pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['BackendArgs', 'Backend']
@@ -21,6 +26,9 @@ class BackendArgs:
21
26
  description: Optional[pulumi.Input[str]] = None,
22
27
  disable_remount: Optional[pulumi.Input[bool]] = None,
23
28
  environment: Optional[pulumi.Input[str]] = None,
29
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
30
+ identity_token_key: Optional[pulumi.Input[str]] = None,
31
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
24
32
  namespace: Optional[pulumi.Input[str]] = None,
25
33
  path: Optional[pulumi.Input[str]] = None,
26
34
  use_microsoft_graph_api: Optional[pulumi.Input[bool]] = None):
@@ -34,9 +42,15 @@ class BackendArgs:
34
42
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
35
43
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
36
44
  :param pulumi.Input[str] environment: The Azure environment.
45
+ :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
46
+ *Available only for Vault Enterprise*
47
+ :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
48
+ *Available only for Vault Enterprise*
49
+ :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
50
+ *Available only for Vault Enterprise*
37
51
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
38
52
  The value should not contain leading or trailing forward slashes.
39
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
53
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
40
54
  *Available only for Vault Enterprise*.
41
55
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
42
56
  :param pulumi.Input[bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
@@ -53,10 +67,19 @@ class BackendArgs:
53
67
  pulumi.set(__self__, "disable_remount", disable_remount)
54
68
  if environment is not None:
55
69
  pulumi.set(__self__, "environment", environment)
70
+ if identity_token_audience is not None:
71
+ pulumi.set(__self__, "identity_token_audience", identity_token_audience)
72
+ if identity_token_key is not None:
73
+ pulumi.set(__self__, "identity_token_key", identity_token_key)
74
+ if identity_token_ttl is not None:
75
+ pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
56
76
  if namespace is not None:
57
77
  pulumi.set(__self__, "namespace", namespace)
58
78
  if path is not None:
59
79
  pulumi.set(__self__, "path", path)
80
+ if use_microsoft_graph_api is not None:
81
+ warnings.warn("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""", DeprecationWarning)
82
+ pulumi.log.warn("""use_microsoft_graph_api is deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
60
83
  if use_microsoft_graph_api is not None:
61
84
  pulumi.set(__self__, "use_microsoft_graph_api", use_microsoft_graph_api)
62
85
 
@@ -145,13 +168,52 @@ class BackendArgs:
145
168
  def environment(self, value: Optional[pulumi.Input[str]]):
146
169
  pulumi.set(self, "environment", value)
147
170
 
171
+ @property
172
+ @pulumi.getter(name="identityTokenAudience")
173
+ def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
174
+ """
175
+ The audience claim value. Requires Vault 1.17+.
176
+ *Available only for Vault Enterprise*
177
+ """
178
+ return pulumi.get(self, "identity_token_audience")
179
+
180
+ @identity_token_audience.setter
181
+ def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
182
+ pulumi.set(self, "identity_token_audience", value)
183
+
184
+ @property
185
+ @pulumi.getter(name="identityTokenKey")
186
+ def identity_token_key(self) -> Optional[pulumi.Input[str]]:
187
+ """
188
+ The key to use for signing identity tokens. Requires Vault 1.17+.
189
+ *Available only for Vault Enterprise*
190
+ """
191
+ return pulumi.get(self, "identity_token_key")
192
+
193
+ @identity_token_key.setter
194
+ def identity_token_key(self, value: Optional[pulumi.Input[str]]):
195
+ pulumi.set(self, "identity_token_key", value)
196
+
197
+ @property
198
+ @pulumi.getter(name="identityTokenTtl")
199
+ def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
200
+ """
201
+ The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
202
+ *Available only for Vault Enterprise*
203
+ """
204
+ return pulumi.get(self, "identity_token_ttl")
205
+
206
+ @identity_token_ttl.setter
207
+ def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
208
+ pulumi.set(self, "identity_token_ttl", value)
209
+
148
210
  @property
149
211
  @pulumi.getter
150
212
  def namespace(self) -> Optional[pulumi.Input[str]]:
151
213
  """
152
214
  The namespace to provision the resource in.
153
215
  The value should not contain leading or trailing forward slashes.
154
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
216
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
155
217
  *Available only for Vault Enterprise*.
156
218
  """
157
219
  return pulumi.get(self, "namespace")
@@ -174,6 +236,7 @@ class BackendArgs:
174
236
 
