pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['OidcScopeArgs', 'OidcScope']
@@ -24,7 +29,7 @@ class OidcScopeArgs:
24
29
  :param pulumi.Input[str] name: The name of the scope. The `openid` scope name is reserved.
25
30
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
26
31
  The value should not contain leading or trailing forward slashes.
27
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
32
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
28
33
  *Available only for Vault Enterprise*.
29
34
  :param pulumi.Input[str] template: The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.
30
35
  """
@@ -67,7 +72,7 @@ class OidcScopeArgs:
67
72
  """
68
73
  The namespace to provision the resource in.
69
74
  The value should not contain leading or trailing forward slashes.
70
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
75
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
71
76
  *Available only for Vault Enterprise*.
72
77
  """
73
78
  return pulumi.get(self, "namespace")
@@ -102,7 +107,7 @@ class _OidcScopeState:
102
107
  :param pulumi.Input[str] name: The name of the scope. The `openid` scope name is reserved.
103
108
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
104
109
  The value should not contain leading or trailing forward slashes.
105
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
110
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
106
111
  *Available only for Vault Enterprise*.
107
112
  :param pulumi.Input[str] template: The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.
108
113
  """
@@ -145,7 +150,7 @@ class _OidcScopeState:
145
150
  """
146
151
  The namespace to provision the resource in.
147
152
  The value should not contain leading or trailing forward slashes.
148
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
153
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
149
154
  *Available only for Vault Enterprise*.
150
155
  """
151
156
  return pulumi.get(self, "namespace")
@@ -188,8 +193,9 @@ class OidcScope(pulumi.CustomResource):
188
193
  import pulumi_vault as vault
189
194
 
190
195
  groups = vault.identity.OidcScope("groups",
191
- description="Vault OIDC Groups Scope",
192
- template="{\\"groups\\":{{identity.entity.groups.names}}}")
196
+ name="groups",
197
+ template="{\\"groups\\":{{identity.entity.groups.names}}}",
198
+ description="Vault OIDC Groups Scope")
193
199
  ```
194
200
 
195
201
  ## Import
@@ -197,7 +203,7 @@ class OidcScope(pulumi.CustomResource):
197
203
  OIDC Scopes can be imported using the `name`, e.g.
198
204
 
199
205
  ```sh
200
- $ pulumi import vault:identity/oidcScope:OidcScope groups groups
206
+ $ pulumi import vault:identity/oidcScope:OidcScope groups groups
201
207
  ```
202
208
 
203
209
  :param str resource_name: The name of the resource.
@@ -206,7 +212,7 @@ class OidcScope(pulumi.CustomResource):
206
212
  :param pulumi.Input[str] name: The name of the scope. The `openid` scope name is reserved.
207
213
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
208
214
  The value should not contain leading or trailing forward slashes.
209
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
215
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
210
216
  *Available only for Vault Enterprise*.
211
217
  :param pulumi.Input[str] template: The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.
212
218
  """
@@ -227,8 +233,9 @@ class OidcScope(pulumi.CustomResource):
227
233
  import pulumi_vault as vault
228
234
 
229
235
  groups = vault.identity.OidcScope("groups",
230
- description="Vault OIDC Groups Scope",
231
- template="{\\"groups\\":{{identity.entity.groups.names}}}")
236
+ name="groups",
237
+ template="{\\"groups\\":{{identity.entity.groups.names}}}",
238
+ description="Vault OIDC Groups Scope")
232
239
  ```
233
240
 
234
241
  ## Import
@@ -236,7 +243,7 @@ class OidcScope(pulumi.CustomResource):
236
243
  OIDC Scopes can be imported using the `name`, e.g.
237
244
 
238
245
  ```sh
239
- $ pulumi import vault:identity/oidcScope:OidcScope groups groups
246
+ $ pulumi import vault:identity/oidcScope:OidcScope groups groups
240
247
  ```
241
248
 
242
249
  :param str resource_name: The name of the resource.
@@ -296,7 +303,7 @@ class OidcScope(pulumi.CustomResource):
296
303
  :param pulumi.Input[str] name: The name of the scope. The `openid` scope name is reserved.
297
304
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
298
305
  The value should not contain leading or trailing forward slashes.
299
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
306
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
300
307
  *Available only for Vault Enterprise*.
301
308
  :param pulumi.Input[str] template: The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.
302
309
  """
@@ -332,7 +339,7 @@ class OidcScope(pulumi.CustomResource):
332
339
  """
333
340
  The namespace to provision the resource in.
334
341
  The value should not contain leading or trailing forward slashes.
335
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
342
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
336
343
  *Available only for Vault Enterprise*.
337
344
  """
338
345
  return pulumi.get(self, "namespace")
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = [
@@ -21,7 +26,7 @@ class GetEntityAliasResult(dict):
21
26
  id: str,
22
27
  last_update_time: str,
23
28
  merged_from_canonical_ids: Sequence[str],
24
- metadata: Mapping[str, Any],
29
+ metadata: Mapping[str, str],
25
30
  mount_accessor: str,
26
31
  mount_path: str,
27
32
  mount_type: str,
@@ -32,7 +37,7 @@ class GetEntityAliasResult(dict):
32
37
  :param str id: ID of the alias
33
38
  :param str last_update_time: Last update time of the alias
34
39
  :param Sequence[str] merged_from_canonical_ids: List of canonical IDs merged with this alias
35
- :param Mapping[str, Any] metadata: Arbitrary metadata
40
+ :param Mapping[str, str] metadata: Arbitrary metadata
36
41
  :param str mount_accessor: Authentication mount acccessor which this alias belongs to
37
42
  :param str mount_path: Authentication mount path which this alias belongs to
38
43
  :param str mount_type: Authentication mount type which this alias belongs to
@@ -91,7 +96,7 @@ class GetEntityAliasResult(dict):
91
96
 
92
97
  @property
93
98
  @pulumi.getter
94
- def metadata(self) -> Mapping[str, Any]:
99
+ def metadata(self) -> Mapping[str, str]:
95
100
  """
96
101
  Arbitrary metadata
97
102
  """
@@ -4,15 +4,70 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = [
13
18
  'AuthBackendTuneArgs',
19
+ 'AuthBackendTuneArgsDict',
14
20
  ]
15
21
 
22
+ MYPY = False
23
+
24
+ if not MYPY:
25
+ class AuthBackendTuneArgsDict(TypedDict):
26
+ allowed_response_headers: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
27
+ """
28
+ List of headers to whitelist and allowing
29
+ a plugin to include them in the response.
30
+ """
31
+ audit_non_hmac_request_keys: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
32
+ """
33
+ Specifies the list of keys that will
34
+ not be HMAC'd by audit devices in the request data object.
35
+ """
36
+ audit_non_hmac_response_keys: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
37
+ """
38
+ Specifies the list of keys that will
39
+ not be HMAC'd by audit devices in the response data object.
40
+ """
41
+ default_lease_ttl: NotRequired[pulumi.Input[str]]
42
+ """
43
+ Specifies the default time-to-live.
44
+ If set, this overrides the global default.
45
+ Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
46
+ """
47
+ listing_visibility: NotRequired[pulumi.Input[str]]
48
+ """
49
+ Specifies whether to show this mount in
50
+ the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
51
+ """
52
+ max_lease_ttl: NotRequired[pulumi.Input[str]]
53
+ """
54
+ Specifies the maximum time-to-live.
55
+ If set, this overrides the global default.
56
+ Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
57
+ """
58
+ passthrough_request_headers: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
59
+ """
60
+ List of headers to whitelist and
61
+ pass from the request to the backend.
62
+ """
63
+ token_type: NotRequired[pulumi.Input[str]]
64
+ """
65
+ Specifies the type of tokens that should be returned by
66
+ the mount. Valid values are "default-service", "default-batch", "service", "batch".
67
+ """
68
+ elif False:
69
+ AuthBackendTuneArgsDict: TypeAlias = Mapping[str, Any]
70
+
16
71
  @pulumi.input_type
17
72
  class AuthBackendTuneArgs:
18
73
  def __init__(__self__, *,
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
  from . import outputs
12
17
  from ._inputs import *
@@ -51,7 +56,7 @@ class AuthBackendArgs:
51
56
  :param pulumi.Input[bool] local: Specifies if the auth method is local only.
52
57
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
53
58
  The value should not contain leading or trailing forward slashes.
54
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
59
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
55
60
  *Available only for Vault Enterprise*.
56
61
  :param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
57
62
 
@@ -226,7 +231,7 @@ class AuthBackendArgs:
226
231
  """
227
232
  The namespace to provision the resource in.
228
233
  The value should not contain leading or trailing forward slashes.
229
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
234
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
230
235
  *Available only for Vault Enterprise*.
231
236
  """
232
237
  return pulumi.get(self, "namespace")
@@ -409,7 +414,7 @@ class _AuthBackendState:
409
414
  :param pulumi.Input[bool] local: Specifies if the auth method is local only.
410
415
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
411
416
  The value should not contain leading or trailing forward slashes.
412
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
417
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
413
418
  *Available only for Vault Enterprise*.
414
419
  :param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
415
420
 
