pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
@@ -17,7 +22,9 @@ class SecretBackendRoleArgs:
17
22
  backend: pulumi.Input[str],
18
23
  credential_type: pulumi.Input[str],
19
24
  default_sts_ttl: Optional[pulumi.Input[int]] = None,
25
+ external_id: Optional[pulumi.Input[str]] = None,
20
26
  iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
27
+ iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
21
28
  max_sts_ttl: Optional[pulumi.Input[int]] = None,
22
29
  name: Optional[pulumi.Input[str]] = None,
23
30
  namespace: Optional[pulumi.Input[str]] = None,
@@ -25,6 +32,7 @@ class SecretBackendRoleArgs:
25
32
  policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
26
33
  policy_document: Optional[pulumi.Input[str]] = None,
27
34
  role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
35
+ session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
28
36
  user_path: Optional[pulumi.Input[str]] = None):
29
37
  """
30
38
  The set of arguments for constructing a SecretBackendRole resource.
@@ -38,12 +46,16 @@ class SecretBackendRoleArgs:
38
46
  and a default TTL is specified on the role,
39
47
  then this default TTL will be used. Valid only when `credential_type` is one of
40
48
  `assumed_role` or `federation_token`.
49
+ :param pulumi.Input[str] external_id: External ID to set for assume role creds.
50
+ Valid only when `credential_type` is set to `assumed_role`.
41
51
  :param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
42
52
  against this vault role will be added to these IAM Groups. For a credential
43
53
  type of `assumed_role` or `federation_token`, the policies sent to the
44
54
  corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
45
55
  policies from each group in `iam_groups` combined with the `policy_document`
46
56
  and `policy_arns` parameters.
57
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
58
+ to be used as tags for any IAM user that is created by this role.
47
59
  :param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
48
60
  (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
49
61
  one of `assumed_role` or `federation_token`.
@@ -51,7 +63,7 @@ class SecretBackendRoleArgs:
51
63
  Must be unique within the backend.
52
64
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
53
65
  The value should not contain leading or trailing forward slashes.
54
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
66
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
55
67
  *Available only for Vault Enterprise*.
56
68
  :param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
57
69
  Boundary to attach to IAM users created in the role. Valid only when
@@ -72,6 +84,9 @@ class SecretBackendRoleArgs:
72
84
  :param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
73
85
  is allowed to assume. Required when `credential_type` is `assumed_role` and
74
86
  prohibited otherwise.
87
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
88
+ during assume role creds creation. Valid only when `credential_type` is set to
89
+ `assumed_role`.
75
90
  :param pulumi.Input[str] user_path: The path for the user name. Valid only when
76
91
  `credential_type` is `iam_user`. Default is `/`.
77
92
  """
@@ -79,8 +94,12 @@ class SecretBackendRoleArgs:
79
94
  pulumi.set(__self__, "credential_type", credential_type)
80
95
  if default_sts_ttl is not None:
81
96
  pulumi.set(__self__, "default_sts_ttl", default_sts_ttl)
97
+ if external_id is not None:
98
+ pulumi.set(__self__, "external_id", external_id)
82
99
  if iam_groups is not None:
83
100
  pulumi.set(__self__, "iam_groups", iam_groups)
101
+ if iam_tags is not None:
102
+ pulumi.set(__self__, "iam_tags", iam_tags)
84
103
  if max_sts_ttl is not None:
85
104
  pulumi.set(__self__, "max_sts_ttl", max_sts_ttl)
86
105
  if name is not None:
@@ -95,6 +114,8 @@ class SecretBackendRoleArgs:
95
114
  pulumi.set(__self__, "policy_document", policy_document)
96
115
  if role_arns is not None:
97
116
  pulumi.set(__self__, "role_arns", role_arns)
117
+ if session_tags is not None:
118
+ pulumi.set(__self__, "session_tags", session_tags)
98
119
  if user_path is not None:
99
120
  pulumi.set(__self__, "user_path", user_path)
100
121
 
@@ -141,6 +162,19 @@ class SecretBackendRoleArgs:
141
162
  def default_sts_ttl(self, value: Optional[pulumi.Input[int]]):
142
163
  pulumi.set(self, "default_sts_ttl", value)
143
164
 
165
+ @property
166
+ @pulumi.getter(name="externalId")
167
+ def external_id(self) -> Optional[pulumi.Input[str]]:
168
+ """
169
+ External ID to set for assume role creds.
170
+ Valid only when `credential_type` is set to `assumed_role`.
171
+ """
172
+ return pulumi.get(self, "external_id")
173
+
174
+ @external_id.setter
175
+ def external_id(self, value: Optional[pulumi.Input[str]]):
176
+ pulumi.set(self, "external_id", value)
177
+
144
178
  @property
145
179
  @pulumi.getter(name="iamGroups")
146
180
  def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -158,6 +192,19 @@ class SecretBackendRoleArgs:
158
192
  def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
159
193
  pulumi.set(self, "iam_groups", value)
160
194
 
195
+ @property
196
+ @pulumi.getter(name="iamTags")
197
+ def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
198
+ """
199
+ A map of strings representing key/value pairs
200
+ to be used as tags for any IAM user that is created by this role.
201
+ """
202
+ return pulumi.get(self, "iam_tags")
203
+
204
+ @iam_tags.setter
205
+ def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
206
+ pulumi.set(self, "iam_tags", value)
207
+
161
208
  @property
162
209
  @pulumi.getter(name="maxStsTtl")
163
210
  def max_sts_ttl(self) -> Optional[pulumi.Input[int]]:
@@ -191,7 +238,7 @@ class SecretBackendRoleArgs:
191
238
  """
192
239
  The namespace to provision the resource in.
193
240
  The value should not contain leading or trailing forward slashes.
194
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
241
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
195
242
  *Available only for Vault Enterprise*.
196
243
  """
197
244
  return pulumi.get(self, "namespace")
@@ -263,6 +310,20 @@ class SecretBackendRoleArgs:
263
310
  def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
264
311
  pulumi.set(self, "role_arns", value)
265
312
 
313
+ @property
314
+ @pulumi.getter(name="sessionTags")
315
+ def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
316
+ """
317
+ A map of strings representing key/value pairs to be set
318
+ during assume role creds creation. Valid only when `credential_type` is set to
319
+ `assumed_role`.
320
+ """
321
+ return pulumi.get(self, "session_tags")
322
+
323
+ @session_tags.setter
324
+ def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
325
+ pulumi.set(self, "session_tags", value)
326
+
266
327
  @property
267
328
  @pulumi.getter(name="userPath")
268
329
  def user_path(self) -> Optional[pulumi.Input[str]]:
@@ -283,7 +344,9 @@ class _SecretBackendRoleState:
283
344
  backend: Optional[pulumi.Input[str]] = None,
284
345
  credential_type: Optional[pulumi.Input[str]] = None,
285
346
  default_sts_ttl: Optional[pulumi.Input[int]] = None,
347
+ external_id: Optional[pulumi.Input[str]] = None,
286
348
  iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
349
+ iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
287
350
  max_sts_ttl: Optional[pulumi.Input[int]] = None,
288
351
  name: Optional[pulumi.Input[str]] = None,
289
352
  namespace: Optional[pulumi.Input[str]] = None,
@@ -291,6 +354,7 @@ class _SecretBackendRoleState:
291
354
  policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
292
355
  policy_document: Optional[pulumi.Input[str]] = None,
293
356
  role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
357
+ session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
294
358
  user_path: Optional[pulumi.Input[str]] = None):
295
359
  """
296
360
  Input properties used for looking up and filtering SecretBackendRole resources.
@@ -304,12 +368,16 @@ class _SecretBackendRoleState:
304
368
  and a default TTL is specified on the role,
305
369
  then this default TTL will be used. Valid only when `credential_type` is one of
306
370
  `assumed_role` or `federation_token`.
371
+ :param pulumi.Input[str] external_id: External ID to set for assume role creds.
372
+ Valid only when `credential_type` is set to `assumed_role`.
307
373
  :param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
308
374
  against this vault role will be added to these IAM Groups. For a credential
309
375
  type of `assumed_role` or `federation_token`, the policies sent to the
310
376
  corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
311
377
  policies from each group in `iam_groups` combined with the `policy_document`
312
378
  and `policy_arns` parameters.
379
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
380
+ to be used as tags for any IAM user that is created by this role.
313
381
  :param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
314
382
  (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
315
383
  one of `assumed_role` or `federation_token`.
@@ -317,7 +385,7 @@ class _SecretBackendRoleState:
317
385
  Must be unique within the backend.
318
386
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
319
387
  The value should not contain leading or trailing forward slashes.
320
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
388
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
321
389
  *Available only for Vault Enterprise*.
322
390
  :param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
323
391
  Boundary to attach to IAM users created in the role. Valid only when
@@ -338,6 +406,9 @@ class _SecretBackendRoleState:
338
406
  :param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
339
407
  is allowed to assume. Required when `credential_type` is `assumed_role` and
340
408
  prohibited otherwise.
409
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
410
+ during assume role creds creation. Valid only when `credential_type` is set to
411
+ `assumed_role`.
341
412
  :param pulumi.Input[str] user_path: The path for the user name. Valid only when
342
413
  `credential_type` is `iam_user`. Default is `/`.
343
414
  """
@@ -347,8 +418,12 @@ class _SecretBackendRoleState:
347
418
  pulumi.set(__self__, "credential_type", credential_type)
348
419
  if default_sts_ttl is not None:
349
420
  pulumi.set(__self__, "default_sts_ttl", default_sts_ttl)
421
+ if external_id is not None:
422
+ pulumi.set(__self__, "external_id", external_id)
350
423
  if iam_groups is not None:
351
424
  pulumi.set(__self__, "iam_groups", iam_groups)
425
+ if iam_tags is not None:
426
+ pulumi.set(__self__, "iam_tags", iam_tags)
352
427
  if max_sts_ttl is not None:
353
428
  pulumi.set(__self__, "max_sts_ttl", max_sts_ttl)
354
429
  if name is not None:
@@ -363,6 +438,8 @@ class _SecretBackendRoleState:
363
438
  pulumi.set(__self__, "policy_document", policy_document)
364
439
  if role_arns is not None:
365
440
  pulumi.set(__self__, "role_arns", role_arns)
441
+ if session_tags is not None:
442
+ pulumi.set(__self__, "session_tags", session_tags)
366
443
  if user_path is not None:
367
444
  pulumi.set(__self__, "user_path", user_path)
368
445
 
@@ -409,6 +486,19 @@ class _SecretBackendRoleState:
409
486
  def default_sts_ttl(self, value: Optional[pulumi.Input[int]]):
410
487
  pulumi.set(self, "default_sts_ttl", value)
411
488
 
489
+ @property
490
+ @pulumi.getter(name="externalId")
491
+ def external_id(self) -> Optional[pulumi.Input[str]]:
492
+ """
493
+ External ID to set for assume role creds.
494
+ Valid only when `credential_type` is set to `assumed_role`.
495
+ """
496
+ return pulumi.get(self, "external_id")
497
+
498
+ @external_id.setter
499
+ def external_id(self, value: Optional[pulumi.Input[str]]):
500
+ pulumi.set(self, "external_id", value)
501
+
412
502
  @property
413
503
  @pulumi.getter(name="iamGroups")
414
504
  def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -426,6 +516,19 @@ class _SecretBackendRoleState:
426
516
  def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
427
517
  pulumi.set(self, "iam_groups", value)
428
518
 
519
+ @property
520
+ @pulumi.getter(name="iamTags")
521
+ def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
522
+ """
523
+ A map of strings representing key/value pairs
524
+ to be used as tags for any IAM user that is created by this role.
525
+ """
526
+ return pulumi.get(self, "iam_tags")
527
+
528
+ @iam_tags.setter
529
+ def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
530
+ pulumi.set(self, "iam_tags", value)
531
+
429
532
  @property
430
533
  @pulumi.getter(name="maxStsTtl")
431
534
  def max_sts_ttl(self) -> Optional[pulumi.Input[int]]:
@@ -459,7 +562,7 @@ class _SecretBackendRoleState:
459
562
  """
460
563
  The namespace to provision the resource in.
461
564
  The value should not contain leading or trailing forward slashes.
462
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
565
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
463
566
  *Available only for Vault Enterprise*.
464
567
  """
465
568
  return pulumi.get(self, "namespace")
@@ -531,6 +634,20 @@ class _SecretBackendRoleState:
531
634
  def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
532
635
  pulumi.set(self, "role_arns", value)
533
636
 
637
+ @property
638
+ @pulumi.getter(name="sessionTags")
639
+ def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
640
+ """
641
+ A map of strings representing key/value pairs to be set
642
+ during assume role creds creation. Valid only when `credential_type` is set to
643
+ `assumed_role`.
644
+ """
645
+ return pulumi.get(self, "session_tags")
646
+
647
+ @session_tags.setter
648
+ def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
649
+ pulumi.set(self, "session_tags", value)
650
+
534
651
  @property
535
652
  @pulumi.getter(name="userPath")
536
653
  def user_path(self) -> Optional[pulumi.Input[str]]:
@@ -553,7 +670,9 @@ class SecretBackendRole(pulumi.CustomResource):
553
670
  backend: Optional[pulumi.Input[str]] = None,
554
671
  credential_type: Optional[pulumi.Input[str]] = None,
555
672
  default_sts_ttl: Optional[pulumi.Input[int]] = None,
673
+ external_id: Optional[pulumi.Input[str]] = None,
556
674
  iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
675
+ iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
557
676
  max_sts_ttl: Optional[pulumi.Input[int]] = None,
558
677
  name: Optional[pulumi.Input[str]] = None,
559
678
  namespace: Optional[pulumi.Input[str]] = None,
@@ -561,6 +680,7 @@ class SecretBackendRole(pulumi.CustomResource):
561
680
  policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
562
681
  policy_document: Optional[pulumi.Input[str]] = None,
563
682
  role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
683
+ session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
564
684
  user_path: Optional[pulumi.Input[str]] = None,
565
685
  __props__=None):
566
686
  """
@@ -575,6 +695,7 @@ class SecretBackendRole(pulumi.CustomResource):
575
695
  secret_key="AWS secret key")
576
696
  role = vault.aws.SecretBackendRole("role",
577
697
  backend=aws.path,
698
+ name="deploy",
578
699
  credential_type="iam_user",
579
700
  policy_document=\"\"\"{
580
701
  "Version": "2012-10-17",
@@ -594,7 +715,7 @@ class SecretBackendRole(pulumi.CustomResource):
594
715
  AWS secret backend roles can be imported using the `path`, e.g.
595
716
 
596
717
  ```sh
597
- $ pulumi import vault:aws/secretBackendRole:SecretBackendRole role aws/roles/deploy
718
+ $ pulumi import vault:aws/secretBackendRole:SecretBackendRole role aws/roles/deploy
598
719
  ```
599
720
 
600
721
  :param str resource_name: The name of the resource.
@@ -609,12 +730,16 @@ class SecretBackendRole(pulumi.CustomResource):
609
730
  and a default TTL is specified on the role,
610
731
  then this default TTL will be used. Valid only when `credential_type` is one of
611
732
  `assumed_role` or `federation_token`.
733
+ :param pulumi.Input[str] external_id: External ID to set for assume role creds.
734
+ Valid only when `credential_type` is set to `assumed_role`.
612
735
  :param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
613
736
  against this vault role will be added to these IAM Groups. For a credential
614
737
  type of `assumed_role` or `federation_token`, the policies sent to the
615
738
  corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
616
739
  policies from each group in `iam_groups` combined with the `policy_document`
617
740
  and `policy_arns` parameters.
741
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
742
+ to be used as tags for any IAM user that is created by this role.
618
743
  :param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
619
744
  (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
620
745
  one of `assumed_role` or `federation_token`.
@@ -622,7 +747,7 @@ class SecretBackendRole(pulumi.CustomResource):
622
747
  Must be unique within the backend.
623
748
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
624
749
  The value should not contain leading or trailing forward slashes.
625
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
750
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
626
751
  *Available only for Vault Enterprise*.
627
752
  :param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
628
753
  Boundary to attach to IAM users created in the role. Valid only when
@@ -643,6 +768,9 @@ class SecretBackendRole(pulumi.CustomResource):
643
768
  :param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
644
769
  is allowed to assume. Required when `credential_type` is `assumed_role` and
645
770
  prohibited otherwise.
771
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
772
+ during assume role creds creation. Valid only when `credential_type` is set to
773
+ `assumed_role`.
646
774
  :param pulumi.Input[str] user_path: The path for the user name. Valid only when
647
775
  `credential_type` is `iam_user`. Default is `/`.
648
776
  """
@@ -664,6 +792,7 @@ class SecretBackendRole(pulumi.CustomResource):
664
792
  secret_key="AWS secret key")
665
793
  role = vault.aws.SecretBackendRole("role",
666
794
  backend=aws.path,
795
+ name="deploy",
667
796
  credential_type="iam_user",
668
797
  policy_document=\"\"\"{
669
798
  "Version": "2012-10-17",
@@ -683,7 +812,7 @@ class SecretBackendRole(pulumi.CustomResource):
683
812
  AWS secret backend roles can be imported using the `path`, e.g.
684
813
 
685
814
  ```sh
686
- $ pulumi import vault:aws/secretBackendRole:SecretBackendRole role aws/roles/deploy
815
+ $ pulumi import vault:aws/secretBackendRole:SecretBackendRole role aws/roles/deploy
687
816
  ```
688
817
 
689
818
  :param str resource_name: The name of the resource.
@@ -704,7 +833,9 @@ class SecretBackendRole(pulumi.CustomResource):
704
833
  backend: Optional[pulumi.Input[str]] = None,
705
834
  credential_type: Optional[pulumi.Input[str]] = None,
706
835
  default_sts_ttl: Optional[pulumi.Input[int]] = None,
836
+ external_id: Optional[pulumi.Input[str]] = None,
707
837
  iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
838
+ iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
708
839
  max_sts_ttl: Optional[pulumi.Input[int]] = None,
709
840
  name: Optional[pulumi.Input[str]] = None,
710
841
  namespace: Optional[pulumi.Input[str]] = None,
@@ -712,6 +843,7 @@ class SecretBackendRole(pulumi.CustomResource):
712
843
  policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
713
844
  policy_document: Optional[pulumi.Input[str]] = None,
714
845
  role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
846
+ session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
715
847
  user_path: Optional[pulumi.Input[str]] = None,
716
848
  __props__=None):
717
849
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -729,7 +861,9 @@ class SecretBackendRole(pulumi.CustomResource):
729
861
  raise TypeError("Missing required property 'credential_type'")
730
862
  __props__.__dict__["credential_type"] = credential_type
731
863
  __props__.__dict__["default_sts_ttl"] = default_sts_ttl
864
+ __props__.__dict__["external_id"] = external_id
732
865
  __props__.__dict__["iam_groups"] = iam_groups
866
+ __props__.__dict__["iam_tags"] = iam_tags
733
867
  __props__.__dict__["max_sts_ttl"] = max_sts_ttl
734
868
  __props__.__dict__["name"] = name
735
869
  __props__.__dict__["namespace"] = namespace
@@ -737,6 +871,7 @@ class SecretBackendRole(pulumi.CustomResource):
737
871
  __props__.__dict__["policy_arns"] = policy_arns
738
872
  __props__.__dict__["policy_document"] = policy_document
739
873
  __props__.__dict__["role_arns"] = role_arns
874
+ __props__.__dict__["session_tags"] = session_tags
740
875
  __props__.__dict__["user_path"] = user_path
741
876
  super(SecretBackendRole, __self__).__init__(
742
877
  'vault:aws/secretBackendRole:SecretBackendRole',
@@ -751,7 +886,9 @@ class SecretBackendRole(pulumi.CustomResource):
751
886
  backend: Optional[pulumi.Input[str]] = None,
752
887
  credential_type: Optional[pulumi.Input[str]] = None,
753
888
  default_sts_ttl: Optional[pulumi.Input[int]] = None,
889
+ external_id: Optional[pulumi.Input[str]] = None,
754
890
  iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
891
+ iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
755
892
  max_sts_ttl: Optional[pulumi.Input[int]] = None,
756
893
  name: Optional[pulumi.Input[str]] = None,
757
894
  namespace: Optional[pulumi.Input[str]] = None,
@@ -759,6 +896,7 @@ class SecretBackendRole(pulumi.CustomResource):
759
896
  policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
760
897
  policy_document: Optional[pulumi.Input[str]] = None,
761
898
  role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
899
+ session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
762
900
  user_path: Optional[pulumi.Input[str]] = None) -> 'SecretBackendRole':
763
901
  """
764
902
  Get an existing SecretBackendRole resource's state with the given name, id, and optional extra
@@ -777,12 +915,16 @@ class SecretBackendRole(pulumi.CustomResource):
777
915
  and a default TTL is specified on the role,
778
916
  then this default TTL will be used. Valid only when `credential_type` is one of
779
917
  `assumed_role` or `federation_token`.
918
+ :param pulumi.Input[str] external_id: External ID to set for assume role creds.
919
+ Valid only when `credential_type` is set to `assumed_role`.
780
920
  :param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
781
921
  against this vault role will be added to these IAM Groups. For a credential
782
922
  type of `assumed_role` or `federation_token`, the policies sent to the
783
923
  corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
784
924
  policies from each group in `iam_groups` combined with the `policy_document`
785
925
  and `policy_arns` parameters.
926
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
927
+ to be used as tags for any IAM user that is created by this role.
786
928
  :param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
787
929
  (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
788
930
  one of `assumed_role` or `federation_token`.
@@ -790,7 +932,7 @@ class SecretBackendRole(pulumi.CustomResource):
790
932
  Must be unique within the backend.
791
933
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
792
934
  The value should not contain leading or trailing forward slashes.
793
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
935
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
794
936
  *Available only for Vault Enterprise*.
795
937
  :param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
796
938
  Boundary to attach to IAM users created in the role. Valid only when
@@ -811,6 +953,9 @@ class SecretBackendRole(pulumi.CustomResource):
811
953
  :param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
812
954
  is allowed to assume. Required when `credential_type` is `assumed_role` and
813
955
  prohibited otherwise.
956
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
957
+ during assume role creds creation. Valid only when `credential_type` is set to
958
+ `assumed_role`.
814
959
  :param pulumi.Input[str] user_path: The path for the user name. Valid only when
815
960
  `credential_type` is `iam_user`. Default is `/`.
816
961
  """
@@ -821,7 +966,9 @@ class SecretBackendRole(pulumi.CustomResource):
821
966
  __props__.__dict__["backend"] = backend
822
967
  __props__.__dict__["credential_type"] = credential_type
823
968
  __props__.__dict__["default_sts_ttl"] = default_sts_ttl
969
+ __props__.__dict__["external_id"] = external_id
824
970
  __props__.__dict__["iam_groups"] = iam_groups
971
+ __props__.__dict__["iam_tags"] = iam_tags
825
972
  __props__.__dict__["max_sts_ttl"] = max_sts_ttl
826
973
  __props__.__dict__["name"] = name
827
974
  __props__.__dict__["namespace"] = namespace
@@ -829,6 +976,7 @@ class SecretBackendRole(pulumi.CustomResource):
829
976
  __props__.__dict__["policy_arns"] = policy_arns
830
977
  __props__.__dict__["policy_document"] = policy_document
831
978
  __props__.__dict__["role_arns"] = role_arns
979
+ __props__.__dict__["session_tags"] = session_tags
832
980
  __props__.__dict__["user_path"] = user_path
833
981
  return SecretBackendRole(resource_name, opts=opts, __props__=__props__)
834
982
 
@@ -863,6 +1011,15 @@ class SecretBackendRole(pulumi.CustomResource):
863
1011
  """
864
1012
  return pulumi.get(self, "default_sts_ttl")
865
1013
 
1014
+ @property
1015
+ @pulumi.getter(name="externalId")
1016
+ def external_id(self) -> pulumi.Output[Optional[str]]:
1017
+ """
1018
+ External ID to set for assume role creds.
1019
+ Valid only when `credential_type` is set to `assumed_role`.
1020
+ """
1021
+ return pulumi.get(self, "external_id")
1022
+
866
1023
  @property
867
1024
  @pulumi.getter(name="iamGroups")
868
1025
  def iam_groups(self) -> pulumi.Output[Optional[Sequence[str]]]:
@@ -876,6 +1033,15 @@ class SecretBackendRole(pulumi.CustomResource):
876
1033
  """
877
1034
  return pulumi.get(self, "iam_groups")
878
1035
 
1036
+ @property
1037
+ @pulumi.getter(name="iamTags")
1038
+ def iam_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
1039
+ """
1040
+ A map of strings representing key/value pairs
1041
+ to be used as tags for any IAM user that is created by this role.
1042
+ """
1043
+ return pulumi.get(self, "iam_tags")
1044
+
879
1045
  @property
880
1046
  @pulumi.getter(name="maxStsTtl")
881
1047
  def max_sts_ttl(self) -> pulumi.Output[int]:
@@ -901,7 +1067,7 @@ class SecretBackendRole(pulumi.CustomResource):
901
1067
  """
902
1068
  The namespace to provision the resource in.
903
1069
  The value should not contain leading or trailing forward slashes.
904
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1070
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
905
1071
  *Available only for Vault Enterprise*.
906
1072
  """
907
1073
  return pulumi.get(self, "namespace")
@@ -953,6 +1119,16 @@ class SecretBackendRole(pulumi.CustomResource):
953
1119
  """
954
1120
  return pulumi.get(self, "role_arns")
955
1121
 
1122
+ @property
1123
+ @pulumi.getter(name="sessionTags")
1124
+ def session_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
1125
+ """
1126
+ A map of strings representing key/value pairs to be set
1127
+ during assume role creds creation. Valid only when `credential_type` is set to
1128
+ `assumed_role`.
1129
+ """
1130
+ return pulumi.get(self, "session_tags")
1131
+
956
1132
  @property
957
1133
  @pulumi.getter(name="userPath")
958
1134
  def user_path(self) -> pulumi.Output[Optional[str]]:
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretBackendStaticRoleArgs', 'SecretBackendStaticRole']
@@ -29,7 +34,7 @@ class SecretBackendStaticRoleArgs:
29
34
  Must be unique within the backend.
30
35
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
31
36
  The value should not contain leading or trailing forward slashes.
32
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
37
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
33
38
  *Available only for Vault Enterprise*.
34
39
  """
35
40
  pulumi.set(__self__, "rotation_period", rotation_period)
@@ -97,7 +102,7 @@ class SecretBackendStaticRoleArgs:
97
102
  """
98
103
  The namespace to provision the resource in.
99
104
  The value should not contain leading or trailing forward slashes.
100
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
105
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
101
106
  *Available only for Vault Enterprise*.
102
107
  """
103
108
  return pulumi.get(self, "namespace")
@@ -123,7 +128,7 @@ class _SecretBackendStaticRoleState:
123
128
  Must be unique within the backend.
124
129
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
125
130
  The value should not contain leading or trailing forward slashes.
126
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
131
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
127
132
  *Available only for Vault Enterprise*.
128
133
  :param pulumi.Input[int] rotation_period: How often Vault should rotate the password of the user entry.
129
134
  :param pulumi.Input[str] username: The username of the existing AWS IAM to manage password rotation for.
@@ -171,7 +176,7 @@ class _SecretBackendStaticRoleState:
171
176
  """
172
177
  The namespace to provision the resource in.
173
178
  The value should not contain leading or trailing forward slashes.
174
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
179
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
175
180
  *Available only for Vault Enterprise*.
176
181
  """
177
182
  return pulumi.get(self, "namespace")
@@ -228,16 +233,18 @@ class SecretBackendStaticRole(pulumi.CustomResource):
228
233
  description="Obtain AWS credentials.")
229
234
  role = vault.aws.SecretBackendStaticRole("role",
230
235
  backend=aws.path,
236
+ name="test",
231
237
  username="my-test-user",
232
238
  rotation_period=3600)
233
239
  ```
234
240
 
235
241
  ## Import
236
242
 
237
- AWS secret backend static role can be imported using the full path to the role of the form: `<mount_path>/static-roles/<role_name>` e.g.
243
+ AWS secret backend static role can be imported using the full path to the role
244
+ of the form: `<mount_path>/static-roles/<role_name>` e.g.
238
245
 
239
246
  ```sh
240
- $ pulumi import vault:aws/secretBackendStaticRole:SecretBackendStaticRole role aws/static-roles/example-role
247
+ $ pulumi import vault:aws/secretBackendStaticRole:SecretBackendStaticRole role aws/static-roles/example-role
241
248
  ```
242
249
 
243
250
  :param str resource_name: The name of the resource.
@@ -248,7 +255,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
248
255
  Must be unique within the backend.
249
256
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
250
257
  The value should not contain leading or trailing forward slashes.
251
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
258
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
252
259
  *Available only for Vault Enterprise*.
253
260
  :param pulumi.Input[int] rotation_period: How often Vault should rotate the password of the user entry.
254
261
  :param pulumi.Input[str] username: The username of the existing AWS IAM to manage password rotation for.
@@ -271,16 +278,18 @@ class SecretBackendStaticRole(pulumi.CustomResource):
271
278
  description="Obtain AWS credentials.")
272
279
  role = vault.aws.SecretBackendStaticRole("role",
273
280
  backend=aws.path,
281
+ name="test",
274
282
  username="my-test-user",
275
283
  rotation_period=3600)
276
284
  ```
277
285
 
278
286
  ## Import
279
287
 
280
- AWS secret backend static role can be imported using the full path to the role of the form: `<mount_path>/static-roles/<role_name>` e.g.
288
+ AWS secret backend static role can be imported using the full path to the role
289
+ of the form: `<mount_path>/static-roles/<role_name>` e.g.
281
290
 
282
291
  ```sh
283
- $ pulumi import vault:aws/secretBackendStaticRole:SecretBackendStaticRole role aws/static-roles/example-role
292
+ $ pulumi import vault:aws/secretBackendStaticRole:SecretBackendStaticRole role aws/static-roles/example-role
284
293
  ```
285
294
 
286
295
  :param str resource_name: The name of the resource.
@@ -349,7 +358,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
349
358
  Must be unique within the backend.
350
359
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
351
360
  The value should not contain leading or trailing forward slashes.
352
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
361
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
353
362
  *Available only for Vault Enterprise*.
354
363
  :param pulumi.Input[int] rotation_period: How often Vault should rotate the password of the user entry.
355
364
  :param pulumi.Input[str] username: The username of the existing AWS IAM to manage password rotation for.
@@ -389,7 +398,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
389
398
  """
390
399
  The namespace to provision the resource in.
391
400
  The value should not contain leading or trailing forward slashes.
392
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
401
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
393
402
  *Available only for Vault Enterprise*.
394
403
  """
395
404
  return pulumi.get(self, "namespace")