pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
@@ -17,7 +22,7 @@ class SecretBackendRoleArgs:
17
22
  backend: pulumi.Input[str],
18
23
  creation_statements: pulumi.Input[Sequence[pulumi.Input[str]]],
19
24
  db_name: pulumi.Input[str],
20
- credential_config: Optional[pulumi.Input[Mapping[str, Any]]] = None,
25
+ credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
21
26
  credential_type: Optional[pulumi.Input[str]] = None,
22
27
  default_ttl: Optional[pulumi.Input[int]] = None,
23
28
  max_ttl: Optional[pulumi.Input[int]] = None,
@@ -33,7 +38,7 @@ class SecretBackendRoleArgs:
33
38
  creating a user.
34
39
  :param pulumi.Input[str] db_name: The unique name of the database connection to use for
35
40
  the role.
36
- :param pulumi.Input[Mapping[str, Any]] credential_config: Specifies the configuration
41
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] credential_config: Specifies the configuration
37
42
  for the given `credential_type`.
38
43
 
39
44
  The following options are available for each `credential_type` value:
@@ -118,7 +123,7 @@ class SecretBackendRoleArgs:
118
123
 
119
124
  @property
120
125
  @pulumi.getter(name="credentialConfig")
121
- def credential_config(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
126
+ def credential_config(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
122
127
  """
123
128
  Specifies the configuration
124
129
  for the given `credential_type`.
@@ -128,7 +133,7 @@ class SecretBackendRoleArgs:
128
133
  return pulumi.get(self, "credential_config")
129
134
 
130
135
  @credential_config.setter
131
- def credential_config(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
136
+ def credential_config(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
132
137
  pulumi.set(self, "credential_config", value)
133
138
 
134
139
  @property
@@ -243,7 +248,7 @@ class _SecretBackendRoleState:
243
248
  def __init__(__self__, *,
244
249
  backend: Optional[pulumi.Input[str]] = None,
245
250
  creation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
246
- credential_config: Optional[pulumi.Input[Mapping[str, Any]]] = None,
251
+ credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
247
252
  credential_type: Optional[pulumi.Input[str]] = None,
248
253
  db_name: Optional[pulumi.Input[str]] = None,
249
254
  default_ttl: Optional[pulumi.Input[int]] = None,
@@ -258,7 +263,7 @@ class _SecretBackendRoleState:
258
263
  :param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
259
264
  :param pulumi.Input[Sequence[pulumi.Input[str]]] creation_statements: The database statements to execute when
260
265
  creating a user.
261
- :param pulumi.Input[Mapping[str, Any]] credential_config: Specifies the configuration
266
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] credential_config: Specifies the configuration
262
267
  for the given `credential_type`.
263
268
 
264
269
  The following options are available for each `credential_type` value:
@@ -335,7 +340,7 @@ class _SecretBackendRoleState:
335
340
 
336
341
  @property
337
342
  @pulumi.getter(name="credentialConfig")
338
- def credential_config(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
343
+ def credential_config(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
339
344
  """
340
345
  Specifies the configuration
341
346
  for the given `credential_type`.
@@ -345,7 +350,7 @@ class _SecretBackendRoleState:
345
350
  return pulumi.get(self, "credential_config")
346
351
 
347
352
  @credential_config.setter
348
- def credential_config(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
353
+ def credential_config(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
349
354
  pulumi.set(self, "credential_config", value)
350
355
 