175
237
  @property
176
238
  @pulumi.getter(name="useMicrosoftGraphApi")
239
+ @_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
177
240
  def use_microsoft_graph_api(self) -> Optional[pulumi.Input[bool]]:
178
241
  """
179
242
  Use the Microsoft Graph API. Should be set to true on vault-1.10+
@@ -193,6 +256,9 @@ class _BackendState:
193
256
  description: Optional[pulumi.Input[str]] = None,
194
257
  disable_remount: Optional[pulumi.Input[bool]] = None,
195
258
  environment: Optional[pulumi.Input[str]] = None,
259
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
260
+ identity_token_key: Optional[pulumi.Input[str]] = None,
261
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
196
262
  namespace: Optional[pulumi.Input[str]] = None,
197
263
  path: Optional[pulumi.Input[str]] = None,
198
264
  subscription_id: Optional[pulumi.Input[str]] = None,
@@ -206,9 +272,15 @@ class _BackendState:
206
272
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
207
273
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
208
274
  :param pulumi.Input[str] environment: The Azure environment.
275
+ :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
276
+ *Available only for Vault Enterprise*
277
+ :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
278
+ *Available only for Vault Enterprise*
279
+ :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
280
+ *Available only for Vault Enterprise*
209
281
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
210
282
  The value should not contain leading or trailing forward slashes.
211
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
283
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
212
284
  *Available only for Vault Enterprise*.
213
285
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
214
286
  :param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
@@ -225,6 +297,12 @@ class _BackendState:
225
297
  pulumi.set(__self__, "disable_remount", disable_remount)
226
298
  if environment is not None:
227
299
  pulumi.set(__self__, "environment", environment)
300
+ if identity_token_audience is not None:
301
+ pulumi.set(__self__, "identity_token_audience", identity_token_audience)
302
+ if identity_token_key is not None:
303
+ pulumi.set(__self__, "identity_token_key", identity_token_key)
304
+ if identity_token_ttl is not None:
305
+ pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
228
306
  if namespace is not None:
229
307
  pulumi.set(__self__, "namespace", namespace)
230
308
  if path is not None:
@@ -233,6 +311,9 @@ class _BackendState:
233
311
  pulumi.set(__self__, "subscription_id", subscription_id)
234
312
  if tenant_id is not None:
235
313
  pulumi.set(__self__, "tenant_id", tenant_id)
314
+ if use_microsoft_graph_api is not None:
315
+ warnings.warn("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""", DeprecationWarning)
316
+ pulumi.log.warn("""use_microsoft_graph_api is deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
236
317
  if use_microsoft_graph_api is not None:
237
318
  pulumi.set(__self__, "use_microsoft_graph_api", use_microsoft_graph_api)
238
319
 
@@ -297,13 +378,52 @@ class _BackendState:
297
378
  def environment(self, value: Optional[pulumi.Input[str]]):
298
379
  pulumi.set(self, "environment", value)
299
380
 
381
+ @property
382
+ @pulumi.getter(name="identityTokenAudience")
383
+ def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
384
+ """
385
+ The audience claim value. Requires Vault 1.17+.
386
+ *Available only for Vault Enterprise*
387
+ """
388
+ return pulumi.get(self, "identity_token_audience")
389
+
390
+ @identity_token_audience.setter
391
+ def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
392
+ pulumi.set(self, "identity_token_audience", value)
393
+
394
+ @property
395
+ @pulumi.getter(name="identityTokenKey")
396
+ def identity_token_key(self) -> Optional[pulumi.Input[str]]:
397
+ """
398
+ The key to use for signing identity tokens. Requires Vault 1.17+.
399
+ *Available only for Vault Enterprise*
400
+ """
401
+ return pulumi.get(self, "identity_token_key")
402
+
403
+ @identity_token_key.setter
404
+ def identity_token_key(self, value: Optional[pulumi.Input[str]]):
405
+ pulumi.set(self, "identity_token_key", value)
406
+
407
+ @property
408
+ @pulumi.getter(name="identityTokenTtl")
409
+ def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
410
+ """
411
+ The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
412
+ *Available only for Vault Enterprise*
413
+ """
414
+ return pulumi.get(self, "identity_token_ttl")
415
+
416
+ @identity_token_ttl.setter
417
+ def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
418
+ pulumi.set(self, "identity_token_ttl", value)
419
+
300
420
  @property
301
421
  @pulumi.getter
302
422
  def namespace(self) -> Optional[pulumi.Input[str]]:
303
423
  """
304
424
  The namespace to provision the resource in.
305
425
  The value should not contain leading or trailing forward slashes.
306
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
426
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
307
427
  *Available only for Vault Enterprise*.
308
428
  """
309
429
  return pulumi.get(self, "namespace")
@@ -350,6 +470,7 @@ class _BackendState:
350
470
 
351
471
  @property
352
472
  @pulumi.getter(name="useMicrosoftGraphApi")
473
+ @_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
353
474
  def use_microsoft_graph_api(self) -> Optional[pulumi.Input[bool]]:
354
475
  """
355
476
  Use the Microsoft Graph API. Should be set to true on vault-1.10+
@@ -371,6 +492,9 @@ class Backend(pulumi.CustomResource):
371
492
  description: Optional[pulumi.Input[str]] = None,
372
493
  disable_remount: Optional[pulumi.Input[bool]] = None,
373
494
  environment: Optional[pulumi.Input[str]] = None,
495
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
496
+ identity_token_key: Optional[pulumi.Input[str]] = None,
497
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
374
498
  namespace: Optional[pulumi.Input[str]] = None,
375
499
  path: Optional[pulumi.Input[str]] = None,
376
500
  subscription_id: Optional[pulumi.Input[str]] = None,
@@ -379,33 +503,48 @@ class Backend(pulumi.CustomResource):
379
503
  __props__=None):
380
504
  """
381
505
  ## Example Usage
506
+
382
507
  ### *Vault-1.9 And Above*
383
508
 
509
+ You can setup the Azure secrets engine with Workload Identity Federation (WIF) for a secret-less configuration:
384
510
  ```python
385
511
  import pulumi
386
512
  import pulumi_vault as vault
387
513
 
388
514
  azure = vault.azure.Backend("azure",
389
- client_id="11111111-2222-3333-4444-333333333333",
390
- client_secret="12345678901234567890",
391
- environment="AzurePublicCloud",
392
515
  subscription_id="11111111-2222-3333-4444-111111111111",
393
516
  tenant_id="11111111-2222-3333-4444-222222222222",
394
- use_microsoft_graph_api=True)
517
+ client_id="11111111-2222-3333-4444-333333333333",
518
+ identity_token_audience="<TOKEN_AUDIENCE>",
519
+ identity_token_ttl="<TOKEN_TTL>")
395
520
  ```
396
- ### *Vault-1.8 And Below*
397
521
 
398
522
  ```python
399
523
  import pulumi
400
524
  import pulumi_vault as vault
401
525
 
402
526
  azure = vault.azure.Backend("azure",
527
+ use_microsoft_graph_api=True,
528
+ subscription_id="11111111-2222-3333-4444-111111111111",
529
+ tenant_id="11111111-2222-3333-4444-222222222222",
403
530
  client_id="11111111-2222-3333-4444-333333333333",
404
531
  client_secret="12345678901234567890",
405
- environment="AzurePublicCloud",
532
+ environment="AzurePublicCloud")
533
+ ```
534
+
535
+ ### *Vault-1.8 And Below*
536
+
537
+ ```python
538
+ import pulumi
539
+ import pulumi_vault as vault
540
+
541
+ azure = vault.azure.Backend("azure",
542
+ use_microsoft_graph_api=False,
406
543
  subscription_id="11111111-2222-3333-4444-111111111111",
407
544
  tenant_id="11111111-2222-3333-4444-222222222222",
408
- use_microsoft_graph_api=False)
545
+ client_id="11111111-2222-3333-4444-333333333333",
546
+ client_secret="12345678901234567890",
547
+ environment="AzurePublicCloud")
409
548
  ```
410
549
 
411
550
  :param str resource_name: The name of the resource.
@@ -416,9 +555,15 @@ class Backend(pulumi.CustomResource):
416
555
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
417
556
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
418
557
  :param pulumi.Input[str] environment: The Azure environment.
558
+ :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
559
+ *Available only for Vault Enterprise*
560
+ :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
561
+ *Available only for Vault Enterprise*
562
+ :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
563
+ *Available only for Vault Enterprise*
419
564
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
420
565
  The value should not contain leading or trailing forward slashes.
421
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
566
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
422
567
  *Available only for Vault Enterprise*.
423
568
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
424
569
  :param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
@@ -433,33 +578,48 @@ class Backend(pulumi.CustomResource):
433
578
  opts: Optional[pulumi.ResourceOptions] = None):
434
579
  """
435
580
  ## Example Usage
581
+
436
582
  ### *Vault-1.9 And Above*
437
583
 
584
+ You can setup the Azure secrets engine with Workload Identity Federation (WIF) for a secret-less configuration:
438
585
  ```python
439
586
  import pulumi
440
587
  import pulumi_vault as vault
441
588
 
442
589
  azure = vault.azure.Backend("azure",
443
- client_id="11111111-2222-3333-4444-333333333333",
444
- client_secret="12345678901234567890",
445
- environment="AzurePublicCloud",
446
590
  subscription_id="11111111-2222-3333-4444-111111111111",
447
591
  tenant_id="11111111-2222-3333-4444-222222222222",
448
- use_microsoft_graph_api=True)
592
+ client_id="11111111-2222-3333-4444-333333333333",
593
+ identity_token_audience="<TOKEN_AUDIENCE>",
594
+ identity_token_ttl="<TOKEN_TTL>")
449
595
  ```
450
- ### *Vault-1.8 And Below*
451
596
 
452
597
  ```python
453
598
  import pulumi
454
599
  import pulumi_vault as vault
455
600
 
456
601
  azure = vault.azure.Backend("azure",
602
+ use_microsoft_graph_api=True,
603
+ subscription_id="11111111-2222-3333-4444-111111111111",
604
+ tenant_id="11111111-2222-3333-4444-222222222222",
457
605
  client_id="11111111-2222-3333-4444-333333333333",
458
606
  client_secret="12345678901234567890",
459
- environment="AzurePublicCloud",
607
+ environment="AzurePublicCloud")
608
+ ```
609
+
610
+ ### *Vault-1.8 And Below*
611
+
612
+ ```python
613
+ import pulumi
614
+ import pulumi_vault as vault
615
+
616
+ azure = vault.azure.Backend("azure",
617
+ use_microsoft_graph_api=False,
460
618
  subscription_id="11111111-2222-3333-4444-111111111111",
461
619
  tenant_id="11111111-2222-3333-4444-222222222222",
462
- use_microsoft_graph_api=False)
620
+ client_id="11111111-2222-3333-4444-333333333333",
621
+ client_secret="12345678901234567890",
622
+ environment="AzurePublicCloud")
463
623
  ```
464
624
 