@@ -598,7 +603,7 @@ class _AuthBackendState:
598
603
  """
599
604
  The namespace to provision the resource in.
600
605
  The value should not contain leading or trailing forward slashes.
601
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
606
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
602
607
  *Available only for Vault Enterprise*.
603
608
  """
604
609
  return pulumi.get(self, "namespace")
@@ -765,7 +770,7 @@ class AuthBackend(pulumi.CustomResource):
765
770
  oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
766
771
  path: Optional[pulumi.Input[str]] = None,
767
772
  provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
768
- tune: Optional[pulumi.Input[pulumi.InputType['AuthBackendTuneArgs']]] = None,
773
+ tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
769
774
  type: Optional[pulumi.Input[str]] = None,
770
775
  __props__=None):
771
776
  """
@@ -781,10 +786,10 @@ class AuthBackend(pulumi.CustomResource):
781
786
  import pulumi_vault as vault
782
787
 
783
788
  example = vault.jwt.AuthBackend("example",
784
- bound_issuer="https://myco.auth0.com/",
785
789
  description="Demonstration of the Terraform JWT auth backend",
790
+ path="jwt",
786
791
  oidc_discovery_url="https://myco.auth0.com/",
787
- path="jwt")
792
+ bound_issuer="https://myco.auth0.com/")
788
793
  ```
789
794
 
790
795
  Manage OIDC auth backend:
@@ -794,16 +799,16 @@ class AuthBackend(pulumi.CustomResource):
794
799
  import pulumi_vault as vault
795
800
 
796
801
  example = vault.jwt.AuthBackend("example",
797
- bound_issuer="https://myco.auth0.com/",
798
802
  description="Demonstration of the Terraform JWT auth backend",
803
+ path="oidc",
804
+ type="oidc",
805
+ oidc_discovery_url="https://myco.auth0.com/",
799
806
  oidc_client_id="1234567890",
800
807
  oidc_client_secret="secret123456",
801
- oidc_discovery_url="https://myco.auth0.com/",
802
- path="oidc",
803
- tune=vault.jwt.AuthBackendTuneArgs(
804
- listing_visibility="unauth",
805
- ),
806
- type="oidc")
808
+ bound_issuer="https://myco.auth0.com/",
809
+ tune={
810
+ "listing_visibility": "unauth",
811
+ })
807
812
  ```
808
813
 
809
814
  Configuring the auth backend with a `provider_config:
@@ -816,13 +821,13 @@ class AuthBackend(pulumi.CustomResource):
816
821
  description="OIDC backend",
817
822
  oidc_discovery_url="https://accounts.google.com",
818
823
  path="oidc",
824
+ type="oidc",
819
825
  provider_config={
826
+ "provider": "gsuite",
820
827
  "fetch_groups": "true",
821
828
  "fetch_user_info": "true",
822
829
  "groups_recurse_max_depth": "1",
823
- "provider": "gsuite",
824
- },
825
- type="oidc")
830
+ })
826
831
  ```
827
832
 
828
833
  ## Import
@@ -830,12 +835,12 @@ class AuthBackend(pulumi.CustomResource):
830
835
  JWT auth backend can be imported using the `path`, e.g.
831
836
 
832
837
  ```sh
833
- $ pulumi import vault:jwt/authBackend:AuthBackend oidc oidc
838
+ $ pulumi import vault:jwt/authBackend:AuthBackend oidc oidc
834
839
  ```
835
- or
840
+ or
836
841
 
837
842
  ```sh
838
- $ pulumi import vault:jwt/authBackend:AuthBackend jwt jwt
843
+ $ pulumi import vault:jwt/authBackend:AuthBackend jwt jwt
839
844
  ```
840
845
 
841
846
  :param str resource_name: The name of the resource.
@@ -852,7 +857,7 @@ class AuthBackend(pulumi.CustomResource):
852
857
  :param pulumi.Input[bool] local: Specifies if the auth method is local only.
853
858
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
854
859
  The value should not contain leading or trailing forward slashes.
855
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
860
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
856
861
  *Available only for Vault Enterprise*.
857
862
  :param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
858
863
 
@@ -888,10 +893,10 @@ class AuthBackend(pulumi.CustomResource):
888
893
  import pulumi_vault as vault
889
894
 
890
895
  example = vault.jwt.AuthBackend("example",
891
- bound_issuer="https://myco.auth0.com/",
892
896
  description="Demonstration of the Terraform JWT auth backend",
897
+ path="jwt",
893
898
  oidc_discovery_url="https://myco.auth0.com/",
894
- path="jwt")
899
+ bound_issuer="https://myco.auth0.com/")
895
900
  ```
896
901
 
897
902
  Manage OIDC auth backend:
@@ -901,16 +906,16 @@ class AuthBackend(pulumi.CustomResource):
901
906
  import pulumi_vault as vault
902
907
 
903
908
  example = vault.jwt.AuthBackend("example",
904
- bound_issuer="https://myco.auth0.com/",
905
909
  description="Demonstration of the Terraform JWT auth backend",
910
+ path="oidc",
911
+ type="oidc",
912
+ oidc_discovery_url="https://myco.auth0.com/",
906
913
  oidc_client_id="1234567890",
907
914
  oidc_client_secret="secret123456",
908
- oidc_discovery_url="https://myco.auth0.com/",
909
- path="oidc",
910
- tune=vault.jwt.AuthBackendTuneArgs(
911
- listing_visibility="unauth",
912
- ),
913
- type="oidc")
915
+ bound_issuer="https://myco.auth0.com/",
916
+ tune={
917
+ "listing_visibility": "unauth",
918
+ })
914
919
  ```
915
920
 
916
921
  Configuring the auth backend with a `provider_config:
@@ -923,13 +928,13 @@ class AuthBackend(pulumi.CustomResource):
923
928
  description="OIDC backend",
924
929
  oidc_discovery_url="https://accounts.google.com",
925
930
  path="oidc",
931
+ type="oidc",
926
932
  provider_config={
933
+ "provider": "gsuite",
927
934
  "fetch_groups": "true",
928
935
  "fetch_user_info": "true",
929
936
  "groups_recurse_max_depth": "1",
930
- "provider": "gsuite",
931
- },
932
- type="oidc")
937
+ })
933
938
  ```
934
939
 
935
940
  ## Import
@@ -937,12 +942,12 @@ class AuthBackend(pulumi.CustomResource):
937
942
  JWT auth backend can be imported using the `path`, e.g.
938
943
 
939
944
  ```sh
940
- $ pulumi import vault:jwt/authBackend:AuthBackend oidc oidc
945
+ $ pulumi import vault:jwt/authBackend:AuthBackend oidc oidc
941
946
  ```
942
- or
947
+ or
943
948
 
944
949
  ```sh
945
- $ pulumi import vault:jwt/authBackend:AuthBackend jwt jwt
950
+ $ pulumi import vault:jwt/authBackend:AuthBackend jwt jwt
946
951
  ```
947
952
 
948
953
  :param str resource_name: The name of the resource.
@@ -979,7 +984,7 @@ class AuthBackend(pulumi.CustomResource):
979
984
  oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
980
985
  path: Optional[pulumi.Input[str]] = None,
981
986
  provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
982
- tune: Optional[pulumi.Input[pulumi.InputType['AuthBackendTuneArgs']]] = None,
987
+ tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
983
988
  type: Optional[pulumi.Input[str]] = None,
984
989
  __props__=None):
985
990
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -1044,7 +1049,7 @@ class AuthBackend(pulumi.CustomResource):
1044
1049
  oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1045
1050
  path: Optional[pulumi.Input[str]] = None,
1046
1051
  provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1047
- tune: Optional[pulumi.Input[pulumi.InputType['AuthBackendTuneArgs']]] = None,
1052
+ tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
1048
1053
  type: Optional[pulumi.Input[str]] = None) -> 'AuthBackend':
1049
1054
  """
1050
1055
  Get an existing AuthBackend resource's state with the given name, id, and optional extra
@@ -1066,7 +1071,7 @@ class AuthBackend(pulumi.CustomResource):
1066
1071
  :param pulumi.Input[bool] local: Specifies if the auth method is local only.
1067
1072
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1068
1073
  The value should not contain leading or trailing forward slashes.
1069
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1074
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1070
1075
  *Available only for Vault Enterprise*.
1071
1076
  :param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
1072
1077
 
@@ -1198,7 +1203,7 @@ class AuthBackend(pulumi.CustomResource):
1198
1203
  """
1199
1204
  The namespace to provision the resource in.
1200
1205
  The value should not contain leading or trailing forward slashes.
1201
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1206
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1202
1207
  *Available only for Vault Enterprise*.
1203
1208
  """
1204
1209
  return pulumi.get(self, "namespace")