pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from . import _utilities
11
16
 
12
17
  __all__ = ['CertAuthBackendRoleArgs', 'CertAuthBackendRole']
@@ -19,7 +24,6 @@ class CertAuthBackendRoleArgs:
19
24
  allowed_dns_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
20
25
  allowed_email_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
21
26
  allowed_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
22
- allowed_organization_units: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
23
27
  allowed_organizational_units: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
24
28
  allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
25
29
  backend: Optional[pulumi.Input[str]] = None,
@@ -49,14 +53,13 @@ class CertAuthBackendRoleArgs:
49
53
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_email_sans: Allowed emails for authenticated client certificates
50
54
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_names: DEPRECATED: Please use the individual `allowed_X_sans` parameters instead. Allowed subject names for authenticated client certificates
51
55
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_organizational_units: Allowed organization units for authenticated client certificates.
52
- *In previous provider releases this field was incorrectly named `allowed_organization_units`, please update accordingly*
53
56
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uri_sans: Allowed URIs for authenticated client certificates
54
57
  :param pulumi.Input[str] backend: Path to the mounted Cert auth backend
55
58
  :param pulumi.Input[str] display_name: The name to display on tokens issued under this role.
56
59
  :param pulumi.Input[str] name: Name of the role
57
60
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
58
61
  The value should not contain leading or trailing forward slashes.
59
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
62
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
60
63
  *Available only for Vault Enterprise*.
61
64
  :param pulumi.Input[str] ocsp_ca_certificates: Any additional CA certificates
62
65
  needed to verify OCSP responses. Provided as base64 encoded PEM data.
@@ -77,34 +80,15 @@ class CertAuthBackendRoleArgs:
77
80
  Requires Vault version 1.13+.
78
81
  :param pulumi.Input[Sequence[pulumi.Input[str]]] required_extensions: TLS extensions required on
79
82
  client certificates
80
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
81
- addresses which can authenticate successfully, and ties the resulting token to these blocks
82
- as well.
83
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
84
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
85
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
86
- `token_max_ttl` would otherwise allow a renewal.
87
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
88
- Its current value will be referenced at renewal time.
89
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
90
- generated tokens; otherwise it will be added to the policies set in token_policies.
91
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/auth/cert#token_num_uses)
92
- of times a generated token may be used (within its lifetime); 0 means unlimited.
93
- :param pulumi.Input[int] token_period: If set, indicates that the
94
- token generated using this role should never expire. The token should be renewed within the
95
- duration specified by this value. At each renewal, the token's TTL will be set to the
96
- value of this field. Specified in seconds.
97
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
98
- on the auth method, this list may be supplemented by user/group/other values.
99
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
100
- Its current value will be referenced at renewal time.
101
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
102
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
103
- `service` tokens). For token store roles, there are two additional possibilities:
104
- `default-service` and `default-batch` which specify the type to return unless the client
105
- requests a different type at generation time.
106
-
107
- For more details on the usage of each argument consult the [Vault Cert API documentation](https://www.vaultproject.io/api-docs/auth/cert).
83
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
84
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
85
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
86
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
87
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
88
+ :param pulumi.Input[int] token_period: Generated Token's Period
89
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
90
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
91
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
108
92
  """
109
93
  pulumi.set(__self__, "certificate", certificate)
110
94
  if allowed_common_names is not None:
@@ -115,11 +99,6 @@ class CertAuthBackendRoleArgs:
115
99
  pulumi.set(__self__, "allowed_email_sans", allowed_email_sans)
116
100
  if allowed_names is not None:
117
101
  pulumi.set(__self__, "allowed_names", allowed_names)
118
- if allowed_organization_units is not None:
119
- warnings.warn("""Use allowed_organizational_units""", DeprecationWarning)
120
- pulumi.log.warn("""allowed_organization_units is deprecated: Use allowed_organizational_units""")
121
- if allowed_organization_units is not None:
122
- pulumi.set(__self__, "allowed_organization_units", allowed_organization_units)
123
102
  if allowed_organizational_units is not None:
124
103
  pulumi.set(__self__, "allowed_organizational_units", allowed_organizational_units)
125
104
  if allowed_uri_sans is not None:
@@ -223,24 +202,11 @@ class CertAuthBackendRoleArgs:
223
202
  def allowed_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
224
203
  pulumi.set(self, "allowed_names", value)
225
204
 
226
- @property
227
- @pulumi.getter(name="allowedOrganizationUnits")
228
- def allowed_organization_units(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
229
- warnings.warn("""Use allowed_organizational_units""", DeprecationWarning)
230
- pulumi.log.warn("""allowed_organization_units is deprecated: Use allowed_organizational_units""")
231
-
232
- return pulumi.get(self, "allowed_organization_units")
233
-
234
- @allowed_organization_units.setter
235
- def allowed_organization_units(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
236
- pulumi.set(self, "allowed_organization_units", value)
237
-
238
205
  @property
239
206
  @pulumi.getter(name="allowedOrganizationalUnits")
240
207
  def allowed_organizational_units(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
241
208
  """
242
209
  Allowed organization units for authenticated client certificates.
243
- *In previous provider releases this field was incorrectly named `allowed_organization_units`, please update accordingly*
244
210
  """
245
211
  return pulumi.get(self, "allowed_organizational_units")
246
212
 
@@ -302,7 +268,7 @@ class CertAuthBackendRoleArgs:
302
268
  """
303
269
  The namespace to provision the resource in.
304
270
  The value should not contain leading or trailing forward slashes.
305
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
271
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
306
272
  *Available only for Vault Enterprise*.
307
273
  """
308
274
  return pulumi.get(self, "namespace")
@@ -400,9 +366,7 @@ class CertAuthBackendRoleArgs:
400
366
  @pulumi.getter(name="tokenBoundCidrs")
401
367
  def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
402
368
  """
403
- List of CIDR blocks; if set, specifies blocks of IP
404
- addresses which can authenticate successfully, and ties the resulting token to these blocks
405
- as well.
369
+ Specifies the blocks of IP addresses which are allowed to use the generated token
406
370
  """
407
371
  return pulumi.get(self, "token_bound_cidrs")
408
372
 
@@ -414,10 +378,7 @@ class CertAuthBackendRoleArgs:
414
378
  @pulumi.getter(name="tokenExplicitMaxTtl")
415
379
  def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
416
380
  """
417
- If set, will encode an
418
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
419
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
420
- `token_max_ttl` would otherwise allow a renewal.
381
+ Generated Token's Explicit Maximum TTL in seconds
421
382
  """
422
383
  return pulumi.get(self, "token_explicit_max_ttl")
423
384
 
@@ -429,8 +390,7 @@ class CertAuthBackendRoleArgs:
429
390
  @pulumi.getter(name="tokenMaxTtl")
430
391
  def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
431
392
  """
432
- The maximum lifetime for generated tokens in number of seconds.
433
- Its current value will be referenced at renewal time.
393
+ The maximum lifetime of the generated token
434
394
  """
435
395
  return pulumi.get(self, "token_max_ttl")
436
396
 
@@ -442,8 +402,7 @@ class CertAuthBackendRoleArgs:
442
402
  @pulumi.getter(name="tokenNoDefaultPolicy")
443
403
  def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
444
404
  """
445
- If set, the default policy will not be set on
446
- generated tokens; otherwise it will be added to the policies set in token_policies.
405
+ If true, the 'default' policy will not automatically be added to generated tokens
447
406
  """
448
407
  return pulumi.get(self, "token_no_default_policy")
449
408
 
@@ -455,8 +414,7 @@ class CertAuthBackendRoleArgs:
455
414
  @pulumi.getter(name="tokenNumUses")
456
415
  def token_num_uses(self) -> Optional[pulumi.Input[int]]:
457
416
  """
458
- The [maximum number](https://www.vaultproject.io/api-docs/auth/cert#token_num_uses)
459
- of times a generated token may be used (within its lifetime); 0 means unlimited.
417
+ The maximum number of times a token may be used, a value of zero means unlimited
460
418
  """
461
419
  return pulumi.get(self, "token_num_uses")
462
420
 
@@ -468,10 +426,7 @@ class CertAuthBackendRoleArgs:
468
426
  @pulumi.getter(name="tokenPeriod")
469
427
  def token_period(self) -> Optional[pulumi.Input[int]]:
470
428
  """
471
- If set, indicates that the
472
- token generated using this role should never expire. The token should be renewed within the
473
- duration specified by this value. At each renewal, the token's TTL will be set to the
474
- value of this field. Specified in seconds.
429
+ Generated Token's Period
475
430
  """
476
431
  return pulumi.get(self, "token_period")
477
432
 
@@ -483,8 +438,7 @@ class CertAuthBackendRoleArgs:
483
438
  @pulumi.getter(name="tokenPolicies")
484
439
  def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
485
440
  """
486
- List of policies to encode onto generated tokens. Depending
487
- on the auth method, this list may be supplemented by user/group/other values.
441
+ Generated Token's Policies
488
442
  """
489
443
  return pulumi.get(self, "token_policies")
490
444
 
@@ -496,8 +450,7 @@ class CertAuthBackendRoleArgs:
496
450
  @pulumi.getter(name="tokenTtl")
497
451
  def token_ttl(self) -> Optional[pulumi.Input[int]]:
498
452
  """
499
- The incremental lifetime for generated tokens in number of seconds.
500
- Its current value will be referenced at renewal time.
453
+ The initial ttl of the token to generate in seconds
501
454
  """
502
455
  return pulumi.get(self, "token_ttl")
503
456
 
@@ -509,13 +462,7 @@ class CertAuthBackendRoleArgs:
509
462
  @pulumi.getter(name="tokenType")
510
463
  def token_type(self) -> Optional[pulumi.Input[str]]:
511
464
  """
512
- The type of token that should be generated. Can be `service`,
513
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
514
- `service` tokens). For token store roles, there are two additional possibilities:
515
- `default-service` and `default-batch` which specify the type to return unless the client
516
- requests a different type at generation time.
517
-
518
- For more details on the usage of each argument consult the [Vault Cert API documentation](https://www.vaultproject.io/api-docs/auth/cert).
465
+ The type of token to generate, service or batch
519
466
  """
520
467
  return pulumi.get(self, "token_type")
521
468
 
@@ -531,7 +478,6 @@ class _CertAuthBackendRoleState:
531
478
  allowed_dns_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
532
479
  allowed_email_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
533
480
  allowed_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
534
- allowed_organization_units: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
535
481
  allowed_organizational_units: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
536
482
  allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
537
483
  backend: Optional[pulumi.Input[str]] = None,
@@ -561,7 +507,6 @@ class _CertAuthBackendRoleState:
561
507
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_email_sans: Allowed emails for authenticated client certificates
562
508
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_names: DEPRECATED: Please use the individual `allowed_X_sans` parameters instead. Allowed subject names for authenticated client certificates
563
509
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_organizational_units: Allowed organization units for authenticated client certificates.
564
- *In previous provider releases this field was incorrectly named `allowed_organization_units`, please update accordingly*
565
510
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uri_sans: Allowed URIs for authenticated client certificates
566
511
  :param pulumi.Input[str] backend: Path to the mounted Cert auth backend
567
512
  :param pulumi.Input[str] certificate: CA certificate used to validate client certificates
@@ -569,7 +514,7 @@ class _CertAuthBackendRoleState:
569
514
  :param pulumi.Input[str] name: Name of the role
570
515
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
571
516
  The value should not contain leading or trailing forward slashes.
572
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
517
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
573
518
  *Available only for Vault Enterprise*.
574
519
  :param pulumi.Input[str] ocsp_ca_certificates: Any additional CA certificates
575
520
  needed to verify OCSP responses. Provided as base64 encoded PEM data.
@@ -590,34 +535,15 @@ class _CertAuthBackendRoleState:
590
535
  Requires Vault version 1.13+.
591
536
  :param pulumi.Input[Sequence[pulumi.Input[str]]] required_extensions: TLS extensions required on
592
537
  client certificates
593
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
594
- addresses which can authenticate successfully, and ties the resulting token to these blocks
595
- as well.
596
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
597
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
598
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
599
- `token_max_ttl` would otherwise allow a renewal.
600
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
601
- Its current value will be referenced at renewal time.
602
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
603
- generated tokens; otherwise it will be added to the policies set in token_policies.
604
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/auth/cert#token_num_uses)
605
- of times a generated token may be used (within its lifetime); 0 means unlimited.
606
- :param pulumi.Input[int] token_period: If set, indicates that the
607
- token generated using this role should never expire. The token should be renewed within the
608
- duration specified by this value. At each renewal, the token's TTL will be set to the
609
- value of this field. Specified in seconds.
610
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
611
- on the auth method, this list may be supplemented by user/group/other values.
612
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
613
- Its current value will be referenced at renewal time.
614
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
615
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
616
- `service` tokens). For token store roles, there are two additional possibilities:
617
- `default-service` and `default-batch` which specify the type to return unless the client
618
- requests a different type at generation time.
619
-
620
- For more details on the usage of each argument consult the [Vault Cert API documentation](https://www.vaultproject.io/api-docs/auth/cert).
538
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
539
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
540
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
541
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
542
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
543
+ :param pulumi.Input[int] token_period: Generated Token's Period
544
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
545
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
546
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
621
547
  """
622
548
  if allowed_common_names is not None:
623
549
  pulumi.set(__self__, "allowed_common_names", allowed_common_names)
@@ -627,11 +553,6 @@ class _CertAuthBackendRoleState:
627
553
  pulumi.set(__self__, "allowed_email_sans", allowed_email_sans)
628
554
  if allowed_names is not None:
629
555
  pulumi.set(__self__, "allowed_names", allowed_names)
630
- if allowed_organization_units is not None:
631
- warnings.warn("""Use allowed_organizational_units""", DeprecationWarning)
632
- pulumi.log.warn("""allowed_organization_units is deprecated: Use allowed_organizational_units""")
633
- if allowed_organization_units is not None:
634
- pulumi.set(__self__, "allowed_organization_units", allowed_organization_units)
635
556
  if allowed_organizational_units is not None:
636
557
  pulumi.set(__self__, "allowed_organizational_units", allowed_organizational_units)
637
558
  if allowed_uri_sans is not None:
@@ -725,24 +646,11 @@ class _CertAuthBackendRoleState:
725
646
  def allowed_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
726
647
  pulumi.set(self, "allowed_names", value)
727
648
 
728
- @property
729
- @pulumi.getter(name="allowedOrganizationUnits")
730
- def allowed_organization_units(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
731
- warnings.warn("""Use allowed_organizational_units""", DeprecationWarning)
732
- pulumi.log.warn("""allowed_organization_units is deprecated: Use allowed_organizational_units""")
733
-
734
- return pulumi.get(self, "allowed_organization_units")
735
-
736
- @allowed_organization_units.setter
737
- def allowed_organization_units(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
738
- pulumi.set(self, "allowed_organization_units", value)
739
-
740
649
  @property
741
650
  @pulumi.getter(name="allowedOrganizationalUnits")
742
651
  def allowed_organizational_units(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
743
652
  """
744
653
  Allowed organization units for authenticated client certificates.
745
- *In previous provider releases this field was incorrectly named `allowed_organization_units`, please update accordingly*
746
654
  """
747
655
  return pulumi.get(self, "allowed_organizational_units")
748
656
 
@@ -816,7 +724,7 @@ class _CertAuthBackendRoleState:
816
724
  """
817
725
  The namespace to provision the resource in.
818
726
  The value should not contain leading or trailing forward slashes.
819
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
727
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
820
728
  *Available only for Vault Enterprise*.
821
729
  """
822
730
  return pulumi.get(self, "namespace")
@@ -914,9 +822,7 @@ class _CertAuthBackendRoleState:
914
822
  @pulumi.getter(name="tokenBoundCidrs")
915
823
  def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
916
824
  """
917
- List of CIDR blocks; if set, specifies blocks of IP
918
- addresses which can authenticate successfully, and ties the resulting token to these blocks
919
- as well.
825
+ Specifies the blocks of IP addresses which are allowed to use the generated token
920
826
  """
921
827
  return pulumi.get(self, "token_bound_cidrs")
922
828
 
@@ -928,10 +834,7 @@ class _CertAuthBackendRoleState:
928
834
  @pulumi.getter(name="tokenExplicitMaxTtl")
929
835
  def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
930
836
  """
931
- If set, will encode an
932
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
933
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
934
- `token_max_ttl` would otherwise allow a renewal.
837
+ Generated Token's Explicit Maximum TTL in seconds
935
838
  """
936
839
  return pulumi.get(self, "token_explicit_max_ttl")
937
840
 
@@ -943,8 +846,7 @@ class _CertAuthBackendRoleState:
943
846
  @pulumi.getter(name="tokenMaxTtl")
944
847
  def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
945
848
  """
946
- The maximum lifetime for generated tokens in number of seconds.
947
- Its current value will be referenced at renewal time.
849
+ The maximum lifetime of the generated token
948
850
  """
949
851
  return pulumi.get(self, "token_max_ttl")
950
852
 
@@ -956,8 +858,7 @@ class _CertAuthBackendRoleState:
956
858
  @pulumi.getter(name="tokenNoDefaultPolicy")
957
859
  def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
958
860
  """
959
- If set, the default policy will not be set on
960
- generated tokens; otherwise it will be added to the policies set in token_policies.
861
+ If true, the 'default' policy will not automatically be added to generated tokens
961
862
  """
962
863
  return pulumi.get(self, "token_no_default_policy")
963
864
 
@@ -969,8 +870,7 @@ class _CertAuthBackendRoleState:
969
870
  @pulumi.getter(name="tokenNumUses")
970
871
  def token_num_uses(self) -> Optional[pulumi.Input[int]]:
971
872
  """
972
- The [maximum number](https://www.vaultproject.io/api-docs/auth/cert#token_num_uses)
973
- of times a generated token may be used (within its lifetime); 0 means unlimited.
873
+ The maximum number of times a token may be used, a value of zero means unlimited
974
874
  """
975
875
  return pulumi.get(self, "token_num_uses")
976
876
 
@@ -982,10 +882,7 @@ class _CertAuthBackendRoleState:
982
882
  @pulumi.getter(name="tokenPeriod")
983
883
  def token_period(self) -> Optional[pulumi.Input[int]]:
984
884
  """
985
- If set, indicates that the
986
- token generated using this role should never expire. The token should be renewed within the
987
- duration specified by this value. At each renewal, the token's TTL will be set to the
988
- value of this field. Specified in seconds.
885
+ Generated Token's Period
989
886
  """
990
887
  return pulumi.get(self, "token_period")
991
888
 
@@ -997,8 +894,7 @@ class _CertAuthBackendRoleState:
997
894
  @pulumi.getter(name="tokenPolicies")
998
895
  def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
999
896
  """
1000
- List of policies to encode onto generated tokens. Depending
1001
- on the auth method, this list may be supplemented by user/group/other values.
897
+ Generated Token's Policies
1002
898
  """
1003
899
  return pulumi.get(self, "token_policies")
1004
900
 
@@ -1010,8 +906,7 @@ class _CertAuthBackendRoleState:
1010
906
  @pulumi.getter(name="tokenTtl")
1011
907
  def token_ttl(self) -> Optional[pulumi.Input[int]]:
1012
908
  """
1013
- The incremental lifetime for generated tokens in number of seconds.
1014
- Its current value will be referenced at renewal time.
909
+ The initial ttl of the token to generate in seconds
1015
910
  """
1016
911
  return pulumi.get(self, "token_ttl")
1017
912
 
@@ -1023,13 +918,7 @@ class _CertAuthBackendRoleState:
1023
918
  @pulumi.getter(name="tokenType")
1024
919
  def token_type(self) -> Optional[pulumi.Input[str]]:
1025
920
  """
1026
- The type of token that should be generated. Can be `service`,
1027
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
1028
- `service` tokens). For token store roles, there are two additional possibilities:
1029
- `default-service` and `default-batch` which specify the type to return unless the client
1030
- requests a different type at generation time.
1031
-
1032
- For more details on the usage of each argument consult the [Vault Cert API documentation](https://www.vaultproject.io/api-docs/auth/cert).
921
+ The type of token to generate, service or batch
1033
922
  """
1034
923
  return pulumi.get(self, "token_type")
1035
924
 
@@ -1047,7 +936,6 @@ class CertAuthBackendRole(pulumi.CustomResource):
1047
936
  allowed_dns_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1048
937
  allowed_email_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1049
938
  allowed_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1050
- allowed_organization_units: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1051
939
  allowed_organizational_units: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1052
940
  allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1053
941
  backend: Optional[pulumi.Input[str]] = None,
@@ -1078,14 +966,16 @@ class CertAuthBackendRole(pulumi.CustomResource):
1078
966
 
1079
967
  ```python
1080
968
  import pulumi
969
+ import pulumi_std as std
1081
970
  import pulumi_vault as vault
1082
971
 
1083
- cert_auth_backend = vault.AuthBackend("certAuthBackend",
972
+ cert = vault.AuthBackend("cert",
1084
973
  path="cert",
1085
974
  type="cert")
1086
- cert_cert_auth_backend_role = vault.CertAuthBackendRole("certCertAuthBackendRole",
1087
- certificate=(lambda path: open(path).read())("/path/to/certs/ca-cert.pem"),
1088
- backend=cert_auth_backend.path,
975
+ cert_cert_auth_backend_role = vault.CertAuthBackendRole("cert",
976
+ name="foo",
977
+ certificate=std.file(input="/path/to/certs/ca-cert.pem").result,
978
+ backend=cert.path,
1089
979
  allowed_names=[
1090
980
  "foo.example.org",
1091
981
  "baz.example.org",
@@ -1102,7 +992,6 @@ class CertAuthBackendRole(pulumi.CustomResource):
1102
992
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_email_sans: Allowed emails for authenticated client certificates
1103
993
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_names: DEPRECATED: Please use the individual `allowed_X_sans` parameters instead. Allowed subject names for authenticated client certificates
1104
994
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_organizational_units: Allowed organization units for authenticated client certificates.
1105
- *In previous provider releases this field was incorrectly named `allowed_organization_units`, please update accordingly*
1106
995
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uri_sans: Allowed URIs for authenticated client certificates
1107
996
  :param pulumi.Input[str] backend: Path to the mounted Cert auth backend
1108
997
  :param pulumi.Input[str] certificate: CA certificate used to validate client certificates
@@ -1110,7 +999,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
1110
999
  :param pulumi.Input[str] name: Name of the role
1111
1000
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1112
1001
  The value should not contain leading or trailing forward slashes.
1113
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1002
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1114
1003
  *Available only for Vault Enterprise*.
1115
1004
  :param pulumi.Input[str] ocsp_ca_certificates: Any additional CA certificates
1116
1005
  needed to verify OCSP responses. Provided as base64 encoded PEM data.
@@ -1131,34 +1020,15 @@ class CertAuthBackendRole(pulumi.CustomResource):
1131
1020
  Requires Vault version 1.13+.
1132
1021
  :param pulumi.Input[Sequence[pulumi.Input[str]]] required_extensions: TLS extensions required on
1133
1022
  client certificates
1134
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
1135
- addresses which can authenticate successfully, and ties the resulting token to these blocks
1136
- as well.
1137
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
1138
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
1139
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
1140
- `token_max_ttl` would otherwise allow a renewal.
1141
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
1142
- Its current value will be referenced at renewal time.
1143
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
1144
- generated tokens; otherwise it will be added to the policies set in token_policies.
1145
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/auth/cert#token_num_uses)
1146
- of times a generated token may be used (within its lifetime); 0 means unlimited.
1147
- :param pulumi.Input[int] token_period: If set, indicates that the
1148
- token generated using this role should never expire. The token should be renewed within the
1149
- duration specified by this value. At each renewal, the token's TTL will be set to the
1150
- value of this field. Specified in seconds.
1151
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
1152
- on the auth method, this list may be supplemented by user/group/other values.
1153
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
1154
- Its current value will be referenced at renewal time.
1155
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
1156
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
1157
- `service` tokens). For token store roles, there are two additional possibilities:
1158
- `default-service` and `default-batch` which specify the type to return unless the client
1159
- requests a different type at generation time.
1160
-
1161
- For more details on the usage of each argument consult the [Vault Cert API documentation](https://www.vaultproject.io/api-docs/auth/cert).
1023
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
1024
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
1025
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
1026
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
1027
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
1028
+ :param pulumi.Input[int] token_period: Generated Token's Period
1029
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
1030
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
1031
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
1162
1032
  """
1163
1033
  ...
1164
1034
  @overload
@@ -1173,14 +1043,16 @@ class CertAuthBackendRole(pulumi.CustomResource):
1173
1043
 
1174
1044
  ```python
1175
1045
  import pulumi
1046
+ import pulumi_std as std
1176
1047
  import pulumi_vault as vault
1177
1048
 