351
356
  @property
@@ -475,7 +480,7 @@ class SecretBackendRole(pulumi.CustomResource):
475
480
  opts: Optional[pulumi.ResourceOptions] = None,
476
481
  backend: Optional[pulumi.Input[str]] = None,
477
482
  creation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
478
- credential_config: Optional[pulumi.Input[Mapping[str, Any]]] = None,
483
+ credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
479
484
  credential_type: Optional[pulumi.Input[str]] = None,
480
485
  db_name: Optional[pulumi.Input[str]] = None,
481
486
  default_ttl: Optional[pulumi.Input[int]] = None,
@@ -498,15 +503,17 @@ class SecretBackendRole(pulumi.CustomResource):
498
503
  type="database")
499
504
  postgres = vault.database.SecretBackendConnection("postgres",
500
505
  backend=db.path,
506
+ name="postgres",
501
507
  allowed_roles=[
502
508
  "dev",
503
509
  "prod",
504
510
  ],
505
- postgresql=vault.database.SecretBackendConnectionPostgresqlArgs(
506
- connection_url="postgres://username:password@host:port/database",
507
- ))
511
+ postgresql={
512
+ "connection_url": "postgres://username:password@host:port/database",
513
+ })
508
514
  role = vault.database.SecretBackendRole("role",
509
515
  backend=db.path,
516
+ name="dev",
510
517
  db_name=postgres.name,
511
518
  creation_statements=["CREATE ROLE \\"{{name}}\\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';"])
512
519
  ```
@@ -516,7 +523,7 @@ class SecretBackendRole(pulumi.CustomResource):
516
523
  Database secret backend roles can be imported using the `backend`, `/roles/`, and the `name` e.g.
517
524
 
518
525
  ```sh
519
- $ pulumi import vault:database/secretBackendRole:SecretBackendRole example postgres/roles/my-role
526
+ $ pulumi import vault:database/secretBackendRole:SecretBackendRole example postgres/roles/my-role
520
527
  ```
521
528
 
522
529
  :param str resource_name: The name of the resource.
@@ -524,7 +531,7 @@ class SecretBackendRole(pulumi.CustomResource):
524
531
  :param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
525
532
  :param pulumi.Input[Sequence[pulumi.Input[str]]] creation_statements: The database statements to execute when
526
533
  creating a user.
527
- :param pulumi.Input[Mapping[str, Any]] credential_config: Specifies the configuration
534
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] credential_config: Specifies the configuration
528
535
  for the given `credential_type`.
529
536
 
530
537
  The following options are available for each `credential_type` value:
@@ -567,15 +574,17 @@ class SecretBackendRole(pulumi.CustomResource):
567
574
  type="database")
568
575
  postgres = vault.database.SecretBackendConnection("postgres",
569
576
  backend=db.path,
577
+ name="postgres",
570
578
  allowed_roles=[
571
579
  "dev",
572
580
  "prod",
573
581
  ],
574
- postgresql=vault.database.SecretBackendConnectionPostgresqlArgs(
575
- connection_url="postgres://username:password@host:port/database",
576
- ))
582
+ postgresql={
583
+ "connection_url": "postgres://username:password@host:port/database",
584
+ })
577
585
  role = vault.database.SecretBackendRole("role",
578
586
  backend=db.path,
587
+ name="dev",
579
588
  db_name=postgres.name,
580
589
  creation_statements=["CREATE ROLE \\"{{name}}\\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';"])
581
590
  ```
@@ -585,7 +594,7 @@ class SecretBackendRole(pulumi.CustomResource):
585
594
  Database secret backend roles can be imported using the `backend`, `/roles/`, and the `name` e.g.
586
595
 
587
596
  ```sh
588
- $ pulumi import vault:database/secretBackendRole:SecretBackendRole example postgres/roles/my-role
597
+ $ pulumi import vault:database/secretBackendRole:SecretBackendRole example postgres/roles/my-role
589
598
  ```
590
599
 
591
600
  :param str resource_name: The name of the resource.
@@ -605,7 +614,7 @@ class SecretBackendRole(pulumi.CustomResource):
605
614
  opts: Optional[pulumi.ResourceOptions] = None,
606
615
  backend: Optional[pulumi.Input[str]] = None,
607
616
  creation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
608
- credential_config: Optional[pulumi.Input[Mapping[str, Any]]] = None,
617
+ credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
609
618
  credential_type: Optional[pulumi.Input[str]] = None,
610
619
  db_name: Optional[pulumi.Input[str]] = None,
611
620
  default_ttl: Optional[pulumi.Input[int]] = None,
@@ -654,7 +663,7 @@ class SecretBackendRole(pulumi.CustomResource):
654
663
  opts: Optional[pulumi.ResourceOptions] = None,
655
664
  backend: Optional[pulumi.Input[str]] = None,
656
665
  creation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
657
- credential_config: Optional[pulumi.Input[Mapping[str, Any]]] = None,
666
+ credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
658
667
  credential_type: Optional[pulumi.Input[str]] = None,
659
668
  db_name: Optional[pulumi.Input[str]] = None,
660
669
  default_ttl: Optional[pulumi.Input[int]] = None,
@@ -674,7 +683,7 @@ class SecretBackendRole(pulumi.CustomResource):
674
683
  :param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
675
684
  :param pulumi.Input[Sequence[pulumi.Input[str]]] creation_statements: The database statements to execute when
676
685
  creating a user.
677
- :param pulumi.Input[Mapping[str, Any]] credential_config: Specifies the configuration
686
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] credential_config: Specifies the configuration
678
687
  for the given `credential_type`.
679
688
 
680
689
  The following options are available for each `credential_type` value:
@@ -736,7 +745,7 @@ class SecretBackendRole(pulumi.CustomResource):
736
745
 
737
746
  @property
738
747
  @pulumi.getter(name="credentialConfig")
739
- def credential_config(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
748
+ def credential_config(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
740
749
  """
741
750
  Specifies the configuration
742
751
  for the given `credential_type`.
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretBackendStaticRoleArgs', 'SecretBackendStaticRole']
@@ -22,7 +27,8 @@ class SecretBackendStaticRoleArgs:
22
27
  rotation_period: Optional[pulumi.Input[int]] = None,
23
28
  rotation_schedule: Optional[pulumi.Input[str]] = None,
24
29
  rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
25
- rotation_window: Optional[pulumi.Input[int]] = None):
30
+ rotation_window: Optional[pulumi.Input[int]] = None,
31
+ self_managed_password: Optional[pulumi.Input[str]] = None):
26
32
  """
27
33
  The set of arguments for constructing a SecretBackendStaticRole resource.
28
34
  :param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
@@ -43,6 +49,9 @@ class SecretBackendStaticRoleArgs:
43
49
  :param pulumi.Input[Sequence[pulumi.Input[str]]] rotation_statements: Database statements to execute to rotate the password for the configured database user.
44
50
  :param pulumi.Input[int] rotation_window: The amount of time, in seconds, in which rotations are allowed to occur starting
45
51
  from a given `rotation_schedule`.
52
+ :param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
53
+ Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
54
+ select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
46
55
  """
47
56
  pulumi.set(__self__, "backend", backend)
48
57
  pulumi.set(__self__, "db_name", db_name)
@@ -59,6 +68,8 @@ class SecretBackendStaticRoleArgs:
59
68
  pulumi.set(__self__, "rotation_statements", rotation_statements)
60
69
  if rotation_window is not None:
61
70
  pulumi.set(__self__, "rotation_window", rotation_window)
71
+ if self_managed_password is not None:
72
+ pulumi.set(__self__, "self_managed_password", self_managed_password)
62
73
 
63
74
  @property
64
75
  @pulumi.getter
@@ -177,6 +188,20 @@ class SecretBackendStaticRoleArgs:
177
188
  def rotation_window(self, value: Optional[pulumi.Input[int]]):
178
189
  pulumi.set(self, "rotation_window", value)
179
190
 
191
+ @property
192
+ @pulumi.getter(name="selfManagedPassword")
193
+ def self_managed_password(self) -> Optional[pulumi.Input[str]]:
194
+ """
195
+ The password corresponding to the username in the database.
196
+ Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
197
+ select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
198
+ """
199
+ return pulumi.get(self, "self_managed_password")
200
+
201
+ @self_managed_password.setter
202
+ def self_managed_password(self, value: Optional[pulumi.Input[str]]):
203
+ pulumi.set(self, "self_managed_password", value)
204
+
180
205
 
181
206
  @pulumi.input_type
182
207
  class _SecretBackendStaticRoleState:
@@ -189,6 +214,7 @@ class _SecretBackendStaticRoleState:
189
214
  rotation_schedule: Optional[pulumi.Input[str]] = None,
190
215
  rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
191
216
  rotation_window: Optional[pulumi.Input[int]] = None,
217
+ self_managed_password: Optional[pulumi.Input[str]] = None,
192
218
  username: Optional[pulumi.Input[str]] = None):
193
219
  """
194
220
  Input properties used for looking up and filtering SecretBackendStaticRole resources.
@@ -209,6 +235,9 @@ class _SecretBackendStaticRoleState:
209
235
  :param pulumi.Input[Sequence[pulumi.Input[str]]] rotation_statements: Database statements to execute to rotate the password for the configured database user.
210
236
  :param pulumi.Input[int] rotation_window: The amount of time, in seconds, in which rotations are allowed to occur starting
211
237
  from a given `rotation_schedule`.
238
+ :param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
239
+ Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
240
+ select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
212
241
  :param pulumi.Input[str] username: The database username that this static role corresponds to.
213
242
  """
214
243
  if backend is not None:
@@ -227,6 +256,8 @@ class _SecretBackendStaticRoleState:
227
256
  pulumi.set(__self__, "rotation_statements", rotation_statements)
228
257
  if rotation_window is not None:
229
258
  pulumi.set(__self__, "rotation_window", rotation_window)
259
+ if self_managed_password is not None:
260
+ pulumi.set(__self__, "self_managed_password", self_managed_password)
230
261
  if username is not None:
231
262
  pulumi.set(__self__, "username", username)
232
263
 
@@ -335,6 +366,20 @@ class _SecretBackendStaticRoleState:
335
366
  def rotation_window(self, value: Optional[pulumi.Input[int]]):
336
367
  pulumi.set(self, "rotation_window", value)
337
368
 
369
+ @property
370
+ @pulumi.getter(name="selfManagedPassword")
371
+ def self_managed_password(self) -> Optional[pulumi.Input[str]]:
372
+ """
373
+ The password corresponding to the username in the database.
374
+ Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
375
+ select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
376
+ """
377
+ return pulumi.get(self, "self_managed_password")
378
+
379
+ @self_managed_password.setter
380
+ def self_managed_password(self, value: Optional[pulumi.Input[str]]):
381
+ pulumi.set(self, "self_managed_password", value)
382
+
338
383
  @property
339
384
  @pulumi.getter
340
385
  def username(self) -> Optional[pulumi.Input[str]]:
@@ -361,6 +406,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
361
406
  rotation_schedule: Optional[pulumi.Input[str]] = None,
362
407
  rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
363
408
  rotation_window: Optional[pulumi.Input[int]] = None,
409
+ self_managed_password: Optional[pulumi.Input[str]] = None,
364
410
  username: Optional[pulumi.Input[str]] = None,
365
411
  __props__=None):
366
412
  """
@@ -379,20 +425,23 @@ class SecretBackendStaticRole(pulumi.CustomResource):
379
425
  type="database")
380
426
  postgres = vault.database.SecretBackendConnection("postgres",
381
427
  backend=db.path,
428
+ name="postgres",
382
429
  allowed_roles=["*"],
383
- postgresql=vault.database.SecretBackendConnectionPostgresqlArgs(
384
- connection_url="postgres://username:password@host:port/database",
385
- ))
430
+ postgresql={
431
+ "connection_url": "postgres://username:password@host:port/database",
432
+ })
386
433
  # configure a static role with period-based rotations
387
- period_role = vault.database.SecretBackendStaticRole("periodRole",
434
+ period_role = vault.database.SecretBackendStaticRole("period_role",
388
435
  backend=db.path,
436
+ name="my-period-role",
389
437
  db_name=postgres.name,
390
438
  username="example",
391
439
  rotation_period=3600,
392
440
  rotation_statements=["ALTER USER \\"{{name}}\\" WITH PASSWORD '{{password}}';"])
393
441
  # configure a static role with schedule-based rotations
394
- schedule_role = vault.database.SecretBackendStaticRole("scheduleRole",
442
+ schedule_role = vault.database.SecretBackendStaticRole("schedule_role",
395
443
  backend=db.path,
444
+ name="my-schedule-role",
396
445
  db_name=postgres.name,
397
446
  username="example",
398
447
  rotation_schedule="0 0 * * SAT",
@@ -405,7 +454,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
405
454
  Database secret backend static roles can be imported using the `backend`, `/static-roles/`, and the `name` e.g.
406
455
 
407
456
  ```sh
408
- $ pulumi import vault:database/secretBackendStaticRole:SecretBackendStaticRole example postgres/static-roles/my-role
457
+ $ pulumi import vault:database/secretBackendStaticRole:SecretBackendStaticRole example postgres/static-roles/my-role
409
458
  ```
410
459
 
411
460
  :param str resource_name: The name of the resource.
@@ -427,6 +476,9 @@ class SecretBackendStaticRole(pulumi.CustomResource):
427
476
  :param pulumi.Input[Sequence[pulumi.Input[str]]] rotation_statements: Database statements to execute to rotate the password for the configured database user.
428
477
  :param pulumi.Input[int] rotation_window: The amount of time, in seconds, in which rotations are allowed to occur starting
429
478
  from a given `rotation_schedule`.
479
+ :param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
480
+ Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
481
+ select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
430
482
  :param pulumi.Input[str] username: The database username that this static role corresponds to.
431
483
  """
432
484
  ...
@@ -451,20 +503,23 @@ class SecretBackendStaticRole(pulumi.CustomResource):
451
503
  type="database")
452
504
  postgres = vault.database.SecretBackendConnection("postgres",
453
505
  backend=db.path,
506
+ name="postgres",
454
507
  allowed_roles=["*"],
455
- postgresql=vault.database.SecretBackendConnectionPostgresqlArgs(
456
- connection_url="postgres://username:password@host:port/database",
457
- ))
508
+ postgresql={
509
+ "connection_url": "postgres://username:password@host:port/database",
510
+ })
458
511
  # configure a static role with period-based rotations
459
- period_role = vault.database.SecretBackendStaticRole("periodRole",
512
+ period_role = vault.database.SecretBackendStaticRole("period_role",
460
513
  backend=db.path,
514
+ name="my-period-role",
461
515
  db_name=postgres.name,
462
516
  username="example",
463
517
  rotation_period=3600,
464
518
  rotation_statements=["ALTER USER \\"{{name}}\\" WITH PASSWORD '{{password}}';"])
465
519
  # configure a static role with schedule-based rotations
466
- schedule_role = vault.database.SecretBackendStaticRole("scheduleRole",
520
+ schedule_role = vault.database.SecretBackendStaticRole("schedule_role",
467
521
  backend=db.path,
522
+ name="my-schedule-role",
468
523
  db_name=postgres.name,
469
524
  username="example",
470
525
  rotation_schedule="0 0 * * SAT",
@@ -477,7 +532,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
477
532
  Database secret backend static roles can be imported using the `backend`, `/static-roles/`, and the `name` e.g.
478
533
 
479
534
  ```sh
480
- $ pulumi import vault:database/secretBackendStaticRole:SecretBackendStaticRole example postgres/static-roles/my-role
535
+ $ pulumi import vault:database/secretBackendStaticRole:SecretBackendStaticRole example postgres/static-roles/my-role
481
536
  ```
482
537
 
483
538
  :param str resource_name: The name of the resource.
@@ -503,6 +558,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
503
558
  rotation_schedule: Optional[pulumi.Input[str]] = None,
504
559
  rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
505
560
  rotation_window: Optional[pulumi.Input[int]] = None,
561
+ self_managed_password: Optional[pulumi.Input[str]] = None,
506
562
  username: Optional[pulumi.Input[str]] = None,
507
563
  __props__=None):
508
564
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -525,9 +581,12 @@ class SecretBackendStaticRole(pulumi.CustomResource):
525
581
  __props__.__dict__["rotation_schedule"] = rotation_schedule
526
582
  __props__.__dict__["rotation_statements"] = rotation_statements
527
583
  __props__.__dict__["rotation_window"] = rotation_window
584
+ __props__.__dict__["self_managed_password"] = None if self_managed_password is None else pulumi.Output.secret(self_managed_password)
528
585
  if username is None and not opts.urn:
529
586
  raise TypeError("Missing required property 'username'")
530
587
  __props__.__dict__["username"] = username
588
+ secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["selfManagedPassword"])
589
+ opts = pulumi.ResourceOptions.merge(opts, secret_opts)
531
590
  super(SecretBackendStaticRole, __self__).__init__(
532
591
  'vault:database/secretBackendStaticRole:SecretBackendStaticRole',
533
592
  resource_name,
@@ -546,6 +605,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
546
605
  rotation_schedule: Optional[pulumi.Input[str]] = None,
547
606
  rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
548
607
  rotation_window: Optional[pulumi.Input[int]] = None,
608
+ self_managed_password: Optional[pulumi.Input[str]] = None,
549
609
  username: Optional[pulumi.Input[str]] = None) -> 'SecretBackendStaticRole':
550
610
  """
551
611
  Get an existing SecretBackendStaticRole resource's state with the given name, id, and optional extra
@@ -571,6 +631,9 @@ class SecretBackendStaticRole(pulumi.CustomResource):
571
631
  :param pulumi.Input[Sequence[pulumi.Input[str]]] rotation_statements: Database statements to execute to rotate the password for the configured database user.
572
632
  :param pulumi.Input[int] rotation_window: The amount of time, in seconds, in which rotations are allowed to occur starting
573
633
  from a given `rotation_schedule`.
634
+ :param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
635
+ Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
636
+ select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
574
637
  :param pulumi.Input[str] username: The database username that this static role corresponds to.
575
638
  """
576
639
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -585,6 +648,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
585
648
  __props__.__dict__["rotation_schedule"] = rotation_schedule
586
649
  __props__.__dict__["rotation_statements"] = rotation_statements
587
650
  __props__.__dict__["rotation_window"] = rotation_window
651
+ __props__.__dict__["self_managed_password"] = self_managed_password
588
652
  __props__.__dict__["username"] = username
589
653
  return SecretBackendStaticRole(resource_name, opts=opts, __props__=__props__)
590
654
 
@@ -661,6 +725,16 @@ class SecretBackendStaticRole(pulumi.CustomResource):
661
725
  """
662
726
  return pulumi.get(self, "rotation_window")
663
727
 
728
+ @property
729
+ @pulumi.getter(name="selfManagedPassword")
730
+ def self_managed_password(self) -> pulumi.Output[Optional[str]]:
731
+ """
732
+ The password corresponding to the username in the database.
733
+ Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
734
+ select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
735
+ """
736
+ return pulumi.get(self, "self_managed_password")
737
+
664
738
  @property
665
739
  @pulumi.getter
666
740
  def username(self) -> pulumi.Output[str]: