletagBlacklist(pulumi.CustomResource):
201
206
  import pulumi
202
207
  import pulumi_vault as vault
203
208
 
204
- example_auth_backend = vault.AuthBackend("exampleAuthBackend", type="aws")
205
- example_auth_backend_roletag_blacklist = vault.aws.AuthBackendRoletagBlacklist("exampleAuthBackendRoletagBlacklist",
206
- backend=example_auth_backend.path,
209
+ example = vault.AuthBackend("example", type="aws")
210
+ example_auth_backend_roletag_blacklist = vault.aws.AuthBackendRoletagBlacklist("example",
211
+ backend=example.path,
207
212
  safety_buffer=360)
208
213
  ```
209
214
 
@@ -215,7 +220,7 @@ class AuthBackendRoletagBlacklist(pulumi.CustomResource):
215
220
  tidying of the roletag blacklist entries. Defaults to false.
216
221
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
217
222
  The value should not contain leading or trailing forward slashes.
218
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
223
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
219
224
  *Available only for Vault Enterprise*.
220
225
  :param pulumi.Input[int] safety_buffer: The amount of extra time that must have passed
221
226
  beyond the roletag expiration, before it is removed from the backend storage.
@@ -236,9 +241,9 @@ class AuthBackendRoletagBlacklist(pulumi.CustomResource):
236
241
  import pulumi
237
242
  import pulumi_vault as vault
238
243
 
239
- example_auth_backend = vault.AuthBackend("exampleAuthBackend", type="aws")
240
- example_auth_backend_roletag_blacklist = vault.aws.AuthBackendRoletagBlacklist("exampleAuthBackendRoletagBlacklist",
241
- backend=example_auth_backend.path,
244
+ example = vault.AuthBackend("example", type="aws")
245
+ example_auth_backend_roletag_blacklist = vault.aws.AuthBackendRoletagBlacklist("example",
246
+ backend=example.path,
242
247
  safety_buffer=360)
243
248
  ```
244
249
 
@@ -303,7 +308,7 @@ class AuthBackendRoletagBlacklist(pulumi.CustomResource):
303
308
  tidying of the roletag blacklist entries. Defaults to false.
304
309
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
305
310
  The value should not contain leading or trailing forward slashes.
306
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
311
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
307
312
  *Available only for Vault Enterprise*.
308
313
  :param pulumi.Input[int] safety_buffer: The amount of extra time that must have passed
309
314
  beyond the roletag expiration, before it is removed from the backend storage.
@@ -343,7 +348,7 @@ class AuthBackendRoletagBlacklist(pulumi.CustomResource):
343
348
  """
344
349
  The namespace to provision the resource in.
345
350
  The value should not contain leading or trailing forward slashes.
346
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
351
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
347
352
  *Available only for Vault Enterprise*.
348
353
  """
349
354
  return pulumi.get(self, "namespace")
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['AuthBackendStsRoleArgs', 'AuthBackendStsRole']
@@ -27,7 +32,7 @@ class AuthBackendStsRoleArgs:
27
32
  mounted at. Defaults to `aws`.
28
33
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
29
34
  The value should not contain leading or trailing forward slashes.
30
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
35
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
31
36
  *Available only for Vault Enterprise*.
32
37
  """
33
38
  pulumi.set(__self__, "account_id", account_id)
@@ -81,7 +86,7 @@ class AuthBackendStsRoleArgs:
81
86
  """
82
87
  The namespace to provision the resource in.
83
88
  The value should not contain leading or trailing forward slashes.
84
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
89
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
85
90
  *Available only for Vault Enterprise*.
86
91
  """
87
92
  return pulumi.get(self, "namespace")
@@ -105,7 +110,7 @@ class _AuthBackendStsRoleState:
105
110
  mounted at. Defaults to `aws`.
106
111
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
107
112
  The value should not contain leading or trailing forward slashes.
108
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
113
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
109
114
  *Available only for Vault Enterprise*.
110
115
  :param pulumi.Input[str] sts_role: The STS role to assume when verifying requests made
111
116
  by EC2 instances in the account specified by `account_id`.
@@ -150,7 +155,7 @@ class _AuthBackendStsRoleState:
150
155
  """
151
156
  The namespace to provision the resource in.
152
157
  The value should not contain leading or trailing forward slashes.
153
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
158
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
154
159
  *Available only for Vault Enterprise*.
155
160
  """
156
161
  return pulumi.get(self, "namespace")
@@ -202,7 +207,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
202
207
  AWS auth backend STS roles can be imported using `auth/`, the `backend` path, `/config/sts/`, and the `account_id` e.g.
203
208
 
204
209
  ```sh
205
- $ pulumi import vault:aws/authBackendStsRole:AuthBackendStsRole example auth/aws/config/sts/1234567890
210
+ $ pulumi import vault:aws/authBackendStsRole:AuthBackendStsRole example auth/aws/config/sts/1234567890
206
211
  ```
207
212
 
208
213
  :param str resource_name: The name of the resource.
@@ -212,7 +217,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
212
217
  mounted at. Defaults to `aws`.
213
218
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
214
219
  The value should not contain leading or trailing forward slashes.
215
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
220
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
216
221
  *Available only for Vault Enterprise*.
217
222
  :param pulumi.Input[str] sts_role: The STS role to assume when verifying requests made
218
223
  by EC2 instances in the account specified by `account_id`.
@@ -242,7 +247,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
242
247
  AWS auth backend STS roles can be imported using `auth/`, the `backend` path, `/config/sts/`, and the `account_id` e.g.
243
248
 
244
249
  ```sh
245
- $ pulumi import vault:aws/authBackendStsRole:AuthBackendStsRole example auth/aws/config/sts/1234567890
250
+ $ pulumi import vault:aws/authBackendStsRole:AuthBackendStsRole example auth/aws/config/sts/1234567890
246
251
  ```
247
252
 
248
253
  :param str resource_name: The name of the resource.
@@ -307,7 +312,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
307
312
  mounted at. Defaults to `aws`.
308
313
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
309
314
  The value should not contain leading or trailing forward slashes.
310
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
315
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
311
316
  *Available only for Vault Enterprise*.
312
317
  :param pulumi.Input[str] sts_role: The STS role to assume when verifying requests made
313
318
  by EC2 instances in the account specified by `account_id`.
@@ -345,7 +350,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
345
350
  """
346
351
  The namespace to provision the resource in.
347
352
  The value should not contain leading or trailing forward slashes.
348
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
353
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
349
354
  *Available only for Vault Enterprise*.
350
355
  """
351
356
  return pulumi.get(self, "namespace")
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = [
@@ -196,13 +201,14 @@ def get_access_credentials(backend: Optional[str] = None,
196
201
  type: Optional[str] = None,
197
202
  opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetAccessCredentialsResult:
198
203
  """
199
- Use this data source to access information about an existing resource.
204
+ ## Example Usage
205
+
200
206
 
201
207
  :param str backend: The path to the AWS secret backend to
202
208
  read credentials from, with no leading or trailing `/`s.
203
209
  :param str namespace: The namespace of the target resource.
204
210
  The value should not contain leading or trailing forward slashes.
205
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
211
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
206
212
  *Available only for Vault Enterprise*.
207
213
  :param str region: The region the read credentials belong to.
208
214
  :param str role: The name of the AWS secret backend role to read
@@ -245,9 +251,6 @@ def get_access_credentials(backend: Optional[str] = None,
245
251
  security_token=pulumi.get(__ret__, 'security_token'),
246
252
  ttl=pulumi.get(__ret__, 'ttl'),
247
253
  type=pulumi.get(__ret__, 'type'))
248
-
249
-
250
- @_utilities.lift_output_func(get_access_credentials)
251
254
  def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
252
255
  namespace: Optional[pulumi.Input[Optional[str]]] = None,
253
256
  region: Optional[pulumi.Input[Optional[str]]] = None,
@@ -255,15 +258,16 @@ def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
255
258
  role_arn: Optional[pulumi.Input[Optional[str]]] = None,
256
259
  ttl: Optional[pulumi.Input[Optional[str]]] = None,
257
260
  type: Optional[pulumi.Input[Optional[str]]] = None,
258
- opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAccessCredentialsResult]:
261
+ opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAccessCredentialsResult]:
259
262
  """
260
- Use this data source to access information about an existing resource.
263
+ ## Example Usage
264
+
261
265
 
262
266
  :param str backend: The path to the AWS secret backend to
263
267
  read credentials from, with no leading or trailing `/`s.
264
268
  :param str namespace: The namespace of the target resource.
265
269
  The value should not contain leading or trailing forward slashes.
266
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
270
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
267
271
  *Available only for Vault Enterprise*.
268
272
  :param str region: The region the read credentials belong to.
269
273
  :param str role: The name of the AWS secret backend role to read
@@ -279,4 +283,29 @@ def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
279
283
  Key. Can also be set to `"sts"`, which will return a security token
280
284
  in addition to the keys.
281
285
  """
282
- ...
286
+ __args__ = dict()
287
+ __args__['backend'] = backend
288
+ __args__['namespace'] = namespace
289
+ __args__['region'] = region
290
+ __args__['role'] = role
291
+ __args__['roleArn'] = role_arn
292
+ __args__['ttl'] = ttl
293
+ __args__['type'] = type
294
+ opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
295
+ __ret__ = pulumi.runtime.invoke_output('vault:aws/getAccessCredentials:getAccessCredentials', __args__, opts=opts, typ=GetAccessCredentialsResult)
296
+ return __ret__.apply(lambda __response__: GetAccessCredentialsResult(
297
+ access_key=pulumi.get(__response__, 'access_key'),
298
+ backend=pulumi.get(__response__, 'backend'),
299
+ id=pulumi.get(__response__, 'id'),
300
+ lease_duration=pulumi.get(__response__, 'lease_duration'),
301
+ lease_id=pulumi.get(__response__, 'lease_id'),
302
+ lease_renewable=pulumi.get(__response__, 'lease_renewable'),
303
+ lease_start_time=pulumi.get(__response__, 'lease_start_time'),
304
+ namespace=pulumi.get(__response__, 'namespace'),
305
+ region=pulumi.get(__response__, 'region'),
306
+ role=pulumi.get(__response__, 'role'),
307
+ role_arn=pulumi.get(__response__, 'role_arn'),
308
+ secret_key=pulumi.get(__response__, 'secret_key'),
309
+ security_token=pulumi.get(__response__, 'security_token'),
310
+ ttl=pulumi.get(__response__, 'ttl'),
311
+ type=pulumi.get(__response__, 'type')))
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = [
@@ -110,14 +115,23 @@ def get_static_access_credentials(backend: Optional[str] = None,
110
115
  name=pulumi.get(__ret__, 'name'),
111
116
  namespace=pulumi.get(__ret__, 'namespace'),
112
117
  secret_key=pulumi.get(__ret__, 'secret_key'))
113
-
114
-
115
- @_utilities.lift_output_func(get_static_access_credentials)
116
118
  def get_static_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
117
119
  name: Optional[pulumi.Input[str]] = None,
118
120
  namespace: Optional[pulumi.Input[Optional[str]]] = None,
119
- opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetStaticAccessCredentialsResult]:
121
+ opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetStaticAccessCredentialsResult]:
120
122
  """
121
123
  Use this data source to access information about an existing resource.
122
124
  """
123
- ...
125
+ __args__ = dict()
126
+ __args__['backend'] = backend
127
+ __args__['name'] = name
128
+ __args__['namespace'] = namespace
129
+ opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
130
+ __ret__ = pulumi.runtime.invoke_output('vault:aws/getStaticAccessCredentials:getStaticAccessCredentials', __args__, opts=opts, typ=GetStaticAccessCredentialsResult)
131
+ return __ret__.apply(lambda __response__: GetStaticAccessCredentialsResult(
132
+ access_key=pulumi.get(__response__, 'access_key'),
133
+ backend=pulumi.get(__response__, 'backend'),
134
+ id=pulumi.get(__response__, 'id'),
135
+ name=pulumi.get(__response__, 'name'),
136
+ namespace=pulumi.get(__response__, 'namespace'),
137
+ secret_key=pulumi.get(__response__, 'secret_key')))
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretBackendArgs', 'SecretBackend']
@@ -49,12 +54,21 @@ class SecretBackendArgs:
49
54
  for credentials issued by this backend.
50
55
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
51
56
  The value should not contain leading or trailing forward slashes.
52
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
57
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
53
58
  *Available only for Vault Enterprise*.
54
59
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
55
60
  not begin or end with a `/`. Defaults to `aws`.
56
61
  :param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
57
62
  :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
63
+
64
+ ```
65
+ {{ if (eq .Type "STS") }}
66
+ {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
67
+ {{ else }}
68
+ {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
69
+ {{ end }}
70
+
71
+ ```
58
72
  :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
59
73
  :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
60
74
  :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
@@ -224,7 +238,7 @@ class SecretBackendArgs:
224
238
  """
225
239
  The namespace to provision the resource in.
226
240
  The value should not contain leading or trailing forward slashes.
227
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
241
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
228
242
  *Available only for Vault Enterprise*.
229
243
  """
230
244
  return pulumi.get(self, "namespace")
@@ -263,6 +277,15 @@ class SecretBackendArgs:
263
277
  def role_arn(self) -> Optional[pulumi.Input[str]]:
264
278
  """
265
279
  Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
280
+
281
+ ```
282
+ {{ if (eq .Type "STS") }}
283
+ {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
284
+ {{ else }}
285
+ {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
286
+ {{ end }}
287
+
288
+ ```
266
289
  """
267
290
  return pulumi.get(self, "role_arn")
268
291
 
@@ -345,12 +368,21 @@ class _SecretBackendState:
345
368
  for credentials issued by this backend.
346
369
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
347
370
  The value should not contain leading or trailing forward slashes.
348
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
371
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
349
372
  *Available only for Vault Enterprise*.
350
373
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
351
374
  not begin or end with a `/`. Defaults to `aws`.
352
375
  :param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
353
376
  :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
377
+
378
+ ```
379
+ {{ if (eq .Type "STS") }}
380
+ {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
381
+ {{ else }}
382
+ {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
383
+ {{ end }}
384
+
385
+ ```
354
386
  :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
355
387
  :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
356
388
  :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
@@ -520,7 +552,7 @@ class _SecretBackendState:
520
552
  """
521
553
  The namespace to provision the resource in.
522
554
  The value should not contain leading or trailing forward slashes.
523
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
555
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
524
556
  *Available only for Vault Enterprise*.
525
557
  """
526
558
  return pulumi.get(self, "namespace")
@@ -559,6 +591,15 @@ class _SecretBackendState:
559
591
  def role_arn(self) -> Optional[pulumi.Input[str]]:
560
592
  """
561
593
  Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
594
+
595
+ ```
596
+ {{ if (eq .Type "STS") }}
597
+ {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
598
+ {{ else }}
599
+ {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
600
+ {{ end }}
601
+
602
+ ```
562
603
  """
563
604
  return pulumi.get(self, "role_arn")
564
605
 
@@ -632,7 +673,7 @@ class SecretBackend(pulumi.CustomResource):
632
673
  AWS secret backends can be imported using the `path`, e.g.
633
674
 
634
675
  ```sh
635
- $ pulumi import vault:aws/secretBackend:SecretBackend aws aws
676
+ $ pulumi import vault:aws/secretBackend:SecretBackend aws aws
636
677
  ```
637
678
 
638
679
  :param str resource_name: The name of the resource.
@@ -653,12 +694,21 @@ class SecretBackend(pulumi.CustomResource):
653
694
  for credentials issued by this backend.
654
695
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
655
696
  The value should not contain leading or trailing forward slashes.
656
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
697
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
657
698
  *Available only for Vault Enterprise*.
658
699
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
659
700
  not begin or end with a `/`. Defaults to `aws`.
660
701
  :param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
661
702
  :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
703
+
704
+ ```
705
+ {{ if (eq .Type "STS") }}
706
+ {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
707
+ {{ else }}
708
+ {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
709
+ {{ end }}
710
+
711
+ ```
662
712
  :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
663
713
  :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
664
714
  :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
@@ -675,7 +725,7 @@ class SecretBackend(pulumi.CustomResource):
675
725
  AWS secret backends can be imported using the `path`, e.g.
676
726
 
677
727
  ```sh
678
- $ pulumi import vault:aws/secretBackend:SecretBackend aws aws
728
+ $ pulumi import vault:aws/secretBackend:SecretBackend aws aws
679
729
  ```
680
730
 
681
731
  :param str resource_name: The name of the resource.
@@ -788,12 +838,21 @@ class SecretBackend(pulumi.CustomResource):
788
838
  for credentials issued by this backend.
789
839
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
790
840
  The value should not contain leading or trailing forward slashes.
791
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
841
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
792
842
  *Available only for Vault Enterprise*.
793
843
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
794
844
  not begin or end with a `/`. Defaults to `aws`.
795
845
  :param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
796
846
  :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
847
+
848
+ ```
849
+ {{ if (eq .Type "STS") }}
850
+ {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
851
+ {{ else }}
852
+ {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
853
+ {{ end }}
854
+
855
+ ```
797
856
  :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
798
857
  :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
799
858
  :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
@@ -911,7 +970,7 @@ class SecretBackend(pulumi.CustomResource):
911
970
  """
912
971
  The namespace to provision the resource in.
913
972
  The value should not contain leading or trailing forward slashes.
914
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
973
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
915
974
  *Available only for Vault Enterprise*.
916
975
  """
917
976
  return pulumi.get(self, "namespace")
@@ -938,6 +997,15 @@ class SecretBackend(pulumi.CustomResource):
938
997
  def role_arn(self) -> pulumi.Output[Optional[str]]:
939
998
  """
940
999
  Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
1000
+
1001
+ ```
1002
+ {{ if (eq .Type "STS") }}
1003
+ {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
1004
+ {{ else }}
1005
+ {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
1006
+ {{ end }}
1007
+
1008
+ ```
941
1009
  """
942
1010
  return pulumi.get(self, "role_arn")
943
1011