1178
- cert_auth_backend = vault.AuthBackend("certAuthBackend",
1049
+ cert = vault.AuthBackend("cert",
1179
1050
  path="cert",
1180
1051
  type="cert")
1181
- cert_cert_auth_backend_role = vault.CertAuthBackendRole("certCertAuthBackendRole",
1182
- certificate=(lambda path: open(path).read())("/path/to/certs/ca-cert.pem"),
1183
- backend=cert_auth_backend.path,
1052
+ cert_cert_auth_backend_role = vault.CertAuthBackendRole("cert",
1053
+ name="foo",
1054
+ certificate=std.file(input="/path/to/certs/ca-cert.pem").result,
1055
+ backend=cert.path,
1184
1056
  allowed_names=[
1185
1057
  "foo.example.org",
1186
1058
  "baz.example.org",
@@ -1209,7 +1081,6 @@ class CertAuthBackendRole(pulumi.CustomResource):
1209
1081
  allowed_dns_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1210
1082
  allowed_email_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1211
1083
  allowed_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1212
- allowed_organization_units: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1213
1084
  allowed_organizational_units: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1214
1085
  allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1215
1086
  backend: Optional[pulumi.Input[str]] = None,
@@ -1245,7 +1116,6 @@ class CertAuthBackendRole(pulumi.CustomResource):
1245
1116
  __props__.__dict__["allowed_dns_sans"] = allowed_dns_sans
1246
1117
  __props__.__dict__["allowed_email_sans"] = allowed_email_sans
1247
1118
  __props__.__dict__["allowed_names"] = allowed_names
1248
- __props__.__dict__["allowed_organization_units"] = allowed_organization_units
1249
1119
  __props__.__dict__["allowed_organizational_units"] = allowed_organizational_units
1250
1120
  __props__.__dict__["allowed_uri_sans"] = allowed_uri_sans
1251
1121
  __props__.__dict__["backend"] = backend
@@ -1284,7 +1154,6 @@ class CertAuthBackendRole(pulumi.CustomResource):
1284
1154
  allowed_dns_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1285
1155
  allowed_email_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1286
1156
  allowed_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1287
- allowed_organization_units: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1288
1157
  allowed_organizational_units: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1289
1158
  allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1290
1159
  backend: Optional[pulumi.Input[str]] = None,
@@ -1319,7 +1188,6 @@ class CertAuthBackendRole(pulumi.CustomResource):
1319
1188
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_email_sans: Allowed emails for authenticated client certificates
1320
1189
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_names: DEPRECATED: Please use the individual `allowed_X_sans` parameters instead. Allowed subject names for authenticated client certificates
1321
1190
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_organizational_units: Allowed organization units for authenticated client certificates.
1322
- *In previous provider releases this field was incorrectly named `allowed_organization_units`, please update accordingly*
1323
1191
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uri_sans: Allowed URIs for authenticated client certificates
1324
1192
  :param pulumi.Input[str] backend: Path to the mounted Cert auth backend
1325
1193
  :param pulumi.Input[str] certificate: CA certificate used to validate client certificates
@@ -1327,7 +1195,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
1327
1195
  :param pulumi.Input[str] name: Name of the role
1328
1196
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1329
1197
  The value should not contain leading or trailing forward slashes.
1330
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1198
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1331
1199
  *Available only for Vault Enterprise*.
1332
1200
  :param pulumi.Input[str] ocsp_ca_certificates: Any additional CA certificates
1333
1201
  needed to verify OCSP responses. Provided as base64 encoded PEM data.
@@ -1348,34 +1216,15 @@ class CertAuthBackendRole(pulumi.CustomResource):
1348
1216
  Requires Vault version 1.13+.
1349
1217
  :param pulumi.Input[Sequence[pulumi.Input[str]]] required_extensions: TLS extensions required on
1350
1218
  client certificates
1351
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
1352
- addresses which can authenticate successfully, and ties the resulting token to these blocks
1353
- as well.
1354
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
1355
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
1356
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
1357
- `token_max_ttl` would otherwise allow a renewal.
1358
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
1359
- Its current value will be referenced at renewal time.
1360
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
1361
- generated tokens; otherwise it will be added to the policies set in token_policies.
1362
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/auth/cert#token_num_uses)
1363
- of times a generated token may be used (within its lifetime); 0 means unlimited.
1364
- :param pulumi.Input[int] token_period: If set, indicates that the
1365
- token generated using this role should never expire. The token should be renewed within the
1366
- duration specified by this value. At each renewal, the token's TTL will be set to the
1367
- value of this field. Specified in seconds.
1368
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
1369
- on the auth method, this list may be supplemented by user/group/other values.
1370
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
1371
- Its current value will be referenced at renewal time.
1372
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
1373
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
1374
- `service` tokens). For token store roles, there are two additional possibilities:
1375
- `default-service` and `default-batch` which specify the type to return unless the client
1376
- requests a different type at generation time.
1377
-
1378
- For more details on the usage of each argument consult the [Vault Cert API documentation](https://www.vaultproject.io/api-docs/auth/cert).
1219
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
1220
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
1221
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
1222
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
1223
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
1224
+ :param pulumi.Input[int] token_period: Generated Token's Period
1225
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
1226
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
1227
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
1379
1228
  """
1380
1229
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
1381
1230
 