465
625
  :param str resource_name: The name of the resource.
@@ -482,6 +642,9 @@ class Backend(pulumi.CustomResource):
482
642
  description: Optional[pulumi.Input[str]] = None,
483
643
  disable_remount: Optional[pulumi.Input[bool]] = None,
484
644
  environment: Optional[pulumi.Input[str]] = None,
645
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
646
+ identity_token_key: Optional[pulumi.Input[str]] = None,
647
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
485
648
  namespace: Optional[pulumi.Input[str]] = None,
486
649
  path: Optional[pulumi.Input[str]] = None,
487
650
  subscription_id: Optional[pulumi.Input[str]] = None,
@@ -501,6 +664,9 @@ class Backend(pulumi.CustomResource):
501
664
  __props__.__dict__["description"] = description
502
665
  __props__.__dict__["disable_remount"] = disable_remount
503
666
  __props__.__dict__["environment"] = environment
667
+ __props__.__dict__["identity_token_audience"] = identity_token_audience
668
+ __props__.__dict__["identity_token_key"] = identity_token_key
669
+ __props__.__dict__["identity_token_ttl"] = identity_token_ttl
504
670
  __props__.__dict__["namespace"] = namespace
505
671
  __props__.__dict__["path"] = path
506
672
  if subscription_id is None and not opts.urn:
@@ -527,6 +693,9 @@ class Backend(pulumi.CustomResource):
527
693
  description: Optional[pulumi.Input[str]] = None,
528
694
  disable_remount: Optional[pulumi.Input[bool]] = None,
529
695
  environment: Optional[pulumi.Input[str]] = None,
696
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
697
+ identity_token_key: Optional[pulumi.Input[str]] = None,
698
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
530
699
  namespace: Optional[pulumi.Input[str]] = None,
531
700
  path: Optional[pulumi.Input[str]] = None,
532
701
  subscription_id: Optional[pulumi.Input[str]] = None,
@@ -545,9 +714,15 @@ class Backend(pulumi.CustomResource):
545
714
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
546
715
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
547
716
  :param pulumi.Input[str] environment: The Azure environment.
717
+ :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
718
+ *Available only for Vault Enterprise*
719
+ :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
720
+ *Available only for Vault Enterprise*
721
+ :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
722
+ *Available only for Vault Enterprise*
548
723
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
549
724
  The value should not contain leading or trailing forward slashes.
550
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
725
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
551
726
  *Available only for Vault Enterprise*.
552
727
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
553
728
  :param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
@@ -563,6 +738,9 @@ class Backend(pulumi.CustomResource):
563
738
  __props__.__dict__["description"] = description
564
739
  __props__.__dict__["disable_remount"] = disable_remount
565
740
  __props__.__dict__["environment"] = environment
741
+ __props__.__dict__["identity_token_audience"] = identity_token_audience
742
+ __props__.__dict__["identity_token_key"] = identity_token_key
743
+ __props__.__dict__["identity_token_ttl"] = identity_token_ttl
566
744
  __props__.__dict__["namespace"] = namespace
567
745
  __props__.__dict__["path"] = path
568
746
  __props__.__dict__["subscription_id"] = subscription_id
@@ -611,13 +789,40 @@ class Backend(pulumi.CustomResource):
611
789
  """
612
790
  return pulumi.get(self, "environment")
613
791
 
792
+ @property
793
+ @pulumi.getter(name="identityTokenAudience")
794
+ def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
795
+ """
796
+ The audience claim value. Requires Vault 1.17+.
797
+ *Available only for Vault Enterprise*
798
+ """
799
+ return pulumi.get(self, "identity_token_audience")
800
+
801
+ @property
802
+ @pulumi.getter(name="identityTokenKey")
803
+ def identity_token_key(self) -> pulumi.Output[Optional[str]]:
804
+ """
805
+ The key to use for signing identity tokens. Requires Vault 1.17+.
806
+ *Available only for Vault Enterprise*
807
+ """
808
+ return pulumi.get(self, "identity_token_key")
809
+
810
+ @property
811
+ @pulumi.getter(name="identityTokenTtl")
812
+ def identity_token_ttl(self) -> pulumi.Output[int]:
813
+ """
814
+ The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
815
+ *Available only for Vault Enterprise*
816
+ """
817
+ return pulumi.get(self, "identity_token_ttl")
818
+
614
819
  @property
615
820
  @pulumi.getter
616
821
  def namespace(self) -> pulumi.Output[Optional[str]]:
617
822
  """
618
823
  The namespace to provision the resource in.
619
824
  The value should not contain leading or trailing forward slashes.
620
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
825
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
621
826
  *Available only for Vault Enterprise*.
622
827
  """
623
828
  return pulumi.get(self, "namespace")
@@ -648,6 +853,7 @@ class Backend(pulumi.CustomResource):
648
853
 
649
854
  @property
650
855
  @pulumi.getter(name="useMicrosoftGraphApi")
856
+ @_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
651
857
  def use_microsoft_graph_api(self) -> pulumi.Output[bool]:
652
858
  """
653
859
  Use the Microsoft Graph API. Should be set to true on vault-1.10+