pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretImpersonatedAccountArgs', 'SecretImpersonatedAccount']
@@ -18,7 +23,8 @@ class SecretImpersonatedAccountArgs:
18
23
  impersonated_account: pulumi.Input[str],
19
24
  service_account_email: pulumi.Input[str],
20
25
  namespace: Optional[pulumi.Input[str]] = None,
21
- token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
26
+ token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
27
+ ttl: Optional[pulumi.Input[str]] = None):
22
28
  """
23
29
  The set of arguments for constructing a SecretImpersonatedAccount resource.
24
30
  :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
@@ -26,6 +32,8 @@ class SecretImpersonatedAccountArgs:
26
32
  :param pulumi.Input[str] service_account_email: Email of the GCP service account to impersonate.
27
33
  :param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
28
34
  :param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to access tokens generated under this impersonated account.
35
+ :param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
36
+ Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
29
37
  """
30
38
  pulumi.set(__self__, "backend", backend)
31
39
  pulumi.set(__self__, "impersonated_account", impersonated_account)
@@ -34,6 +42,8 @@ class SecretImpersonatedAccountArgs:
34
42
  pulumi.set(__self__, "namespace", namespace)
35
43
  if token_scopes is not None:
36
44
  pulumi.set(__self__, "token_scopes", token_scopes)
45
+ if ttl is not None:
46
+ pulumi.set(__self__, "ttl", ttl)
37
47
 
38
48
  @property
39
49
  @pulumi.getter
@@ -95,6 +105,19 @@ class SecretImpersonatedAccountArgs:
95
105
  def token_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
96
106
  pulumi.set(self, "token_scopes", value)
97
107
 
108
+ @property
109
+ @pulumi.getter
110
+ def ttl(self) -> Optional[pulumi.Input[str]]:
111
+ """
112
+ Specifies the default TTL for service principals generated using this role.
113
+ Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
114
+ """
115
+ return pulumi.get(self, "ttl")
116
+
117
+ @ttl.setter
118
+ def ttl(self, value: Optional[pulumi.Input[str]]):
119
+ pulumi.set(self, "ttl", value)
120
+
98
121
 
99
122
  @pulumi.input_type
100
123
  class _SecretImpersonatedAccountState:
@@ -104,7 +127,8 @@ class _SecretImpersonatedAccountState:
104
127
  namespace: Optional[pulumi.Input[str]] = None,
105
128
  service_account_email: Optional[pulumi.Input[str]] = None,
106
129
  service_account_project: Optional[pulumi.Input[str]] = None,
107
- token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
130
+ token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
131
+ ttl: Optional[pulumi.Input[str]] = None):
108
132
  """
109
133
  Input properties used for looking up and filtering SecretImpersonatedAccount resources.
110
134
  :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
@@ -113,6 +137,8 @@ class _SecretImpersonatedAccountState:
113
137
  :param pulumi.Input[str] service_account_email: Email of the GCP service account to impersonate.
114
138
  :param pulumi.Input[str] service_account_project: Project the service account belongs to.
115
139
  :param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to access tokens generated under this impersonated account.
140
+ :param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
141
+ Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
116
142
  """
117
143
  if backend is not None:
118
144
  pulumi.set(__self__, "backend", backend)
@@ -126,6 +152,8 @@ class _SecretImpersonatedAccountState:
126
152
  pulumi.set(__self__, "service_account_project", service_account_project)
127
153
  if token_scopes is not None:
128
154
  pulumi.set(__self__, "token_scopes", token_scopes)
155
+ if ttl is not None:
156
+ pulumi.set(__self__, "ttl", ttl)
129
157
 
130
158
  @property
131
159
  @pulumi.getter
@@ -199,6 +227,19 @@ class _SecretImpersonatedAccountState:
199
227
  def token_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
200
228
  pulumi.set(self, "token_scopes", value)
201
229
 
230
+ @property
231
+ @pulumi.getter
232
+ def ttl(self) -> Optional[pulumi.Input[str]]:
233
+ """
234
+ Specifies the default TTL for service principals generated using this role.
235
+ Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
236
+ """
237
+ return pulumi.get(self, "ttl")
238
+
239
+ @ttl.setter
240
+ def ttl(self, value: Optional[pulumi.Input[str]]):
241
+ pulumi.set(self, "ttl", value)
242
+
202
243
 
203
244
  class SecretImpersonatedAccount(pulumi.CustomResource):
204
245
  @overload
@@ -210,6 +251,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
210
251
  namespace: Optional[pulumi.Input[str]] = None,
211
252
  service_account_email: Optional[pulumi.Input[str]] = None,
212
253
  token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
254
+ ttl: Optional[pulumi.Input[str]] = None,
213
255
  __props__=None):
214
256
  """
215
257
  Creates a Impersonated Account in the [GCP Secrets Engine](https://www.vaultproject.io/docs/secrets/gcp/index.html) for Vault.
@@ -221,17 +263,18 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
221
263
 
222
264
  ```python
223
265
  import pulumi
224
- import pulumi_gcp as gcp
266
+ import pulumi_google as google
267
+ import pulumi_std as std
225
268
  import pulumi_vault as vault
226
269
 
227
- this = gcp.service_account.Account("this", account_id="my-awesome-account")
270
+ this = google.index.ServiceAccount("this", account_id=my-awesome-account)
228
271
  gcp = vault.gcp.SecretBackend("gcp",
229
272
  path="gcp",
230
- credentials=(lambda path: open(path).read())("credentials.json"))
231
- impersonated_account = vault.gcp.SecretImpersonatedAccount("impersonatedAccount",
273
+ credentials=std.file(input="credentials.json").result)
274
+ impersonated_account = vault.gcp.SecretImpersonatedAccount("impersonated_account",
232
275
  backend=gcp.path,
233
276
  impersonated_account="this",
234
- service_account_email=this.email,
277
+ service_account_email=this["email"],
235
278
  token_scopes=["https://www.googleapis.com/auth/cloud-platform"])
236
279
  ```
237
280
 
@@ -240,7 +283,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
240
283
  A impersonated account can be imported using its Vault Path. For example, referencing the example above,
241
284
 
242
285
  ```sh
243
- $ pulumi import vault:gcp/secretImpersonatedAccount:SecretImpersonatedAccount impersonated_account gcp/impersonated-account/project_viewer
286
+ $ pulumi import vault:gcp/secretImpersonatedAccount:SecretImpersonatedAccount impersonated_account gcp/impersonated-account/project_viewer
244
287
  ```
245
288
 
246
289
  :param str resource_name: The name of the resource.
@@ -250,6 +293,8 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
250
293
  :param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
251
294
  :param pulumi.Input[str] service_account_email: Email of the GCP service account to impersonate.
252
295
  :param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to access tokens generated under this impersonated account.
296
+ :param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
297
+ Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
253
298
  """
254
299
  ...
255
300
  @overload
@@ -267,17 +312,18 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
267
312
 
268
313
  ```python
269
314
  import pulumi
270
- import pulumi_gcp as gcp
315
+ import pulumi_google as google
316
+ import pulumi_std as std
271
317
  import pulumi_vault as vault
272
318
 
273
- this = gcp.service_account.Account("this", account_id="my-awesome-account")
319
+ this = google.index.ServiceAccount("this", account_id=my-awesome-account)
274
320
  gcp = vault.gcp.SecretBackend("gcp",
275
321
  path="gcp",
276
- credentials=(lambda path: open(path).read())("credentials.json"))
277
- impersonated_account = vault.gcp.SecretImpersonatedAccount("impersonatedAccount",
322
+ credentials=std.file(input="credentials.json").result)
323
+ impersonated_account = vault.gcp.SecretImpersonatedAccount("impersonated_account",
278
324
  backend=gcp.path,
279
325
  impersonated_account="this",
280
- service_account_email=this.email,
326
+ service_account_email=this["email"],
281
327
  token_scopes=["https://www.googleapis.com/auth/cloud-platform"])
282
328
  ```
283
329
 
@@ -286,7 +332,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
286
332
  A impersonated account can be imported using its Vault Path. For example, referencing the example above,
287
333
 
288
334
  ```sh
289
- $ pulumi import vault:gcp/secretImpersonatedAccount:SecretImpersonatedAccount impersonated_account gcp/impersonated-account/project_viewer
335
+ $ pulumi import vault:gcp/secretImpersonatedAccount:SecretImpersonatedAccount impersonated_account gcp/impersonated-account/project_viewer
290
336
  ```
291
337
 
292
338
  :param str resource_name: The name of the resource.
@@ -309,6 +355,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
309
355
  namespace: Optional[pulumi.Input[str]] = None,
310
356
  service_account_email: Optional[pulumi.Input[str]] = None,
311
357
  token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
358
+ ttl: Optional[pulumi.Input[str]] = None,
312
359
  __props__=None):
313
360
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
314
361
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -329,6 +376,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
329
376
  raise TypeError("Missing required property 'service_account_email'")
330
377
  __props__.__dict__["service_account_email"] = service_account_email
331
378
  __props__.__dict__["token_scopes"] = token_scopes
379
+ __props__.__dict__["ttl"] = ttl
332
380
  __props__.__dict__["service_account_project"] = None
333
381
  super(SecretImpersonatedAccount, __self__).__init__(
334
382
  'vault:gcp/secretImpersonatedAccount:SecretImpersonatedAccount',
@@ -345,7 +393,8 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
345
393
  namespace: Optional[pulumi.Input[str]] = None,
346
394
  service_account_email: Optional[pulumi.Input[str]] = None,
347
395
  service_account_project: Optional[pulumi.Input[str]] = None,
348
- token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None) -> 'SecretImpersonatedAccount':
396
+ token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
397
+ ttl: Optional[pulumi.Input[str]] = None) -> 'SecretImpersonatedAccount':
349
398
  """
350
399
  Get an existing SecretImpersonatedAccount resource's state with the given name, id, and optional extra
351
400
  properties used to qualify the lookup.
@@ -359,6 +408,8 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
359
408
  :param pulumi.Input[str] service_account_email: Email of the GCP service account to impersonate.
360
409
  :param pulumi.Input[str] service_account_project: Project the service account belongs to.
361
410
  :param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to access tokens generated under this impersonated account.
411
+ :param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
412
+ Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
362
413
  """
363
414
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
364
415
 
@@ -370,6 +421,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
370
421
  __props__.__dict__["service_account_email"] = service_account_email
371
422
  __props__.__dict__["service_account_project"] = service_account_project
372
423
  __props__.__dict__["token_scopes"] = token_scopes
424
+ __props__.__dict__["ttl"] = ttl
373
425
  return SecretImpersonatedAccount(resource_name, opts=opts, __props__=__props__)
374
426
 
375
427
  @property
@@ -420,3 +472,12 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
420
472
  """
421
473
  return pulumi.get(self, "token_scopes")
422
474
 
475
+ @property
476
+ @pulumi.getter
477
+ def ttl(self) -> pulumi.Output[str]:
478
+ """
479
+ Specifies the default TTL for service principals generated using this role.
480
+ Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
481
+ """
482
+ return pulumi.get(self, "ttl")
483
+
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
  from . import outputs
12
17
  from ._inputs import *
@@ -31,7 +36,7 @@ class SecretRolesetArgs:
31
36
  :param pulumi.Input[str] roleset: Name of the Roleset to create
32
37
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
33
38
  The value should not contain leading or trailing forward slashes.
34
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
39
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
35
40
  *Available only for Vault Enterprise*.
36
41
  :param pulumi.Input[str] secret_type: Type of secret generated for this role set. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
37
42
  :param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to `access_token` secrets generated under this role set (`access_token` role sets only).
@@ -101,7 +106,7 @@ class SecretRolesetArgs:
101
106
  """
102
107
  The namespace to provision the resource in.
103
108
  The value should not contain leading or trailing forward slashes.
104
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
109
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
105
110
  *Available only for Vault Enterprise*.
106
111
  """
107
112
  return pulumi.get(self, "namespace")
@@ -152,7 +157,7 @@ class _SecretRolesetState:
152
157
  :param pulumi.Input[Sequence[pulumi.Input['SecretRolesetBindingArgs']]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
153
158
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
154
159
  The value should not contain leading or trailing forward slashes.
155
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
160
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
156
161
  *Available only for Vault Enterprise*.
157
162
  :param pulumi.Input[str] project: Name of the GCP project that this roleset's service account will belong to.
158
163
  :param pulumi.Input[str] roleset: Name of the Roleset to create
@@ -207,7 +212,7 @@ class _SecretRolesetState:
207
212
  """
208
213
  The namespace to provision the resource in.
209
214
  The value should not contain leading or trailing forward slashes.
210
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
215
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
211
216
  *Available only for Vault Enterprise*.
212
217
  """
213
218
  return pulumi.get(self, "namespace")
@@ -283,7 +288,7 @@ class SecretRoleset(pulumi.CustomResource):
283
288
  resource_name: str,
284
289
  opts: Optional[pulumi.ResourceOptions] = None,
285
290
  backend: Optional[pulumi.Input[str]] = None,
286
- bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretRolesetBindingArgs']]]]] = None,
291
+ bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]]] = None,
287
292
  namespace: Optional[pulumi.Input[str]] = None,
288
293
  project: Optional[pulumi.Input[str]] = None,
289
294
  roleset: Optional[pulumi.Input[str]] = None,
@@ -299,22 +304,23 @@ class SecretRoleset(pulumi.CustomResource):
299
304
 
300
305
  ```python
301
306
  import pulumi
307
+ import pulumi_std as std
302
308
  import pulumi_vault as vault
303
309
 
304
310
  project = "my-awesome-project"
305
311
  gcp = vault.gcp.SecretBackend("gcp",
306
312
  path="gcp",
307
- credentials=(lambda path: open(path).read())("credentials.json"))
313
+ credentials=std.file(input="credentials.json").result)
308
314
  roleset = vault.gcp.SecretRoleset("roleset",
309
315
  backend=gcp.path,
310
316
  roleset="project_viewer",
311
317
  secret_type="access_token",
312
318
  project=project,
313
319
  token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
314
- bindings=[vault.gcp.SecretRolesetBindingArgs(
315
- resource=f"//cloudresourcemanager.googleapis.com/projects/{project}",
316
- roles=["roles/viewer"],
317
- )])
320
+ bindings=[{
321
+ "resource": f"//cloudresourcemanager.googleapis.com/projects/{project}",
322
+ "roles": ["roles/viewer"],
323
+ }])
318
324
  ```
319
325
 
320
326
  ## Import
@@ -322,16 +328,16 @@ class SecretRoleset(pulumi.CustomResource):
322
328
  A roleset can be imported using its Vault Path. For example, referencing the example above,
323
329
 
324
330
  ```sh
325
- $ pulumi import vault:gcp/secretRoleset:SecretRoleset roleset gcp/roleset/project_viewer
331
+ $ pulumi import vault:gcp/secretRoleset:SecretRoleset roleset gcp/roleset/project_viewer
326
332
  ```
327
333
 
328
334
  :param str resource_name: The name of the resource.
329
335
  :param pulumi.ResourceOptions opts: Options for the resource.
330
336
  :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
331
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretRolesetBindingArgs']]]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
337
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
332
338
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
333
339
  The value should not contain leading or trailing forward slashes.
334
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
340
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
335
341
  *Available only for Vault Enterprise*.
336
342
  :param pulumi.Input[str] project: Name of the GCP project that this roleset's service account will belong to.
337
343
  :param pulumi.Input[str] roleset: Name of the Roleset to create
@@ -353,22 +359,23 @@ class SecretRoleset(pulumi.CustomResource):
353
359
 
354
360
  ```python
355
361
  import pulumi
362
+ import pulumi_std as std
356
363
  import pulumi_vault as vault
357
364
 
358
365
  project = "my-awesome-project"
359
366
  gcp = vault.gcp.SecretBackend("gcp",
360
367
  path="gcp",
361
- credentials=(lambda path: open(path).read())("credentials.json"))
368
+ credentials=std.file(input="credentials.json").result)
362
369
  roleset = vault.gcp.SecretRoleset("roleset",
363
370
  backend=gcp.path,
364
371
  roleset="project_viewer",
365
372
  secret_type="access_token",
366
373
  project=project,
367
374
  token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
368
- bindings=[vault.gcp.SecretRolesetBindingArgs(
369
- resource=f"//cloudresourcemanager.googleapis.com/projects/{project}",
370
- roles=["roles/viewer"],
371
- )])
375
+ bindings=[{
376
+ "resource": f"//cloudresourcemanager.googleapis.com/projects/{project}",
377
+ "roles": ["roles/viewer"],
378
+ }])
372
379
  ```
373
380
 
374
381
  ## Import
@@ -376,7 +383,7 @@ class SecretRoleset(pulumi.CustomResource):
376
383
  A roleset can be imported using its Vault Path. For example, referencing the example above,
377
384
 
378
385
  ```sh
379
- $ pulumi import vault:gcp/secretRoleset:SecretRoleset roleset gcp/roleset/project_viewer
386
+ $ pulumi import vault:gcp/secretRoleset:SecretRoleset roleset gcp/roleset/project_viewer
380
387
  ```
381
388
 
382
389
  :param str resource_name: The name of the resource.
@@ -395,7 +402,7 @@ class SecretRoleset(pulumi.CustomResource):
395
402
  resource_name: str,
396
403
  opts: Optional[pulumi.ResourceOptions] = None,
397
404
  backend: Optional[pulumi.Input[str]] = None,
398
- bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretRolesetBindingArgs']]]]] = None,
405
+ bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]]] = None,
399
406
  namespace: Optional[pulumi.Input[str]] = None,
400
407
  project: Optional[pulumi.Input[str]] = None,
401
408
  roleset: Optional[pulumi.Input[str]] = None,
@@ -437,7 +444,7 @@ class SecretRoleset(pulumi.CustomResource):
437
444
  id: pulumi.Input[str],
438
445
  opts: Optional[pulumi.ResourceOptions] = None,
439
446
  backend: Optional[pulumi.Input[str]] = None,
440
- bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretRolesetBindingArgs']]]]] = None,
447
+ bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]]] = None,
441
448
  namespace: Optional[pulumi.Input[str]] = None,
442
449
  project: Optional[pulumi.Input[str]] = None,
443
450
  roleset: Optional[pulumi.Input[str]] = None,
@@ -452,10 +459,10 @@ class SecretRoleset(pulumi.CustomResource):
452
459
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
453
460
  :param pulumi.ResourceOptions opts: Options for the resource.
454
461
  :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
455
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretRolesetBindingArgs']]]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
462
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
456
463
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
457
464
  The value should not contain leading or trailing forward slashes.
458
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
465
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
459
466
  *Available only for Vault Enterprise*.
460
467
  :param pulumi.Input[str] project: Name of the GCP project that this roleset's service account will belong to.
461
468
  :param pulumi.Input[str] roleset: Name of the Roleset to create
@@ -499,7 +506,7 @@ class SecretRoleset(pulumi.CustomResource):
499
506
  """
500
507
  The namespace to provision the resource in.
501
508
  The value should not contain leading or trailing forward slashes.
502
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
509
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
503
510
  *Available only for Vault Enterprise*.
504
511
  """
505
512
  return pulumi.get(self, "namespace")
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
  from . import outputs
12
17
  from ._inputs import *
@@ -31,7 +36,7 @@ class SecretStaticAccountArgs:
31
36
  :param pulumi.Input[Sequence[pulumi.Input['SecretStaticAccountBindingArgs']]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
32
37
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
33
38
  The value should not contain leading or trailing forward slashes.
34
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
39
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
35
40
  *Available only for Vault Enterprise*.
36
41
  :param pulumi.Input[str] secret_type: Type of secret generated for this static account. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
37
42
  :param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to `access_token` secrets generated under this static account (`access_token` static accounts only).
@@ -102,7 +107,7 @@ class SecretStaticAccountArgs:
102
107
  """
103
108
  The namespace to provision the resource in.
104
109
  The value should not contain leading or trailing forward slashes.
105
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
110
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
106
111
  *Available only for Vault Enterprise*.
107
112
  """
108
113
  return pulumi.get(self, "namespace")
@@ -153,7 +158,7 @@ class _SecretStaticAccountState:
153
158
  :param pulumi.Input[Sequence[pulumi.Input['SecretStaticAccountBindingArgs']]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
154
159
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
155
160
  The value should not contain leading or trailing forward slashes.
156
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
161
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
157
162
  *Available only for Vault Enterprise*.
158
163
  :param pulumi.Input[str] secret_type: Type of secret generated for this static account. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
159
164
  :param pulumi.Input[str] service_account_email: Email of the GCP service account to manage.
@@ -208,7 +213,7 @@ class _SecretStaticAccountState:
208
213
  """
209
214
  The namespace to provision the resource in.
210
215
  The value should not contain leading or trailing forward slashes.
211
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
216
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
212
217
  *Available only for Vault Enterprise*.
213
218
  """
214
219
  return pulumi.get(self, "namespace")
@@ -284,7 +289,7 @@ class SecretStaticAccount(pulumi.CustomResource):
284
289
  resource_name: str,
285
290
  opts: Optional[pulumi.ResourceOptions] = None,
286
291
  backend: Optional[pulumi.Input[str]] = None,
287
- bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretStaticAccountBindingArgs']]]]] = None,
292
+ bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]]] = None,
288
293
  namespace: Optional[pulumi.Input[str]] = None,
289
294
  secret_type: Optional[pulumi.Input[str]] = None,
290
295
  service_account_email: Optional[pulumi.Input[str]] = None,
@@ -301,23 +306,24 @@ class SecretStaticAccount(pulumi.CustomResource):
301
306
 
302
307
  ```python
303
308
  import pulumi
304
- import pulumi_gcp as gcp
309
+ import pulumi_google as google
310
+ import pulumi_std as std
305
311
  import pulumi_vault as vault
306
312
 
307
- this = gcp.service_account.Account("this", account_id="my-awesome-account")
313
+ this = google.index.ServiceAccount("this", account_id=my-awesome-account)
308
314
  gcp = vault.gcp.SecretBackend("gcp",
309
315
  path="gcp",
310
- credentials=(lambda path: open(path).read())("credentials.json"))
311
- static_account = vault.gcp.SecretStaticAccount("staticAccount",
316
+ credentials=std.file(input="credentials.json").result)
317
+ static_account = vault.gcp.SecretStaticAccount("static_account",
312
318
  backend=gcp.path,
313
319
  static_account="project_viewer",
314
320
  secret_type="access_token",
315
321
  token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
316
- service_account_email=this.email,
317
- bindings=[vault.gcp.SecretStaticAccountBindingArgs(
318
- resource=this.project.apply(lambda project: f"//cloudresourcemanager.googleapis.com/projects/{project}"),
319
- roles=["roles/viewer"],
320
- )])
322
+ service_account_email=this["email"],
323
+ bindings=[{
324
+ "resource": f"//cloudresourcemanager.googleapis.com/projects/{this['project']}",
325
+ "roles": ["roles/viewer"],
326
+ }])
321
327
  ```
322
328
 
323
329
  ## Import
@@ -325,16 +331,16 @@ class SecretStaticAccount(pulumi.CustomResource):
325
331
  A static account can be imported using its Vault Path. For example, referencing the example above,
326
332
 
327
333
  ```sh
328
- $ pulumi import vault:gcp/secretStaticAccount:SecretStaticAccount static_account gcp/static-account/project_viewer
334
+ $ pulumi import vault:gcp/secretStaticAccount:SecretStaticAccount static_account gcp/static-account/project_viewer
329
335
  ```
330
336
 
331
337
  :param str resource_name: The name of the resource.
332
338
  :param pulumi.ResourceOptions opts: Options for the resource.
333
339
  :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
334
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretStaticAccountBindingArgs']]]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
340
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
335
341
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
336
342
  The value should not contain leading or trailing forward slashes.
337
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
343
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
338
344
  *Available only for Vault Enterprise*.
339
345
  :param pulumi.Input[str] secret_type: Type of secret generated for this static account. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
340
346
  :param pulumi.Input[str] service_account_email: Email of the GCP service account to manage.
@@ -357,23 +363,24 @@ class SecretStaticAccount(pulumi.CustomResource):
357
363
 
358
364
  ```python
359
365
  import pulumi
360
- import pulumi_gcp as gcp
366
+ import pulumi_google as google
367
+ import pulumi_std as std
361
368
  import pulumi_vault as vault
362
369
 
363
- this = gcp.service_account.Account("this", account_id="my-awesome-account")
370
+ this = google.index.ServiceAccount("this", account_id=my-awesome-account)
364
371
  gcp = vault.gcp.SecretBackend("gcp",
365
372
  path="gcp",
366
- credentials=(lambda path: open(path).read())("credentials.json"))
367
- static_account = vault.gcp.SecretStaticAccount("staticAccount",
373
+ credentials=std.file(input="credentials.json").result)
374
+ static_account = vault.gcp.SecretStaticAccount("static_account",
368
375
  backend=gcp.path,
369
376
  static_account="project_viewer",
370
377
  secret_type="access_token",
371
378
  token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
372
- service_account_email=this.email,
373
- bindings=[vault.gcp.SecretStaticAccountBindingArgs(
374
- resource=this.project.apply(lambda project: f"//cloudresourcemanager.googleapis.com/projects/{project}"),
375
- roles=["roles/viewer"],
376
- )])
379
+ service_account_email=this["email"],
380
+ bindings=[{
381
+ "resource": f"//cloudresourcemanager.googleapis.com/projects/{this['project']}",
382
+ "roles": ["roles/viewer"],
383
+ }])
377
384
  ```
378
385
 
379
386
  ## Import
@@ -381,7 +388,7 @@ class SecretStaticAccount(pulumi.CustomResource):
381
388
  A static account can be imported using its Vault Path. For example, referencing the example above,
382
389
 
383
390
  ```sh
384
- $ pulumi import vault:gcp/secretStaticAccount:SecretStaticAccount static_account gcp/static-account/project_viewer
391
+ $ pulumi import vault:gcp/secretStaticAccount:SecretStaticAccount static_account gcp/static-account/project_viewer
385
392
  ```
386
393
 
387
394
  :param str resource_name: The name of the resource.
@@ -400,7 +407,7 @@ class SecretStaticAccount(pulumi.CustomResource):
400
407
  resource_name: str,
401
408
  opts: Optional[pulumi.ResourceOptions] = None,
402
409
  backend: Optional[pulumi.Input[str]] = None,
403
- bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretStaticAccountBindingArgs']]]]] = None,
410
+ bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]]] = None,
404
411
  namespace: Optional[pulumi.Input[str]] = None,
405
412
  secret_type: Optional[pulumi.Input[str]] = None,
406
413
  service_account_email: Optional[pulumi.Input[str]] = None,
@@ -440,7 +447,7 @@ class SecretStaticAccount(pulumi.CustomResource):
440
447
  id: pulumi.Input[str],
441
448
  opts: Optional[pulumi.ResourceOptions] = None,
442
449
  backend: Optional[pulumi.Input[str]] = None,
443
- bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretStaticAccountBindingArgs']]]]] = None,
450
+ bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]]] = None,
444
451
  namespace: Optional[pulumi.Input[str]] = None,
445
452
  secret_type: Optional[pulumi.Input[str]] = None,
446
453
  service_account_email: Optional[pulumi.Input[str]] = None,
@@ -455,10 +462,10 @@ class SecretStaticAccount(pulumi.CustomResource):
455
462
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
456
463
  :param pulumi.ResourceOptions opts: Options for the resource.
457
464
  :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
458
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretStaticAccountBindingArgs']]]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
465
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
459
466
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
460
467
  The value should not contain leading or trailing forward slashes.
461
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
468
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
462
469
  *Available only for Vault Enterprise*.
463
470
  :param pulumi.Input[str] secret_type: Type of secret generated for this static account. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
464
471
  :param pulumi.Input[str] service_account_email: Email of the GCP service account to manage.
@@ -502,7 +509,7 @@ class SecretStaticAccount(pulumi.CustomResource):
502
509
  """
503
510
  The namespace to provision the resource in.
504
511
  The value should not contain leading or trailing forward slashes.
505
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
512
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
506
513
  *Available only for Vault Enterprise*.
507
514
  """
508
515
  return pulumi.get(self, "namespace")