@@ -1385,7 +1234,6 @@ class CertAuthBackendRole(pulumi.CustomResource):
1385
1234
  __props__.__dict__["allowed_dns_sans"] = allowed_dns_sans
1386
1235
  __props__.__dict__["allowed_email_sans"] = allowed_email_sans
1387
1236
  __props__.__dict__["allowed_names"] = allowed_names
1388
- __props__.__dict__["allowed_organization_units"] = allowed_organization_units
1389
1237
  __props__.__dict__["allowed_organizational_units"] = allowed_organizational_units
1390
1238
  __props__.__dict__["allowed_uri_sans"] = allowed_uri_sans
1391
1239
  __props__.__dict__["backend"] = backend
@@ -1442,20 +1290,11 @@ class CertAuthBackendRole(pulumi.CustomResource):
1442
1290
  """
1443
1291
  return pulumi.get(self, "allowed_names")
1444
1292
 
1445
- @property
1446
- @pulumi.getter(name="allowedOrganizationUnits")
1447
- def allowed_organization_units(self) -> pulumi.Output[Sequence[str]]:
1448
- warnings.warn("""Use allowed_organizational_units""", DeprecationWarning)
1449
- pulumi.log.warn("""allowed_organization_units is deprecated: Use allowed_organizational_units""")
1450
-
1451
- return pulumi.get(self, "allowed_organization_units")
1452
-
1453
1293
  @property
1454
1294
  @pulumi.getter(name="allowedOrganizationalUnits")
1455
1295
  def allowed_organizational_units(self) -> pulumi.Output[Optional[Sequence[str]]]:
1456
1296
  """
1457
1297
  Allowed organization units for authenticated client certificates.
1458
- *In previous provider releases this field was incorrectly named `allowed_organization_units`, please update accordingly*
1459
1298
  """
1460
1299
  return pulumi.get(self, "allowed_organizational_units")
1461
1300
 
@@ -1505,7 +1344,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
1505
1344
  """
1506
1345
  The namespace to provision the resource in.
1507
1346
  The value should not contain leading or trailing forward slashes.
1508
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1347
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1509
1348
  *Available only for Vault Enterprise*.
1510
1349
  """
1511
1350
  return pulumi.get(self, "namespace")
@@ -1575,9 +1414,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
1575
1414
  @pulumi.getter(name="tokenBoundCidrs")
1576
1415
  def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
1577
1416
  """
1578
- List of CIDR blocks; if set, specifies blocks of IP
1579
- addresses which can authenticate successfully, and ties the resulting token to these blocks
1580
- as well.
1417
+ Specifies the blocks of IP addresses which are allowed to use the generated token
1581
1418
  """
1582
1419
  return pulumi.get(self, "token_bound_cidrs")
1583
1420
 
@@ -1585,10 +1422,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
1585
1422
  @pulumi.getter(name="tokenExplicitMaxTtl")
1586
1423
  def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
1587
1424
  """
1588
- If set, will encode an
1589
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
1590
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
1591
- `token_max_ttl` would otherwise allow a renewal.
1425
+ Generated Token's Explicit Maximum TTL in seconds
1592
1426
  """
1593
1427
  return pulumi.get(self, "token_explicit_max_ttl")
1594
1428
 
@@ -1596,8 +1430,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
1596
1430
  @pulumi.getter(name="tokenMaxTtl")
1597
1431
  def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
1598
1432
  """
1599
- The maximum lifetime for generated tokens in number of seconds.
1600
- Its current value will be referenced at renewal time.
1433
+ The maximum lifetime of the generated token
1601
1434
  """
1602
1435
  return pulumi.get(self, "token_max_ttl")
1603
1436
 
@@ -1605,8 +1438,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
1605
1438
  @pulumi.getter(name="tokenNoDefaultPolicy")
1606
1439
  def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
1607
1440
  """
1608
- If set, the default policy will not be set on
1609
- generated tokens; otherwise it will be added to the policies set in token_policies.
1441
+ If true, the 'default' policy will not automatically be added to generated tokens
1610
1442
  """
1611
1443
  return pulumi.get(self, "token_no_default_policy")
1612
1444
 
@@ -1614,8 +1446,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
1614
1446
  @pulumi.getter(name="tokenNumUses")
1615
1447
  def token_num_uses(self) -> pulumi.Output[Optional[int]]:
1616
1448
  """
1617
- The [maximum number](https://www.vaultproject.io/api-docs/auth/cert#token_num_uses)
1618
- of times a generated token may be used (within its lifetime); 0 means unlimited.
1449
+ The maximum number of times a token may be used, a value of zero means unlimited
1619
1450
  """
1620
1451
  return pulumi.get(self, "token_num_uses")
1621
1452
 
@@ -1623,10 +1454,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
1623
1454
  @pulumi.getter(name="tokenPeriod")
1624
1455
  def token_period(self) -> pulumi.Output[Optional[int]]:
1625
1456
  """
1626
- If set, indicates that the
1627
- token generated using this role should never expire. The token should be renewed within the
1628
- duration specified by this value. At each renewal, the token's TTL will be set to the
1629
- value of this field. Specified in seconds.
1457
+ Generated Token's Period
1630
1458
  """
1631
1459
  return pulumi.get(self, "token_period")
1632
1460
 
@@ -1634,8 +1462,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
1634
1462
  @pulumi.getter(name="tokenPolicies")
1635
1463
  def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
1636
1464
  """
1637
- List of policies to encode onto generated tokens. Depending
1638
- on the auth method, this list may be supplemented by user/group/other values.
1465
+ Generated Token's Policies
1639
1466
  """
1640
1467
  return pulumi.get(self, "token_policies")
1641
1468
 
@@ -1643,8 +1470,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
1643
1470
  @pulumi.getter(name="tokenTtl")
1644
1471
  def token_ttl(self) -> pulumi.Output[Optional[int]]:
1645
1472
  """
1646
- The incremental lifetime for generated tokens in number of seconds.
1647
- Its current value will be referenced at renewal time.
1473
+ The initial ttl of the token to generate in seconds
1648
1474
  """
1649
1475
  return pulumi.get(self, "token_ttl")
1650
1476
 
@@ -1652,13 +1478,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
1652
1478
  @pulumi.getter(name="tokenType")
1653
1479
  def token_type(self) -> pulumi.Output[Optional[str]]:
1654
1480
  """
1655
- The type of token that should be generated. Can be `service`,
1656
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
1657
- `service` tokens). For token store roles, there are two additional possibilities:
1658
- `default-service` and `default-batch` which specify the type to return unless the client
1659
- requests a different type at generation time.
1660
-
1661
- For more details on the usage of each argument consult the [Vault Cert API documentation](https://www.vaultproject.io/api-docs/auth/cert).
1481
+ The type of token to generate, service or batch
1662
1482
  """
1663
1483
  return pulumi.get(self, "token_type")
1664
1484