pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretBackendArgs', 'SecretBackend']
@@ -16,31 +21,40 @@ class SecretBackendArgs:
16
21
  def __init__(__self__, *,
17
22
  path: pulumi.Input[str],
18
23
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
24
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
19
25
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
20
26
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
21
27
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
28
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
22
29
  description: Optional[pulumi.Input[str]] = None,
23
30
  disable_local_ca_jwt: Optional[pulumi.Input[bool]] = None,
24
31
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
32
+ identity_token_key: Optional[pulumi.Input[str]] = None,
25
33
  kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
26
34
  kubernetes_host: Optional[pulumi.Input[str]] = None,
35
+ listing_visibility: Optional[pulumi.Input[str]] = None,
27
36
  local: Optional[pulumi.Input[bool]] = None,
28
37
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
29
38
  namespace: Optional[pulumi.Input[str]] = None,
30
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
39
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
40
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
41
+ plugin_version: Optional[pulumi.Input[str]] = None,
31
42
  seal_wrap: Optional[pulumi.Input[bool]] = None,
32
43
  service_account_jwt: Optional[pulumi.Input[str]] = None):
33
44
  """
34
45
  The set of arguments for constructing a SecretBackend resource.
35
46
  :param pulumi.Input[str] path: Where the secret backend will be mounted
36
47
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
48
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
37
49
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
38
50
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
39
51
  :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
52
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
40
53
  :param pulumi.Input[str] description: Human-friendly description of the mount
41
54
  :param pulumi.Input[bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and
42
55
  service account JWT when Vault is running in a Kubernetes pod.
43
56
  :param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
57
+ :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
44
58
  :param pulumi.Input[str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the
45
59
  secrets engine to verify the Kubernetes API server certificate. Defaults to the local
46
60
  pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
@@ -48,13 +62,16 @@ class SecretBackendArgs:
48
62
  :param pulumi.Input[str] kubernetes_host: The Kubernetes API URL to connect to. Required if the
49
63
  standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
50
64
  are not set on the host that Vault is running on.
65
+ :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
51
66
  :param pulumi.Input[bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
52
67
  :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
53
68
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
54
69
  The value should not contain leading or trailing forward slashes.
55
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
70
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
56
71
  *Available only for Vault Enterprise*.
57
- :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
72
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
73
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
74
+ :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
58
75
  :param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
59
76
  :param pulumi.Input[str] service_account_jwt: The JSON web token of the service account used by the
60
77
  secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
@@ -63,22 +80,30 @@ class SecretBackendArgs:
63
80
  pulumi.set(__self__, "path", path)
64
81
  if allowed_managed_keys is not None:
65
82
  pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
83
+ if allowed_response_headers is not None:
84
+ pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
66
85
  if audit_non_hmac_request_keys is not None:
67
86
  pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
68
87
  if audit_non_hmac_response_keys is not None:
69
88
  pulumi.set(__self__, "audit_non_hmac_response_keys", audit_non_hmac_response_keys)
70
89
  if default_lease_ttl_seconds is not None:
71
90
  pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
91
+ if delegated_auth_accessors is not None:
92
+ pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
72
93
  if description is not None:
73
94
  pulumi.set(__self__, "description", description)
74
95
  if disable_local_ca_jwt is not None:
75
96
  pulumi.set(__self__, "disable_local_ca_jwt", disable_local_ca_jwt)
76
97
  if external_entropy_access is not None:
77
98
  pulumi.set(__self__, "external_entropy_access", external_entropy_access)
99
+ if identity_token_key is not None:
100
+ pulumi.set(__self__, "identity_token_key", identity_token_key)
78
101
  if kubernetes_ca_cert is not None:
79
102
  pulumi.set(__self__, "kubernetes_ca_cert", kubernetes_ca_cert)
80
103
  if kubernetes_host is not None:
81
104
  pulumi.set(__self__, "kubernetes_host", kubernetes_host)
105
+ if listing_visibility is not None:
106
+ pulumi.set(__self__, "listing_visibility", listing_visibility)
82
107
  if local is not None:
83
108
  pulumi.set(__self__, "local", local)
84
109
  if max_lease_ttl_seconds is not None:
@@ -87,6 +112,10 @@ class SecretBackendArgs:
87
112
  pulumi.set(__self__, "namespace", namespace)
88
113
  if options is not None:
89
114
  pulumi.set(__self__, "options", options)
115
+ if passthrough_request_headers is not None:
116
+ pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
117
+ if plugin_version is not None:
118
+ pulumi.set(__self__, "plugin_version", plugin_version)
90
119
  if seal_wrap is not None:
91
120
  pulumi.set(__self__, "seal_wrap", seal_wrap)
92
121
  if service_account_jwt is not None:
@@ -116,6 +145,18 @@ class SecretBackendArgs:
116
145
  def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
117
146
  pulumi.set(self, "allowed_managed_keys", value)
118
147
 
148
+ @property
149
+ @pulumi.getter(name="allowedResponseHeaders")
150
+ def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
151
+ """
152
+ List of headers to allow and pass from the request to the plugin
153
+ """
154
+ return pulumi.get(self, "allowed_response_headers")
155
+
156
+ @allowed_response_headers.setter
157
+ def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
158
+ pulumi.set(self, "allowed_response_headers", value)
159
+
119
160
  @property
120
161
  @pulumi.getter(name="auditNonHmacRequestKeys")
121
162
  def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -152,6 +193,18 @@ class SecretBackendArgs:
152
193
  def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
153
194
  pulumi.set(self, "default_lease_ttl_seconds", value)
154
195
 
196
+ @property
197
+ @pulumi.getter(name="delegatedAuthAccessors")
198
+ def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
199
+ """
200
+ List of headers to allow and pass from the request to the plugin
201
+ """
202
+ return pulumi.get(self, "delegated_auth_accessors")
203
+
204
+ @delegated_auth_accessors.setter
205
+ def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
206
+ pulumi.set(self, "delegated_auth_accessors", value)
207
+
155
208
  @property
156
209
  @pulumi.getter
157
210
  def description(self) -> Optional[pulumi.Input[str]]:
@@ -189,6 +242,18 @@ class SecretBackendArgs:
189
242
  def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
190
243
  pulumi.set(self, "external_entropy_access", value)
191
244
 
245
+ @property
246
+ @pulumi.getter(name="identityTokenKey")
247
+ def identity_token_key(self) -> Optional[pulumi.Input[str]]:
248
+ """
249
+ The key to use for signing plugin workload identity tokens
250
+ """
251
+ return pulumi.get(self, "identity_token_key")
252
+
253
+ @identity_token_key.setter
254
+ def identity_token_key(self, value: Optional[pulumi.Input[str]]):
255
+ pulumi.set(self, "identity_token_key", value)
256
+
192
257
  @property
193
258
  @pulumi.getter(name="kubernetesCaCert")
194
259
  def kubernetes_ca_cert(self) -> Optional[pulumi.Input[str]]:
@@ -218,6 +283,18 @@ class SecretBackendArgs:
218
283
  def kubernetes_host(self, value: Optional[pulumi.Input[str]]):
219
284
  pulumi.set(self, "kubernetes_host", value)
220
285
 
286
+ @property
287
+ @pulumi.getter(name="listingVisibility")
288
+ def listing_visibility(self) -> Optional[pulumi.Input[str]]:
289
+ """
290
+ Specifies whether to show this mount in the UI-specific listing endpoint
291
+ """
292
+ return pulumi.get(self, "listing_visibility")
293
+
294
+ @listing_visibility.setter
295
+ def listing_visibility(self, value: Optional[pulumi.Input[str]]):
296
+ pulumi.set(self, "listing_visibility", value)
297
+
221
298
  @property
222
299
  @pulumi.getter
223
300
  def local(self) -> Optional[pulumi.Input[bool]]:
@@ -248,7 +325,7 @@ class SecretBackendArgs:
248
325
  """
249
326
  The namespace to provision the resource in.
250
327
  The value should not contain leading or trailing forward slashes.
251
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
328
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
252
329
  *Available only for Vault Enterprise*.
253
330
  """
254
331
  return pulumi.get(self, "namespace")
@@ -259,16 +336,40 @@ class SecretBackendArgs:
259
336
 
260
337
  @property
261
338
  @pulumi.getter
262
- def options(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
339
+ def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
263
340
  """
264
341
  Specifies mount type specific options that are passed to the backend
265
342
  """
266
343
  return pulumi.get(self, "options")
267
344
 
268
345
  @options.setter
269
- def options(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
346
+ def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
270
347
  pulumi.set(self, "options", value)
271
348
 
349
+ @property
350
+ @pulumi.getter(name="passthroughRequestHeaders")
351
+ def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
352
+ """
353
+ List of headers to allow and pass from the request to the plugin
354
+ """
355
+ return pulumi.get(self, "passthrough_request_headers")
356
+
357
+ @passthrough_request_headers.setter
358
+ def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
359
+ pulumi.set(self, "passthrough_request_headers", value)
360
+
361
+ @property
362
+ @pulumi.getter(name="pluginVersion")
363
+ def plugin_version(self) -> Optional[pulumi.Input[str]]:
364
+ """
365
+ Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
366
+ """
367
+ return pulumi.get(self, "plugin_version")
368
+
369
+ @plugin_version.setter
370
+ def plugin_version(self, value: Optional[pulumi.Input[str]]):
371
+ pulumi.set(self, "plugin_version", value)
372
+
272
373
  @property
273
374
  @pulumi.getter(name="sealWrap")
274
375
  def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
@@ -301,32 +402,41 @@ class _SecretBackendState:
301
402
  def __init__(__self__, *,
302
403
  accessor: Optional[pulumi.Input[str]] = None,
303
404
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
405
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
304
406
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
305
407
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
306
408
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
409
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
307
410
  description: Optional[pulumi.Input[str]] = None,
308
411
  disable_local_ca_jwt: Optional[pulumi.Input[bool]] = None,
309
412
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
413
+ identity_token_key: Optional[pulumi.Input[str]] = None,
310
414
  kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
311
415
  kubernetes_host: Optional[pulumi.Input[str]] = None,
416
+ listing_visibility: Optional[pulumi.Input[str]] = None,
312
417
  local: Optional[pulumi.Input[bool]] = None,
313
418
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
314
419
  namespace: Optional[pulumi.Input[str]] = None,
315
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
420
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
421
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
316
422
  path: Optional[pulumi.Input[str]] = None,
423
+ plugin_version: Optional[pulumi.Input[str]] = None,
317
424
  seal_wrap: Optional[pulumi.Input[bool]] = None,
318
425
  service_account_jwt: Optional[pulumi.Input[str]] = None):
319
426
  """
320
427
  Input properties used for looking up and filtering SecretBackend resources.
321
428
  :param pulumi.Input[str] accessor: Accessor of the mount
322
429
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
430
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
323
431
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
324
432
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
325
433
  :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
434
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
326
435
  :param pulumi.Input[str] description: Human-friendly description of the mount
327
436
  :param pulumi.Input[bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and
328
437
  service account JWT when Vault is running in a Kubernetes pod.
329
438
  :param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
439
+ :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
330
440
  :param pulumi.Input[str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the
331
441
  secrets engine to verify the Kubernetes API server certificate. Defaults to the local
332
442
  pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
@@ -334,14 +444,17 @@ class _SecretBackendState:
334
444
  :param pulumi.Input[str] kubernetes_host: The Kubernetes API URL to connect to. Required if the
335
445
  standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
336
446
  are not set on the host that Vault is running on.
447
+ :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
337
448
  :param pulumi.Input[bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
338
449
  :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
339
450
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
340
451
  The value should not contain leading or trailing forward slashes.
341
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
452
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
342
453
  *Available only for Vault Enterprise*.
343
- :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
454
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
455
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
344
456
  :param pulumi.Input[str] path: Where the secret backend will be mounted
457
+ :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
345
458
  :param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
346
459
  :param pulumi.Input[str] service_account_jwt: The JSON web token of the service account used by the
347
460
  secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
@@ -351,22 +464,30 @@ class _SecretBackendState:
351
464
  pulumi.set(__self__, "accessor", accessor)
352
465
  if allowed_managed_keys is not None:
353
466
  pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
467
+ if allowed_response_headers is not None:
468
+ pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
354
469
  if audit_non_hmac_request_keys is not None:
355
470
  pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
356
471
  if audit_non_hmac_response_keys is not None:
357
472
  pulumi.set(__self__, "audit_non_hmac_response_keys", audit_non_hmac_response_keys)
358
473
  if default_lease_ttl_seconds is not None:
359
474
  pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
475
+ if delegated_auth_accessors is not None:
476
+ pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
360
477
  if description is not None:
361
478
  pulumi.set(__self__, "description", description)
362
479
  if disable_local_ca_jwt is not None:
363
480
  pulumi.set(__self__, "disable_local_ca_jwt", disable_local_ca_jwt)
364
481
  if external_entropy_access is not None:
365
482
  pulumi.set(__self__, "external_entropy_access", external_entropy_access)
483
+ if identity_token_key is not None:
484
+ pulumi.set(__self__, "identity_token_key", identity_token_key)
366
485
  if kubernetes_ca_cert is not None:
367
486
  pulumi.set(__self__, "kubernetes_ca_cert", kubernetes_ca_cert)
368
487
  if kubernetes_host is not None:
369
488
  pulumi.set(__self__, "kubernetes_host", kubernetes_host)
489
+ if listing_visibility is not None:
490
+ pulumi.set(__self__, "listing_visibility", listing_visibility)
370
491
  if local is not None:
371
492
  pulumi.set(__self__, "local", local)
372
493
  if max_lease_ttl_seconds is not None:
@@ -375,8 +496,12 @@ class _SecretBackendState:
375
496
  pulumi.set(__self__, "namespace", namespace)
376
497
  if options is not None:
377
498
  pulumi.set(__self__, "options", options)
499
+ if passthrough_request_headers is not None:
500
+ pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
378
501
  if path is not None:
379
502
  pulumi.set(__self__, "path", path)
503
+ if plugin_version is not None:
504
+ pulumi.set(__self__, "plugin_version", plugin_version)
380
505
  if seal_wrap is not None:
381
506
  pulumi.set(__self__, "seal_wrap", seal_wrap)
382
507
  if service_account_jwt is not None:
@@ -406,6 +531,18 @@ class _SecretBackendState:
406
531
  def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
407
532
  pulumi.set(self, "allowed_managed_keys", value)
408
533
 
534
+ @property
535
+ @pulumi.getter(name="allowedResponseHeaders")
536
+ def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
537
+ """
538
+ List of headers to allow and pass from the request to the plugin
539
+ """
540
+ return pulumi.get(self, "allowed_response_headers")
541
+
542
+ @allowed_response_headers.setter
543
+ def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
544
+ pulumi.set(self, "allowed_response_headers", value)
545
+
409
546
  @property
410
547
  @pulumi.getter(name="auditNonHmacRequestKeys")
411
548
  def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -442,6 +579,18 @@ class _SecretBackendState:
442
579
  def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
443
580
  pulumi.set(self, "default_lease_ttl_seconds", value)
444
581
 
582
+ @property
583
+ @pulumi.getter(name="delegatedAuthAccessors")
584
+ def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
585
+ """
586
+ List of headers to allow and pass from the request to the plugin
587
+ """
588
+ return pulumi.get(self, "delegated_auth_accessors")
589
+
590
+ @delegated_auth_accessors.setter
591
+ def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
592
+ pulumi.set(self, "delegated_auth_accessors", value)
593
+
445
594
  @property
446
595
  @pulumi.getter
447
596
  def description(self) -> Optional[pulumi.Input[str]]:
@@ -479,6 +628,18 @@ class _SecretBackendState:
479
628
  def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
480
629
  pulumi.set(self, "external_entropy_access", value)
481
630
 
631
+ @property
632
+ @pulumi.getter(name="identityTokenKey")
633
+ def identity_token_key(self) -> Optional[pulumi.Input[str]]:
634
+ """
635
+ The key to use for signing plugin workload identity tokens
636
+ """
637
+ return pulumi.get(self, "identity_token_key")
638
+
639
+ @identity_token_key.setter
640
+ def identity_token_key(self, value: Optional[pulumi.Input[str]]):
641
+ pulumi.set(self, "identity_token_key", value)
642
+
482
643
  @property
483
644
  @pulumi.getter(name="kubernetesCaCert")
484
645
  def kubernetes_ca_cert(self) -> Optional[pulumi.Input[str]]:
@@ -508,6 +669,18 @@ class _SecretBackendState:
508
669
  def kubernetes_host(self, value: Optional[pulumi.Input[str]]):
509
670
  pulumi.set(self, "kubernetes_host", value)
510
671
 
672
+ @property
673
+ @pulumi.getter(name="listingVisibility")
674
+ def listing_visibility(self) -> Optional[pulumi.Input[str]]:
675
+ """
676
+ Specifies whether to show this mount in the UI-specific listing endpoint
677
+ """
678
+ return pulumi.get(self, "listing_visibility")
679
+
680
+ @listing_visibility.setter
681
+ def listing_visibility(self, value: Optional[pulumi.Input[str]]):
682
+ pulumi.set(self, "listing_visibility", value)
683
+
511
684
  @property
512
685
  @pulumi.getter
513
686
  def local(self) -> Optional[pulumi.Input[bool]]:
@@ -538,7 +711,7 @@ class _SecretBackendState:
538
711
  """
539
712
  The namespace to provision the resource in.
540
713
  The value should not contain leading or trailing forward slashes.
541
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
714
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
542
715
  *Available only for Vault Enterprise*.
543
716
  """
544
717
  return pulumi.get(self, "namespace")
@@ -549,16 +722,28 @@ class _SecretBackendState:
549
722
 
550
723
  @property
551
724
  @pulumi.getter
552
- def options(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
725
+ def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
553
726
  """
554
727
  Specifies mount type specific options that are passed to the backend
555
728
  """
556
729
  return pulumi.get(self, "options")
557
730
 
558
731
  @options.setter
559
- def options(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
732
+ def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
560
733
  pulumi.set(self, "options", value)
561
734
 
