pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = [
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretBackendArgs', 'SecretBackend']
@@ -40,7 +45,7 @@ class SecretBackendArgs:
40
45
  :param pulumi.Input[Sequence[pulumi.Input[str]]] listen_addrs: Addresses the KMIP server should listen on (`host:port`).
41
46
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
42
47
  The value should not contain leading or trailing forward slashes.
43
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
48
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
44
49
  *Available only for Vault Enterprise*.
45
50
  :param pulumi.Input[Sequence[pulumi.Input[str]]] server_hostnames: Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN).
46
51
  :param pulumi.Input[Sequence[pulumi.Input[str]]] server_ips: IPs to include in the server's TLS certificate as SAN IP addresses.
@@ -166,7 +171,7 @@ class SecretBackendArgs:
166
171
  """
167
172
  The namespace to provision the resource in.
168
173
  The value should not contain leading or trailing forward slashes.
169
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
174
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
170
175
  *Available only for Vault Enterprise*.
171
176
  """
172
177
  return pulumi.get(self, "namespace")
@@ -263,7 +268,7 @@ class _SecretBackendState:
263
268
  :param pulumi.Input[Sequence[pulumi.Input[str]]] listen_addrs: Addresses the KMIP server should listen on (`host:port`).
264
269
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
265
270
  The value should not contain leading or trailing forward slashes.
266
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
271
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
267
272
  *Available only for Vault Enterprise*.
268
273
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
269
274
  not begin or end with a `/`. Defaults to `kmip`.
@@ -379,7 +384,7 @@ class _SecretBackendState:
379
384
  """
380
385
  The namespace to provision the resource in.
381
386
  The value should not contain leading or trailing forward slashes.
382
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
387
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
383
388
  *Available only for Vault Enterprise*.
384
389
  """
385
390
  return pulumi.get(self, "namespace")
@@ -493,17 +498,17 @@ class SecretBackend(pulumi.CustomResource):
493
498
  import pulumi_vault as vault
494
499
 
495
500
  default = vault.kmip.SecretBackend("default",
496
- default_tls_client_key_bits=4096,
497
- default_tls_client_key_type="rsa",
498
- default_tls_client_ttl=86400,
501
+ path="kmip",
499
502
  description="Vault KMIP backend",
500
503
  listen_addrs=[
501
504
  "127.0.0.1:5696",
502
505
  "127.0.0.1:8080",
503
506
  ],
504
- path="kmip",
507
+ tls_ca_key_type="rsa",
505
508
  tls_ca_key_bits=4096,
506
- tls_ca_key_type="rsa")
509
+ default_tls_client_key_type="rsa",
510
+ default_tls_client_key_bits=4096,
511
+ default_tls_client_ttl=86400)
507
512
  ```
508
513
 
509
514
  ## Import
@@ -511,7 +516,7 @@ class SecretBackend(pulumi.CustomResource):
511
516
  KMIP Secret backend can be imported using the `path`, e.g.
512
517
 
513
518
  ```sh
514
- $ pulumi import vault:kmip/secretBackend:SecretBackend default kmip
519
+ $ pulumi import vault:kmip/secretBackend:SecretBackend default kmip
515
520
  ```
516
521
 
517
522
  :param str resource_name: The name of the resource.
@@ -525,7 +530,7 @@ class SecretBackend(pulumi.CustomResource):
525
530
  :param pulumi.Input[Sequence[pulumi.Input[str]]] listen_addrs: Addresses the KMIP server should listen on (`host:port`).
526
531
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
527
532
  The value should not contain leading or trailing forward slashes.
528
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
533
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
529
534
  *Available only for Vault Enterprise*.
530
535
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
531
536
  not begin or end with a `/`. Defaults to `kmip`.
@@ -553,17 +558,17 @@ class SecretBackend(pulumi.CustomResource):
553
558
  import pulumi_vault as vault
554
559
 
555
560
  default = vault.kmip.SecretBackend("default",
556
- default_tls_client_key_bits=4096,
557
- default_tls_client_key_type="rsa",
558
- default_tls_client_ttl=86400,
561
+ path="kmip",
559
562
  description="Vault KMIP backend",
560
563
  listen_addrs=[
561
564
  "127.0.0.1:5696",
562
565
  "127.0.0.1:8080",
563
566
  ],
564
- path="kmip",
567
+ tls_ca_key_type="rsa",
565
568
  tls_ca_key_bits=4096,
566
- tls_ca_key_type="rsa")
569
+ default_tls_client_key_type="rsa",
570
+ default_tls_client_key_bits=4096,
571
+ default_tls_client_ttl=86400)
567
572
  ```
568
573
 
569
574
  ## Import
@@ -571,7 +576,7 @@ class SecretBackend(pulumi.CustomResource):
571
576
  KMIP Secret backend can be imported using the `path`, e.g.
572
577
 
573
578
  ```sh
574
- $ pulumi import vault:kmip/secretBackend:SecretBackend default kmip
579
+ $ pulumi import vault:kmip/secretBackend:SecretBackend default kmip
575
580
  ```
576
581
 
577
582
  :param str resource_name: The name of the resource.
@@ -665,7 +670,7 @@ class SecretBackend(pulumi.CustomResource):
665
670
  :param pulumi.Input[Sequence[pulumi.Input[str]]] listen_addrs: Addresses the KMIP server should listen on (`host:port`).
666
671
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
667
672
  The value should not contain leading or trailing forward slashes.
668
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
673
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
669
674
  *Available only for Vault Enterprise*.
670
675
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
671
676
  not begin or end with a `/`. Defaults to `kmip`.
@@ -749,7 +754,7 @@ class SecretBackend(pulumi.CustomResource):
749
754
  """
750
755
  The namespace to provision the resource in.
751
756
  The value should not contain leading or trailing forward slashes.
752
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
757
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
753
758
  *Available only for Vault Enterprise*.
754
759
  """
755
760
  return pulumi.get(self, "namespace")
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretRoleArgs', 'SecretRole']
@@ -43,7 +48,7 @@ class SecretRoleArgs:
43
48
  :param pulumi.Input[str] scope: Name of the scope.
44
49
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
45
50
  The value should not contain leading or trailing forward slashes.
46
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
51
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
47
52
  *Available only for Vault Enterprise*.
48
53
  :param pulumi.Input[bool] operation_activate: Grant permission to use the KMIP Activate operation.
49
54
  :param pulumi.Input[bool] operation_add_attribute: Grant permission to use the KMIP Add Attribute operation.
@@ -146,7 +151,7 @@ class SecretRoleArgs:
146
151
  """
147
152
  The namespace to provision the resource in.
148
153
  The value should not contain leading or trailing forward slashes.
149
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
154
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
150
155
  *Available only for Vault Enterprise*.
151
156
  """
152
157
  return pulumi.get(self, "namespace")
@@ -388,7 +393,7 @@ class _SecretRoleState:
388
393
  Input properties used for looking up and filtering SecretRole resources.
389
394
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
390
395
  The value should not contain leading or trailing forward slashes.
391
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
396
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
392
397
  *Available only for Vault Enterprise*.
393
398
  :param pulumi.Input[bool] operation_activate: Grant permission to use the KMIP Activate operation.
394
399
  :param pulumi.Input[bool] operation_add_attribute: Grant permission to use the KMIP Add Attribute operation.
@@ -461,7 +466,7 @@ class _SecretRoleState:
461
466
  """
462
467
  The namespace to provision the resource in.
463
468
  The value should not contain leading or trailing forward slashes.
464
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
469
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
465
470
  *Available only for Vault Enterprise*.
466
471
  """
467
472
  return pulumi.get(self, "namespace")
@@ -775,14 +780,14 @@ class SecretRole(pulumi.CustomResource):
775
780
  KMIP Secret role can be imported using the `path`, e.g.
776
781
 
777
782
  ```sh
778
- $ pulumi import vault:kmip/secretRole:SecretRole admin kmip
783
+ $ pulumi import vault:kmip/secretRole:SecretRole admin kmip
779
784
  ```
780
785
 
781
786
  :param str resource_name: The name of the resource.
782
787
  :param pulumi.ResourceOptions opts: Options for the resource.
783
788
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
784
789
  The value should not contain leading or trailing forward slashes.
785
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
790
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
786
791
  *Available only for Vault Enterprise*.
787
792
  :param pulumi.Input[bool] operation_activate: Grant permission to use the KMIP Activate operation.
788
793
  :param pulumi.Input[bool] operation_add_attribute: Grant permission to use the KMIP Add Attribute operation.
@@ -848,7 +853,7 @@ class SecretRole(pulumi.CustomResource):
848
853
  KMIP Secret role can be imported using the `path`, e.g.
849
854
 
850
855
  ```sh
851
- $ pulumi import vault:kmip/secretRole:SecretRole admin kmip
856
+ $ pulumi import vault:kmip/secretRole:SecretRole admin kmip
852
857
  ```
853
858
 
854
859
  :param str resource_name: The name of the resource.
@@ -963,7 +968,7 @@ class SecretRole(pulumi.CustomResource):
963
968
  :param pulumi.ResourceOptions opts: Options for the resource.
964
969
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
965
970
  The value should not contain leading or trailing forward slashes.
966
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
971
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
967
972
  *Available only for Vault Enterprise*.
968
973
  :param pulumi.Input[bool] operation_activate: Grant permission to use the KMIP Activate operation.
969
974
  :param pulumi.Input[bool] operation_add_attribute: Grant permission to use the KMIP Add Attribute operation.
@@ -1020,7 +1025,7 @@ class SecretRole(pulumi.CustomResource):
1020
1025
  """
1021
1026
  The namespace to provision the resource in.
1022
1027
  The value should not contain leading or trailing forward slashes.
1023
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1028
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1024
1029
  *Available only for Vault Enterprise*.
1025
1030
  """
1026
1031
  return pulumi.get(self, "namespace")
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretScopeArgs', 'SecretScope']
@@ -26,7 +31,7 @@ class SecretScopeArgs:
26
31
  :param pulumi.Input[bool] force: Boolean field to force deletion even if there are managed objects in the scope.
27
32
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
28
33
  The value should not contain leading or trailing forward slashes.
29
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
34
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
30
35
  *Available only for Vault Enterprise*.
31
36
  """
32
37
  pulumi.set(__self__, "path", path)
@@ -79,7 +84,7 @@ class SecretScopeArgs:
79
84
  """
80
85
  The namespace to provision the resource in.
81
86
  The value should not contain leading or trailing forward slashes.
82
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
87
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
83
88
  *Available only for Vault Enterprise*.
84
89
  """
85
90
  return pulumi.get(self, "namespace")
@@ -101,7 +106,7 @@ class _SecretScopeState:
101
106
  :param pulumi.Input[bool] force: Boolean field to force deletion even if there are managed objects in the scope.
102
107
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
103
108
  The value should not contain leading or trailing forward slashes.
104
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
109
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
105
110
  *Available only for Vault Enterprise*.
106
111
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
107
112
  not begin or end with a `/`. Defaults to `kmip`.
@@ -134,7 +139,7 @@ class _SecretScopeState:
134
139
  """
135
140
  The namespace to provision the resource in.
136
141
  The value should not contain leading or trailing forward slashes.
137
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
142
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
138
143
  *Available only for Vault Enterprise*.
139
144
  """
140
145
  return pulumi.get(self, "namespace")
@@ -204,7 +209,7 @@ class SecretScope(pulumi.CustomResource):
204
209
  KMIP Secret scope can be imported using the `path`, e.g.
205
210
 
206
211
  ```sh
207
- $ pulumi import vault:kmip/secretScope:SecretScope dev kmip
212
+ $ pulumi import vault:kmip/secretScope:SecretScope dev kmip
208
213
  ```
209
214
 
210
215
  :param str resource_name: The name of the resource.
@@ -212,7 +217,7 @@ class SecretScope(pulumi.CustomResource):
212
217
  :param pulumi.Input[bool] force: Boolean field to force deletion even if there are managed objects in the scope.
213
218
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
214
219
  The value should not contain leading or trailing forward slashes.
215
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
220
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
216
221
  *Available only for Vault Enterprise*.
217
222
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
218
223
  not begin or end with a `/`. Defaults to `kmip`.
@@ -249,7 +254,7 @@ class SecretScope(pulumi.CustomResource):
249
254
  KMIP Secret scope can be imported using the `path`, e.g.
250
255
 
251
256
  ```sh
252
- $ pulumi import vault:kmip/secretScope:SecretScope dev kmip
257
+ $ pulumi import vault:kmip/secretScope:SecretScope dev kmip
253
258
  ```
254
259
 
255
260
  :param str resource_name: The name of the resource.
@@ -312,7 +317,7 @@ class SecretScope(pulumi.CustomResource):
312
317
  :param pulumi.Input[bool] force: Boolean field to force deletion even if there are managed objects in the scope.
313
318
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
314
319
  The value should not contain leading or trailing forward slashes.
315
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
320
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
316
321
  *Available only for Vault Enterprise*.
317
322
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
318
323
  not begin or end with a `/`. Defaults to `kmip`.
@@ -342,7 +347,7 @@ class SecretScope(pulumi.CustomResource):
342
347
  """
343
348
  The namespace to provision the resource in.
344
349
  The value should not contain leading or trailing forward slashes.
345
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
350
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
346
351
  *Available only for Vault Enterprise*.
347
352
  """
348
353
  return pulumi.get(self, "namespace")
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['AuthBackendConfigArgs', 'AuthBackendConfig']
@@ -22,7 +27,8 @@ class AuthBackendConfigArgs:
22
27
  kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
23
28
  namespace: Optional[pulumi.Input[str]] = None,
24
29
  pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
25
- token_reviewer_jwt: Optional[pulumi.Input[str]] = None):
30
+ token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
31
+ use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None):
26
32
  """
27
33
  The set of arguments for constructing a AuthBackendConfig resource.
28
34
  :param pulumi.Input[str] kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
@@ -37,6 +43,7 @@ class AuthBackendConfigArgs:
37
43
  *Available only for Vault Enterprise*.
38
44
  :param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
39
45
  :param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
46
+ :param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
40
47
  """
41
48
  pulumi.set(__self__, "kubernetes_host", kubernetes_host)
42
49
  if backend is not None:
@@ -55,6 +62,8 @@ class AuthBackendConfigArgs:
55
62
  pulumi.set(__self__, "pem_keys", pem_keys)
56
63
  if token_reviewer_jwt is not None:
57
64
  pulumi.set(__self__, "token_reviewer_jwt", token_reviewer_jwt)
65
+ if use_annotations_as_alias_metadata is not None:
66
+ pulumi.set(__self__, "use_annotations_as_alias_metadata", use_annotations_as_alias_metadata)
58
67
 
59
68
  @property
60
69
  @pulumi.getter(name="kubernetesHost")
@@ -167,6 +176,18 @@ class AuthBackendConfigArgs:
167
176
  def token_reviewer_jwt(self, value: Optional[pulumi.Input[str]]):
168
177
  pulumi.set(self, "token_reviewer_jwt", value)
169
178
 
179
+ @property
180
+ @pulumi.getter(name="useAnnotationsAsAliasMetadata")
181
+ def use_annotations_as_alias_metadata(self) -> Optional[pulumi.Input[bool]]:
182
+ """
183
+ Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
184
+ """
185
+ return pulumi.get(self, "use_annotations_as_alias_metadata")
186
+
187
+ @use_annotations_as_alias_metadata.setter
188
+ def use_annotations_as_alias_metadata(self, value: Optional[pulumi.Input[bool]]):
189
+ pulumi.set(self, "use_annotations_as_alias_metadata", value)
190
+
170
191
 
171
192
  @pulumi.input_type
172
193
  class _AuthBackendConfigState:
@@ -179,7 +200,8 @@ class _AuthBackendConfigState:
179
200
  kubernetes_host: Optional[pulumi.Input[str]] = None,
180
201
  namespace: Optional[pulumi.Input[str]] = None,
181
202
  pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
182
- token_reviewer_jwt: Optional[pulumi.Input[str]] = None):
203
+ token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
204
+ use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None):
183
205
  """
184
206
  Input properties used for looking up and filtering AuthBackendConfig resources.
185
207
  :param pulumi.Input[str] backend: Unique name of the kubernetes backend to configure.
@@ -194,6 +216,7 @@ class _AuthBackendConfigState:
194
216
  *Available only for Vault Enterprise*.
195
217
  :param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
196
218
  :param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
219
+ :param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
197
220
  """
198
221
  if backend is not None:
199
222
  pulumi.set(__self__, "backend", backend)
@@ -213,6 +236,8 @@ class _AuthBackendConfigState:
213
236
  pulumi.set(__self__, "pem_keys", pem_keys)
214
237
  if token_reviewer_jwt is not None:
215
238
  pulumi.set(__self__, "token_reviewer_jwt", token_reviewer_jwt)
239
+ if use_annotations_as_alias_metadata is not None:
240
+ pulumi.set(__self__, "use_annotations_as_alias_metadata", use_annotations_as_alias_metadata)
216
241
 
217
242
  @property
218
243
  @pulumi.getter
@@ -325,6 +350,18 @@ class _AuthBackendConfigState:
325
350
  def token_reviewer_jwt(self, value: Optional[pulumi.Input[str]]):
326
351
  pulumi.set(self, "token_reviewer_jwt", value)
327
352
 
353
+ @property
354
+ @pulumi.getter(name="useAnnotationsAsAliasMetadata")
355
+ def use_annotations_as_alias_metadata(self) -> Optional[pulumi.Input[bool]]:
356
+ """
357
+ Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
358
+ """
359
+ return pulumi.get(self, "use_annotations_as_alias_metadata")
360
+
361
+ @use_annotations_as_alias_metadata.setter
362
+ def use_annotations_as_alias_metadata(self, value: Optional[pulumi.Input[bool]]):
363
+ pulumi.set(self, "use_annotations_as_alias_metadata", value)
364
+
328
365
 
329
366
  class AuthBackendConfig(pulumi.CustomResource):
330
367
  @overload
@@ -340,6 +377,7 @@ class AuthBackendConfig(pulumi.CustomResource):
340
377
  namespace: Optional[pulumi.Input[str]] = None,
341
378
  pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
342
379
  token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
380
+ use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None,
343
381
  __props__=None):
344
382
  """
345
383
  Manages an Kubernetes auth backend config in a Vault server. See the [Vault
@@ -369,7 +407,7 @@ class AuthBackendConfig(pulumi.CustomResource):
369
407
  Kubernetes authentication backend can be imported using the `path`, e.g.
370
408
 
371
409
  ```sh
372
- $ pulumi import vault:kubernetes/authBackendConfig:AuthBackendConfig config auth/kubernetes/config
410
+ $ pulumi import vault:kubernetes/authBackendConfig:AuthBackendConfig config auth/kubernetes/config
373
411
  ```
374
412
 
375
413
  :param str resource_name: The name of the resource.
@@ -386,6 +424,7 @@ class AuthBackendConfig(pulumi.CustomResource):
386
424
  *Available only for Vault Enterprise*.
387
425
  :param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
388
426
  :param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
427
+ :param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
389
428
  """
390
429
  ...
391
430
  @overload
@@ -421,7 +460,7 @@ class AuthBackendConfig(pulumi.CustomResource):
421
460
  Kubernetes authentication backend can be imported using the `path`, e.g.
422
461
 
423
462
  ```sh
424
- $ pulumi import vault:kubernetes/authBackendConfig:AuthBackendConfig config auth/kubernetes/config
463
+ $ pulumi import vault:kubernetes/authBackendConfig:AuthBackendConfig config auth/kubernetes/config
425
464
  ```
426
465
 
427
466
  :param str resource_name: The name of the resource.
@@ -448,6 +487,7 @@ class AuthBackendConfig(pulumi.CustomResource):
448
487
  namespace: Optional[pulumi.Input[str]] = None,
449
488
  pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
450
489
  token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
490
+ use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None,
451
491
  __props__=None):
452
492
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
453
493
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -468,6 +508,7 @@ class AuthBackendConfig(pulumi.CustomResource):
468
508
  __props__.__dict__["namespace"] = namespace
469
509
  __props__.__dict__["pem_keys"] = pem_keys
470
510
  __props__.__dict__["token_reviewer_jwt"] = None if token_reviewer_jwt is None else pulumi.Output.secret(token_reviewer_jwt)
511
+ __props__.__dict__["use_annotations_as_alias_metadata"] = use_annotations_as_alias_metadata
471
512
  secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["tokenReviewerJwt"])
472
513
  opts = pulumi.ResourceOptions.merge(opts, secret_opts)
473
514
  super(AuthBackendConfig, __self__).__init__(
@@ -488,7 +529,8 @@ class AuthBackendConfig(pulumi.CustomResource):
488
529
  kubernetes_host: Optional[pulumi.Input[str]] = None,
489
530
  namespace: Optional[pulumi.Input[str]] = None,
490
531
  pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
491
- token_reviewer_jwt: Optional[pulumi.Input[str]] = None) -> 'AuthBackendConfig':
532
+ token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
533
+ use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None) -> 'AuthBackendConfig':
492
534
  """
493
535
  Get an existing AuthBackendConfig resource's state with the given name, id, and optional extra
494
536
  properties used to qualify the lookup.
@@ -508,6 +550,7 @@ class AuthBackendConfig(pulumi.CustomResource):
508
550
  *Available only for Vault Enterprise*.
509
551
  :param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
510
552
  :param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
553
+ :param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
511
554
  """
512
555
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
513
556
 
@@ -522,6 +565,7 @@ class AuthBackendConfig(pulumi.CustomResource):
522
565
  __props__.__dict__["namespace"] = namespace
523
566
  __props__.__dict__["pem_keys"] = pem_keys
524
567
  __props__.__dict__["token_reviewer_jwt"] = token_reviewer_jwt
568
+ __props__.__dict__["use_annotations_as_alias_metadata"] = use_annotations_as_alias_metadata
525
569
  return AuthBackendConfig(resource_name, opts=opts, __props__=__props__)
526
570
 
527
571
  @property
@@ -599,3 +643,11 @@ class AuthBackendConfig(pulumi.CustomResource):
599
643
  """
600
644
  return pulumi.get(self, "token_reviewer_jwt")
601
645
 
646
+ @property
647
+ @pulumi.getter(name="useAnnotationsAsAliasMetadata")
648
+ def use_annotations_as_alias_metadata(self) -> pulumi.Output[bool]:
649
+ """
650
+ Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
651
+ """
652
+ return pulumi.get(self, "use_annotations_as_alias_metadata")
653
+