pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

pulumi_vault/gcp/secret_impersonated_account.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['SecretImpersonatedAccountArgs', 'SecretImpersonatedAccount']
@@ -18,7 +23,8 @@ class SecretImpersonatedAccountArgs:
                  impersonated_account: pulumi.Input[str],
                  service_account_email: pulumi.Input[str],
                  namespace: Optional[pulumi.Input[str]] = None,
-                 token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
+                 token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 ttl: Optional[pulumi.Input[str]] = None):
         """
         The set of arguments for constructing a SecretImpersonatedAccount resource.
         :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
@@ -26,6 +32,8 @@ class SecretImpersonatedAccountArgs:
         :param pulumi.Input[str] service_account_email: Email of the GCP service account to impersonate.
         :param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
         :param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to access tokens generated under this impersonated account.
+        :param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
+               Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
         """
         pulumi.set(__self__, "backend", backend)
         pulumi.set(__self__, "impersonated_account", impersonated_account)
@@ -34,6 +42,8 @@ class SecretImpersonatedAccountArgs:
             pulumi.set(__self__, "namespace", namespace)
         if token_scopes is not None:
             pulumi.set(__self__, "token_scopes", token_scopes)
+        if ttl is not None:
+            pulumi.set(__self__, "ttl", ttl)
 
     @property
     @pulumi.getter
@@ -95,6 +105,19 @@ class SecretImpersonatedAccountArgs:
     def token_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
         pulumi.set(self, "token_scopes", value)
 
+    @property
+    @pulumi.getter
+    def ttl(self) -> Optional[pulumi.Input[str]]:
+        """
+        Specifies the default TTL for service principals generated using this role.
+        Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
+        """
+        return pulumi.get(self, "ttl")
+
+    @ttl.setter
+    def ttl(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "ttl", value)
+
 
 @pulumi.input_type
 class _SecretImpersonatedAccountState:
@@ -104,7 +127,8 @@ class _SecretImpersonatedAccountState:
                  namespace: Optional[pulumi.Input[str]] = None,
                  service_account_email: Optional[pulumi.Input[str]] = None,
                  service_account_project: Optional[pulumi.Input[str]] = None,
-                 token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
+                 token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 ttl: Optional[pulumi.Input[str]] = None):
         """
         Input properties used for looking up and filtering SecretImpersonatedAccount resources.
         :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
@@ -113,6 +137,8 @@ class _SecretImpersonatedAccountState:
         :param pulumi.Input[str] service_account_email: Email of the GCP service account to impersonate.
         :param pulumi.Input[str] service_account_project: Project the service account belongs to.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to access tokens generated under this impersonated account.
+        :param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
+               Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
         """
         if backend is not None:
             pulumi.set(__self__, "backend", backend)
@@ -126,6 +152,8 @@ class _SecretImpersonatedAccountState:
             pulumi.set(__self__, "service_account_project", service_account_project)
         if token_scopes is not None:
             pulumi.set(__self__, "token_scopes", token_scopes)
+        if ttl is not None:
+            pulumi.set(__self__, "ttl", ttl)
 
     @property
     @pulumi.getter
@@ -199,6 +227,19 @@ class _SecretImpersonatedAccountState:
     def token_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
         pulumi.set(self, "token_scopes", value)
 
+    @property
+    @pulumi.getter
+    def ttl(self) -> Optional[pulumi.Input[str]]:
+        """
+        Specifies the default TTL for service principals generated using this role.
+        Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
+        """
+        return pulumi.get(self, "ttl")
+
+    @ttl.setter
+    def ttl(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "ttl", value)
+
 
 class SecretImpersonatedAccount(pulumi.CustomResource):
     @overload
@@ -210,6 +251,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
                  namespace: Optional[pulumi.Input[str]] = None,
                  service_account_email: Optional[pulumi.Input[str]] = None,
                  token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 ttl: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
         Creates a Impersonated Account in the [GCP Secrets Engine](https://www.vaultproject.io/docs/secrets/gcp/index.html) for Vault.
@@ -221,17 +263,18 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
 
         ```python
         import pulumi
-        import pulumi_gcp as gcp
+        import pulumi_google as google
+        import pulumi_std as std
         import pulumi_vault as vault
 
-        this = gcp.service_account.Account("this", account_id="my-awesome-account")
+        this = google.index.ServiceAccount("this", account_id=my-awesome-account)
         gcp = vault.gcp.SecretBackend("gcp",
             path="gcp",
-            credentials=(lambda path: open(path).read())("credentials.json"))
-        impersonated_account = vault.gcp.SecretImpersonatedAccount("impersonatedAccount",
+            credentials=std.file(input="credentials.json").result)
+        impersonated_account = vault.gcp.SecretImpersonatedAccount("impersonated_account",
             backend=gcp.path,
             impersonated_account="this",
-            service_account_email=this.email,
+            service_account_email=this["email"],
             token_scopes=["https://www.googleapis.com/auth/cloud-platform"])
         ```
 
@@ -240,7 +283,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
         A impersonated account can be imported using its Vault Path. For example, referencing the example above,
 
         ```sh
-         $ pulumi import vault:gcp/secretImpersonatedAccount:SecretImpersonatedAccount impersonated_account gcp/impersonated-account/project_viewer
+        $ pulumi import vault:gcp/secretImpersonatedAccount:SecretImpersonatedAccount impersonated_account gcp/impersonated-account/project_viewer
         ```
 
         :param str resource_name: The name of the resource.
@@ -250,6 +293,8 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
         :param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
         :param pulumi.Input[str] service_account_email: Email of the GCP service account to impersonate.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to access tokens generated under this impersonated account.
+        :param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
+               Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
         """
         ...
     @overload
@@ -267,17 +312,18 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
 
         ```python
         import pulumi
-        import pulumi_gcp as gcp
+        import pulumi_google as google
+        import pulumi_std as std
         import pulumi_vault as vault
 
-        this = gcp.service_account.Account("this", account_id="my-awesome-account")
+        this = google.index.ServiceAccount("this", account_id=my-awesome-account)
         gcp = vault.gcp.SecretBackend("gcp",
             path="gcp",
-            credentials=(lambda path: open(path).read())("credentials.json"))
-        impersonated_account = vault.gcp.SecretImpersonatedAccount("impersonatedAccount",
+            credentials=std.file(input="credentials.json").result)
+        impersonated_account = vault.gcp.SecretImpersonatedAccount("impersonated_account",
             backend=gcp.path,
             impersonated_account="this",
-            service_account_email=this.email,
+            service_account_email=this["email"],
             token_scopes=["https://www.googleapis.com/auth/cloud-platform"])
         ```
 
@@ -286,7 +332,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
         A impersonated account can be imported using its Vault Path. For example, referencing the example above,
 
         ```sh
-         $ pulumi import vault:gcp/secretImpersonatedAccount:SecretImpersonatedAccount impersonated_account gcp/impersonated-account/project_viewer
+        $ pulumi import vault:gcp/secretImpersonatedAccount:SecretImpersonatedAccount impersonated_account gcp/impersonated-account/project_viewer
         ```
 
         :param str resource_name: The name of the resource.
@@ -309,6 +355,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
                  namespace: Optional[pulumi.Input[str]] = None,
                  service_account_email: Optional[pulumi.Input[str]] = None,
                  token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 ttl: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -329,6 +376,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
                 raise TypeError("Missing required property 'service_account_email'")
             __props__.__dict__["service_account_email"] = service_account_email
             __props__.__dict__["token_scopes"] = token_scopes
+            __props__.__dict__["ttl"] = ttl
             __props__.__dict__["service_account_project"] = None
         super(SecretImpersonatedAccount, __self__).__init__(
             'vault:gcp/secretImpersonatedAccount:SecretImpersonatedAccount',
@@ -345,7 +393,8 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
             namespace: Optional[pulumi.Input[str]] = None,
             service_account_email: Optional[pulumi.Input[str]] = None,
             service_account_project: Optional[pulumi.Input[str]] = None,
-            token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None) -> 'SecretImpersonatedAccount':
+            token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+            ttl: Optional[pulumi.Input[str]] = None) -> 'SecretImpersonatedAccount':
         """
         Get an existing SecretImpersonatedAccount resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -359,6 +408,8 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
         :param pulumi.Input[str] service_account_email: Email of the GCP service account to impersonate.
         :param pulumi.Input[str] service_account_project: Project the service account belongs to.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to access tokens generated under this impersonated account.
+        :param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
+               Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
@@ -370,6 +421,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
         __props__.__dict__["service_account_email"] = service_account_email
         __props__.__dict__["service_account_project"] = service_account_project
         __props__.__dict__["token_scopes"] = token_scopes
+        __props__.__dict__["ttl"] = ttl
         return SecretImpersonatedAccount(resource_name, opts=opts, __props__=__props__)
 
     @property
@@ -420,3 +472,12 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
         """
         return pulumi.get(self, "token_scopes")
 
+    @property
+    @pulumi.getter
+    def ttl(self) -> pulumi.Output[str]:
+        """
+        Specifies the default TTL for service principals generated using this role.
+        Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
+        """
+        return pulumi.get(self, "ttl")
+

pulumi_vault/gcp/secret_roleset.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 from . import outputs
 from ._inputs import *
@@ -31,7 +36,7 @@ class SecretRolesetArgs:
         :param pulumi.Input[str] roleset: Name of the Roleset to create
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] secret_type: Type of secret generated for this role set. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to `access_token` secrets generated under this role set (`access_token` role sets only).
@@ -101,7 +106,7 @@ class SecretRolesetArgs:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -152,7 +157,7 @@ class _SecretRolesetState:
         :param pulumi.Input[Sequence[pulumi.Input['SecretRolesetBindingArgs']]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] project: Name of the GCP project that this roleset's service account will belong to.
         :param pulumi.Input[str] roleset: Name of the Roleset to create
@@ -207,7 +212,7 @@ class _SecretRolesetState:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -283,7 +288,7 @@ class SecretRoleset(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  backend: Optional[pulumi.Input[str]] = None,
-                 bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretRolesetBindingArgs']]]]] = None,
+                 bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  project: Optional[pulumi.Input[str]] = None,
                  roleset: Optional[pulumi.Input[str]] = None,
@@ -299,22 +304,23 @@ class SecretRoleset(pulumi.CustomResource):
 
         ```python
         import pulumi
+        import pulumi_std as std
         import pulumi_vault as vault
 
         project = "my-awesome-project"
         gcp = vault.gcp.SecretBackend("gcp",
             path="gcp",
-            credentials=(lambda path: open(path).read())("credentials.json"))
+            credentials=std.file(input="credentials.json").result)
         roleset = vault.gcp.SecretRoleset("roleset",
             backend=gcp.path,
             roleset="project_viewer",
             secret_type="access_token",
             project=project,
             token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
-            bindings=[vault.gcp.SecretRolesetBindingArgs(
-                resource=f"//cloudresourcemanager.googleapis.com/projects/{project}",
-                roles=["roles/viewer"],
-            )])
+            bindings=[{
+                "resource": f"//cloudresourcemanager.googleapis.com/projects/{project}",
+                "roles": ["roles/viewer"],
+            }])
         ```
 
         ## Import
@@ -322,16 +328,16 @@ class SecretRoleset(pulumi.CustomResource):
         A roleset can be imported using its Vault Path. For example, referencing the example above,
 
         ```sh
-         $ pulumi import vault:gcp/secretRoleset:SecretRoleset roleset gcp/roleset/project_viewer
+        $ pulumi import vault:gcp/secretRoleset:SecretRoleset roleset gcp/roleset/project_viewer
         ```
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretRolesetBindingArgs']]]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] project: Name of the GCP project that this roleset's service account will belong to.
         :param pulumi.Input[str] roleset: Name of the Roleset to create
@@ -353,22 +359,23 @@ class SecretRoleset(pulumi.CustomResource):
 
         ```python
         import pulumi
+        import pulumi_std as std
         import pulumi_vault as vault
 
         project = "my-awesome-project"
         gcp = vault.gcp.SecretBackend("gcp",
             path="gcp",
-            credentials=(lambda path: open(path).read())("credentials.json"))
+            credentials=std.file(input="credentials.json").result)
         roleset = vault.gcp.SecretRoleset("roleset",
             backend=gcp.path,
             roleset="project_viewer",
             secret_type="access_token",
             project=project,
             token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
-            bindings=[vault.gcp.SecretRolesetBindingArgs(
-                resource=f"//cloudresourcemanager.googleapis.com/projects/{project}",
-                roles=["roles/viewer"],
-            )])
+            bindings=[{
+                "resource": f"//cloudresourcemanager.googleapis.com/projects/{project}",
+                "roles": ["roles/viewer"],
+            }])
         ```
 
         ## Import
@@ -376,7 +383,7 @@ class SecretRoleset(pulumi.CustomResource):
         A roleset can be imported using its Vault Path. For example, referencing the example above,
 
         ```sh
-         $ pulumi import vault:gcp/secretRoleset:SecretRoleset roleset gcp/roleset/project_viewer
+        $ pulumi import vault:gcp/secretRoleset:SecretRoleset roleset gcp/roleset/project_viewer
         ```
 
         :param str resource_name: The name of the resource.
@@ -395,7 +402,7 @@ class SecretRoleset(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  backend: Optional[pulumi.Input[str]] = None,
-                 bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretRolesetBindingArgs']]]]] = None,
+                 bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  project: Optional[pulumi.Input[str]] = None,
                  roleset: Optional[pulumi.Input[str]] = None,
@@ -437,7 +444,7 @@ class SecretRoleset(pulumi.CustomResource):
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
             backend: Optional[pulumi.Input[str]] = None,
-            bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretRolesetBindingArgs']]]]] = None,
+            bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]]] = None,
             namespace: Optional[pulumi.Input[str]] = None,
             project: Optional[pulumi.Input[str]] = None,
             roleset: Optional[pulumi.Input[str]] = None,
@@ -452,10 +459,10 @@ class SecretRoleset(pulumi.CustomResource):
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretRolesetBindingArgs']]]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] project: Name of the GCP project that this roleset's service account will belong to.
         :param pulumi.Input[str] roleset: Name of the Roleset to create
@@ -499,7 +506,7 @@ class SecretRoleset(pulumi.CustomResource):
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")

pulumi_vault/gcp/secret_static_account.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 from . import outputs
 from ._inputs import *
@@ -31,7 +36,7 @@ class SecretStaticAccountArgs:
         :param pulumi.Input[Sequence[pulumi.Input['SecretStaticAccountBindingArgs']]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] secret_type: Type of secret generated for this static account. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to `access_token` secrets generated under this static account (`access_token` static accounts only).
@@ -102,7 +107,7 @@ class SecretStaticAccountArgs:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -153,7 +158,7 @@ class _SecretStaticAccountState:
         :param pulumi.Input[Sequence[pulumi.Input['SecretStaticAccountBindingArgs']]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] secret_type: Type of secret generated for this static account. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
         :param pulumi.Input[str] service_account_email: Email of the GCP service account to manage.
@@ -208,7 +213,7 @@ class _SecretStaticAccountState:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -284,7 +289,7 @@ class SecretStaticAccount(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  backend: Optional[pulumi.Input[str]] = None,
-                 bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretStaticAccountBindingArgs']]]]] = None,
+                 bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  secret_type: Optional[pulumi.Input[str]] = None,
                  service_account_email: Optional[pulumi.Input[str]] = None,
@@ -301,23 +306,24 @@ class SecretStaticAccount(pulumi.CustomResource):
 
         ```python
         import pulumi
-        import pulumi_gcp as gcp
+        import pulumi_google as google
+        import pulumi_std as std
         import pulumi_vault as vault
 
-        this = gcp.service_account.Account("this", account_id="my-awesome-account")
+        this = google.index.ServiceAccount("this", account_id=my-awesome-account)
         gcp = vault.gcp.SecretBackend("gcp",
             path="gcp",
-            credentials=(lambda path: open(path).read())("credentials.json"))
-        static_account = vault.gcp.SecretStaticAccount("staticAccount",
+            credentials=std.file(input="credentials.json").result)
+        static_account = vault.gcp.SecretStaticAccount("static_account",
             backend=gcp.path,
             static_account="project_viewer",
             secret_type="access_token",
             token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
-            service_account_email=this.email,
-            bindings=[vault.gcp.SecretStaticAccountBindingArgs(
-                resource=this.project.apply(lambda project: f"//cloudresourcemanager.googleapis.com/projects/{project}"),
-                roles=["roles/viewer"],
-            )])
+            service_account_email=this["email"],
+            bindings=[{
+                "resource": f"//cloudresourcemanager.googleapis.com/projects/{this['project']}",
+                "roles": ["roles/viewer"],
+            }])
         ```
 
         ## Import
@@ -325,16 +331,16 @@ class SecretStaticAccount(pulumi.CustomResource):
         A static account can be imported using its Vault Path. For example, referencing the example above,
 
         ```sh
-         $ pulumi import vault:gcp/secretStaticAccount:SecretStaticAccount static_account gcp/static-account/project_viewer
+        $ pulumi import vault:gcp/secretStaticAccount:SecretStaticAccount static_account gcp/static-account/project_viewer
         ```
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretStaticAccountBindingArgs']]]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] secret_type: Type of secret generated for this static account. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
         :param pulumi.Input[str] service_account_email: Email of the GCP service account to manage.
@@ -357,23 +363,24 @@ class SecretStaticAccount(pulumi.CustomResource):
 
         ```python
         import pulumi
-        import pulumi_gcp as gcp
+        import pulumi_google as google
+        import pulumi_std as std
         import pulumi_vault as vault
 
-        this = gcp.service_account.Account("this", account_id="my-awesome-account")
+        this = google.index.ServiceAccount("this", account_id=my-awesome-account)
         gcp = vault.gcp.SecretBackend("gcp",
             path="gcp",
-            credentials=(lambda path: open(path).read())("credentials.json"))
-        static_account = vault.gcp.SecretStaticAccount("staticAccount",
+            credentials=std.file(input="credentials.json").result)
+        static_account = vault.gcp.SecretStaticAccount("static_account",
             backend=gcp.path,
             static_account="project_viewer",
             secret_type="access_token",
             token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
-            service_account_email=this.email,
-            bindings=[vault.gcp.SecretStaticAccountBindingArgs(
-                resource=this.project.apply(lambda project: f"//cloudresourcemanager.googleapis.com/projects/{project}"),
-                roles=["roles/viewer"],
-            )])
+            service_account_email=this["email"],
+            bindings=[{
+                "resource": f"//cloudresourcemanager.googleapis.com/projects/{this['project']}",
+                "roles": ["roles/viewer"],
+            }])
         ```
 
         ## Import
@@ -381,7 +388,7 @@ class SecretStaticAccount(pulumi.CustomResource):
         A static account can be imported using its Vault Path. For example, referencing the example above,
 
         ```sh
-         $ pulumi import vault:gcp/secretStaticAccount:SecretStaticAccount static_account gcp/static-account/project_viewer
+        $ pulumi import vault:gcp/secretStaticAccount:SecretStaticAccount static_account gcp/static-account/project_viewer
         ```
 
         :param str resource_name: The name of the resource.
@@ -400,7 +407,7 @@ class SecretStaticAccount(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  backend: Optional[pulumi.Input[str]] = None,
-                 bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretStaticAccountBindingArgs']]]]] = None,
+                 bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  secret_type: Optional[pulumi.Input[str]] = None,
                  service_account_email: Optional[pulumi.Input[str]] = None,
@@ -440,7 +447,7 @@ class SecretStaticAccount(pulumi.CustomResource):
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
             backend: Optional[pulumi.Input[str]] = None,
-            bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretStaticAccountBindingArgs']]]]] = None,
+            bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]]] = None,
             namespace: Optional[pulumi.Input[str]] = None,
             secret_type: Optional[pulumi.Input[str]] = None,
             service_account_email: Optional[pulumi.Input[str]] = None,
@@ -455,10 +462,10 @@ class SecretStaticAccount(pulumi.CustomResource):
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretStaticAccountBindingArgs']]]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] secret_type: Type of secret generated for this static account. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
         :param pulumi.Input[str] service_account_email: Email of the GCP service account to manage.
@@ -502,7 +509,7 @@ class SecretStaticAccount(pulumi.CustomResource):
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")