735
+ @property
736
+ @pulumi.getter(name="passthroughRequestHeaders")
737
+ def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
738
+ """
739
+ List of headers to allow and pass from the request to the plugin
740
+ """
741
+ return pulumi.get(self, "passthrough_request_headers")
742
+
743
+ @passthrough_request_headers.setter
744
+ def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
745
+ pulumi.set(self, "passthrough_request_headers", value)
746
+
562
747
  @property
563
748
  @pulumi.getter
564
749
  def path(self) -> Optional[pulumi.Input[str]]:
@@ -571,6 +756,18 @@ class _SecretBackendState:
571
756
  def path(self, value: Optional[pulumi.Input[str]]):
572
757
  pulumi.set(self, "path", value)
573
758
 
759
+ @property
760
+ @pulumi.getter(name="pluginVersion")
761
+ def plugin_version(self) -> Optional[pulumi.Input[str]]:
762
+ """
763
+ Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
764
+ """
765
+ return pulumi.get(self, "plugin_version")
766
+
767
+ @plugin_version.setter
768
+ def plugin_version(self, value: Optional[pulumi.Input[str]]):
769
+ pulumi.set(self, "plugin_version", value)
770
+
574
771
  @property
575
772
  @pulumi.getter(name="sealWrap")
576
773
  def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
@@ -604,19 +801,25 @@ class SecretBackend(pulumi.CustomResource):
604
801
  resource_name: str,
605
802
  opts: Optional[pulumi.ResourceOptions] = None,
606
803
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
804
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
607
805
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
608
806
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
609
807
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
808
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
610
809
  description: Optional[pulumi.Input[str]] = None,
611
810
  disable_local_ca_jwt: Optional[pulumi.Input[bool]] = None,
612
811
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
812
+ identity_token_key: Optional[pulumi.Input[str]] = None,
613
813
  kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
614
814
  kubernetes_host: Optional[pulumi.Input[str]] = None,
815
+ listing_visibility: Optional[pulumi.Input[str]] = None,
615
816
  local: Optional[pulumi.Input[bool]] = None,
616
817
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
617
818
  namespace: Optional[pulumi.Input[str]] = None,
618
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
819
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
820
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
619
821
  path: Optional[pulumi.Input[str]] = None,
822
+ plugin_version: Optional[pulumi.Input[str]] = None,
620
823
  seal_wrap: Optional[pulumi.Input[bool]] = None,
621
824
  service_account_jwt: Optional[pulumi.Input[str]] = None,
622
825
  __props__=None):
@@ -625,6 +828,7 @@ class SecretBackend(pulumi.CustomResource):
625
828
 
626
829
  ```python
627
830
  import pulumi
831
+ import pulumi_std as std
628
832
  import pulumi_vault as vault
629
833
 
630
834
  config = vault.kubernetes.SecretBackend("config",
@@ -633,8 +837,8 @@ class SecretBackend(pulumi.CustomResource):
633
837
  default_lease_ttl_seconds=43200,
634
838
  max_lease_ttl_seconds=86400,
635
839
  kubernetes_host="https://127.0.0.1:61233",
636
- kubernetes_ca_cert=(lambda path: open(path).read())("/path/to/cert"),
637
- service_account_jwt=(lambda path: open(path).read())("/path/to/token"),
840
+ kubernetes_ca_cert=std.file(input="/path/to/cert").result,
841
+ service_account_jwt=std.file(input="/path/to/token").result,
638
842
  disable_local_ca_jwt=False)
639
843
  ```
640
844
 
@@ -643,19 +847,22 @@ class SecretBackend(pulumi.CustomResource):
643
847
  The Kubernetes secret backend can be imported using its `path` e.g.
644
848
 
645
849
  ```sh
646
- $ pulumi import vault:kubernetes/secretBackend:SecretBackend config kubernetes
850
+ $ pulumi import vault:kubernetes/secretBackend:SecretBackend config kubernetes
647
851
  ```
648
852
 
649
853
  :param str resource_name: The name of the resource.
650
854
  :param pulumi.ResourceOptions opts: Options for the resource.
651
855
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
856
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
652
857
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
653
858
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
654
859
  :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
860
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
655
861
  :param pulumi.Input[str] description: Human-friendly description of the mount
656
862
  :param pulumi.Input[bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and
657
863
  service account JWT when Vault is running in a Kubernetes pod.
658
864
  :param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
865
+ :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
659
866
  :param pulumi.Input[str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the
660
867
  secrets engine to verify the Kubernetes API server certificate. Defaults to the local
661
868
  pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
@@ -663,14 +870,17 @@ class SecretBackend(pulumi.CustomResource):
663
870
  :param pulumi.Input[str] kubernetes_host: The Kubernetes API URL to connect to. Required if the
664
871
  standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
665
872
  are not set on the host that Vault is running on.
873
+ :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
666
874
  :param pulumi.Input[bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
667
875
  :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
668
876
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
669
877
  The value should not contain leading or trailing forward slashes.
670
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
878
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
671
879
  *Available only for Vault Enterprise*.
672
- :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
880
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
881
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
673
882
  :param pulumi.Input[str] path: Where the secret backend will be mounted
883
+ :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
674
884
  :param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
675
885
  :param pulumi.Input[str] service_account_jwt: The JSON web token of the service account used by the
676
886
  secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
@@ -687,6 +897,7 @@ class SecretBackend(pulumi.CustomResource):
687
897
 
688
898
  ```python
689
899
  import pulumi
900
+ import pulumi_std as std
690
901
  import pulumi_vault as vault
691
902
 
692
903
  config = vault.kubernetes.SecretBackend("config",
@@ -695,8 +906,8 @@ class SecretBackend(pulumi.CustomResource):
695
906
  default_lease_ttl_seconds=43200,
696
907
  max_lease_ttl_seconds=86400,
697
908
  kubernetes_host="https://127.0.0.1:61233",
698
- kubernetes_ca_cert=(lambda path: open(path).read())("/path/to/cert"),
699
- service_account_jwt=(lambda path: open(path).read())("/path/to/token"),
909
+ kubernetes_ca_cert=std.file(input="/path/to/cert").result,
910
+ service_account_jwt=std.file(input="/path/to/token").result,
700
911
  disable_local_ca_jwt=False)
701
912
  ```
702
913
 
@@ -705,7 +916,7 @@ class SecretBackend(pulumi.CustomResource):
705
916
  The Kubernetes secret backend can be imported using its `path` e.g.
706
917
 
707
918
  ```sh
708
- $ pulumi import vault:kubernetes/secretBackend:SecretBackend config kubernetes
919
+ $ pulumi import vault:kubernetes/secretBackend:SecretBackend config kubernetes
709
920
  ```
710
921
 
711
922
  :param str resource_name: The name of the resource.
@@ -724,19 +935,25 @@ class SecretBackend(pulumi.CustomResource):
724
935
  resource_name: str,
725
936
  opts: Optional[pulumi.ResourceOptions] = None,
726
937
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
938
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
727
939
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
728
940
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
729
941
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
942
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
730
943
  description: Optional[pulumi.Input[str]] = None,
731
944
  disable_local_ca_jwt: Optional[pulumi.Input[bool]] = None,
732
945
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
946
+ identity_token_key: Optional[pulumi.Input[str]] = None,
733
947
  kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
734
948
  kubernetes_host: Optional[pulumi.Input[str]] = None,
949
+ listing_visibility: Optional[pulumi.Input[str]] = None,
735
950
  local: Optional[pulumi.Input[bool]] = None,
736
951
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
737
952
  namespace: Optional[pulumi.Input[str]] = None,
738
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
953
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
954
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
739
955
  path: Optional[pulumi.Input[str]] = None,
956
+ plugin_version: Optional[pulumi.Input[str]] = None,
740
957
  seal_wrap: Optional[pulumi.Input[bool]] = None,
741
958
  service_account_jwt: Optional[pulumi.Input[str]] = None,
742
959
  __props__=None):
@@ -749,21 +966,27 @@ class SecretBackend(pulumi.CustomResource):
749
966
  __props__ = SecretBackendArgs.__new__(SecretBackendArgs)
750
967
 
751
968
  __props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
969
+ __props__.__dict__["allowed_response_headers"] = allowed_response_headers
752
970
  __props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
753
971
  __props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
754
972
  __props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
973
+ __props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
755
974
  __props__.__dict__["description"] = description
756
975
  __props__.__dict__["disable_local_ca_jwt"] = disable_local_ca_jwt
757
976
  __props__.__dict__["external_entropy_access"] = external_entropy_access
977
+ __props__.__dict__["identity_token_key"] = identity_token_key
758
978
  __props__.__dict__["kubernetes_ca_cert"] = kubernetes_ca_cert
759
979
  __props__.__dict__["kubernetes_host"] = kubernetes_host
980
+ __props__.__dict__["listing_visibility"] = listing_visibility
760
981
  __props__.__dict__["local"] = local
761
982
  __props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
762
983
  __props__.__dict__["namespace"] = namespace
763
984
  __props__.__dict__["options"] = options
985
+ __props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
764
986
  if path is None and not opts.urn:
765
987
  raise TypeError("Missing required property 'path'")
766
988
  __props__.__dict__["path"] = path
989
+ __props__.__dict__["plugin_version"] = plugin_version
767
990
  __props__.__dict__["seal_wrap"] = seal_wrap
768
991
  __props__.__dict__["service_account_jwt"] = None if service_account_jwt is None else pulumi.Output.secret(service_account_jwt)
769
992
  __props__.__dict__["accessor"] = None
@@ -781,19 +1004,25 @@ class SecretBackend(pulumi.CustomResource):
781
1004
  opts: Optional[pulumi.ResourceOptions] = None,
782
1005
  accessor: Optional[pulumi.Input[str]] = None,
783
1006
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1007
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
784
1008
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
785
1009
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
786
1010
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
1011
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
787
1012
  description: Optional[pulumi.Input[str]] = None,
788
1013
  disable_local_ca_jwt: Optional[pulumi.Input[bool]] = None,
789
1014
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
1015
+ identity_token_key: Optional[pulumi.Input[str]] = None,
790
1016
  kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
791
1017
  kubernetes_host: Optional[pulumi.Input[str]] = None,
1018
+ listing_visibility: Optional[pulumi.Input[str]] = None,
792
1019
  local: Optional[pulumi.Input[bool]] = None,
793
1020
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
794
1021
  namespace: Optional[pulumi.Input[str]] = None,
795
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
1022
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1023
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
796
1024
  path: Optional[pulumi.Input[str]] = None,
1025
+ plugin_version: Optional[pulumi.Input[str]] = None,
797
1026
  seal_wrap: Optional[pulumi.Input[bool]] = None,
798
1027
  service_account_jwt: Optional[pulumi.Input[str]] = None) -> 'SecretBackend':
799
1028
  """
@@ -805,13 +1034,16 @@ class SecretBackend(pulumi.CustomResource):
805
1034
  :param pulumi.ResourceOptions opts: Options for the resource.
806
1035
  :param pulumi.Input[str] accessor: Accessor of the mount
807
1036
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
1037
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
808
1038
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
809
1039
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
810
1040
  :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
1041
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
811
1042
  :param pulumi.Input[str] description: Human-friendly description of the mount
812
1043
  :param pulumi.Input[bool] disable_local_ca_jwt: Disable defaulting to the local CA certificate and
813
1044
  service account JWT when Vault is running in a Kubernetes pod.
814
1045
  :param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
1046
+ :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
815
1047
  :param pulumi.Input[str] kubernetes_ca_cert: A PEM-encoded CA certificate used by the
816
1048
  secrets engine to verify the Kubernetes API server certificate. Defaults to the local
817
1049
  pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
@@ -819,14 +1051,17 @@ class SecretBackend(pulumi.CustomResource):
819
1051
  :param pulumi.Input[str] kubernetes_host: The Kubernetes API URL to connect to. Required if the
820
1052
  standard pod environment variables `KUBERNETES_SERVICE_HOST` or `KUBERNETES_SERVICE_PORT`
821
1053
  are not set on the host that Vault is running on.
1054
+ :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
822
1055
  :param pulumi.Input[bool] local: Local mount flag that can be explicitly set to true to enforce local mount in HA environment
823
1056
  :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
824
1057
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
825
1058
  The value should not contain leading or trailing forward slashes.
826
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1059
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
827
1060
  *Available only for Vault Enterprise*.
828
- :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
1061
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
1062
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
829
1063
  :param pulumi.Input[str] path: Where the secret backend will be mounted
1064
+ :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
830
1065
  :param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
831
1066
  :param pulumi.Input[str] service_account_jwt: The JSON web token of the service account used by the
832
1067
  secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
@@ -838,19 +1073,25 @@ class SecretBackend(pulumi.CustomResource):
838
1073
 
839
1074
  __props__.__dict__["accessor"] = accessor
840
1075
  __props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
1076
+ __props__.__dict__["allowed_response_headers"] = allowed_response_headers
841
1077
  __props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
842
1078
  __props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
843
1079
  __props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
1080
+ __props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
844
1081
  __props__.__dict__["description"] = description
845
1082
  __props__.__dict__["disable_local_ca_jwt"] = disable_local_ca_jwt
846
1083
  __props__.__dict__["external_entropy_access"] = external_entropy_access
1084
+ __props__.__dict__["identity_token_key"] = identity_token_key
847
1085
  __props__.__dict__["kubernetes_ca_cert"] = kubernetes_ca_cert
848
1086
  __props__.__dict__["kubernetes_host"] = kubernetes_host
1087
+ __props__.__dict__["listing_visibility"] = listing_visibility
849
1088
  __props__.__dict__["local"] = local
850
1089
  __props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
851
1090
  __props__.__dict__["namespace"] = namespace
852
1091
  __props__.__dict__["options"] = options
1092
+ __props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
853
1093
  __props__.__dict__["path"] = path
1094
+ __props__.__dict__["plugin_version"] = plugin_version
854
1095
  __props__.__dict__["seal_wrap"] = seal_wrap
855
1096
  __props__.__dict__["service_account_jwt"] = service_account_jwt
856
1097
  return SecretBackend(resource_name, opts=opts, __props__=__props__)
@@ -871,6 +1112,14 @@ class SecretBackend(pulumi.CustomResource):
871
1112
  """
872
1113
  return pulumi.get(self, "allowed_managed_keys")
873
1114
 
1115
+ @property
1116
+ @pulumi.getter(name="allowedResponseHeaders")
1117
+ def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
1118
+ """
1119
+ List of headers to allow and pass from the request to the plugin
1120
+ """
1121
+ return pulumi.get(self, "allowed_response_headers")
1122
+
874
1123
  @property
875
1124
  @pulumi.getter(name="auditNonHmacRequestKeys")
876
1125
  def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[str]]:
@@ -895,6 +1144,14 @@ class SecretBackend(pulumi.CustomResource):
895
1144
  """
896
1145
  return pulumi.get(self, "default_lease_ttl_seconds")
897
1146
 
1147
+ @property
1148
+ @pulumi.getter(name="delegatedAuthAccessors")
1149
+ def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[str]]]:
1150
+ """
1151
+ List of headers to allow and pass from the request to the plugin
1152
+ """
1153
+ return pulumi.get(self, "delegated_auth_accessors")
1154
+
898
1155
  @property
899
1156
  @pulumi.getter
900
1157
  def description(self) -> pulumi.Output[Optional[str]]:
@@ -920,6 +1177,14 @@ class SecretBackend(pulumi.CustomResource):
920
1177
  """
921
1178
  return pulumi.get(self, "external_entropy_access")
922
1179
 
1180
+ @property
1181
+ @pulumi.getter(name="identityTokenKey")
1182
+ def identity_token_key(self) -> pulumi.Output[Optional[str]]:
1183
+ """
1184
+ The key to use for signing plugin workload identity tokens
1185
+ """
1186
+ return pulumi.get(self, "identity_token_key")
1187
+
923
1188
  @property
924
1189
  @pulumi.getter(name="kubernetesCaCert")
925
1190
  def kubernetes_ca_cert(self) -> pulumi.Output[Optional[str]]:
@@ -941,6 +1206,14 @@ class SecretBackend(pulumi.CustomResource):
941
1206
  """
942
1207
  return pulumi.get(self, "kubernetes_host")
943
1208
 
1209
+ @property
1210
+ @pulumi.getter(name="listingVisibility")
1211
+ def listing_visibility(self) -> pulumi.Output[Optional[str]]:
1212
+ """
1213
+ Specifies whether to show this mount in the UI-specific listing endpoint
1214
+ """
1215
+ return pulumi.get(self, "listing_visibility")
1216
+
944
1217
  @property
945
1218
  @pulumi.getter
946
1219
  def local(self) -> pulumi.Output[Optional[bool]]:
@@ -963,19 +1236,27 @@ class SecretBackend(pulumi.CustomResource):
963
1236
  """
964
1237
  The namespace to provision the resource in.
965
1238
  The value should not contain leading or trailing forward slashes.
966
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1239
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
967
1240
  *Available only for Vault Enterprise*.
968
1241
  """
969
1242
  return pulumi.get(self, "namespace")
970
1243
 
971
1244
  @property
972
1245
  @pulumi.getter
973
- def options(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
1246
+ def options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
974
1247
  """
975
1248
  Specifies mount type specific options that are passed to the backend
976
1249
  """
977
1250
  return pulumi.get(self, "options")
978
1251
 
1252
+ @property
1253
+ @pulumi.getter(name="passthroughRequestHeaders")
1254
+ def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
1255
+ """
1256
+ List of headers to allow and pass from the request to the plugin
1257
+ """
1258
+ return pulumi.get(self, "passthrough_request_headers")
1259
+
979
1260
  @property
980
1261
  @pulumi.getter
981
1262
  def path(self) -> pulumi.Output[str]:
@@ -984,6 +1265,14 @@ class SecretBackend(pulumi.CustomResource):
984
1265
  """
985
1266
  return pulumi.get(self, "path")
986
1267
 
1268
+ @property
1269
+ @pulumi.getter(name="pluginVersion")
1270
+ def plugin_version(self) -> pulumi.Output[Optional[str]]:
1271
+ """
1272
+ Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
1273
+ """
1274
+ return pulumi.get(self, "plugin_version")
1275
+
987
1276
  @property
988
1277
  @pulumi.getter(name="sealWrap")
989
1278
  def seal_wrap(self) -> pulumi.Output[bool]: