pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,16 +4,32 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = [
13
18
  'BackendRoleAzureGroupArgs',
19
+ 'BackendRoleAzureGroupArgsDict',
14
20
  'BackendRoleAzureRoleArgs',
21
+ 'BackendRoleAzureRoleArgsDict',
15
22
  ]
16
23
 
24
+ MYPY = False
25
+
26
+ if not MYPY:
27
+ class BackendRoleAzureGroupArgsDict(TypedDict):
28
+ group_name: pulumi.Input[str]
29
+ object_id: NotRequired[pulumi.Input[str]]
30
+ elif False:
31
+ BackendRoleAzureGroupArgsDict: TypeAlias = Mapping[str, Any]
32
+
17
33
  @pulumi.input_type
18
34
  class BackendRoleAzureGroupArgs:
19
35
  def __init__(__self__, *,
@@ -42,6 +58,14 @@ class BackendRoleAzureGroupArgs:
42
58
  pulumi.set(self, "object_id", value)
43
59
 
44
60
 
61
+ if not MYPY:
62
+ class BackendRoleAzureRoleArgsDict(TypedDict):
63
+ scope: pulumi.Input[str]
64
+ role_id: NotRequired[pulumi.Input[str]]
65
+ role_name: NotRequired[pulumi.Input[str]]
66
+ elif False:
67
+ BackendRoleAzureRoleArgsDict: TypeAlias = Mapping[str, Any]
68
+
45
69
  @pulumi.input_type
46
70
  class BackendRoleAzureRoleArgs:
47
71
  def __init__(__self__, *,
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['AuthBackendConfigArgs', 'AuthBackendConfig']
@@ -20,6 +25,8 @@ class AuthBackendConfigArgs:
20
25
  client_id: Optional[pulumi.Input[str]] = None,
21
26
  client_secret: Optional[pulumi.Input[str]] = None,
22
27
  environment: Optional[pulumi.Input[str]] = None,
28
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
29
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
23
30
  namespace: Optional[pulumi.Input[str]] = None):
24
31
  """
25
32
  The set of arguments for constructing a AuthBackendConfig resource.
@@ -36,9 +43,12 @@ class AuthBackendConfigArgs:
36
43
  :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
37
44
  AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
38
45
  AzureGermanCloud. Defaults to `AzurePublicCloud`.
46
+ :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
47
+ *Available only for Vault Enterprise*
48
+ :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
39
49
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
40
50
  The value should not contain leading or trailing forward slashes.
41
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
51
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
42
52
  *Available only for Vault Enterprise*.
43
53
  """
44
54
  pulumi.set(__self__, "resource", resource)
@@ -51,6 +61,10 @@ class AuthBackendConfigArgs:
51
61
  pulumi.set(__self__, "client_secret", client_secret)
52
62
  if environment is not None:
53
63
  pulumi.set(__self__, "environment", environment)
64
+ if identity_token_audience is not None:
65
+ pulumi.set(__self__, "identity_token_audience", identity_token_audience)
66
+ if identity_token_ttl is not None:
67
+ pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
54
68
  if namespace is not None:
55
69
  pulumi.set(__self__, "namespace", namespace)
56
70
 
@@ -133,13 +147,38 @@ class AuthBackendConfigArgs:
133
147
  def environment(self, value: Optional[pulumi.Input[str]]):
134
148
  pulumi.set(self, "environment", value)
135
149
 
150
+ @property
151
+ @pulumi.getter(name="identityTokenAudience")
152
+ def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
153
+ """
154
+ The audience claim value for plugin identity tokens. Requires Vault 1.17+.
155
+ *Available only for Vault Enterprise*
156
+ """
157
+ return pulumi.get(self, "identity_token_audience")
158
+
159
+ @identity_token_audience.setter
160
+ def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
161
+ pulumi.set(self, "identity_token_audience", value)
162
+
163
+ @property
164
+ @pulumi.getter(name="identityTokenTtl")
165
+ def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
166
+ """
167
+ The TTL of generated identity tokens in seconds.
168
+ """
169
+ return pulumi.get(self, "identity_token_ttl")
170
+
171
+ @identity_token_ttl.setter
172
+ def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
173
+ pulumi.set(self, "identity_token_ttl", value)
174
+
136
175
  @property
137
176
  @pulumi.getter
138
177
  def namespace(self) -> Optional[pulumi.Input[str]]:
139
178
  """
140
179
  The namespace to provision the resource in.
141
180
  The value should not contain leading or trailing forward slashes.
142
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
181
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
143
182
  *Available only for Vault Enterprise*.
144
183
  """
145
184
  return pulumi.get(self, "namespace")
@@ -156,6 +195,8 @@ class _AuthBackendConfigState:
156
195
  client_id: Optional[pulumi.Input[str]] = None,
157
196
  client_secret: Optional[pulumi.Input[str]] = None,
158
197
  environment: Optional[pulumi.Input[str]] = None,
198
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
199
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
159
200
  namespace: Optional[pulumi.Input[str]] = None,
160
201
  resource: Optional[pulumi.Input[str]] = None,
161
202
  tenant_id: Optional[pulumi.Input[str]] = None):
@@ -170,9 +211,12 @@ class _AuthBackendConfigState:
170
211
  :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
171
212
  AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
172
213
  AzureGermanCloud. Defaults to `AzurePublicCloud`.
214
+ :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
215
+ *Available only for Vault Enterprise*
216
+ :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
173
217
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
174
218
  The value should not contain leading or trailing forward slashes.
175
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
219
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
176
220
  *Available only for Vault Enterprise*.
177
221
  :param pulumi.Input[str] resource: The configured URL for the application registered in
178
222
  Azure Active Directory.
@@ -187,6 +231,10 @@ class _AuthBackendConfigState:
187
231
  pulumi.set(__self__, "client_secret", client_secret)
188
232
  if environment is not None:
189
233
  pulumi.set(__self__, "environment", environment)
234
+ if identity_token_audience is not None:
235
+ pulumi.set(__self__, "identity_token_audience", identity_token_audience)
236
+ if identity_token_ttl is not None:
237
+ pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
190
238
  if namespace is not None:
191
239
  pulumi.set(__self__, "namespace", namespace)
192
240
  if resource is not None:
@@ -247,13 +295,38 @@ class _AuthBackendConfigState:
247
295
  def environment(self, value: Optional[pulumi.Input[str]]):
248
296
  pulumi.set(self, "environment", value)
249
297
 
298
+ @property
299
+ @pulumi.getter(name="identityTokenAudience")
300
+ def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
301
+ """
302
+ The audience claim value for plugin identity tokens. Requires Vault 1.17+.
303
+ *Available only for Vault Enterprise*
304
+ """
305
+ return pulumi.get(self, "identity_token_audience")
306
+
307
+ @identity_token_audience.setter
308
+ def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
309
+ pulumi.set(self, "identity_token_audience", value)
310
+
311
+ @property
312
+ @pulumi.getter(name="identityTokenTtl")
313
+ def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
314
+ """
315
+ The TTL of generated identity tokens in seconds.
316
+ """
317
+ return pulumi.get(self, "identity_token_ttl")
318
+
319
+ @identity_token_ttl.setter
320
+ def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
321
+ pulumi.set(self, "identity_token_ttl", value)
322
+
250
323
  @property
251
324
  @pulumi.getter
252
325
  def namespace(self) -> Optional[pulumi.Input[str]]:
253
326
  """
254
327
  The namespace to provision the resource in.
255
328
  The value should not contain leading or trailing forward slashes.
256
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
329
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
257
330
  *Available only for Vault Enterprise*.
258
331
  """
259
332
  return pulumi.get(self, "namespace")
@@ -298,6 +371,8 @@ class AuthBackendConfig(pulumi.CustomResource):
298
371
  client_id: Optional[pulumi.Input[str]] = None,
299
372
  client_secret: Optional[pulumi.Input[str]] = None,
300
373
  environment: Optional[pulumi.Input[str]] = None,
374
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
375
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
301
376
  namespace: Optional[pulumi.Input[str]] = None,
302
377
  resource: Optional[pulumi.Input[str]] = None,
303
378
  tenant_id: Optional[pulumi.Input[str]] = None,
@@ -305,13 +380,29 @@ class AuthBackendConfig(pulumi.CustomResource):
305
380
  """
306
381
  ## Example Usage
307
382
 
383
+ You can setup the Azure auth engine with Workload Identity Federation (WIF) for a secret-less configuration:
384
+ ```python
385
+ import pulumi
386
+ import pulumi_vault as vault
387
+
388
+ example = vault.AuthBackend("example",
389
+ type="azure",
390
+ identity_token_key="example-key")
391
+ example_auth_backend_config = vault.azure.AuthBackendConfig("example",
392
+ backend=example.path,
393
+ tenant_id="11111111-2222-3333-4444-555555555555",
394
+ client_id="11111111-2222-3333-4444-555555555555",
395
+ identity_token_audience="<TOKEN_AUDIENCE>",
396
+ identity_token_ttl="<TOKEN_TTL>")
397
+ ```
398
+
308
399
  ```python
309
400
  import pulumi
310
401
  import pulumi_vault as vault
311
402
 
312
- example_auth_backend = vault.AuthBackend("exampleAuthBackend", type="azure")
313
- example_auth_backend_config = vault.azure.AuthBackendConfig("exampleAuthBackendConfig",
314
- backend=example_auth_backend.path,
403
+ example = vault.AuthBackend("example", type="azure")
404
+ example_auth_backend_config = vault.azure.AuthBackendConfig("example",
405
+ backend=example.path,
315
406
  tenant_id="11111111-2222-3333-4444-555555555555",
316
407
  client_id="11111111-2222-3333-4444-555555555555",
317
408
  client_secret="01234567890123456789",
@@ -323,7 +414,7 @@ class AuthBackendConfig(pulumi.CustomResource):
323
414
  Azure auth backends can be imported using `auth/`, the `backend` path, and `/config` e.g.
324
415
 
325
416
  ```sh
326
- $ pulumi import vault:azure/authBackendConfig:AuthBackendConfig example auth/azure/config
417
+ $ pulumi import vault:azure/authBackendConfig:AuthBackendConfig example auth/azure/config
327
418
  ```
328
419
 
329
420
  :param str resource_name: The name of the resource.
@@ -337,9 +428,12 @@ class AuthBackendConfig(pulumi.CustomResource):
337
428
  :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
338
429
  AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
339
430
  AzureGermanCloud. Defaults to `AzurePublicCloud`.
431
+ :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
432
+ *Available only for Vault Enterprise*
433
+ :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
340
434
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
341
435
  The value should not contain leading or trailing forward slashes.
342
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
436
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
343
437
  *Available only for Vault Enterprise*.
344
438
  :param pulumi.Input[str] resource: The configured URL for the application registered in
345
439
  Azure Active Directory.
@@ -355,13 +449,29 @@ class AuthBackendConfig(pulumi.CustomResource):
355
449
  """
356
450
  ## Example Usage
357
451
 
452
+ You can setup the Azure auth engine with Workload Identity Federation (WIF) for a secret-less configuration:
453
+ ```python
454
+ import pulumi
455
+ import pulumi_vault as vault
456
+
457
+ example = vault.AuthBackend("example",
458
+ type="azure",
459
+ identity_token_key="example-key")
460
+ example_auth_backend_config = vault.azure.AuthBackendConfig("example",
461
+ backend=example.path,
462
+ tenant_id="11111111-2222-3333-4444-555555555555",
463
+ client_id="11111111-2222-3333-4444-555555555555",
464
+ identity_token_audience="<TOKEN_AUDIENCE>",
465
+ identity_token_ttl="<TOKEN_TTL>")
466
+ ```
467
+
358
468
  ```python
359
469
  import pulumi
360
470
  import pulumi_vault as vault
361
471
 
362
- example_auth_backend = vault.AuthBackend("exampleAuthBackend", type="azure")
363
- example_auth_backend_config = vault.azure.AuthBackendConfig("exampleAuthBackendConfig",
364
- backend=example_auth_backend.path,
472
+ example = vault.AuthBackend("example", type="azure")
473
+ example_auth_backend_config = vault.azure.AuthBackendConfig("example",
474
+ backend=example.path,
365
475
  tenant_id="11111111-2222-3333-4444-555555555555",
366
476
  client_id="11111111-2222-3333-4444-555555555555",
367
477
  client_secret="01234567890123456789",
@@ -373,7 +483,7 @@ class AuthBackendConfig(pulumi.CustomResource):
373
483
  Azure auth backends can be imported using `auth/`, the `backend` path, and `/config` e.g.
374
484
 
375
485
  ```sh
376
- $ pulumi import vault:azure/authBackendConfig:AuthBackendConfig example auth/azure/config
486
+ $ pulumi import vault:azure/authBackendConfig:AuthBackendConfig example auth/azure/config
377
487
  ```
378
488
 
379
489
  :param str resource_name: The name of the resource.
@@ -395,6 +505,8 @@ class AuthBackendConfig(pulumi.CustomResource):
395
505
  client_id: Optional[pulumi.Input[str]] = None,
396
506
  client_secret: Optional[pulumi.Input[str]] = None,
397
507
  environment: Optional[pulumi.Input[str]] = None,
508
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
509
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
398
510
  namespace: Optional[pulumi.Input[str]] = None,
399
511
  resource: Optional[pulumi.Input[str]] = None,
400
512
  tenant_id: Optional[pulumi.Input[str]] = None,
@@ -411,6 +523,8 @@ class AuthBackendConfig(pulumi.CustomResource):
411
523
  __props__.__dict__["client_id"] = None if client_id is None else pulumi.Output.secret(client_id)
412
524
  __props__.__dict__["client_secret"] = None if client_secret is None else pulumi.Output.secret(client_secret)
413
525
  __props__.__dict__["environment"] = environment
526
+ __props__.__dict__["identity_token_audience"] = identity_token_audience
527
+ __props__.__dict__["identity_token_ttl"] = identity_token_ttl
414
528
  __props__.__dict__["namespace"] = namespace
415
529
  if resource is None and not opts.urn:
416
530
  raise TypeError("Missing required property 'resource'")
@@ -434,6 +548,8 @@ class AuthBackendConfig(pulumi.CustomResource):
434
548
  client_id: Optional[pulumi.Input[str]] = None,
435
549
  client_secret: Optional[pulumi.Input[str]] = None,
436
550
  environment: Optional[pulumi.Input[str]] = None,
551
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
552
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
437
553
  namespace: Optional[pulumi.Input[str]] = None,
438
554
  resource: Optional[pulumi.Input[str]] = None,
439
555
  tenant_id: Optional[pulumi.Input[str]] = None) -> 'AuthBackendConfig':
@@ -453,9 +569,12 @@ class AuthBackendConfig(pulumi.CustomResource):
453
569
  :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
454
570
  AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
455
571
  AzureGermanCloud. Defaults to `AzurePublicCloud`.
572
+ :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
573
+ *Available only for Vault Enterprise*
574
+ :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
456
575
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
457
576
  The value should not contain leading or trailing forward slashes.
458
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
577
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
459
578
  *Available only for Vault Enterprise*.
460
579
  :param pulumi.Input[str] resource: The configured URL for the application registered in
461
580
  Azure Active Directory.
@@ -470,6 +589,8 @@ class AuthBackendConfig(pulumi.CustomResource):
470
589
  __props__.__dict__["client_id"] = client_id
471
590
  __props__.__dict__["client_secret"] = client_secret
472
591
  __props__.__dict__["environment"] = environment
592
+ __props__.__dict__["identity_token_audience"] = identity_token_audience
593
+ __props__.__dict__["identity_token_ttl"] = identity_token_ttl
473
594
  __props__.__dict__["namespace"] = namespace
474
595
  __props__.__dict__["resource"] = resource
475
596
  __props__.__dict__["tenant_id"] = tenant_id
@@ -512,13 +633,30 @@ class AuthBackendConfig(pulumi.CustomResource):
512
633
  """
513
634
  return pulumi.get(self, "environment")
514
635
 
636
+ @property
637
+ @pulumi.getter(name="identityTokenAudience")
638
+ def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
639
+ """
640
+ The audience claim value for plugin identity tokens. Requires Vault 1.17+.
641
+ *Available only for Vault Enterprise*
642
+ """
643
+ return pulumi.get(self, "identity_token_audience")
644
+
645
+ @property
646
+ @pulumi.getter(name="identityTokenTtl")
647
+ def identity_token_ttl(self) -> pulumi.Output[int]:
648
+ """
649
+ The TTL of generated identity tokens in seconds.
650
+ """
651
+ return pulumi.get(self, "identity_token_ttl")
652
+
515
653
  @property
516
654
  @pulumi.getter
517
655
  def namespace(self) -> pulumi.Output[Optional[str]]:
518
656
  """
519
657
  The namespace to provision the resource in.
520
658
  The value should not contain leading or trailing forward slashes.
521
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
659
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
522
660
  *Available only for Vault Enterprise*.
523
661
  """
524
662
  return pulumi.get(self, "namespace")