pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
  from . import outputs
12
17
  from ._inputs import *
@@ -41,7 +46,7 @@ class BackendRoleArgs:
41
46
  suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
42
47
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
43
48
  The value should not contain leading or trailing forward slashes.
44
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
49
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
45
50
  *Available only for Vault Enterprise*.
46
51
  :param pulumi.Input[bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
47
52
  deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
@@ -167,7 +172,7 @@ class BackendRoleArgs:
167
172
  """
168
173
  The namespace to provision the resource in.
169
174
  The value should not contain leading or trailing forward slashes.
170
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
175
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
171
176
  *Available only for Vault Enterprise*.
172
177
  """
173
178
  return pulumi.get(self, "namespace")
@@ -255,7 +260,7 @@ class _BackendRoleState:
255
260
  suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
256
261
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
257
262
  The value should not contain leading or trailing forward slashes.
258
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
263
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
259
264
  *Available only for Vault Enterprise*.
260
265
  :param pulumi.Input[bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
261
266
  deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
@@ -371,7 +376,7 @@ class _BackendRoleState:
371
376
  """
372
377
  The namespace to provision the resource in.
373
378
  The value should not contain leading or trailing forward slashes.
374
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
379
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
375
380
  *Available only for Vault Enterprise*.
376
381
  """
377
382
  return pulumi.get(self, "namespace")
@@ -450,8 +455,8 @@ class BackendRole(pulumi.CustomResource):
450
455
  resource_name: str,
451
456
  opts: Optional[pulumi.ResourceOptions] = None,
452
457
  application_object_id: Optional[pulumi.Input[str]] = None,
453
- azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BackendRoleAzureGroupArgs']]]]] = None,
454
- azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BackendRoleAzureRoleArgs']]]]] = None,
458
+ azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]]] = None,
459
+ azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]]] = None,
455
460
  backend: Optional[pulumi.Input[str]] = None,
456
461
  description: Optional[pulumi.Input[str]] = None,
457
462
  max_ttl: Optional[pulumi.Input[str]] = None,
@@ -470,11 +475,11 @@ class BackendRole(pulumi.CustomResource):
470
475
  import pulumi_vault as vault
471
476
 
472
477
  azure = vault.azure.Backend("azure",
473
- subscription_id=var["subscription_id"],
474
- tenant_id=var["tenant_id"],
475
- client_secret=var["client_secret"],
476
- client_id=var["client_id"])
477
- generated_role = vault.azure.BackendRole("generatedRole",
478
+ subscription_id=subscription_id,
479
+ tenant_id=tenant_id,
480
+ client_secret=client_secret,
481
+ client_id=client_id)
482
+ generated_role = vault.azure.BackendRole("generated_role",
478
483
  backend=azure.path,
479
484
  role="generated_role",
480
485
  sign_in_audience="AzureADMyOrg",
@@ -484,11 +489,11 @@ class BackendRole(pulumi.CustomResource):
484
489
  ],
485
490
  ttl="300",
486
491
  max_ttl="600",
487
- azure_roles=[vault.azure.BackendRoleAzureRoleArgs(
488
- role_name="Reader",
489
- scope=f"/subscriptions/{var['subscription_id']}/resourceGroups/azure-vault-group",
490
- )])
491
- existing_object_id = vault.azure.BackendRole("existingObjectId",
492
+ azure_roles=[{
493
+ "role_name": "Reader",
494
+ "scope": f"/subscriptions/{subscription_id}/resourceGroups/azure-vault-group",
495
+ }])
496
+ existing_object_id = vault.azure.BackendRole("existing_object_id",
492
497
  backend=azure.path,
493
498
  role="existing_object_id",
494
499
  application_object_id="11111111-2222-3333-4444-44444444444",
@@ -500,15 +505,15 @@ class BackendRole(pulumi.CustomResource):
500
505
  :param pulumi.ResourceOptions opts: Options for the resource.
501
506
  :param pulumi.Input[str] application_object_id: Application Object ID for an existing service principal that will
502
507
  be used instead of creating dynamic service principals. If present, `azure_roles` and `permanently_delete` will be ignored.
503
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BackendRoleAzureGroupArgs']]]] azure_groups: List of Azure groups to be assigned to the generated service principal.
504
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BackendRoleAzureRoleArgs']]]] azure_roles: List of Azure roles to be assigned to the generated service principal.
508
+ :param pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]] azure_groups: List of Azure groups to be assigned to the generated service principal.
509
+ :param pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]] azure_roles: List of Azure roles to be assigned to the generated service principal.
505
510
  :param pulumi.Input[str] backend: Path to the mounted Azure auth backend
506
511
  :param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
507
512
  :param pulumi.Input[str] max_ttl: Specifies the maximum TTL for service principals generated using this role. Accepts time
508
513
  suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
509
514
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
510
515
  The value should not contain leading or trailing forward slashes.
511
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
516
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
512
517
  *Available only for Vault Enterprise*.
513
518
  :param pulumi.Input[bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
514
519
  deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
@@ -533,11 +538,11 @@ class BackendRole(pulumi.CustomResource):
533
538
  import pulumi_vault as vault
534
539
 
535
540
  azure = vault.azure.Backend("azure",
536
- subscription_id=var["subscription_id"],
537
- tenant_id=var["tenant_id"],
538
- client_secret=var["client_secret"],
539
- client_id=var["client_id"])
540
- generated_role = vault.azure.BackendRole("generatedRole",
541
+ subscription_id=subscription_id,
542
+ tenant_id=tenant_id,
543
+ client_secret=client_secret,
544
+ client_id=client_id)
545
+ generated_role = vault.azure.BackendRole("generated_role",
541
546
  backend=azure.path,
542
547
  role="generated_role",
543
548
  sign_in_audience="AzureADMyOrg",
@@ -547,11 +552,11 @@ class BackendRole(pulumi.CustomResource):
547
552
  ],
548
553
  ttl="300",
549
554
  max_ttl="600",
550
- azure_roles=[vault.azure.BackendRoleAzureRoleArgs(
551
- role_name="Reader",
552
- scope=f"/subscriptions/{var['subscription_id']}/resourceGroups/azure-vault-group",
553
- )])
554
- existing_object_id = vault.azure.BackendRole("existingObjectId",
555
+ azure_roles=[{
556
+ "role_name": "Reader",
557
+ "scope": f"/subscriptions/{subscription_id}/resourceGroups/azure-vault-group",
558
+ }])
559
+ existing_object_id = vault.azure.BackendRole("existing_object_id",
555
560
  backend=azure.path,
556
561
  role="existing_object_id",
557
562
  application_object_id="11111111-2222-3333-4444-44444444444",
@@ -575,8 +580,8 @@ class BackendRole(pulumi.CustomResource):
575
580
  resource_name: str,
576
581
  opts: Optional[pulumi.ResourceOptions] = None,
577
582
  application_object_id: Optional[pulumi.Input[str]] = None,
578
- azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BackendRoleAzureGroupArgs']]]]] = None,
579
- azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BackendRoleAzureRoleArgs']]]]] = None,
583
+ azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]]] = None,
584
+ azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]]] = None,
580
585
  backend: Optional[pulumi.Input[str]] = None,
581
586
  description: Optional[pulumi.Input[str]] = None,
582
587
  max_ttl: Optional[pulumi.Input[str]] = None,
@@ -620,8 +625,8 @@ class BackendRole(pulumi.CustomResource):
620
625
  id: pulumi.Input[str],
621
626
  opts: Optional[pulumi.ResourceOptions] = None,
622
627
  application_object_id: Optional[pulumi.Input[str]] = None,
623
- azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BackendRoleAzureGroupArgs']]]]] = None,
624
- azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BackendRoleAzureRoleArgs']]]]] = None,
628
+ azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]]] = None,
629
+ azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]]] = None,
625
630
  backend: Optional[pulumi.Input[str]] = None,
626
631
  description: Optional[pulumi.Input[str]] = None,
627
632
  max_ttl: Optional[pulumi.Input[str]] = None,
@@ -640,15 +645,15 @@ class BackendRole(pulumi.CustomResource):
640
645
  :param pulumi.ResourceOptions opts: Options for the resource.
641
646
  :param pulumi.Input[str] application_object_id: Application Object ID for an existing service principal that will
642
647
  be used instead of creating dynamic service principals. If present, `azure_roles` and `permanently_delete` will be ignored.
643
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BackendRoleAzureGroupArgs']]]] azure_groups: List of Azure groups to be assigned to the generated service principal.
644
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BackendRoleAzureRoleArgs']]]] azure_roles: List of Azure roles to be assigned to the generated service principal.
648
+ :param pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]] azure_groups: List of Azure groups to be assigned to the generated service principal.
649
+ :param pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]] azure_roles: List of Azure roles to be assigned to the generated service principal.
645
650
  :param pulumi.Input[str] backend: Path to the mounted Azure auth backend
646
651
  :param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
647
652
  :param pulumi.Input[str] max_ttl: Specifies the maximum TTL for service principals generated using this role. Accepts time
648
653
  suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
649
654
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
650
655
  The value should not contain leading or trailing forward slashes.
651
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
656
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
652
657
  *Available only for Vault Enterprise*.
653
658
  :param pulumi.Input[bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
654
659
  deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
@@ -733,7 +738,7 @@ class BackendRole(pulumi.CustomResource):
733
738
  """
734
739
  The namespace to provision the resource in.
735
740
  The value should not contain leading or trailing forward slashes.
736
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
741
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
737
742
  *Available only for Vault Enterprise*.
738
743
  """
739
744
  return pulumi.get(self, "namespace")
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = [
@@ -226,6 +231,7 @@ def get_access_credentials(backend: Optional[str] = None,
226
231
  num_seconds_between_tests=1,
227
232
  max_cred_validation_seconds=300)
228
233
  ```
234
+
229
235
  ## Caveats
230
236
 
231
237
  The `validate_creds` option requires read-access to the `backend` config endpoint.
@@ -244,7 +250,7 @@ def get_access_credentials(backend: Optional[str] = None,
244
250
  to 300.
245
251
  :param str namespace: The namespace of the target resource.
246
252
  The value should not contain leading or trailing forward slashes.
247
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
253
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
248
254
  *Available only for Vault Enterprise*.
249
255
  :param int num_seconds_between_tests: If 'validate_creds' is true,
250
256
  the number of seconds to wait between each test of generated credentials.
@@ -297,9 +303,6 @@ def get_access_credentials(backend: Optional[str] = None,
297
303
  subscription_id=pulumi.get(__ret__, 'subscription_id'),
298
304
  tenant_id=pulumi.get(__ret__, 'tenant_id'),
299
305
  validate_creds=pulumi.get(__ret__, 'validate_creds'))
300
-
301
-
302
- @_utilities.lift_output_func(get_access_credentials)
303
306
  def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
304
307
  environment: Optional[pulumi.Input[Optional[str]]] = None,
305
308
  max_cred_validation_seconds: Optional[pulumi.Input[Optional[int]]] = None,
@@ -310,7 +313,7 @@ def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
310
313
  subscription_id: Optional[pulumi.Input[Optional[str]]] = None,
311
314
  tenant_id: Optional[pulumi.Input[Optional[str]]] = None,
312
315
  validate_creds: Optional[pulumi.Input[Optional[bool]]] = None,
313
- opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAccessCredentialsResult]:
316
+ opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAccessCredentialsResult]:
314
317
  """
315
318
  ## Example Usage
316
319
 
@@ -324,6 +327,7 @@ def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
324
327
  num_seconds_between_tests=1,
325
328
  max_cred_validation_seconds=300)
326
329
  ```
330
+
327
331
  ## Caveats
328
332
 
329
333
  The `validate_creds` option requires read-access to the `backend` config endpoint.
@@ -342,7 +346,7 @@ def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
342
346
  to 300.
343
347
  :param str namespace: The namespace of the target resource.
344
348
  The value should not contain leading or trailing forward slashes.
345
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
349
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
346
350
  *Available only for Vault Enterprise*.
347
351
  :param int num_seconds_between_tests: If 'validate_creds' is true,
348
352
  the number of seconds to wait between each test of generated credentials.
@@ -363,4 +367,34 @@ def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
363
367
  credentials without checking whether they have fully propagated throughout
364
368
  Azure Active Directory. Designating `true` activates testing.
365
369
  """
366
- ...
370
+ __args__ = dict()
371
+ __args__['backend'] = backend
372
+ __args__['environment'] = environment
373
+ __args__['maxCredValidationSeconds'] = max_cred_validation_seconds
374
+ __args__['namespace'] = namespace
375
+ __args__['numSecondsBetweenTests'] = num_seconds_between_tests
376
+ __args__['numSequentialSuccesses'] = num_sequential_successes
377
+ __args__['role'] = role
378
+ __args__['subscriptionId'] = subscription_id
379
+ __args__['tenantId'] = tenant_id
380
+ __args__['validateCreds'] = validate_creds
381
+ opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
382
+ __ret__ = pulumi.runtime.invoke_output('vault:azure/getAccessCredentials:getAccessCredentials', __args__, opts=opts, typ=GetAccessCredentialsResult)
383
+ return __ret__.apply(lambda __response__: GetAccessCredentialsResult(
384
+ backend=pulumi.get(__response__, 'backend'),
385
+ client_id=pulumi.get(__response__, 'client_id'),
386
+ client_secret=pulumi.get(__response__, 'client_secret'),
387
+ environment=pulumi.get(__response__, 'environment'),
388
+ id=pulumi.get(__response__, 'id'),
389
+ lease_duration=pulumi.get(__response__, 'lease_duration'),
390
+ lease_id=pulumi.get(__response__, 'lease_id'),
391
+ lease_renewable=pulumi.get(__response__, 'lease_renewable'),
392
+ lease_start_time=pulumi.get(__response__, 'lease_start_time'),
393
+ max_cred_validation_seconds=pulumi.get(__response__, 'max_cred_validation_seconds'),
394
+ namespace=pulumi.get(__response__, 'namespace'),
395
+ num_seconds_between_tests=pulumi.get(__response__, 'num_seconds_between_tests'),
396
+ num_sequential_successes=pulumi.get(__response__, 'num_sequential_successes'),
397
+ role=pulumi.get(__response__, 'role'),
398
+ subscription_id=pulumi.get(__response__, 'subscription_id'),
399
+ tenant_id=pulumi.get(__response__, 'tenant_id'),
400
+ validate_creds=pulumi.get(__response__, 'validate_creds')))
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = [