pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
@@ -45,33 +50,17 @@ class AuthBackendRoleArgs:
45
50
  :param pulumi.Input[str] backend: Unique name of the kubernetes backend to configure.
46
51
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
47
52
  The value should not contain leading or trailing forward slashes.
48
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
53
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
49
54
  *Available only for Vault Enterprise*.
50
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
51
- addresses which can authenticate successfully, and ties the resulting token to these blocks
52
- as well.
53
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
54
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
55
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
56
- `token_max_ttl` would otherwise allow a renewal.
57
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
58
- Its current value will be referenced at renewal time.
59
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
60
- generated tokens; otherwise it will be added to the policies set in token_policies.
61
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/kubernetes#token_num_uses)
62
- of times a generated token may be used (within its lifetime); 0 means unlimited.
63
- :param pulumi.Input[int] token_period: If set, indicates that the
64
- token generated using this role should never expire. The token should be renewed within the
65
- duration specified by this value. At each renewal, the token's TTL will be set to the
66
- value of this field. Specified in seconds.
67
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
68
- on the auth method, this list may be supplemented by user/group/other values.
55
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
56
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
57
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
58
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
59
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
60
+ :param pulumi.Input[int] token_period: Generated Token's Period
61
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
69
62
  :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
70
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
71
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
72
- `service` tokens). For token store roles, there are two additional possibilities:
73
- `default-service` and `default-batch` which specify the type to return unless the client
74
- requests a different type at generation time.
63
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
75
64
  """
76
65
  pulumi.set(__self__, "bound_service_account_names", bound_service_account_names)
77
66
  pulumi.set(__self__, "bound_service_account_namespaces", bound_service_account_namespaces)
@@ -186,7 +175,7 @@ class AuthBackendRoleArgs:
186
175
  """
187
176
  The namespace to provision the resource in.
188
177
  The value should not contain leading or trailing forward slashes.
189
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
178
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
190
179
  *Available only for Vault Enterprise*.
191
180
  """
192
181
  return pulumi.get(self, "namespace")
@@ -199,9 +188,7 @@ class AuthBackendRoleArgs:
199
188
  @pulumi.getter(name="tokenBoundCidrs")
200
189
  def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
201
190
  """
202
- List of CIDR blocks; if set, specifies blocks of IP
203
- addresses which can authenticate successfully, and ties the resulting token to these blocks
204
- as well.
191
+ Specifies the blocks of IP addresses which are allowed to use the generated token
205
192
  """
206
193
  return pulumi.get(self, "token_bound_cidrs")
207
194
 
@@ -213,10 +200,7 @@ class AuthBackendRoleArgs:
213
200
  @pulumi.getter(name="tokenExplicitMaxTtl")
214
201
  def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
215
202
  """
216
- If set, will encode an
217
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
218
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
219
- `token_max_ttl` would otherwise allow a renewal.
203
+ Generated Token's Explicit Maximum TTL in seconds
220
204
  """
221
205
  return pulumi.get(self, "token_explicit_max_ttl")
222
206
 
@@ -228,8 +212,7 @@ class AuthBackendRoleArgs:
228
212
  @pulumi.getter(name="tokenMaxTtl")
229
213
  def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
230
214
  """
231
- The maximum lifetime for generated tokens in number of seconds.
232
- Its current value will be referenced at renewal time.
215
+ The maximum lifetime of the generated token
233
216
  """
234
217
  return pulumi.get(self, "token_max_ttl")
235
218
 
@@ -241,8 +224,7 @@ class AuthBackendRoleArgs:
241
224
  @pulumi.getter(name="tokenNoDefaultPolicy")
242
225
  def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
243
226
  """
244
- If set, the default policy will not be set on
245
- generated tokens; otherwise it will be added to the policies set in token_policies.
227
+ If true, the 'default' policy will not automatically be added to generated tokens
246
228
  """
247
229
  return pulumi.get(self, "token_no_default_policy")
248
230
 
@@ -254,8 +236,7 @@ class AuthBackendRoleArgs:
254
236
  @pulumi.getter(name="tokenNumUses")
255
237
  def token_num_uses(self) -> Optional[pulumi.Input[int]]:
256
238
  """
257
- The [maximum number](https://www.vaultproject.io/api-docs/kubernetes#token_num_uses)
258
- of times a generated token may be used (within its lifetime); 0 means unlimited.
239
+ The maximum number of times a token may be used, a value of zero means unlimited
259
240
  """
260
241
  return pulumi.get(self, "token_num_uses")
261
242
 
@@ -267,10 +248,7 @@ class AuthBackendRoleArgs:
267
248
  @pulumi.getter(name="tokenPeriod")
268
249
  def token_period(self) -> Optional[pulumi.Input[int]]:
269
250
  """
270
- If set, indicates that the
271
- token generated using this role should never expire. The token should be renewed within the
272
- duration specified by this value. At each renewal, the token's TTL will be set to the
273
- value of this field. Specified in seconds.
251
+ Generated Token's Period
274
252
  """
275
253
  return pulumi.get(self, "token_period")
276
254
 
@@ -282,8 +260,7 @@ class AuthBackendRoleArgs:
282
260
  @pulumi.getter(name="tokenPolicies")
283
261
  def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
284
262
  """
285
- List of policies to encode onto generated tokens. Depending
286
- on the auth method, this list may be supplemented by user/group/other values.
263
+ Generated Token's Policies
287
264
  """
288
265
  return pulumi.get(self, "token_policies")
289
266
 
@@ -307,11 +284,7 @@ class AuthBackendRoleArgs:
307
284
  @pulumi.getter(name="tokenType")
308
285
  def token_type(self) -> Optional[pulumi.Input[str]]:
309
286
  """
310
- The type of token that should be generated. Can be `service`,
311
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
312
- `service` tokens). For token store roles, there are two additional possibilities:
313
- `default-service` and `default-batch` which specify the type to return unless the client
314
- requests a different type at generation time.
287
+ The type of token to generate, service or batch
315
288
  """
316
289
  return pulumi.get(self, "token_type")
317
290
 
@@ -353,34 +326,18 @@ class _AuthBackendRoleState:
353
326
  :param pulumi.Input[Sequence[pulumi.Input[str]]] bound_service_account_namespaces: List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
354
327
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
355
328
  The value should not contain leading or trailing forward slashes.
356
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
329
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
357
330
  *Available only for Vault Enterprise*.
358
331
  :param pulumi.Input[str] role_name: Name of the role.
359
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
360
- addresses which can authenticate successfully, and ties the resulting token to these blocks
361
- as well.
362
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
363
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
364
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
365
- `token_max_ttl` would otherwise allow a renewal.
366
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
367
- Its current value will be referenced at renewal time.
368
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
369
- generated tokens; otherwise it will be added to the policies set in token_policies.
370
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/kubernetes#token_num_uses)
371
- of times a generated token may be used (within its lifetime); 0 means unlimited.
372
- :param pulumi.Input[int] token_period: If set, indicates that the
373
- token generated using this role should never expire. The token should be renewed within the
374
- duration specified by this value. At each renewal, the token's TTL will be set to the
375
- value of this field. Specified in seconds.
376
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
377
- on the auth method, this list may be supplemented by user/group/other values.
332
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
333
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
334
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
335
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
336
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
337
+ :param pulumi.Input[int] token_period: Generated Token's Period
338
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
378
339
  :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
379
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
380
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
381
- `service` tokens). For token store roles, there are two additional possibilities:
382
- `default-service` and `default-batch` which specify the type to return unless the client
383
- requests a different type at generation time.
340
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
384
341
  """
385
342
  if alias_name_source is not None:
386
343
  pulumi.set(__self__, "alias_name_source", alias_name_source)
@@ -486,7 +443,7 @@ class _AuthBackendRoleState:
486
443
  """
487
444
  The namespace to provision the resource in.
488
445
  The value should not contain leading or trailing forward slashes.
489
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
446
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
490
447
  *Available only for Vault Enterprise*.
491
448
  """
492
449
  return pulumi.get(self, "namespace")
@@ -511,9 +468,7 @@ class _AuthBackendRoleState:
511
468
  @pulumi.getter(name="tokenBoundCidrs")
512
469
  def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
513
470
  """
514
- List of CIDR blocks; if set, specifies blocks of IP
515
- addresses which can authenticate successfully, and ties the resulting token to these blocks
516
- as well.
471
+ Specifies the blocks of IP addresses which are allowed to use the generated token
517
472
  """
518
473
  return pulumi.get(self, "token_bound_cidrs")
519
474
 
@@ -525,10 +480,7 @@ class _AuthBackendRoleState:
525
480
  @pulumi.getter(name="tokenExplicitMaxTtl")
526
481
  def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
527
482
  """
528
- If set, will encode an
529
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
530
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
531
- `token_max_ttl` would otherwise allow a renewal.
483
+ Generated Token's Explicit Maximum TTL in seconds
532
484
  """
533
485
  return pulumi.get(self, "token_explicit_max_ttl")
534
486
 
@@ -540,8 +492,7 @@ class _AuthBackendRoleState:
540
492
  @pulumi.getter(name="tokenMaxTtl")
541
493
  def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
542
494
  """
543
- The maximum lifetime for generated tokens in number of seconds.
544
- Its current value will be referenced at renewal time.
495
+ The maximum lifetime of the generated token
545
496
  """
546
497
  return pulumi.get(self, "token_max_ttl")
547
498
 
@@ -553,8 +504,7 @@ class _AuthBackendRoleState:
553
504
  @pulumi.getter(name="tokenNoDefaultPolicy")
554
505
  def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
555
506
  """
556
- If set, the default policy will not be set on
557
- generated tokens; otherwise it will be added to the policies set in token_policies.
507
+ If true, the 'default' policy will not automatically be added to generated tokens
558
508
  """
559
509
  return pulumi.get(self, "token_no_default_policy")
560
510
 
@@ -566,8 +516,7 @@ class _AuthBackendRoleState:
566
516
  @pulumi.getter(name="tokenNumUses")
567
517
  def token_num_uses(self) -> Optional[pulumi.Input[int]]:
568
518
  """
569
- The [maximum number](https://www.vaultproject.io/api-docs/kubernetes#token_num_uses)
570
- of times a generated token may be used (within its lifetime); 0 means unlimited.
519
+ The maximum number of times a token may be used, a value of zero means unlimited
571
520
  """
572
521
  return pulumi.get(self, "token_num_uses")
573
522
 
@@ -579,10 +528,7 @@ class _AuthBackendRoleState:
579
528
  @pulumi.getter(name="tokenPeriod")
580
529
  def token_period(self) -> Optional[pulumi.Input[int]]:
581
530
  """
582
- If set, indicates that the
583
- token generated using this role should never expire. The token should be renewed within the
584
- duration specified by this value. At each renewal, the token's TTL will be set to the
585
- value of this field. Specified in seconds.
531
+ Generated Token's Period
586
532
  """
587
533
  return pulumi.get(self, "token_period")
588
534
 
@@ -594,8 +540,7 @@ class _AuthBackendRoleState:
594
540
  @pulumi.getter(name="tokenPolicies")
595
541
  def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
596
542
  """
597
- List of policies to encode onto generated tokens. Depending
598
- on the auth method, this list may be supplemented by user/group/other values.
543
+ Generated Token's Policies
599
544
  """
600
545
  return pulumi.get(self, "token_policies")
601
546
 
@@ -619,11 +564,7 @@ class _AuthBackendRoleState:
619
564
  @pulumi.getter(name="tokenType")
620
565
  def token_type(self) -> Optional[pulumi.Input[str]]:
621
566
  """
622
- The type of token that should be generated. Can be `service`,
623
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
624
- `service` tokens). For token store roles, there are two additional possibilities:
625
- `default-service` and `default-batch` which specify the type to return unless the client
626
- requests a different type at generation time.
567
+ The type of token to generate, service or batch
627
568
  """
628
569
  return pulumi.get(self, "token_type")
629
570
 
@@ -685,7 +626,7 @@ class AuthBackendRole(pulumi.CustomResource):
685
626
  Kubernetes auth backend role can be imported using the `path`, e.g.
686
627
 
687
628
  ```sh
688
- $ pulumi import vault:kubernetes/authBackendRole:AuthBackendRole foo auth/kubernetes/role/foo
629
+ $ pulumi import vault:kubernetes/authBackendRole:AuthBackendRole foo auth/kubernetes/role/foo
689
630
  ```
690
631
 
691
632
  :param str resource_name: The name of the resource.
@@ -702,34 +643,18 @@ class AuthBackendRole(pulumi.CustomResource):
702
643
  :param pulumi.Input[Sequence[pulumi.Input[str]]] bound_service_account_namespaces: List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
703
644
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
704
645
  The value should not contain leading or trailing forward slashes.
705
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
646
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
706
647
  *Available only for Vault Enterprise*.
707
648
  :param pulumi.Input[str] role_name: Name of the role.
708
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
709
- addresses which can authenticate successfully, and ties the resulting token to these blocks
710
- as well.
711
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
712
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
713
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
714
- `token_max_ttl` would otherwise allow a renewal.
715
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
716
- Its current value will be referenced at renewal time.
717
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
718
- generated tokens; otherwise it will be added to the policies set in token_policies.
719
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/kubernetes#token_num_uses)
720
- of times a generated token may be used (within its lifetime); 0 means unlimited.
721
- :param pulumi.Input[int] token_period: If set, indicates that the
722
- token generated using this role should never expire. The token should be renewed within the
723
- duration specified by this value. At each renewal, the token's TTL will be set to the
724
- value of this field. Specified in seconds.
725
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
726
- on the auth method, this list may be supplemented by user/group/other values.
649
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
650
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
651
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
652
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
653
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
654
+ :param pulumi.Input[int] token_period: Generated Token's Period
655
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
727
656
  :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
728
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
729
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
730
- `service` tokens). For token store roles, there are two additional possibilities:
731
- `default-service` and `default-batch` which specify the type to return unless the client
732
- requests a different type at generation time.
657
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
733
658
  """
734
659
  ...
735
660
  @overload
@@ -768,7 +693,7 @@ class AuthBackendRole(pulumi.CustomResource):
768
693
  Kubernetes auth backend role can be imported using the `path`, e.g.
769
694
 
770
695
  ```sh
771
- $ pulumi import vault:kubernetes/authBackendRole:AuthBackendRole foo auth/kubernetes/role/foo
696
+ $ pulumi import vault:kubernetes/authBackendRole:AuthBackendRole foo auth/kubernetes/role/foo
772
697
  ```
773
698
 
774
699
  :param str resource_name: The name of the resource.
@@ -878,34 +803,18 @@ class AuthBackendRole(pulumi.CustomResource):
878
803
  :param pulumi.Input[Sequence[pulumi.Input[str]]] bound_service_account_namespaces: List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
879
804
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
880
805
  The value should not contain leading or trailing forward slashes.
881
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
806
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
882
807
  *Available only for Vault Enterprise*.
883
808
  :param pulumi.Input[str] role_name: Name of the role.
884
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
885
- addresses which can authenticate successfully, and ties the resulting token to these blocks
886
- as well.
887
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
888
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
889
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
890
- `token_max_ttl` would otherwise allow a renewal.
891
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
892
- Its current value will be referenced at renewal time.
893
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
894
- generated tokens; otherwise it will be added to the policies set in token_policies.
895
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/kubernetes#token_num_uses)
896
- of times a generated token may be used (within its lifetime); 0 means unlimited.
897
- :param pulumi.Input[int] token_period: If set, indicates that the
898
- token generated using this role should never expire. The token should be renewed within the
899
- duration specified by this value. At each renewal, the token's TTL will be set to the
900
- value of this field. Specified in seconds.
901
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
902
- on the auth method, this list may be supplemented by user/group/other values.
809
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
810
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
811
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
812
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
813
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
814
+ :param pulumi.Input[int] token_period: Generated Token's Period
815
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
903
816
  :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
904
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
905
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
906
- `service` tokens). For token store roles, there are two additional possibilities:
907
- `default-service` and `default-batch` which specify the type to return unless the client
908
- requests a different type at generation time.
817
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
909
818
  """
910
819
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
911
820
 
@@ -980,7 +889,7 @@ class AuthBackendRole(pulumi.CustomResource):
980
889
  """
981
890
  The namespace to provision the resource in.
982
891
  The value should not contain leading or trailing forward slashes.
983
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
892
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
984
893
  *Available only for Vault Enterprise*.
985
894
  """
986
895
  return pulumi.get(self, "namespace")
@@ -997,9 +906,7 @@ class AuthBackendRole(pulumi.CustomResource):
997
906
  @pulumi.getter(name="tokenBoundCidrs")
998
907
  def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
999
908
  """
1000
- List of CIDR blocks; if set, specifies blocks of IP
1001
- addresses which can authenticate successfully, and ties the resulting token to these blocks
1002
- as well.
909
+ Specifies the blocks of IP addresses which are allowed to use the generated token
1003
910
  """
1004
911
  return pulumi.get(self, "token_bound_cidrs")
1005
912
 
@@ -1007,10 +914,7 @@ class AuthBackendRole(pulumi.CustomResource):
1007
914
  @pulumi.getter(name="tokenExplicitMaxTtl")
1008
915
  def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
1009
916
  """
1010
- If set, will encode an
1011
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
1012
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
1013
- `token_max_ttl` would otherwise allow a renewal.
917
+ Generated Token's Explicit Maximum TTL in seconds
1014
918
  """
1015
919
  return pulumi.get(self, "token_explicit_max_ttl")
1016
920
 
@@ -1018,8 +922,7 @@ class AuthBackendRole(pulumi.CustomResource):
1018
922
  @pulumi.getter(name="tokenMaxTtl")
1019
923
  def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
1020
924
  """
1021
- The maximum lifetime for generated tokens in number of seconds.
1022
- Its current value will be referenced at renewal time.
925
+ The maximum lifetime of the generated token
1023
926
  """
1024
927
  return pulumi.get(self, "token_max_ttl")
1025
928
 
@@ -1027,8 +930,7 @@ class AuthBackendRole(pulumi.CustomResource):
1027
930
  @pulumi.getter(name="tokenNoDefaultPolicy")
1028
931
  def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
1029
932
  """
1030
- If set, the default policy will not be set on
1031
- generated tokens; otherwise it will be added to the policies set in token_policies.
933
+ If true, the 'default' policy will not automatically be added to generated tokens
1032
934
  """
1033
935
  return pulumi.get(self, "token_no_default_policy")
1034
936
 
@@ -1036,8 +938,7 @@ class AuthBackendRole(pulumi.CustomResource):
1036
938
  @pulumi.getter(name="tokenNumUses")
1037
939
  def token_num_uses(self) -> pulumi.Output[Optional[int]]:
1038
940
  """
1039
- The [maximum number](https://www.vaultproject.io/api-docs/kubernetes#token_num_uses)
1040
- of times a generated token may be used (within its lifetime); 0 means unlimited.
941
+ The maximum number of times a token may be used, a value of zero means unlimited
1041
942
  """
1042
943
  return pulumi.get(self, "token_num_uses")
1043
944
 
@@ -1045,10 +946,7 @@ class AuthBackendRole(pulumi.CustomResource):
1045
946
  @pulumi.getter(name="tokenPeriod")
1046
947
  def token_period(self) -> pulumi.Output[Optional[int]]:
1047
948
  """
1048
- If set, indicates that the
1049
- token generated using this role should never expire. The token should be renewed within the
1050
- duration specified by this value. At each renewal, the token's TTL will be set to the
1051
- value of this field. Specified in seconds.
949
+ Generated Token's Period
1052
950
  """
1053
951
  return pulumi.get(self, "token_period")
1054
952
 
@@ -1056,8 +954,7 @@ class AuthBackendRole(pulumi.CustomResource):
1056
954
  @pulumi.getter(name="tokenPolicies")
1057
955
  def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
1058
956
  """
1059
- List of policies to encode onto generated tokens. Depending
1060
- on the auth method, this list may be supplemented by user/group/other values.
957
+ Generated Token's Policies
1061
958
  """
1062
959
  return pulumi.get(self, "token_policies")
1063
960
 
@@ -1073,11 +970,7 @@ class AuthBackendRole(pulumi.CustomResource):
1073
970
  @pulumi.getter(name="tokenType")
1074
971
  def token_type(self) -> pulumi.Output[Optional[str]]:
1075
972
  """
1076
- The type of token that should be generated. Can be `service`,
1077
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
1078
- `service` tokens). For token store roles, there are two additional possibilities:
1079
- `default-service` and `default-batch` which specify the type to return unless the client
1080
- requests a different type at generation time.
973
+ The type of token to generate, service or batch
1081
974
  """
1082
975
  return pulumi.get(self, "token_type")
1083
976