pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
@@ -14,8 +19,9 @@ __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
14
19
  @pulumi.input_type
15
20
  class SecretBackendRoleArgs:
16
21
  def __init__(__self__, *,
17
- allowed_kubernetes_namespaces: pulumi.Input[Sequence[pulumi.Input[str]]],
18
22
  backend: pulumi.Input[str],
23
+ allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
24
+ allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
19
25
  extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
20
26
  extra_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
21
27
  generated_role_rules: Optional[pulumi.Input[str]] = None,
@@ -29,10 +35,15 @@ class SecretBackendRoleArgs:
29
35
  token_max_ttl: Optional[pulumi.Input[int]] = None):
30
36
  """
31
37
  The set of arguments for constructing a SecretBackendRole resource.
32
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
33
- can generate credentials for. If set to `*` all namespaces are allowed.
34
38
  :param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
35
39
  the role in.
40
+ :param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
41
+ in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
42
+ of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
43
+ If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
44
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
45
+ can generate credentials for. If set to `*` all namespaces are allowed. If set with
46
+ `allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
36
47
  :param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated
37
48
  Kubernetes objects.
38
49
  :param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_labels: Additional labels to apply to all generated Kubernetes
@@ -54,7 +65,7 @@ class SecretBackendRoleArgs:
54
65
  roles and role bindings. If unset, a default template is used.
55
66
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
56
67
  The value should not contain leading or trailing forward slashes.
57
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
68
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
58
69
  *Available only for Vault Enterprise*.
59
70
  :param pulumi.Input[str] service_account_name: The pre-existing service account to generate tokens for.
60
71
  Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
@@ -62,8 +73,11 @@ class SecretBackendRoleArgs:
62
73
  :param pulumi.Input[int] token_default_ttl: The default TTL for generated Kubernetes tokens in seconds.
63
74
  :param pulumi.Input[int] token_max_ttl: The maximum TTL for generated Kubernetes tokens in seconds.
64
75
  """
65
- pulumi.set(__self__, "allowed_kubernetes_namespaces", allowed_kubernetes_namespaces)
66
76
  pulumi.set(__self__, "backend", backend)
77
+ if allowed_kubernetes_namespace_selector is not None:
78
+ pulumi.set(__self__, "allowed_kubernetes_namespace_selector", allowed_kubernetes_namespace_selector)
79
+ if allowed_kubernetes_namespaces is not None:
80
+ pulumi.set(__self__, "allowed_kubernetes_namespaces", allowed_kubernetes_namespaces)
67
81
  if extra_annotations is not None:
68
82
  pulumi.set(__self__, "extra_annotations", extra_annotations)
69
83
  if extra_labels is not None:
@@ -87,19 +101,6 @@ class SecretBackendRoleArgs:
87
101
  if token_max_ttl is not None:
88
102
  pulumi.set(__self__, "token_max_ttl", token_max_ttl)
89
103
 
90
- @property
91
- @pulumi.getter(name="allowedKubernetesNamespaces")
92
- def allowed_kubernetes_namespaces(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
93
- """
94
- The list of Kubernetes namespaces this role
95
- can generate credentials for. If set to `*` all namespaces are allowed.
96
- """
97
- return pulumi.get(self, "allowed_kubernetes_namespaces")
98
-
99
- @allowed_kubernetes_namespaces.setter
100
- def allowed_kubernetes_namespaces(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
101
- pulumi.set(self, "allowed_kubernetes_namespaces", value)
102
-
103
104
  @property
104
105
  @pulumi.getter
105
106
  def backend(self) -> pulumi.Input[str]:
@@ -113,6 +114,35 @@ class SecretBackendRoleArgs:
113
114
  def backend(self, value: pulumi.Input[str]):
114
115
  pulumi.set(self, "backend", value)
115
116
 
117
+ @property
118
+ @pulumi.getter(name="allowedKubernetesNamespaceSelector")
119
+ def allowed_kubernetes_namespace_selector(self) -> Optional[pulumi.Input[str]]:
120
+ """
121
+ A label selector for Kubernetes namespaces
122
+ in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
123
+ of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
124
+ If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
125
+ """
126
+ return pulumi.get(self, "allowed_kubernetes_namespace_selector")
127
+
128
+ @allowed_kubernetes_namespace_selector.setter
129
+ def allowed_kubernetes_namespace_selector(self, value: Optional[pulumi.Input[str]]):
130
+ pulumi.set(self, "allowed_kubernetes_namespace_selector", value)
131
+
132
+ @property
133
+ @pulumi.getter(name="allowedKubernetesNamespaces")
134
+ def allowed_kubernetes_namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
135
+ """
136
+ The list of Kubernetes namespaces this role
137
+ can generate credentials for. If set to `*` all namespaces are allowed. If set with
138
+ `allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
139
+ """
140
+ return pulumi.get(self, "allowed_kubernetes_namespaces")
141
+
142
+ @allowed_kubernetes_namespaces.setter
143
+ def allowed_kubernetes_namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
144
+ pulumi.set(self, "allowed_kubernetes_namespaces", value)
145
+
116
146
  @property
117
147
  @pulumi.getter(name="extraAnnotations")
118
148
  def extra_annotations(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
@@ -215,7 +245,7 @@ class SecretBackendRoleArgs:
215
245
  """
216
246
  The namespace to provision the resource in.
217
247
  The value should not contain leading or trailing forward slashes.
218
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
248
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
219
249
  *Available only for Vault Enterprise*.
220
250
  """
221
251
  return pulumi.get(self, "namespace")
@@ -266,6 +296,7 @@ class SecretBackendRoleArgs:
266
296
  @pulumi.input_type
267
297
  class _SecretBackendRoleState:
268
298
  def __init__(__self__, *,
299
+ allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
269
300
  allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
270
301
  backend: Optional[pulumi.Input[str]] = None,
271
302
  extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
@@ -281,8 +312,13 @@ class _SecretBackendRoleState:
281
312
  token_max_ttl: Optional[pulumi.Input[int]] = None):
282
313
  """
283
314
  Input properties used for looking up and filtering SecretBackendRole resources.
315
+ :param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
316
+ in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
317
+ of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
318
+ If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
284
319
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
285
- can generate credentials for. If set to `*` all namespaces are allowed.
320
+ can generate credentials for. If set to `*` all namespaces are allowed. If set with
321
+ `allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
286
322
  :param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
287
323
  the role in.
288
324
  :param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated
@@ -306,7 +342,7 @@ class _SecretBackendRoleState:
306
342
  roles and role bindings. If unset, a default template is used.
307
343
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
308
344
  The value should not contain leading or trailing forward slashes.
309
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
345
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
310
346
  *Available only for Vault Enterprise*.
311
347
  :param pulumi.Input[str] service_account_name: The pre-existing service account to generate tokens for.
312
348
  Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
@@ -314,6 +350,8 @@ class _SecretBackendRoleState:
314
350
  :param pulumi.Input[int] token_default_ttl: The default TTL for generated Kubernetes tokens in seconds.
315
351
  :param pulumi.Input[int] token_max_ttl: The maximum TTL for generated Kubernetes tokens in seconds.
316
352
  """
353
+ if allowed_kubernetes_namespace_selector is not None:
354
+ pulumi.set(__self__, "allowed_kubernetes_namespace_selector", allowed_kubernetes_namespace_selector)
317
355
  if allowed_kubernetes_namespaces is not None:
318
356
  pulumi.set(__self__, "allowed_kubernetes_namespaces", allowed_kubernetes_namespaces)
319
357
  if backend is not None:
@@ -341,12 +379,28 @@ class _SecretBackendRoleState:
341
379
  if token_max_ttl is not None:
342
380
  pulumi.set(__self__, "token_max_ttl", token_max_ttl)
343
381
 
382
+ @property
383
+ @pulumi.getter(name="allowedKubernetesNamespaceSelector")
384
+ def allowed_kubernetes_namespace_selector(self) -> Optional[pulumi.Input[str]]:
385
+ """
386
+ A label selector for Kubernetes namespaces
387
+ in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
388
+ of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
389
+ If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
390
+ """
391
+ return pulumi.get(self, "allowed_kubernetes_namespace_selector")
392
+
393
+ @allowed_kubernetes_namespace_selector.setter
394
+ def allowed_kubernetes_namespace_selector(self, value: Optional[pulumi.Input[str]]):
395
+ pulumi.set(self, "allowed_kubernetes_namespace_selector", value)
396
+
344
397
  @property
345
398
  @pulumi.getter(name="allowedKubernetesNamespaces")
346
399
  def allowed_kubernetes_namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
347
400
  """
348
401
  The list of Kubernetes namespaces this role
349
- can generate credentials for. If set to `*` all namespaces are allowed.
402
+ can generate credentials for. If set to `*` all namespaces are allowed. If set with
403
+ `allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
350
404
  """
351
405
  return pulumi.get(self, "allowed_kubernetes_namespaces")
352
406
 
@@ -469,7 +523,7 @@ class _SecretBackendRoleState:
469
523
  """
470
524
  The namespace to provision the resource in.
471
525
  The value should not contain leading or trailing forward slashes.
472
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
526
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
473
527
  *Available only for Vault Enterprise*.
474
528
  """
475
529
  return pulumi.get(self, "namespace")
@@ -522,6 +576,7 @@ class SecretBackendRole(pulumi.CustomResource):
522
576
  def __init__(__self__,
523
577
  resource_name: str,
524
578
  opts: Optional[pulumi.ResourceOptions] = None,
579
+ allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
525
580
  allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
526
581
  backend: Optional[pulumi.Input[str]] = None,
527
582
  extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
@@ -543,17 +598,19 @@ class SecretBackendRole(pulumi.CustomResource):
543
598
 
544
599
  ```python
545
600
  import pulumi
601
+ import pulumi_std as std
546
602
  import pulumi_vault as vault
547
603
 
548
604
  config = vault.kubernetes.SecretBackend("config",
549
605
  path="kubernetes",
550
606
  description="kubernetes secrets engine description",
551
607
  kubernetes_host="https://127.0.0.1:61233",
552
- kubernetes_ca_cert=(lambda path: open(path).read())("/path/to/cert"),
553
- service_account_jwt=(lambda path: open(path).read())("/path/to/token"),
608
+ kubernetes_ca_cert=std.file(input="/path/to/cert").result,
609
+ service_account_jwt=std.file(input="/path/to/token").result,
554
610
  disable_local_ca_jwt=False)
555
611
  sa_example = vault.kubernetes.SecretBackendRole("sa-example",
556
612
  backend=config.path,
613
+ name="service-account-name-role",
557
614
  allowed_kubernetes_namespaces=["*"],
558
615
  token_max_ttl=43200,
559
616
  token_default_ttl=21600,
@@ -572,17 +629,19 @@ class SecretBackendRole(pulumi.CustomResource):
572
629
 
573
630
  ```python
574
631
  import pulumi
632
+ import pulumi_std as std
575
633
  import pulumi_vault as vault
576
634
 
577
635
  config = vault.kubernetes.SecretBackend("config",
578
636
  path="kubernetes",
579
637
  description="kubernetes secrets engine description",
580
638
  kubernetes_host="https://127.0.0.1:61233",
581
- kubernetes_ca_cert=(lambda path: open(path).read())("/path/to/cert"),
582
- service_account_jwt=(lambda path: open(path).read())("/path/to/token"),
639
+ kubernetes_ca_cert=std.file(input="/path/to/cert").result,
640
+ service_account_jwt=std.file(input="/path/to/token").result,
583
641
  disable_local_ca_jwt=False)
584
642
  name_example = vault.kubernetes.SecretBackendRole("name-example",
585
643
  backend=config.path,
644
+ name="service-account-name-role",
586
645
  allowed_kubernetes_namespaces=["*"],
587
646
  token_max_ttl=43200,
588
647
  token_default_ttl=21600,
@@ -601,17 +660,19 @@ class SecretBackendRole(pulumi.CustomResource):
601
660
 
602
661
  ```python
603
662
  import pulumi
663
+ import pulumi_std as std
604
664
  import pulumi_vault as vault
605
665
 
606
666
  config = vault.kubernetes.SecretBackend("config",
607
667
  path="kubernetes",
608
668
  description="kubernetes secrets engine description",
609
669
  kubernetes_host="https://127.0.0.1:61233",
610
- kubernetes_ca_cert=(lambda path: open(path).read())("/path/to/cert"),
611
- service_account_jwt=(lambda path: open(path).read())("/path/to/token"),
670
+ kubernetes_ca_cert=std.file(input="/path/to/cert").result,
671
+ service_account_jwt=std.file(input="/path/to/token").result,
612
672
  disable_local_ca_jwt=False)
613
673
  rules_example = vault.kubernetes.SecretBackendRole("rules-example",
614
674
  backend=config.path,
675
+ name="service-account-name-role",
615
676
  allowed_kubernetes_namespaces=["*"],
616
677
  token_max_ttl=43200,
617
678
  token_default_ttl=21600,
@@ -635,7 +696,7 @@ class SecretBackendRole(pulumi.CustomResource):
635
696
 
636
697
  The Kubernetes secret backend role can be imported using the full path to the role
637
698
 
638
- of the form: `<backend_path>/roles/<role_name>` e.g.
699
+ of the form: `<backend_path>/roles/<role_name>` e.g.
639
700
 
640
701
  ```sh
641
702
  $ pulumi import vault:kubernetes/secretBackendRole:SecretBackendRole example kubernetes kubernetes/roles/example-role
@@ -643,8 +704,13 @@ class SecretBackendRole(pulumi.CustomResource):
643
704
 
644
705
  :param str resource_name: The name of the resource.
645
706
  :param pulumi.ResourceOptions opts: Options for the resource.
707
+ :param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
708
+ in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
709
+ of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
710
+ If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
646
711
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
647
- can generate credentials for. If set to `*` all namespaces are allowed.
712
+ can generate credentials for. If set to `*` all namespaces are allowed. If set with
713
+ `allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
648
714
  :param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
649
715
  the role in.
650
716
  :param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated
@@ -668,7 +734,7 @@ class SecretBackendRole(pulumi.CustomResource):
668
734
  roles and role bindings. If unset, a default template is used.
669
735
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
670
736
  The value should not contain leading or trailing forward slashes.
671
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
737
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
672
738
  *Available only for Vault Enterprise*.
673
739
  :param pulumi.Input[str] service_account_name: The pre-existing service account to generate tokens for.
674
740
  Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
@@ -689,17 +755,19 @@ class SecretBackendRole(pulumi.CustomResource):
689
755
 
690
756
  ```python
691
757
  import pulumi
758
+ import pulumi_std as std
692
759
  import pulumi_vault as vault
693
760
 
694
761
  config = vault.kubernetes.SecretBackend("config",
695
762
  path="kubernetes",
696
763
  description="kubernetes secrets engine description",
697
764
  kubernetes_host="https://127.0.0.1:61233",
698
- kubernetes_ca_cert=(lambda path: open(path).read())("/path/to/cert"),
699
- service_account_jwt=(lambda path: open(path).read())("/path/to/token"),
765
+ kubernetes_ca_cert=std.file(input="/path/to/cert").result,
766
+ service_account_jwt=std.file(input="/path/to/token").result,
700
767
  disable_local_ca_jwt=False)
701
768
  sa_example = vault.kubernetes.SecretBackendRole("sa-example",
702
769
  backend=config.path,
770
+ name="service-account-name-role",
703
771
  allowed_kubernetes_namespaces=["*"],
704
772
  token_max_ttl=43200,
705
773
  token_default_ttl=21600,
@@ -718,17 +786,19 @@ class SecretBackendRole(pulumi.CustomResource):
718
786
 
719
787
  ```python
720
788
  import pulumi
789
+ import pulumi_std as std
721
790
  import pulumi_vault as vault
722
791
 
723
792
  config = vault.kubernetes.SecretBackend("config",
724
793
  path="kubernetes",
725
794
  description="kubernetes secrets engine description",
726
795
  kubernetes_host="https://127.0.0.1:61233",
727
- kubernetes_ca_cert=(lambda path: open(path).read())("/path/to/cert"),
728
- service_account_jwt=(lambda path: open(path).read())("/path/to/token"),
796
+ kubernetes_ca_cert=std.file(input="/path/to/cert").result,
797
+ service_account_jwt=std.file(input="/path/to/token").result,
729
798
  disable_local_ca_jwt=False)
730
799
  name_example = vault.kubernetes.SecretBackendRole("name-example",
731
800
  backend=config.path,
801
+ name="service-account-name-role",
732
802
  allowed_kubernetes_namespaces=["*"],
733
803
  token_max_ttl=43200,
734
804
  token_default_ttl=21600,
@@ -747,17 +817,19 @@ class SecretBackendRole(pulumi.CustomResource):
747
817
 
748
818
  ```python
749
819
  import pulumi
820
+ import pulumi_std as std
750
821
  import pulumi_vault as vault
751
822
 
752
823
  config = vault.kubernetes.SecretBackend("config",
753
824
  path="kubernetes",
754
825
  description="kubernetes secrets engine description",
755
826
  kubernetes_host="https://127.0.0.1:61233",
756
- kubernetes_ca_cert=(lambda path: open(path).read())("/path/to/cert"),
757
- service_account_jwt=(lambda path: open(path).read())("/path/to/token"),
827
+ kubernetes_ca_cert=std.file(input="/path/to/cert").result,
828
+ service_account_jwt=std.file(input="/path/to/token").result,
758
829
  disable_local_ca_jwt=False)
759
830
  rules_example = vault.kubernetes.SecretBackendRole("rules-example",
760
831
  backend=config.path,
832
+ name="service-account-name-role",
761
833
  allowed_kubernetes_namespaces=["*"],
762
834
  token_max_ttl=43200,
763
835
  token_default_ttl=21600,
@@ -781,7 +853,7 @@ class SecretBackendRole(pulumi.CustomResource):
781
853
 
782
854
  The Kubernetes secret backend role can be imported using the full path to the role
783
855
 
784
- of the form: `<backend_path>/roles/<role_name>` e.g.
856
+ of the form: `<backend_path>/roles/<role_name>` e.g.
785
857
 
786
858
  ```sh
787
859
  $ pulumi import vault:kubernetes/secretBackendRole:SecretBackendRole example kubernetes kubernetes/roles/example-role
@@ -802,6 +874,7 @@ class SecretBackendRole(pulumi.CustomResource):
802
874
  def _internal_init(__self__,
803
875
  resource_name: str,
804
876
  opts: Optional[pulumi.ResourceOptions] = None,
877
+ allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
805
878
  allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
806
879
  backend: Optional[pulumi.Input[str]] = None,
807
880
  extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
@@ -824,8 +897,7 @@ class SecretBackendRole(pulumi.CustomResource):
824
897
  raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
825
898
  __props__ = SecretBackendRoleArgs.__new__(SecretBackendRoleArgs)
826
899
 
827
- if allowed_kubernetes_namespaces is None and not opts.urn:
828
- raise TypeError("Missing required property 'allowed_kubernetes_namespaces'")
900
+ __props__.__dict__["allowed_kubernetes_namespace_selector"] = allowed_kubernetes_namespace_selector
829
901
  __props__.__dict__["allowed_kubernetes_namespaces"] = allowed_kubernetes_namespaces
830
902
  if backend is None and not opts.urn:
831
903
  raise TypeError("Missing required property 'backend'")
@@ -851,6 +923,7 @@ class SecretBackendRole(pulumi.CustomResource):
851
923
  def get(resource_name: str,
852
924
  id: pulumi.Input[str],
853
925
  opts: Optional[pulumi.ResourceOptions] = None,
926
+ allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
854
927
  allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
855
928
  backend: Optional[pulumi.Input[str]] = None,
856
929
  extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
@@ -871,8 +944,13 @@ class SecretBackendRole(pulumi.CustomResource):
871
944
  :param str resource_name: The unique name of the resulting resource.
872
945
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
873
946
  :param pulumi.ResourceOptions opts: Options for the resource.
947
+ :param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
948
+ in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
949
+ of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
950
+ If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
874
951
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
875
- can generate credentials for. If set to `*` all namespaces are allowed.
952
+ can generate credentials for. If set to `*` all namespaces are allowed. If set with
953
+ `allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
876
954
  :param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
877
955
  the role in.
878
956
  :param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated
@@ -896,7 +974,7 @@ class SecretBackendRole(pulumi.CustomResource):
896
974
  roles and role bindings. If unset, a default template is used.
897
975
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
898
976
  The value should not contain leading or trailing forward slashes.
899
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
977
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
900
978
  *Available only for Vault Enterprise*.
901
979
  :param pulumi.Input[str] service_account_name: The pre-existing service account to generate tokens for.
902
980
  Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
@@ -908,6 +986,7 @@ class SecretBackendRole(pulumi.CustomResource):
908
986
 
909
987
  __props__ = _SecretBackendRoleState.__new__(_SecretBackendRoleState)
910
988
 
989
+ __props__.__dict__["allowed_kubernetes_namespace_selector"] = allowed_kubernetes_namespace_selector
911
990
  __props__.__dict__["allowed_kubernetes_namespaces"] = allowed_kubernetes_namespaces
912
991
  __props__.__dict__["backend"] = backend
913
992
  __props__.__dict__["extra_annotations"] = extra_annotations
@@ -923,12 +1002,24 @@ class SecretBackendRole(pulumi.CustomResource):
923
1002
  __props__.__dict__["token_max_ttl"] = token_max_ttl
924
1003
  return SecretBackendRole(resource_name, opts=opts, __props__=__props__)
925
1004
 
1005
+ @property
1006
+ @pulumi.getter(name="allowedKubernetesNamespaceSelector")
1007
+ def allowed_kubernetes_namespace_selector(self) -> pulumi.Output[Optional[str]]:
1008
+ """
1009
+ A label selector for Kubernetes namespaces
1010
+ in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
1011
+ of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
1012
+ If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
1013
+ """
1014
+ return pulumi.get(self, "allowed_kubernetes_namespace_selector")
1015
+
926
1016
  @property
927
1017
  @pulumi.getter(name="allowedKubernetesNamespaces")
928
- def allowed_kubernetes_namespaces(self) -> pulumi.Output[Sequence[str]]:
1018
+ def allowed_kubernetes_namespaces(self) -> pulumi.Output[Optional[Sequence[str]]]:
929
1019
  """
930
1020
  The list of Kubernetes namespaces this role
931
- can generate credentials for. If set to `*` all namespaces are allowed.
1021
+ can generate credentials for. If set to `*` all namespaces are allowed. If set with
1022
+ `allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
932
1023
  """
933
1024
  return pulumi.get(self, "allowed_kubernetes_namespaces")
934
1025
 
@@ -1015,7 +1106,7 @@ class SecretBackendRole(pulumi.CustomResource):
1015
1106
  """
1016
1107
  The namespace to provision the resource in.
1017
1108
  The value should not contain leading or trailing forward slashes.
1018
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1109
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1019
1110
  *Available only for Vault Enterprise*.
1020
1111
  """
1021
1112
  return pulumi.get(self, "namespace")
@@ -4,25 +4,57 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = [
13
18
  'SecretV2CustomMetadataArgs',
19
+ 'SecretV2CustomMetadataArgsDict',
14
20
  ]
15
21
 
22
+ MYPY = False
23
+
24
+ if not MYPY:
25
+ class SecretV2CustomMetadataArgsDict(TypedDict):
26
+ cas_required: NotRequired[pulumi.Input[bool]]
27
+ """
28
+ If true, all keys will require the cas parameter to be set on all write requests.
29
+ """
30
+ data: NotRequired[pulumi.Input[Mapping[str, pulumi.Input[str]]]]
31
+ """
32
+ A mapping whose keys are the top-level data keys returned from
33
+ Vault and whose values are the corresponding values. This map can only
34
+ represent string data, so any non-string values returned from Vault are
35
+ serialized as JSON.
36
+ """
37
+ delete_version_after: NotRequired[pulumi.Input[int]]
38
+ """
39
+ If set, specifies the length of time before a version is deleted.
40
+ """
41
+ max_versions: NotRequired[pulumi.Input[int]]
42
+ """
43
+ The number of versions to keep per key.
44
+ """
45
+ elif False:
46
+ SecretV2CustomMetadataArgsDict: TypeAlias = Mapping[str, Any]
47
+
16
48
  @pulumi.input_type
17
49
  class SecretV2CustomMetadataArgs:
18
50
  def __init__(__self__, *,
19
51
  cas_required: Optional[pulumi.Input[bool]] = None,
20
- data: Optional[pulumi.Input[Mapping[str, Any]]] = None,
52
+ data: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
21
53
  delete_version_after: Optional[pulumi.Input[int]] = None,
22
54
  max_versions: Optional[pulumi.Input[int]] = None):
23
55
  """
24
56
  :param pulumi.Input[bool] cas_required: If true, all keys will require the cas parameter to be set on all write requests.
25
- :param pulumi.Input[Mapping[str, Any]] data: A mapping whose keys are the top-level data keys returned from
57
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] data: A mapping whose keys are the top-level data keys returned from
26
58
  Vault and whose values are the corresponding values. This map can only
27
59
  represent string data, so any non-string values returned from Vault are
28
60
  serialized as JSON.
@@ -52,7 +84,7 @@ class SecretV2CustomMetadataArgs:
52
84
 
53
85
  @property
54
86
  @pulumi.getter
55
- def data(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
87
+ def data(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
56
88
  """
57
89
  A mapping whose keys are the top-level data keys returned from
58
90
  Vault and whose values are the corresponding values. This map can only
@@ -62,7 +94,7 @@ class SecretV2CustomMetadataArgs:
62
94
  return pulumi.get(self, "data")
63
95
 
64
96
  @data.setter
65
- def data(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
97
+ def data(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
66
98
  pulumi.set(self, "data", value)
67
99
 
68
100
  @property
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = [
@@ -49,7 +54,7 @@ class GetSecretResult:
49
54
 
50
55
  @property
51
56
  @pulumi.getter
52
- def data(self) -> Mapping[str, Any]:
57
+ def data(self) -> Mapping[str, str]:
53
58
  """
54
59
  A mapping whose keys are the top-level data keys returned from
55
60
  Vault and whose values are the corresponding values. This map can only
@@ -154,6 +159,7 @@ def get_secret(namespace: Optional[str] = None,
154
159
  }))
155
160
  secret_data = vault.kv.get_secret_output(path=secret.path)
156
161
  ```
162
+
157
163
  ## Required Vault Capabilities
158
164
 
159
165
  Use of this resource requires the `read` capability on the given path.
@@ -161,7 +167,7 @@ def get_secret(namespace: Optional[str] = None,
161
167
 
162
168
  :param str namespace: The namespace of the target resource.
163
169
  The value should not contain leading or trailing forward slashes.
164
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
170
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
165
171
  *Available only for Vault Enterprise*.
166
172
  :param str path: Full path of the KV-V1 secret.
167
173
  """
@@ -180,12 +186,9 @@ def get_secret(namespace: Optional[str] = None,
180
186
  lease_renewable=pulumi.get(__ret__, 'lease_renewable'),
181
187
  namespace=pulumi.get(__ret__, 'namespace'),
182
188
  path=pulumi.get(__ret__, 'path'))
183
-
184
-
185
- @_utilities.lift_output_func(get_secret)
186
189
  def get_secret_output(namespace: Optional[pulumi.Input[Optional[str]]] = None,
187
190
  path: Optional[pulumi.Input[str]] = None,
188
- opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSecretResult]:
191
+ opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSecretResult]:
189
192
  """
190
193
  ## Example Usage
191
194
 
@@ -209,6 +212,7 @@ def get_secret_output(namespace: Optional[pulumi.Input[Optional[str]]] = None,
209
212
  }))
210
213
  secret_data = vault.kv.get_secret_output(path=secret.path)
211
214
  ```
215
+
212
216
  ## Required Vault Capabilities
213
217
 
214
218
  Use of this resource requires the `read` capability on the given path.
@@ -216,8 +220,21 @@ def get_secret_output(namespace: Optional[pulumi.Input[Optional[str]]] = None,
216
220
 
217
221
  :param str namespace: The namespace of the target resource.
218
222
  The value should not contain leading or trailing forward slashes.
219
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
223
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
220
224
  *Available only for Vault Enterprise*.
221
225
  :param str path: Full path of the KV-V1 secret.
222
226
  """
223
- ...
227
+ __args__ = dict()
228
+ __args__['namespace'] = namespace
229
+ __args__['path'] = path
230
+ opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
231
+ __ret__ = pulumi.runtime.invoke_output('vault:kv/getSecret:getSecret', __args__, opts=opts, typ=GetSecretResult)
232
+ return __ret__.apply(lambda __response__: GetSecretResult(
233
+ data=pulumi.get(__response__, 'data'),
234
+ data_json=pulumi.get(__response__, 'data_json'),
235
+ id=pulumi.get(__response__, 'id'),
236
+ lease_duration=pulumi.get(__response__, 'lease_duration'),
237
+ lease_id=pulumi.get(__response__, 'lease_id'),
238
+ lease_renewable=pulumi.get(__response__, 'lease_renewable'),
239
+ namespace=pulumi.get(__response__, 'namespace'),
240
+ path=pulumi.get(__response__, 'path')))