pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

pulumi_vault/identity/oidc_scope.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['OidcScopeArgs', 'OidcScope']
@@ -24,7 +29,7 @@ class OidcScopeArgs:
         :param pulumi.Input[str] name: The name of the scope. The `openid` scope name is reserved.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] template: The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.
         """
@@ -67,7 +72,7 @@ class OidcScopeArgs:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -102,7 +107,7 @@ class _OidcScopeState:
         :param pulumi.Input[str] name: The name of the scope. The `openid` scope name is reserved.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] template: The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.
         """
@@ -145,7 +150,7 @@ class _OidcScopeState:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -188,8 +193,9 @@ class OidcScope(pulumi.CustomResource):
         import pulumi_vault as vault
 
         groups = vault.identity.OidcScope("groups",
-            description="Vault OIDC Groups Scope",
-            template="{\\"groups\\":{{identity.entity.groups.names}}}")
+            name="groups",
+            template="{\\"groups\\":{{identity.entity.groups.names}}}",
+            description="Vault OIDC Groups Scope")
         ```
 
         ## Import
@@ -197,7 +203,7 @@ class OidcScope(pulumi.CustomResource):
         OIDC Scopes can be imported using the `name`, e.g.
 
         ```sh
-         $ pulumi import vault:identity/oidcScope:OidcScope groups groups
+        $ pulumi import vault:identity/oidcScope:OidcScope groups groups
         ```
 
         :param str resource_name: The name of the resource.
@@ -206,7 +212,7 @@ class OidcScope(pulumi.CustomResource):
         :param pulumi.Input[str] name: The name of the scope. The `openid` scope name is reserved.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] template: The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.
         """
@@ -227,8 +233,9 @@ class OidcScope(pulumi.CustomResource):
         import pulumi_vault as vault
 
         groups = vault.identity.OidcScope("groups",
-            description="Vault OIDC Groups Scope",
-            template="{\\"groups\\":{{identity.entity.groups.names}}}")
+            name="groups",
+            template="{\\"groups\\":{{identity.entity.groups.names}}}",
+            description="Vault OIDC Groups Scope")
         ```
 
         ## Import
@@ -236,7 +243,7 @@ class OidcScope(pulumi.CustomResource):
         OIDC Scopes can be imported using the `name`, e.g.
 
         ```sh
-         $ pulumi import vault:identity/oidcScope:OidcScope groups groups
+        $ pulumi import vault:identity/oidcScope:OidcScope groups groups
         ```
 
         :param str resource_name: The name of the resource.
@@ -296,7 +303,7 @@ class OidcScope(pulumi.CustomResource):
         :param pulumi.Input[str] name: The name of the scope. The `openid` scope name is reserved.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] template: The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.
         """
@@ -332,7 +339,7 @@ class OidcScope(pulumi.CustomResource):
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")

pulumi_vault/identity/outputs.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [
@@ -21,7 +26,7 @@ class GetEntityAliasResult(dict):
                  id: str,
                  last_update_time: str,
                  merged_from_canonical_ids: Sequence[str],
-                 metadata: Mapping[str, Any],
+                 metadata: Mapping[str, str],
                  mount_accessor: str,
                  mount_path: str,
                  mount_type: str,
@@ -32,7 +37,7 @@ class GetEntityAliasResult(dict):
         :param str id: ID of the alias
         :param str last_update_time: Last update time of the alias
         :param Sequence[str] merged_from_canonical_ids: List of canonical IDs merged with this alias
-        :param Mapping[str, Any] metadata: Arbitrary metadata
+        :param Mapping[str, str] metadata: Arbitrary metadata
         :param str mount_accessor: Authentication mount acccessor which this alias belongs to
         :param str mount_path: Authentication mount path which this alias belongs to
         :param str mount_type: Authentication mount type which this alias belongs to
@@ -91,7 +96,7 @@ class GetEntityAliasResult(dict):
 
     @property
     @pulumi.getter
-    def metadata(self) -> Mapping[str, Any]:
+    def metadata(self) -> Mapping[str, str]:
         """
         Arbitrary metadata
         """

pulumi_vault/jwt/_inputs.py

@@ -4,15 +4,70 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [
     'AuthBackendTuneArgs',
+    'AuthBackendTuneArgsDict',
 ]
 
+MYPY = False
+
+if not MYPY:
+    class AuthBackendTuneArgsDict(TypedDict):
+        allowed_response_headers: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        List of headers to whitelist and allowing
+        a plugin to include them in the response.
+        """
+        audit_non_hmac_request_keys: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        Specifies the list of keys that will
+        not be HMAC'd by audit devices in the request data object.
+        """
+        audit_non_hmac_response_keys: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        Specifies the list of keys that will
+        not be HMAC'd by audit devices in the response data object.
+        """
+        default_lease_ttl: NotRequired[pulumi.Input[str]]
+        """
+        Specifies the default time-to-live.
+        If set, this overrides the global default.
+        Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
+        """
+        listing_visibility: NotRequired[pulumi.Input[str]]
+        """
+        Specifies whether to show this mount in
+        the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
+        """
+        max_lease_ttl: NotRequired[pulumi.Input[str]]
+        """
+        Specifies the maximum time-to-live.
+        If set, this overrides the global default.
+        Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
+        """
+        passthrough_request_headers: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        List of headers to whitelist and
+        pass from the request to the backend.
+        """
+        token_type: NotRequired[pulumi.Input[str]]
+        """
+        Specifies the type of tokens that should be returned by
+        the mount. Valid values are "default-service", "default-batch", "service", "batch".
+        """
+elif False:
+    AuthBackendTuneArgsDict: TypeAlias = Mapping[str, Any]
+
 @pulumi.input_type
 class AuthBackendTuneArgs:
     def __init__(__self__, *,

pulumi_vault/jwt/auth_backend.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 from . import outputs
 from ._inputs import *
@@ -51,7 +56,7 @@ class AuthBackendArgs:
         :param pulumi.Input[bool] local: Specifies if the auth method is local only.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
                
@@ -226,7 +231,7 @@ class AuthBackendArgs:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -409,7 +414,7 @@ class _AuthBackendState:
         :param pulumi.Input[bool] local: Specifies if the auth method is local only.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
                
@@ -598,7 +603,7 @@ class _AuthBackendState:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -765,7 +770,7 @@ class AuthBackend(pulumi.CustomResource):
                  oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  path: Optional[pulumi.Input[str]] = None,
                  provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
-                 tune: Optional[pulumi.Input[pulumi.InputType['AuthBackendTuneArgs']]] = None,
+                 tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
                  type: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
@@ -781,10 +786,10 @@ class AuthBackend(pulumi.CustomResource):
         import pulumi_vault as vault
 
         example = vault.jwt.AuthBackend("example",
-            bound_issuer="https://myco.auth0.com/",
             description="Demonstration of the Terraform JWT auth backend",
+            path="jwt",
             oidc_discovery_url="https://myco.auth0.com/",
-            path="jwt")
+            bound_issuer="https://myco.auth0.com/")
         ```
 
         Manage OIDC auth backend:
@@ -794,16 +799,16 @@ class AuthBackend(pulumi.CustomResource):
         import pulumi_vault as vault
 
         example = vault.jwt.AuthBackend("example",
-            bound_issuer="https://myco.auth0.com/",
             description="Demonstration of the Terraform JWT auth backend",
+            path="oidc",
+            type="oidc",
+            oidc_discovery_url="https://myco.auth0.com/",
             oidc_client_id="1234567890",
             oidc_client_secret="secret123456",
-            oidc_discovery_url="https://myco.auth0.com/",
-            path="oidc",
-            tune=vault.jwt.AuthBackendTuneArgs(
-                listing_visibility="unauth",
-            ),
-            type="oidc")
+            bound_issuer="https://myco.auth0.com/",
+            tune={
+                "listing_visibility": "unauth",
+            })
         ```
 
         Configuring the auth backend with a `provider_config:
@@ -816,13 +821,13 @@ class AuthBackend(pulumi.CustomResource):
             description="OIDC backend",
             oidc_discovery_url="https://accounts.google.com",
             path="oidc",
+            type="oidc",
             provider_config={
+                "provider": "gsuite",
                 "fetch_groups": "true",
                 "fetch_user_info": "true",
                 "groups_recurse_max_depth": "1",
-                "provider": "gsuite",
-            },
-            type="oidc")
+            })
         ```
 
         ## Import
@@ -830,12 +835,12 @@ class AuthBackend(pulumi.CustomResource):
         JWT auth backend can be imported using the `path`, e.g.
 
         ```sh
-         $ pulumi import vault:jwt/authBackend:AuthBackend oidc oidc
+        $ pulumi import vault:jwt/authBackend:AuthBackend oidc oidc
         ```
-         or
+        or
 
         ```sh
-         $ pulumi import vault:jwt/authBackend:AuthBackend jwt jwt
+        $ pulumi import vault:jwt/authBackend:AuthBackend jwt jwt
         ```
 
         :param str resource_name: The name of the resource.
@@ -852,7 +857,7 @@ class AuthBackend(pulumi.CustomResource):
         :param pulumi.Input[bool] local: Specifies if the auth method is local only.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
                
@@ -888,10 +893,10 @@ class AuthBackend(pulumi.CustomResource):
         import pulumi_vault as vault
 
         example = vault.jwt.AuthBackend("example",
-            bound_issuer="https://myco.auth0.com/",
             description="Demonstration of the Terraform JWT auth backend",
+            path="jwt",
             oidc_discovery_url="https://myco.auth0.com/",
-            path="jwt")
+            bound_issuer="https://myco.auth0.com/")
         ```
 
         Manage OIDC auth backend:
@@ -901,16 +906,16 @@ class AuthBackend(pulumi.CustomResource):
         import pulumi_vault as vault
 
         example = vault.jwt.AuthBackend("example",
-            bound_issuer="https://myco.auth0.com/",
             description="Demonstration of the Terraform JWT auth backend",
+            path="oidc",
+            type="oidc",
+            oidc_discovery_url="https://myco.auth0.com/",
             oidc_client_id="1234567890",
             oidc_client_secret="secret123456",
-            oidc_discovery_url="https://myco.auth0.com/",
-            path="oidc",
-            tune=vault.jwt.AuthBackendTuneArgs(
-                listing_visibility="unauth",
-            ),
-            type="oidc")
+            bound_issuer="https://myco.auth0.com/",
+            tune={
+                "listing_visibility": "unauth",
+            })
         ```
 
         Configuring the auth backend with a `provider_config:
@@ -923,13 +928,13 @@ class AuthBackend(pulumi.CustomResource):
             description="OIDC backend",
             oidc_discovery_url="https://accounts.google.com",
             path="oidc",
+            type="oidc",
             provider_config={
+                "provider": "gsuite",
                 "fetch_groups": "true",
                 "fetch_user_info": "true",
                 "groups_recurse_max_depth": "1",
-                "provider": "gsuite",
-            },
-            type="oidc")
+            })
         ```
 
         ## Import
@@ -937,12 +942,12 @@ class AuthBackend(pulumi.CustomResource):
         JWT auth backend can be imported using the `path`, e.g.
 
         ```sh
-         $ pulumi import vault:jwt/authBackend:AuthBackend oidc oidc
+        $ pulumi import vault:jwt/authBackend:AuthBackend oidc oidc
         ```
-         or
+        or
 
         ```sh
-         $ pulumi import vault:jwt/authBackend:AuthBackend jwt jwt
+        $ pulumi import vault:jwt/authBackend:AuthBackend jwt jwt
         ```
 
         :param str resource_name: The name of the resource.
@@ -979,7 +984,7 @@ class AuthBackend(pulumi.CustomResource):
                  oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  path: Optional[pulumi.Input[str]] = None,
                  provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
-                 tune: Optional[pulumi.Input[pulumi.InputType['AuthBackendTuneArgs']]] = None,
+                 tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
                  type: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -1044,7 +1049,7 @@ class AuthBackend(pulumi.CustomResource):
             oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             path: Optional[pulumi.Input[str]] = None,
             provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
-            tune: Optional[pulumi.Input[pulumi.InputType['AuthBackendTuneArgs']]] = None,
+            tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
             type: Optional[pulumi.Input[str]] = None) -> 'AuthBackend':
         """
         Get an existing AuthBackend resource's state with the given name, id, and optional extra
@@ -1066,7 +1071,7 @@ class AuthBackend(pulumi.CustomResource):
         :param pulumi.Input[bool] local: Specifies if the auth method is local only.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
                
@@ -1198,7 +1203,7 @@ class AuthBackend(pulumi.CustomResource):
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")