pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretBackendArgs', 'SecretBackend']
@@ -17,6 +22,7 @@ class SecretBackendArgs:
17
22
  binddn: pulumi.Input[str],
18
23
  bindpass: pulumi.Input[str],
19
24
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
25
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
20
26
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
21
27
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
22
28
  certificate: Optional[pulumi.Input[str]] = None,
@@ -24,20 +30,25 @@ class SecretBackendArgs:
24
30
  client_tls_key: Optional[pulumi.Input[str]] = None,
25
31
  connection_timeout: Optional[pulumi.Input[int]] = None,
26
32
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
33
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
27
34
  description: Optional[pulumi.Input[str]] = None,
28
35
  disable_remount: Optional[pulumi.Input[bool]] = None,
29
36
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
37
+ identity_token_key: Optional[pulumi.Input[str]] = None,
30
38
  insecure_tls: Optional[pulumi.Input[bool]] = None,
31
- length: Optional[pulumi.Input[int]] = None,
39
+ listing_visibility: Optional[pulumi.Input[str]] = None,
32
40
  local: Optional[pulumi.Input[bool]] = None,
33
41
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
34
42
  namespace: Optional[pulumi.Input[str]] = None,
35
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
43
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
44
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
36
45
  password_policy: Optional[pulumi.Input[str]] = None,
37
46
  path: Optional[pulumi.Input[str]] = None,
47
+ plugin_version: Optional[pulumi.Input[str]] = None,
38
48
  request_timeout: Optional[pulumi.Input[int]] = None,
39
49
  schema: Optional[pulumi.Input[str]] = None,
40
50
  seal_wrap: Optional[pulumi.Input[bool]] = None,
51
+ skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
41
52
  starttls: Optional[pulumi.Input[bool]] = None,
42
53
  upndomain: Optional[pulumi.Input[str]] = None,
43
54
  url: Optional[pulumi.Input[str]] = None,
@@ -48,6 +59,7 @@ class SecretBackendArgs:
48
59
  :param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
49
60
  :param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
50
61
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
62
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
51
63
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
52
64
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
53
65
  :param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
@@ -57,28 +69,33 @@ class SecretBackendArgs:
57
69
  :param pulumi.Input[int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
58
70
  the next URL in the configuration.
59
71
  :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
72
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
60
73
  :param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
61
74
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
62
75
  :param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
76
+ :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
63
77
  :param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
64
78
  Defaults to `false`.
65
- :param pulumi.Input[int] length: **Deprecated** use `password_policy`. The desired length of passwords that Vault generates.
66
- *Mutually exclusive with `password_policy` on vault-1.11+*
79
+ :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
67
80
  :param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
68
81
  replication.Tolerance duration to use when checking the last rotation time.
69
82
  :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
70
83
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
71
84
  The value should not contain leading or trailing forward slashes.
72
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
85
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
73
86
  *Available only for Vault Enterprise*.
74
- :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
87
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
88
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
75
89
  :param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
76
90
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
77
91
  not begin or end with a `/`. Defaults to `ldap`.
92
+ :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
78
93
  :param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
79
94
  before returning back an error.
80
95
  :param pulumi.Input[str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
81
96
  :param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
97
+ :param pulumi.Input[bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
98
+ Defaults to false. Requires Vault 1.16 or above.
82
99
  :param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
83
100
  :param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
84
101
  :param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
@@ -90,6 +107,8 @@ class SecretBackendArgs:
90
107
  pulumi.set(__self__, "bindpass", bindpass)
91
108
  if allowed_managed_keys is not None:
92
109
  pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
110
+ if allowed_response_headers is not None:
111
+ pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
93
112
  if audit_non_hmac_request_keys is not None:
94
113
  pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
95
114
  if audit_non_hmac_response_keys is not None:
@@ -104,19 +123,20 @@ class SecretBackendArgs:
104
123
  pulumi.set(__self__, "connection_timeout", connection_timeout)
105
124
  if default_lease_ttl_seconds is not None:
106
125
  pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
126
+ if delegated_auth_accessors is not None:
127
+ pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
107
128
  if description is not None:
108
129
  pulumi.set(__self__, "description", description)
109
130
  if disable_remount is not None:
110
131
  pulumi.set(__self__, "disable_remount", disable_remount)
111
132
  if external_entropy_access is not None:
112
133
  pulumi.set(__self__, "external_entropy_access", external_entropy_access)
134
+ if identity_token_key is not None:
135
+ pulumi.set(__self__, "identity_token_key", identity_token_key)
113
136
  if insecure_tls is not None:
114
137
  pulumi.set(__self__, "insecure_tls", insecure_tls)
115
- if length is not None:
116
- warnings.warn("""Length is deprecated and password_policy should be used with Vault >= 1.5.""", DeprecationWarning)
117
- pulumi.log.warn("""length is deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.""")
118
- if length is not None:
119
- pulumi.set(__self__, "length", length)
138
+ if listing_visibility is not None:
139
+ pulumi.set(__self__, "listing_visibility", listing_visibility)
120
140
  if local is not None:
121
141
  pulumi.set(__self__, "local", local)
122
142
  if max_lease_ttl_seconds is not None:
@@ -125,16 +145,22 @@ class SecretBackendArgs:
125
145
  pulumi.set(__self__, "namespace", namespace)
126
146
  if options is not None:
127
147
  pulumi.set(__self__, "options", options)
148
+ if passthrough_request_headers is not None:
149
+ pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
128
150
  if password_policy is not None:
129
151
  pulumi.set(__self__, "password_policy", password_policy)
130
152
  if path is not None:
131
153
  pulumi.set(__self__, "path", path)
154
+ if plugin_version is not None:
155
+ pulumi.set(__self__, "plugin_version", plugin_version)
132
156
  if request_timeout is not None:
133
157
  pulumi.set(__self__, "request_timeout", request_timeout)
134
158
  if schema is not None:
135
159
  pulumi.set(__self__, "schema", schema)
136
160
  if seal_wrap is not None:
137
161
  pulumi.set(__self__, "seal_wrap", seal_wrap)
162
+ if skip_static_role_import_rotation is not None:
163
+ pulumi.set(__self__, "skip_static_role_import_rotation", skip_static_role_import_rotation)
138
164
  if starttls is not None:
139
165
  pulumi.set(__self__, "starttls", starttls)
140
166
  if upndomain is not None:
@@ -182,6 +208,18 @@ class SecretBackendArgs:
182
208
  def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
183
209
  pulumi.set(self, "allowed_managed_keys", value)
184
210
 
211
+ @property
212
+ @pulumi.getter(name="allowedResponseHeaders")
213
+ def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
214
+ """
215
+ List of headers to allow and pass from the request to the plugin
216
+ """
217
+ return pulumi.get(self, "allowed_response_headers")
218
+
219
+ @allowed_response_headers.setter
220
+ def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
221
+ pulumi.set(self, "allowed_response_headers", value)
222
+
185
223
  @property
186
224
  @pulumi.getter(name="auditNonHmacRequestKeys")
187
225
  def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -268,6 +306,18 @@ class SecretBackendArgs:
268
306
  def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
269
307
  pulumi.set(self, "default_lease_ttl_seconds", value)
270
308
 
309
+ @property
310
+ @pulumi.getter(name="delegatedAuthAccessors")
311
+ def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
312
+ """
313
+ List of headers to allow and pass from the request to the plugin
314
+ """
315
+ return pulumi.get(self, "delegated_auth_accessors")
316
+
317
+ @delegated_auth_accessors.setter
318
+ def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
319
+ pulumi.set(self, "delegated_auth_accessors", value)
320
+
271
321
  @property
272
322
  @pulumi.getter
273
323
  def description(self) -> Optional[pulumi.Input[str]]:
@@ -304,6 +354,18 @@ class SecretBackendArgs:
304
354
  def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
305
355
  pulumi.set(self, "external_entropy_access", value)
306
356
 
357
+ @property
358
+ @pulumi.getter(name="identityTokenKey")
359
+ def identity_token_key(self) -> Optional[pulumi.Input[str]]:
360
+ """
361
+ The key to use for signing plugin workload identity tokens
362
+ """
363
+ return pulumi.get(self, "identity_token_key")
364
+
365
+ @identity_token_key.setter
366
+ def identity_token_key(self, value: Optional[pulumi.Input[str]]):
367
+ pulumi.set(self, "identity_token_key", value)
368
+
307
369
  @property
308
370
  @pulumi.getter(name="insecureTls")
309
371
  def insecure_tls(self) -> Optional[pulumi.Input[bool]]:
@@ -318,20 +380,16 @@ class SecretBackendArgs:
318
380
  pulumi.set(self, "insecure_tls", value)
319
381
 
320
382
  @property
321
- @pulumi.getter
322
- def length(self) -> Optional[pulumi.Input[int]]:
383
+ @pulumi.getter(name="listingVisibility")
384
+ def listing_visibility(self) -> Optional[pulumi.Input[str]]:
323
385
  """
324
- **Deprecated** use `password_policy`. The desired length of passwords that Vault generates.
325
- *Mutually exclusive with `password_policy` on vault-1.11+*
386
+ Specifies whether to show this mount in the UI-specific listing endpoint
326
387
  """
327
- warnings.warn("""Length is deprecated and password_policy should be used with Vault >= 1.5.""", DeprecationWarning)
328
- pulumi.log.warn("""length is deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.""")
388
+ return pulumi.get(self, "listing_visibility")
329
389
 
330
- return pulumi.get(self, "length")
331
-
332
- @length.setter
333
- def length(self, value: Optional[pulumi.Input[int]]):
334
- pulumi.set(self, "length", value)
390
+ @listing_visibility.setter
391
+ def listing_visibility(self, value: Optional[pulumi.Input[str]]):
392
+ pulumi.set(self, "listing_visibility", value)
335
393
 
336
394
  @property
337
395
  @pulumi.getter
@@ -364,7 +422,7 @@ class SecretBackendArgs:
364
422
  """
365
423
  The namespace to provision the resource in.
366
424
  The value should not contain leading or trailing forward slashes.
367
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
425
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
368
426
  *Available only for Vault Enterprise*.
369
427
  """
370
428
  return pulumi.get(self, "namespace")
@@ -375,16 +433,28 @@ class SecretBackendArgs:
375
433
 
376
434
  @property
377
435
  @pulumi.getter
378
- def options(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
436
+ def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
379
437
  """
380
438
  Specifies mount type specific options that are passed to the backend
381
439
  """
382
440
  return pulumi.get(self, "options")
383
441
 
384
442
  @options.setter
385
- def options(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
443
+ def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
386
444
  pulumi.set(self, "options", value)
387
445
 
446
+ @property
447
+ @pulumi.getter(name="passthroughRequestHeaders")
448
+ def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
449
+ """
450
+ List of headers to allow and pass from the request to the plugin
451
+ """
452
+ return pulumi.get(self, "passthrough_request_headers")
453
+
454
+ @passthrough_request_headers.setter
455
+ def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
456
+ pulumi.set(self, "passthrough_request_headers", value)
457
+
388
458
  @property
389
459
  @pulumi.getter(name="passwordPolicy")
390
460
  def password_policy(self) -> Optional[pulumi.Input[str]]:
@@ -410,6 +480,18 @@ class SecretBackendArgs:
410
480
  def path(self, value: Optional[pulumi.Input[str]]):
411
481
  pulumi.set(self, "path", value)
412
482
 
483
+ @property
484
+ @pulumi.getter(name="pluginVersion")
485
+ def plugin_version(self) -> Optional[pulumi.Input[str]]:
486
+ """
487
+ Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
488
+ """
489
+ return pulumi.get(self, "plugin_version")
490
+
491
+ @plugin_version.setter
492
+ def plugin_version(self, value: Optional[pulumi.Input[str]]):
493
+ pulumi.set(self, "plugin_version", value)
494
+
413
495
  @property
414
496
  @pulumi.getter(name="requestTimeout")
415
497
  def request_timeout(self) -> Optional[pulumi.Input[int]]:
@@ -447,6 +529,19 @@ class SecretBackendArgs:
447
529
  def seal_wrap(self, value: Optional[pulumi.Input[bool]]):
448
530
  pulumi.set(self, "seal_wrap", value)
449
531
 
532
+ @property
533
+ @pulumi.getter(name="skipStaticRoleImportRotation")
534
+ def skip_static_role_import_rotation(self) -> Optional[pulumi.Input[bool]]:
535
+ """
536
+ If set to true, static roles will not be rotated during import.
537
+ Defaults to false. Requires Vault 1.16 or above.
538
+ """
539
+ return pulumi.get(self, "skip_static_role_import_rotation")
540
+
541
+ @skip_static_role_import_rotation.setter
542
+ def skip_static_role_import_rotation(self, value: Optional[pulumi.Input[bool]]):
543
+ pulumi.set(self, "skip_static_role_import_rotation", value)
544
+
450
545
  @property
451
546
  @pulumi.getter
452
547
  def starttls(self) -> Optional[pulumi.Input[bool]]:
@@ -514,6 +609,7 @@ class _SecretBackendState:
514
609
  def __init__(__self__, *,
515
610
  accessor: Optional[pulumi.Input[str]] = None,
516
611
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
612
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
517
613
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
518
614
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
519
615
  binddn: Optional[pulumi.Input[str]] = None,
@@ -523,20 +619,25 @@ class _SecretBackendState:
523
619
  client_tls_key: Optional[pulumi.Input[str]] = None,
524
620
  connection_timeout: Optional[pulumi.Input[int]] = None,
525
621
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
622
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
526
623
  description: Optional[pulumi.Input[str]] = None,
527
624
  disable_remount: Optional[pulumi.Input[bool]] = None,
528
625
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
626
+ identity_token_key: Optional[pulumi.Input[str]] = None,
529
627
  insecure_tls: Optional[pulumi.Input[bool]] = None,
530
- length: Optional[pulumi.Input[int]] = None,
628
+ listing_visibility: Optional[pulumi.Input[str]] = None,
531
629
  local: Optional[pulumi.Input[bool]] = None,
532
630
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
533
631
  namespace: Optional[pulumi.Input[str]] = None,
534
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
632
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
633
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
535
634
  password_policy: Optional[pulumi.Input[str]] = None,
536
635
  path: Optional[pulumi.Input[str]] = None,
636
+ plugin_version: Optional[pulumi.Input[str]] = None,
537
637
  request_timeout: Optional[pulumi.Input[int]] = None,
538
638
  schema: Optional[pulumi.Input[str]] = None,
539
639
  seal_wrap: Optional[pulumi.Input[bool]] = None,
640
+ skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
540
641
  starttls: Optional[pulumi.Input[bool]] = None,
541
642
  upndomain: Optional[pulumi.Input[str]] = None,
542
643
  url: Optional[pulumi.Input[str]] = None,
@@ -546,6 +647,7 @@ class _SecretBackendState:
546
647
  Input properties used for looking up and filtering SecretBackend resources.
547
648
  :param pulumi.Input[str] accessor: Accessor of the mount
548
649
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
650
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
549
651
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
550
652
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
551
653
  :param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
@@ -557,28 +659,33 @@ class _SecretBackendState:
557
659
  :param pulumi.Input[int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
558
660
  the next URL in the configuration.
559
661
  :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
662
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
560
663
  :param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
561
664
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
562
665
  :param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
666
+ :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
563
667
  :param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
564
668
  Defaults to `false`.
565
- :param pulumi.Input[int] length: **Deprecated** use `password_policy`. The desired length of passwords that Vault generates.
566
- *Mutually exclusive with `password_policy` on vault-1.11+*
669
+ :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
567
670
  :param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
568
671
  replication.Tolerance duration to use when checking the last rotation time.
569
672
  :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
570
673
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
571
674
  The value should not contain leading or trailing forward slashes.
572
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
675
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
573
676
  *Available only for Vault Enterprise*.
574
- :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
677
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
678
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
575
679
  :param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
576
680
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
577
681
  not begin or end with a `/`. Defaults to `ldap`.
682
+ :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
578
683
  :param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
579
684
  before returning back an error.
580
685
  :param pulumi.Input[str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
581
686
  :param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
687
+ :param pulumi.Input[bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
688
+ Defaults to false. Requires Vault 1.16 or above.
582
689
  :param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
583
690
  :param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
584
691
  :param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
@@ -590,6 +697,8 @@ class _SecretBackendState:
590
697
  pulumi.set(__self__, "accessor", accessor)
591
698
  if allowed_managed_keys is not None:
592
699
  pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
700
+ if allowed_response_headers is not None:
701
+ pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
593
702
  if audit_non_hmac_request_keys is not None:
594
703
  pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
595
704
  if audit_non_hmac_response_keys is not None:
@@ -608,19 +717,20 @@ class _SecretBackendState:
608
717
  pulumi.set(__self__, "connection_timeout", connection_timeout)
609
718
  if default_lease_ttl_seconds is not None:
610
719
  pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
720
+ if delegated_auth_accessors is not None:
721
+ pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
611
722
  if description is not None:
612
723
  pulumi.set(__self__, "description", description)
613
724
  if disable_remount is not None:
614
725
  pulumi.set(__self__, "disable_remount", disable_remount)
615
726
  if external_entropy_access is not None:
616
727
  pulumi.set(__self__, "external_entropy_access", external_entropy_access)
728
+ if identity_token_key is not None:
729
+ pulumi.set(__self__, "identity_token_key", identity_token_key)
617
730
  if insecure_tls is not None:
618
731
  pulumi.set(__self__, "insecure_tls", insecure_tls)
619
- if length is not None:
620
- warnings.warn("""Length is deprecated and password_policy should be used with Vault >= 1.5.""", DeprecationWarning)
621
- pulumi.log.warn("""length is deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.""")
622
- if length is not None:
623
- pulumi.set(__self__, "length", length)
732
+ if listing_visibility is not None:
733
+ pulumi.set(__self__, "listing_visibility", listing_visibility)
624
734
  if local is not None:
625
735
  pulumi.set(__self__, "local", local)
626
736
  if max_lease_ttl_seconds is not None:
@@ -629,16 +739,22 @@ class _SecretBackendState:
629
739
  pulumi.set(__self__, "namespace", namespace)
630
740
  if options is not None:
631
741
  pulumi.set(__self__, "options", options)
742
+ if passthrough_request_headers is not None:
743
+ pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
632
744
  if password_policy is not None:
633
745
  pulumi.set(__self__, "password_policy", password_policy)
634
746
  if path is not None:
635
747
  pulumi.set(__self__, "path", path)
748
+ if plugin_version is not None:
749
+ pulumi.set(__self__, "plugin_version", plugin_version)
636
750
  if request_timeout is not None:
637
751
  pulumi.set(__self__, "request_timeout", request_timeout)
638
752
  if schema is not None:
639
753
  pulumi.set(__self__, "schema", schema)
640
754
  if seal_wrap is not None:
641
755
  pulumi.set(__self__, "seal_wrap", seal_wrap)
756
+ if skip_static_role_import_rotation is not None:
757
+ pulumi.set(__self__, "skip_static_role_import_rotation", skip_static_role_import_rotation)
642
758
  if starttls is not None:
643
759
  pulumi.set(__self__, "starttls", starttls)
644
760
  if upndomain is not None:
@@ -674,6 +790,18 @@ class _SecretBackendState:
674
790
  def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
675
791
  pulumi.set(self, "allowed_managed_keys", value)
676
792
 
793
+ @property
794
+ @pulumi.getter(name="allowedResponseHeaders")
795
+ def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
796
+ """
797
+ List of headers to allow and pass from the request to the plugin
798
+ """
799
+ return pulumi.get(self, "allowed_response_headers")
800
+
801
+ @allowed_response_headers.setter
802
+ def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
803
+ pulumi.set(self, "allowed_response_headers", value)
804
+
677
805
  @property
678
806
  @pulumi.getter(name="auditNonHmacRequestKeys")
679
807
  def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -784,6 +912,18 @@ class _SecretBackendState:
784
912
  def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
785
913
  pulumi.set(self, "default_lease_ttl_seconds", value)
786
914
 
915
+ @property
916
+ @pulumi.getter(name="delegatedAuthAccessors")
917
+ def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
918
+ """
919
+ List of headers to allow and pass from the request to the plugin
920
+ """
921
+ return pulumi.get(self, "delegated_auth_accessors")
922
+
923
+ @delegated_auth_accessors.setter
924
+ def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
925
+ pulumi.set(self, "delegated_auth_accessors", value)
926
+
787
927
  @property
788
928
  @pulumi.getter
789
929
  def description(self) -> Optional[pulumi.Input[str]]:
@@ -820,6 +960,18 @@ class _SecretBackendState:
820
960
  def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
821
961
  pulumi.set(self, "external_entropy_access", value)
822
962
 
963
+ @property
964
+ @pulumi.getter(name="identityTokenKey")
965
+ def identity_token_key(self) -> Optional[pulumi.Input[str]]:
966
+ """
967
+ The key to use for signing plugin workload identity tokens
968
+ """
969
+ return pulumi.get(self, "identity_token_key")
970
+
971
+ @identity_token_key.setter
972
+ def identity_token_key(self, value: Optional[pulumi.Input[str]]):
973
+ pulumi.set(self, "identity_token_key", value)
974
+
823
975
  @property
824
976
  @pulumi.getter(name="insecureTls")
825
977
  def insecure_tls(self) -> Optional[pulumi.Input[bool]]:
@@ -834,20 +986,16 @@ class _SecretBackendState:
834
986
  pulumi.set(self, "insecure_tls", value)
835
987
 
836
988
  @property
837
- @pulumi.getter
838
- def length(self) -> Optional[pulumi.Input[int]]:
989
+ @pulumi.getter(name="listingVisibility")
990
+ def listing_visibility(self) -> Optional[pulumi.Input[str]]:
839
991
  """
840
- **Deprecated** use `password_policy`. The desired length of passwords that Vault generates.
841
- *Mutually exclusive with `password_policy` on vault-1.11+*
992
+ Specifies whether to show this mount in the UI-specific listing endpoint
842
993
  """
843
- warnings.warn("""Length is deprecated and password_policy should be used with Vault >= 1.5.""", DeprecationWarning)
844
- pulumi.log.warn("""length is deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.""")
845
-
846
- return pulumi.get(self, "length")
994
+ return pulumi.get(self, "listing_visibility")
847
995
 
848
- @length.setter
849
- def length(self, value: Optional[pulumi.Input[int]]):
850
- pulumi.set(self, "length", value)
996
+ @listing_visibility.setter
997
+ def listing_visibility(self, value: Optional[pulumi.Input[str]]):
998
+ pulumi.set(self, "listing_visibility", value)
851
999
 
852
1000
  @property
853
1001
  @pulumi.getter
@@ -880,7 +1028,7 @@ class _SecretBackendState:
880
1028
  """
881
1029
  The namespace to provision the resource in.
882
1030
  The value should not contain leading or trailing forward slashes.
883
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1031
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
884
1032
  *Available only for Vault Enterprise*.
885
1033
  """
886
1034
  return pulumi.get(self, "namespace")
@@ -891,16 +1039,28 @@ class _SecretBackendState:
891
1039
 
892
1040
  @property
893
1041
  @pulumi.getter
894
- def options(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
1042
+ def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
895
1043
  """
896
1044
  Specifies mount type specific options that are passed to the backend
897
1045
  """
898
1046
  return pulumi.get(self, "options")
899
1047
 
900
1048
  @options.setter
901
- def options(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
1049
+ def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
902
1050
  pulumi.set(self, "options", value)
903
1051
 
1052
+ @property
1053
+ @pulumi.getter(name="passthroughRequestHeaders")
1054
+ def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1055
+ """
1056
+ List of headers to allow and pass from the request to the plugin
1057
+ """
1058
+ return pulumi.get(self, "passthrough_request_headers")
1059
+
1060
+ @passthrough_request_headers.setter
1061
+ def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1062
+ pulumi.set(self, "passthrough_request_headers", value)
1063
+
904
1064
  @property
905
1065
  @pulumi.getter(name="passwordPolicy")
906
1066
  def password_policy(self) -> Optional[pulumi.Input[str]]:
@@ -926,6 +1086,18 @@ class _SecretBackendState:
926
1086
  def path(self, value: Optional[pulumi.Input[str]]):
927
1087
  pulumi.set(self, "path", value)
928
1088
 
1089
+ @property
1090
+ @pulumi.getter(name="pluginVersion")
1091
+ def plugin_version(self) -> Optional[pulumi.Input[str]]:
1092
+ """
1093
+ Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
1094
+ """
1095
+ return pulumi.get(self, "plugin_version")
1096
+
1097
+ @plugin_version.setter
1098
+ def plugin_version(self, value: Optional[pulumi.Input[str]]):
1099
+ pulumi.set(self, "plugin_version", value)
1100
+
929
1101
  @property
930
1102
  @pulumi.getter(name="requestTimeout")
931
1103
  def request_timeout(self) -> Optional[pulumi.Input[int]]:
@@ -963,6 +1135,19 @@ class _SecretBackendState:
963
1135
  def seal_wrap(self, value: Optional[pulumi.Input[bool]]):
964
1136
  pulumi.set(self, "seal_wrap", value)
965
1137
 
1138
+ @property
1139
+ @pulumi.getter(name="skipStaticRoleImportRotation")
1140
+ def skip_static_role_import_rotation(self) -> Optional[pulumi.Input[bool]]:
1141
+ """
1142
+ If set to true, static roles will not be rotated during import.
1143
+ Defaults to false. Requires Vault 1.16 or above.
1144
+ """
1145
+ return pulumi.get(self, "skip_static_role_import_rotation")
1146
+
1147
+ @skip_static_role_import_rotation.setter
1148
+ def skip_static_role_import_rotation(self, value: Optional[pulumi.Input[bool]]):
1149
+ pulumi.set(self, "skip_static_role_import_rotation", value)
1150
+
966
1151
  @property
967
1152
  @pulumi.getter
968
1153
  def starttls(self) -> Optional[pulumi.Input[bool]]:
@@ -1031,6 +1216,7 @@ class SecretBackend(pulumi.CustomResource):
1031
1216
  resource_name: str,
1032
1217
  opts: Optional[pulumi.ResourceOptions] = None,
1033
1218
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1219
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1034
1220
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1035
1221
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1036
1222
  binddn: Optional[pulumi.Input[str]] = None,
@@ -1040,20 +1226,25 @@ class SecretBackend(pulumi.CustomResource):
1040
1226
  client_tls_key: Optional[pulumi.Input[str]] = None,
1041
1227
  connection_timeout: Optional[pulumi.Input[int]] = None,
1042
1228
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
1229
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1043
1230
  description: Optional[pulumi.Input[str]] = None,
1044
1231
  disable_remount: Optional[pulumi.Input[bool]] = None,
1045
1232
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
1233
+ identity_token_key: Optional[pulumi.Input[str]] = None,
1046
1234
  insecure_tls: Optional[pulumi.Input[bool]] = None,
1047
- length: Optional[pulumi.Input[int]] = None,
1235
+ listing_visibility: Optional[pulumi.Input[str]] = None,
1048
1236
  local: Optional[pulumi.Input[bool]] = None,
1049
1237
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
1050
1238
  namespace: Optional[pulumi.Input[str]] = None,
1051
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
1239
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1240
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1052
1241
  password_policy: Optional[pulumi.Input[str]] = None,
1053
1242
  path: Optional[pulumi.Input[str]] = None,
1243
+ plugin_version: Optional[pulumi.Input[str]] = None,
1054
1244
  request_timeout: Optional[pulumi.Input[int]] = None,
1055
1245
  schema: Optional[pulumi.Input[str]] = None,
1056
1246
  seal_wrap: Optional[pulumi.Input[bool]] = None,
1247
+ skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
1057
1248
  starttls: Optional[pulumi.Input[bool]] = None,
1058
1249
  upndomain: Optional[pulumi.Input[str]] = None,
1059
1250
  url: Optional[pulumi.Input[str]] = None,
@@ -1068,11 +1259,11 @@ class SecretBackend(pulumi.CustomResource):
1068
1259
  import pulumi_vault as vault
1069
1260
 
1070
1261
  config = vault.ldap.SecretBackend("config",
1262
+ path="my-custom-ldap",
1071
1263
  binddn="CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
1072
1264
  bindpass="SuperSecretPassw0rd",
1073
- insecure_tls=True,
1074
- path="my-custom-ldap",
1075
1265
  url="ldaps://localhost",
1266
+ insecure_tls=True,
1076
1267
  userdn="CN=Users,DC=corp,DC=example,DC=net")
1077
1268
  ```
1078
1269
 
@@ -1081,12 +1272,13 @@ class SecretBackend(pulumi.CustomResource):
1081
1272
  LDAP secret backend can be imported using the `${mount}/config`, e.g.
1082
1273
 
1083
1274
  ```sh
1084
- $ pulumi import vault:ldap/secretBackend:SecretBackend config ldap/config
1275
+ $ pulumi import vault:ldap/secretBackend:SecretBackend config ldap/config
1085
1276
  ```
1086
1277
 
1087
1278
  :param str resource_name: The name of the resource.
1088
1279
  :param pulumi.ResourceOptions opts: Options for the resource.
1089
1280
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
1281
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
1090
1282
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
1091
1283
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
1092
1284
  :param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
@@ -1098,28 +1290,33 @@ class SecretBackend(pulumi.CustomResource):
1098
1290
  :param pulumi.Input[int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
1099
1291
  the next URL in the configuration.
1100
1292
  :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
1293
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
1101
1294
  :param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
1102
1295
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
1103
1296
  :param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
1297
+ :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
1104
1298
  :param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
1105
1299
  Defaults to `false`.
1106
- :param pulumi.Input[int] length: **Deprecated** use `password_policy`. The desired length of passwords that Vault generates.
1107
- *Mutually exclusive with `password_policy` on vault-1.11+*
1300
+ :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
1108
1301
  :param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
1109
1302
  replication.Tolerance duration to use when checking the last rotation time.
1110
1303
  :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
1111
1304
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1112
1305
  The value should not contain leading or trailing forward slashes.
1113
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1306
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1114
1307
  *Available only for Vault Enterprise*.
1115
- :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
1308
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
1309
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
1116
1310
  :param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
1117
1311
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
1118
1312
  not begin or end with a `/`. Defaults to `ldap`.
1313
+ :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
1119
1314
  :param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
1120
1315
  before returning back an error.
1121
1316
  :param pulumi.Input[str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
1122
1317
  :param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
1318
+ :param pulumi.Input[bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
1319
+ Defaults to false. Requires Vault 1.16 or above.
1123
1320
  :param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
1124
1321
  :param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
1125
1322
  :param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
@@ -1141,11 +1338,11 @@ class SecretBackend(pulumi.CustomResource):
1141
1338
  import pulumi_vault as vault
1142
1339
 
1143
1340
  config = vault.ldap.SecretBackend("config",
1341
+ path="my-custom-ldap",
1144
1342
  binddn="CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
1145
1343
  bindpass="SuperSecretPassw0rd",
1146
- insecure_tls=True,
1147
- path="my-custom-ldap",
1148
1344
  url="ldaps://localhost",
1345
+ insecure_tls=True,
1149
1346
  userdn="CN=Users,DC=corp,DC=example,DC=net")
1150
1347
  ```
1151
1348
 
@@ -1154,7 +1351,7 @@ class SecretBackend(pulumi.CustomResource):
1154
1351
  LDAP secret backend can be imported using the `${mount}/config`, e.g.
1155
1352
 
1156
1353
  ```sh
1157
- $ pulumi import vault:ldap/secretBackend:SecretBackend config ldap/config
1354
+ $ pulumi import vault:ldap/secretBackend:SecretBackend config ldap/config
1158
1355
  ```
1159
1356
 
1160
1357
  :param str resource_name: The name of the resource.
@@ -1173,6 +1370,7 @@ class SecretBackend(pulumi.CustomResource):
1173
1370
  resource_name: str,
1174
1371
  opts: Optional[pulumi.ResourceOptions] = None,
1175
1372
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1373
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1176
1374
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1177
1375
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1178
1376
  binddn: Optional[pulumi.Input[str]] = None,
@@ -1182,20 +1380,25 @@ class SecretBackend(pulumi.CustomResource):
1182
1380
  client_tls_key: Optional[pulumi.Input[str]] = None,
1183
1381
  connection_timeout: Optional[pulumi.Input[int]] = None,
1184
1382
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
1383
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1185
1384
  description: Optional[pulumi.Input[str]] = None,
1186
1385
  disable_remount: Optional[pulumi.Input[bool]] = None,
1187
1386
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
1387
+ identity_token_key: Optional[pulumi.Input[str]] = None,
1188
1388
  insecure_tls: Optional[pulumi.Input[bool]] = None,
1189
- length: Optional[pulumi.Input[int]] = None,
1389
+ listing_visibility: Optional[pulumi.Input[str]] = None,
1190
1390
  local: Optional[pulumi.Input[bool]] = None,
1191
1391
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
1192
1392
  namespace: Optional[pulumi.Input[str]] = None,
1193
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
1393
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1394
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1194
1395
  password_policy: Optional[pulumi.Input[str]] = None,
1195
1396
  path: Optional[pulumi.Input[str]] = None,
1397
+ plugin_version: Optional[pulumi.Input[str]] = None,
1196
1398
  request_timeout: Optional[pulumi.Input[int]] = None,
1197
1399
  schema: Optional[pulumi.Input[str]] = None,
1198
1400
  seal_wrap: Optional[pulumi.Input[bool]] = None,
1401
+ skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
1199
1402
  starttls: Optional[pulumi.Input[bool]] = None,
1200
1403
  upndomain: Optional[pulumi.Input[str]] = None,
1201
1404
  url: Optional[pulumi.Input[str]] = None,
@@ -1211,6 +1414,7 @@ class SecretBackend(pulumi.CustomResource):
1211
1414
  __props__ = SecretBackendArgs.__new__(SecretBackendArgs)
1212
1415
 
1213
1416
  __props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
1417
+ __props__.__dict__["allowed_response_headers"] = allowed_response_headers
1214
1418
  __props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
1215
1419
  __props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
1216
1420
  if binddn is None and not opts.urn:
@@ -1224,20 +1428,25 @@ class SecretBackend(pulumi.CustomResource):
1224
1428
  __props__.__dict__["client_tls_key"] = None if client_tls_key is None else pulumi.Output.secret(client_tls_key)
1225
1429
  __props__.__dict__["connection_timeout"] = connection_timeout
1226
1430
  __props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
1431
+ __props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
1227
1432
  __props__.__dict__["description"] = description
1228
1433
  __props__.__dict__["disable_remount"] = disable_remount
1229
1434
  __props__.__dict__["external_entropy_access"] = external_entropy_access
1435
+ __props__.__dict__["identity_token_key"] = identity_token_key
1230
1436
  __props__.__dict__["insecure_tls"] = insecure_tls
1231
- __props__.__dict__["length"] = length
1437
+ __props__.__dict__["listing_visibility"] = listing_visibility
1232
1438
  __props__.__dict__["local"] = local
1233
1439
  __props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
1234
1440
  __props__.__dict__["namespace"] = namespace
1235
1441
  __props__.__dict__["options"] = options
1442
+ __props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
1236
1443
  __props__.__dict__["password_policy"] = password_policy
1237
1444
  __props__.__dict__["path"] = path
1445
+ __props__.__dict__["plugin_version"] = plugin_version
1238
1446
  __props__.__dict__["request_timeout"] = request_timeout
1239
1447
  __props__.__dict__["schema"] = schema
1240
1448
  __props__.__dict__["seal_wrap"] = seal_wrap
1449
+ __props__.__dict__["skip_static_role_import_rotation"] = skip_static_role_import_rotation
1241
1450
  __props__.__dict__["starttls"] = starttls
1242
1451
  __props__.__dict__["upndomain"] = upndomain
1243
1452
  __props__.__dict__["url"] = url
@@ -1258,6 +1467,7 @@ class SecretBackend(pulumi.CustomResource):
1258
1467
  opts: Optional[pulumi.ResourceOptions] = None,
1259
1468
  accessor: Optional[pulumi.Input[str]] = None,
1260
1469
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1470
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1261
1471
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1262
1472
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1263
1473
  binddn: Optional[pulumi.Input[str]] = None,
@@ -1267,20 +1477,25 @@ class SecretBackend(pulumi.CustomResource):
1267
1477
  client_tls_key: Optional[pulumi.Input[str]] = None,
1268
1478
  connection_timeout: Optional[pulumi.Input[int]] = None,
1269
1479
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
1480
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1270
1481
  description: Optional[pulumi.Input[str]] = None,
1271
1482
  disable_remount: Optional[pulumi.Input[bool]] = None,
1272
1483
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
1484
+ identity_token_key: Optional[pulumi.Input[str]] = None,
1273
1485
  insecure_tls: Optional[pulumi.Input[bool]] = None,
1274
- length: Optional[pulumi.Input[int]] = None,
1486
+ listing_visibility: Optional[pulumi.Input[str]] = None,
1275
1487
  local: Optional[pulumi.Input[bool]] = None,
1276
1488
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
1277
1489
  namespace: Optional[pulumi.Input[str]] = None,
1278
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
1490
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1491
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1279
1492
  password_policy: Optional[pulumi.Input[str]] = None,
1280
1493
  path: Optional[pulumi.Input[str]] = None,
1494
+ plugin_version: Optional[pulumi.Input[str]] = None,
1281
1495
  request_timeout: Optional[pulumi.Input[int]] = None,
1282
1496
  schema: Optional[pulumi.Input[str]] = None,
1283
1497
  seal_wrap: Optional[pulumi.Input[bool]] = None,
1498
+ skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
1284
1499
  starttls: Optional[pulumi.Input[bool]] = None,
1285
1500
  upndomain: Optional[pulumi.Input[str]] = None,
1286
1501
  url: Optional[pulumi.Input[str]] = None,
@@ -1295,6 +1510,7 @@ class SecretBackend(pulumi.CustomResource):
1295
1510
  :param pulumi.ResourceOptions opts: Options for the resource.
1296
1511
  :param pulumi.Input[str] accessor: Accessor of the mount
1297
1512
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
1513
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
1298
1514
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
1299
1515
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
1300
1516
  :param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
@@ -1306,28 +1522,33 @@ class SecretBackend(pulumi.CustomResource):
1306
1522
  :param pulumi.Input[int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
1307
1523
  the next URL in the configuration.
1308
1524
  :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
1525
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
1309
1526
  :param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
1310
1527
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
1311
1528
  :param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
1529
+ :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
1312
1530
  :param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
1313
1531
  Defaults to `false`.
1314
- :param pulumi.Input[int] length: **Deprecated** use `password_policy`. The desired length of passwords that Vault generates.
1315
- *Mutually exclusive with `password_policy` on vault-1.11+*
1532
+ :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
1316
1533
  :param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
1317
1534
  replication.Tolerance duration to use when checking the last rotation time.
1318
1535
  :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
1319
1536
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1320
1537
  The value should not contain leading or trailing forward slashes.
1321
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1538
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1322
1539
  *Available only for Vault Enterprise*.
1323
- :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
1540
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
1541
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
1324
1542
  :param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
1325
1543
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
1326
1544
  not begin or end with a `/`. Defaults to `ldap`.
1545
+ :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
1327
1546
  :param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
1328
1547
  before returning back an error.
1329
1548
  :param pulumi.Input[str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
1330
1549
  :param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
1550
+ :param pulumi.Input[bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
1551
+ Defaults to false. Requires Vault 1.16 or above.
1331
1552
  :param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
1332
1553
  :param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
1333
1554
  :param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
@@ -1341,6 +1562,7 @@ class SecretBackend(pulumi.CustomResource):
1341
1562
 
1342
1563
  __props__.__dict__["accessor"] = accessor
1343
1564
  __props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
1565
+ __props__.__dict__["allowed_response_headers"] = allowed_response_headers
1344
1566
  __props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
1345
1567
  __props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
1346
1568
  __props__.__dict__["binddn"] = binddn
@@ -1350,20 +1572,25 @@ class SecretBackend(pulumi.CustomResource):
1350
1572
  __props__.__dict__["client_tls_key"] = client_tls_key
1351
1573
  __props__.__dict__["connection_timeout"] = connection_timeout
1352
1574
  __props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
1575
+ __props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
1353
1576
  __props__.__dict__["description"] = description
1354
1577
  __props__.__dict__["disable_remount"] = disable_remount
1355
1578
  __props__.__dict__["external_entropy_access"] = external_entropy_access
1579
+ __props__.__dict__["identity_token_key"] = identity_token_key
1356
1580
  __props__.__dict__["insecure_tls"] = insecure_tls
1357
- __props__.__dict__["length"] = length
1581
+ __props__.__dict__["listing_visibility"] = listing_visibility
1358
1582
  __props__.__dict__["local"] = local
1359
1583
  __props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
1360
1584
  __props__.__dict__["namespace"] = namespace
1361
1585
  __props__.__dict__["options"] = options
1586
+ __props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
1362
1587
  __props__.__dict__["password_policy"] = password_policy
1363
1588
  __props__.__dict__["path"] = path
1589
+ __props__.__dict__["plugin_version"] = plugin_version
1364
1590
  __props__.__dict__["request_timeout"] = request_timeout
1365
1591
  __props__.__dict__["schema"] = schema
1366
1592
  __props__.__dict__["seal_wrap"] = seal_wrap
1593
+ __props__.__dict__["skip_static_role_import_rotation"] = skip_static_role_import_rotation
1367
1594
  __props__.__dict__["starttls"] = starttls
1368
1595
  __props__.__dict__["upndomain"] = upndomain
1369
1596
  __props__.__dict__["url"] = url
@@ -1387,6 +1614,14 @@ class SecretBackend(pulumi.CustomResource):
1387
1614
  """
1388
1615
  return pulumi.get(self, "allowed_managed_keys")
1389
1616
 
1617
+ @property
1618
+ @pulumi.getter(name="allowedResponseHeaders")
1619
+ def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
1620
+ """
1621
+ List of headers to allow and pass from the request to the plugin
1622
+ """
1623
+ return pulumi.get(self, "allowed_response_headers")
1624
+
1390
1625
  @property
1391
1626
  @pulumi.getter(name="auditNonHmacRequestKeys")
1392
1627
  def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[str]]:
@@ -1461,6 +1696,14 @@ class SecretBackend(pulumi.CustomResource):
1461
1696
  """
1462
1697
  return pulumi.get(self, "default_lease_ttl_seconds")
1463
1698
 
1699
+ @property
1700
+ @pulumi.getter(name="delegatedAuthAccessors")
1701
+ def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[str]]]:
1702
+ """
1703
+ List of headers to allow and pass from the request to the plugin
1704
+ """
1705
+ return pulumi.get(self, "delegated_auth_accessors")
1706
+
1464
1707
  @property
1465
1708
  @pulumi.getter
1466
1709
  def description(self) -> pulumi.Output[Optional[str]]:
@@ -1485,6 +1728,14 @@ class SecretBackend(pulumi.CustomResource):
1485
1728
  """
1486
1729
  return pulumi.get(self, "external_entropy_access")
1487
1730
 
1731
+ @property
1732
+ @pulumi.getter(name="identityTokenKey")
1733
+ def identity_token_key(self) -> pulumi.Output[Optional[str]]:
1734
+ """
1735
+ The key to use for signing plugin workload identity tokens
1736
+ """
1737
+ return pulumi.get(self, "identity_token_key")
1738
+
1488
1739
  @property
1489
1740
  @pulumi.getter(name="insecureTls")
1490
1741
  def insecure_tls(self) -> pulumi.Output[Optional[bool]]:
@@ -1495,16 +1746,12 @@ class SecretBackend(pulumi.CustomResource):
1495
1746
  return pulumi.get(self, "insecure_tls")
1496
1747
 
1497
1748
  @property
1498
- @pulumi.getter
1499
- def length(self) -> pulumi.Output[int]:
1749
+ @pulumi.getter(name="listingVisibility")
1750
+ def listing_visibility(self) -> pulumi.Output[Optional[str]]:
1500
1751
  """
1501
- **Deprecated** use `password_policy`. The desired length of passwords that Vault generates.
1502
- *Mutually exclusive with `password_policy` on vault-1.11+*
1752
+ Specifies whether to show this mount in the UI-specific listing endpoint
1503
1753
  """
1504
- warnings.warn("""Length is deprecated and password_policy should be used with Vault >= 1.5.""", DeprecationWarning)
1505
- pulumi.log.warn("""length is deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.""")
1506
-
1507
- return pulumi.get(self, "length")
1754
+ return pulumi.get(self, "listing_visibility")
1508
1755
 
1509
1756
  @property
1510
1757
  @pulumi.getter
@@ -1529,19 +1776,27 @@ class SecretBackend(pulumi.CustomResource):
1529
1776
  """
1530
1777
  The namespace to provision the resource in.
1531
1778
  The value should not contain leading or trailing forward slashes.
1532
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1779
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1533
1780
  *Available only for Vault Enterprise*.
1534
1781
  """
1535
1782
  return pulumi.get(self, "namespace")
1536
1783
 
1537
1784
  @property
1538
1785
  @pulumi.getter
1539
- def options(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
1786
+ def options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
1540
1787
  """
1541
1788
  Specifies mount type specific options that are passed to the backend
1542
1789
  """
1543
1790
  return pulumi.get(self, "options")
1544
1791
 
1792
+ @property
1793
+ @pulumi.getter(name="passthroughRequestHeaders")
1794
+ def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
1795
+ """
1796
+ List of headers to allow and pass from the request to the plugin
1797
+ """
1798
+ return pulumi.get(self, "passthrough_request_headers")
1799
+
1545
1800
  @property
1546
1801
  @pulumi.getter(name="passwordPolicy")
1547
1802
  def password_policy(self) -> pulumi.Output[Optional[str]]:
@@ -1559,6 +1814,14 @@ class SecretBackend(pulumi.CustomResource):
1559
1814
  """
1560
1815
  return pulumi.get(self, "path")
1561
1816
 
1817
+ @property
1818
+ @pulumi.getter(name="pluginVersion")
1819
+ def plugin_version(self) -> pulumi.Output[Optional[str]]:
1820
+ """
1821
+ Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
1822
+ """
1823
+ return pulumi.get(self, "plugin_version")
1824
+
1562
1825
  @property
1563
1826
  @pulumi.getter(name="requestTimeout")
1564
1827
  def request_timeout(self) -> pulumi.Output[int]:
@@ -1584,6 +1847,15 @@ class SecretBackend(pulumi.CustomResource):
1584
1847
  """
1585
1848
  return pulumi.get(self, "seal_wrap")
1586
1849
 
1850
+ @property
1851
+ @pulumi.getter(name="skipStaticRoleImportRotation")
1852
+ def skip_static_role_import_rotation(self) -> pulumi.Output[Optional[bool]]:
1853
+ """
1854
+ If set to true, static roles will not be rotated during import.
1855
+ Defaults to false. Requires Vault 1.16 or above.
1856
+ """
1857
+ return pulumi.get(self, "skip_static_role_import_rotation")
1858
+
1587
1859
  @property
1588
1860
  @pulumi.getter
1589
1861
  def starttls(self) -> pulumi.Output[bool]: