pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = [
@@ -21,7 +26,7 @@ class GetAuthBackendConfigResult:
21
26
  """
22
27
  A collection of values returned by getAuthBackendConfig.
23
28
  """
24
- def __init__(__self__, backend=None, disable_iss_validation=None, disable_local_ca_jwt=None, id=None, issuer=None, kubernetes_ca_cert=None, kubernetes_host=None, namespace=None, pem_keys=None):
29
+ def __init__(__self__, backend=None, disable_iss_validation=None, disable_local_ca_jwt=None, id=None, issuer=None, kubernetes_ca_cert=None, kubernetes_host=None, namespace=None, pem_keys=None, use_annotations_as_alias_metadata=None):
25
30
  if backend and not isinstance(backend, str):
26
31
  raise TypeError("Expected argument 'backend' to be a str")
27
32
  pulumi.set(__self__, "backend", backend)
@@ -49,6 +54,9 @@ class GetAuthBackendConfigResult:
49
54
  if pem_keys and not isinstance(pem_keys, list):
50
55
  raise TypeError("Expected argument 'pem_keys' to be a list")
51
56
  pulumi.set(__self__, "pem_keys", pem_keys)
57
+ if use_annotations_as_alias_metadata and not isinstance(use_annotations_as_alias_metadata, bool):
58
+ raise TypeError("Expected argument 'use_annotations_as_alias_metadata' to be a bool")
59
+ pulumi.set(__self__, "use_annotations_as_alias_metadata", use_annotations_as_alias_metadata)
52
60
 
53
61
  @property
54
62
  @pulumi.getter
@@ -58,11 +66,17 @@ class GetAuthBackendConfigResult:
58
66
  @property
59
67
  @pulumi.getter(name="disableIssValidation")
60
68
  def disable_iss_validation(self) -> bool:
69
+ """
70
+ (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
71
+ """
61
72
  return pulumi.get(self, "disable_iss_validation")
62
73
 
63
74
  @property
64
75
  @pulumi.getter(name="disableLocalCaJwt")
65
76
  def disable_local_ca_jwt(self) -> bool:
77
+ """
78
+ (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
79
+ """
66
80
  return pulumi.get(self, "disable_local_ca_jwt")
67
81
 
68
82
  @property
@@ -110,6 +124,14 @@ class GetAuthBackendConfigResult:
110
124
  """
111
125
  return pulumi.get(self, "pem_keys")
112
126
 
127
+ @property
128
+ @pulumi.getter(name="useAnnotationsAsAliasMetadata")
129
+ def use_annotations_as_alias_metadata(self) -> bool:
130
+ """
131
+ (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
132
+ """
133
+ return pulumi.get(self, "use_annotations_as_alias_metadata")
134
+
113
135
 
114
136
  class AwaitableGetAuthBackendConfigResult(GetAuthBackendConfigResult):
115
137
  # pylint: disable=using-constant-test
@@ -125,7 +147,8 @@ class AwaitableGetAuthBackendConfigResult(GetAuthBackendConfigResult):
125
147
  kubernetes_ca_cert=self.kubernetes_ca_cert,
126
148
  kubernetes_host=self.kubernetes_host,
127
149
  namespace=self.namespace,
128
- pem_keys=self.pem_keys)
150
+ pem_keys=self.pem_keys,
151
+ use_annotations_as_alias_metadata=self.use_annotations_as_alias_metadata)
129
152
 
130
153
 
131
154
  def get_auth_backend_config(backend: Optional[str] = None,
@@ -136,6 +159,7 @@ def get_auth_backend_config(backend: Optional[str] = None,
136
159
  kubernetes_host: Optional[str] = None,
137
160
  namespace: Optional[str] = None,
138
161
  pem_keys: Optional[Sequence[str]] = None,
162
+ use_annotations_as_alias_metadata: Optional[bool] = None,
139
163
  opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetAuthBackendConfigResult:
140
164
  """
141
165
  Reads the Role of an Kubernetes from a Vault server. See the [Vault
@@ -145,6 +169,8 @@ def get_auth_backend_config(backend: Optional[str] = None,
145
169
 
146
170
  :param str backend: The unique name for the Kubernetes backend the config to
147
171
  retrieve Role attributes for resides in. Defaults to "kubernetes".
172
+ :param bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
173
+ :param bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
148
174
  :param str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
149
175
  :param str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
150
176
  :param str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
@@ -153,6 +179,7 @@ def get_auth_backend_config(backend: Optional[str] = None,
153
179
  The `namespace` is always relative to the provider's configured namespace.
154
180
  *Available only for Vault Enterprise*.
155
181
  :param Sequence[str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
182
+ :param bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
156
183
  """
157
184
  __args__ = dict()
158
185
  __args__['backend'] = backend
@@ -163,6 +190,7 @@ def get_auth_backend_config(backend: Optional[str] = None,
163
190
  __args__['kubernetesHost'] = kubernetes_host
164
191
  __args__['namespace'] = namespace
165
192
  __args__['pemKeys'] = pem_keys
193
+ __args__['useAnnotationsAsAliasMetadata'] = use_annotations_as_alias_metadata
166
194
  opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
167
195
  __ret__ = pulumi.runtime.invoke('vault:kubernetes/getAuthBackendConfig:getAuthBackendConfig', __args__, opts=opts, typ=GetAuthBackendConfigResult).value
168
196
 
@@ -175,10 +203,8 @@ def get_auth_backend_config(backend: Optional[str] = None,
175
203
  kubernetes_ca_cert=pulumi.get(__ret__, 'kubernetes_ca_cert'),
176
204
  kubernetes_host=pulumi.get(__ret__, 'kubernetes_host'),
177
205
  namespace=pulumi.get(__ret__, 'namespace'),
178
- pem_keys=pulumi.get(__ret__, 'pem_keys'))
179
-
180
-
181
- @_utilities.lift_output_func(get_auth_backend_config)
206
+ pem_keys=pulumi.get(__ret__, 'pem_keys'),
207
+ use_annotations_as_alias_metadata=pulumi.get(__ret__, 'use_annotations_as_alias_metadata'))
182
208
  def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]] = None,
183
209
  disable_iss_validation: Optional[pulumi.Input[Optional[bool]]] = None,
184
210
  disable_local_ca_jwt: Optional[pulumi.Input[Optional[bool]]] = None,
@@ -187,7 +213,8 @@ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]
187
213
  kubernetes_host: Optional[pulumi.Input[Optional[str]]] = None,
188
214
  namespace: Optional[pulumi.Input[Optional[str]]] = None,
189
215
  pem_keys: Optional[pulumi.Input[Optional[Sequence[str]]]] = None,
190
- opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAuthBackendConfigResult]:
216
+ use_annotations_as_alias_metadata: Optional[pulumi.Input[Optional[bool]]] = None,
217
+ opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAuthBackendConfigResult]:
191
218
  """
192
219
  Reads the Role of an Kubernetes from a Vault server. See the [Vault
193
220
  documentation](https://www.vaultproject.io/api-docs/auth/kubernetes#read-config) for more
@@ -196,6 +223,8 @@ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]
196
223
 
197
224
  :param str backend: The unique name for the Kubernetes backend the config to
198
225
  retrieve Role attributes for resides in. Defaults to "kubernetes".
226
+ :param bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
227
+ :param bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
199
228
  :param str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
200
229
  :param str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
201
230
  :param str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
@@ -204,5 +233,28 @@ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]
204
233
  The `namespace` is always relative to the provider's configured namespace.
205
234
  *Available only for Vault Enterprise*.
206
235
  :param Sequence[str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
236
+ :param bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
207
237
  """
208
- ...
238
+ __args__ = dict()
239
+ __args__['backend'] = backend
240
+ __args__['disableIssValidation'] = disable_iss_validation
241
+ __args__['disableLocalCaJwt'] = disable_local_ca_jwt
242
+ __args__['issuer'] = issuer
243
+ __args__['kubernetesCaCert'] = kubernetes_ca_cert
244
+ __args__['kubernetesHost'] = kubernetes_host
245
+ __args__['namespace'] = namespace
246
+ __args__['pemKeys'] = pem_keys
247
+ __args__['useAnnotationsAsAliasMetadata'] = use_annotations_as_alias_metadata
248
+ opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
249
+ __ret__ = pulumi.runtime.invoke_output('vault:kubernetes/getAuthBackendConfig:getAuthBackendConfig', __args__, opts=opts, typ=GetAuthBackendConfigResult)
250
+ return __ret__.apply(lambda __response__: GetAuthBackendConfigResult(
251
+ backend=pulumi.get(__response__, 'backend'),
252
+ disable_iss_validation=pulumi.get(__response__, 'disable_iss_validation'),
253
+ disable_local_ca_jwt=pulumi.get(__response__, 'disable_local_ca_jwt'),
254
+ id=pulumi.get(__response__, 'id'),
255
+ issuer=pulumi.get(__response__, 'issuer'),
256
+ kubernetes_ca_cert=pulumi.get(__response__, 'kubernetes_ca_cert'),
257
+ kubernetes_host=pulumi.get(__response__, 'kubernetes_host'),
258
+ namespace=pulumi.get(__response__, 'namespace'),
259
+ pem_keys=pulumi.get(__response__, 'pem_keys'),
260
+ use_annotations_as_alias_metadata=pulumi.get(__response__, 'use_annotations_as_alias_metadata')))
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = [
@@ -336,9 +341,6 @@ def get_auth_backend_role(audience: Optional[str] = None,
336
341
  token_policies=pulumi.get(__ret__, 'token_policies'),
337
342
  token_ttl=pulumi.get(__ret__, 'token_ttl'),
338
343
  token_type=pulumi.get(__ret__, 'token_type'))
339
-
340
-
341
- @_utilities.lift_output_func(get_auth_backend_role)
342
344
  def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[str]]] = None,
343
345
  backend: Optional[pulumi.Input[Optional[str]]] = None,
344
346
  namespace: Optional[pulumi.Input[Optional[str]]] = None,
@@ -352,7 +354,7 @@ def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[str]]]
352
354
  token_policies: Optional[pulumi.Input[Optional[Sequence[str]]]] = None,
353
355
  token_ttl: Optional[pulumi.Input[Optional[int]]] = None,
354
356
  token_type: Optional[pulumi.Input[Optional[str]]] = None,
355
- opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAuthBackendRoleResult]:
357
+ opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAuthBackendRoleResult]:
356
358
  """
357
359
  Reads the Role of an Kubernetes from a Vault server. See the [Vault
358
360
  documentation](https://www.vaultproject.io/api-docs/auth/kubernetes#read-role) for more
@@ -395,4 +397,37 @@ def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[str]]]
395
397
  `default-service` and `default-batch` which specify the type to return unless the client
396
398
  requests a different type at generation time.
397
399
  """
398
- ...
400
+ __args__ = dict()
401
+ __args__['audience'] = audience
402
+ __args__['backend'] = backend
403
+ __args__['namespace'] = namespace
404
+ __args__['roleName'] = role_name
405
+ __args__['tokenBoundCidrs'] = token_bound_cidrs
406
+ __args__['tokenExplicitMaxTtl'] = token_explicit_max_ttl
407
+ __args__['tokenMaxTtl'] = token_max_ttl
408
+ __args__['tokenNoDefaultPolicy'] = token_no_default_policy
409
+ __args__['tokenNumUses'] = token_num_uses
410
+ __args__['tokenPeriod'] = token_period
411
+ __args__['tokenPolicies'] = token_policies
412
+ __args__['tokenTtl'] = token_ttl
413
+ __args__['tokenType'] = token_type
414
+ opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
415
+ __ret__ = pulumi.runtime.invoke_output('vault:kubernetes/getAuthBackendRole:getAuthBackendRole', __args__, opts=opts, typ=GetAuthBackendRoleResult)
416
+ return __ret__.apply(lambda __response__: GetAuthBackendRoleResult(
417
+ alias_name_source=pulumi.get(__response__, 'alias_name_source'),
418
+ audience=pulumi.get(__response__, 'audience'),
419
+ backend=pulumi.get(__response__, 'backend'),
420
+ bound_service_account_names=pulumi.get(__response__, 'bound_service_account_names'),
421
+ bound_service_account_namespaces=pulumi.get(__response__, 'bound_service_account_namespaces'),
422
+ id=pulumi.get(__response__, 'id'),
423
+ namespace=pulumi.get(__response__, 'namespace'),
424
+ role_name=pulumi.get(__response__, 'role_name'),
425
+ token_bound_cidrs=pulumi.get(__response__, 'token_bound_cidrs'),
426
+ token_explicit_max_ttl=pulumi.get(__response__, 'token_explicit_max_ttl'),
427
+ token_max_ttl=pulumi.get(__response__, 'token_max_ttl'),
428
+ token_no_default_policy=pulumi.get(__response__, 'token_no_default_policy'),
429
+ token_num_uses=pulumi.get(__response__, 'token_num_uses'),
430
+ token_period=pulumi.get(__response__, 'token_period'),
431
+ token_policies=pulumi.get(__response__, 'token_policies'),
432
+ token_ttl=pulumi.get(__response__, 'token_ttl'),
433
+ token_type=pulumi.get(__response__, 'token_type')))
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = [
@@ -182,17 +187,19 @@ def get_service_account_token(backend: Optional[str] = None,
182
187
 
183
188
  ```python
184
189
  import pulumi
190
+ import pulumi_std as std
185
191
  import pulumi_vault as vault
186
192
 
187
193
  config = vault.kubernetes.SecretBackend("config",
188
194
  path="kubernetes",
189
195
  description="kubernetes secrets engine description",
190
196
  kubernetes_host="https://127.0.0.1:61233",
191
- kubernetes_ca_cert=(lambda path: open(path).read())("/path/to/cert"),
192
- service_account_jwt=(lambda path: open(path).read())("/path/to/token"),
197
+ kubernetes_ca_cert=std.file(input="/path/to/cert").result,
198
+ service_account_jwt=std.file(input="/path/to/token").result,
193
199
  disable_local_ca_jwt=False)
194
200
  role = vault.kubernetes.SecretBackendRole("role",
195
201
  backend=config.path,
202
+ name="service-account-name-role",
196
203
  allowed_kubernetes_namespaces=["*"],
197
204
  token_max_ttl=43200,
198
205
  token_default_ttl=21600,
@@ -221,7 +228,7 @@ def get_service_account_token(backend: Optional[str] = None,
221
228
  generate the credentials.
222
229
  :param str namespace: The namespace of the target resource.
223
230
  The value should not contain leading or trailing forward slashes.
224
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
231
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
225
232
  *Available only for Vault Enterprise*.
226
233
  :param str role: The name of the Kubernetes secret backend role to generate service
227
234
  account tokens from.
@@ -252,32 +259,31 @@ def get_service_account_token(backend: Optional[str] = None,
252
259
  service_account_namespace=pulumi.get(__ret__, 'service_account_namespace'),
253
260
  service_account_token=pulumi.get(__ret__, 'service_account_token'),
254
261
  ttl=pulumi.get(__ret__, 'ttl'))
255
-
256
-
257
- @_utilities.lift_output_func(get_service_account_token)
258
262
  def get_service_account_token_output(backend: Optional[pulumi.Input[str]] = None,
259
263
  cluster_role_binding: Optional[pulumi.Input[Optional[bool]]] = None,
260
264
  kubernetes_namespace: Optional[pulumi.Input[str]] = None,
261
265
  namespace: Optional[pulumi.Input[Optional[str]]] = None,
262
266
  role: Optional[pulumi.Input[str]] = None,
263
267
  ttl: Optional[pulumi.Input[Optional[str]]] = None,
264
- opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetServiceAccountTokenResult]:
268
+ opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetServiceAccountTokenResult]:
265
269
  """
266
270
  ## Example Usage
267
271
 
268
272
  ```python
269
273
  import pulumi
274
+ import pulumi_std as std
270
275
  import pulumi_vault as vault
271
276
 
272
277
  config = vault.kubernetes.SecretBackend("config",
273
278
  path="kubernetes",
274
279
  description="kubernetes secrets engine description",
275
280
  kubernetes_host="https://127.0.0.1:61233",
276
- kubernetes_ca_cert=(lambda path: open(path).read())("/path/to/cert"),
277
- service_account_jwt=(lambda path: open(path).read())("/path/to/token"),
281
+ kubernetes_ca_cert=std.file(input="/path/to/cert").result,
282
+ service_account_jwt=std.file(input="/path/to/token").result,
278
283
  disable_local_ca_jwt=False)
279
284
  role = vault.kubernetes.SecretBackendRole("role",
280
285
  backend=config.path,
286
+ name="service-account-name-role",
281
287
  allowed_kubernetes_namespaces=["*"],
282
288
  token_max_ttl=43200,
283
289
  token_default_ttl=21600,
@@ -306,11 +312,33 @@ def get_service_account_token_output(backend: Optional[pulumi.Input[str]] = None
306
312
  generate the credentials.
307
313
  :param str namespace: The namespace of the target resource.
308
314
  The value should not contain leading or trailing forward slashes.
309
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
315
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
310
316
  *Available only for Vault Enterprise*.
311
317
  :param str role: The name of the Kubernetes secret backend role to generate service
312
318
  account tokens from.
313
319
  :param str ttl: The TTL of the generated Kubernetes service account token, specified in
314
320
  seconds or as a Go duration format string.
315
321
  """
316
- ...
322
+ __args__ = dict()
323
+ __args__['backend'] = backend
324
+ __args__['clusterRoleBinding'] = cluster_role_binding
325
+ __args__['kubernetesNamespace'] = kubernetes_namespace
326
+ __args__['namespace'] = namespace
327
+ __args__['role'] = role
328
+ __args__['ttl'] = ttl
329
+ opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
330
+ __ret__ = pulumi.runtime.invoke_output('vault:kubernetes/getServiceAccountToken:getServiceAccountToken', __args__, opts=opts, typ=GetServiceAccountTokenResult)
331
+ return __ret__.apply(lambda __response__: GetServiceAccountTokenResult(
332
+ backend=pulumi.get(__response__, 'backend'),
333
+ cluster_role_binding=pulumi.get(__response__, 'cluster_role_binding'),
334
+ id=pulumi.get(__response__, 'id'),
335
+ kubernetes_namespace=pulumi.get(__response__, 'kubernetes_namespace'),
336
+ lease_duration=pulumi.get(__response__, 'lease_duration'),
337
+ lease_id=pulumi.get(__response__, 'lease_id'),
338
+ lease_renewable=pulumi.get(__response__, 'lease_renewable'),
339
+ namespace=pulumi.get(__response__, 'namespace'),
340
+ role=pulumi.get(__response__, 'role'),
341
+ service_account_name=pulumi.get(__response__, 'service_account_name'),
342
+ service_account_namespace=pulumi.get(__response__, 'service_account_namespace'),
343
+ service_account_token=pulumi.get(__response__, 'service_account_token'),
344
+ ttl=pulumi.get(__response__, 'ttl')))