pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
  from . import outputs
12
17
  from ._inputs import *
@@ -26,6 +31,15 @@ class AuthBackendArgs:
26
31
  namespace: Optional[pulumi.Input[str]] = None,
27
32
  path: Optional[pulumi.Input[str]] = None,
28
33
  token: Optional[pulumi.Input[str]] = None,
34
+ token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
35
+ token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
36
+ token_max_ttl: Optional[pulumi.Input[int]] = None,
37
+ token_no_default_policy: Optional[pulumi.Input[bool]] = None,
38
+ token_num_uses: Optional[pulumi.Input[int]] = None,
39
+ token_period: Optional[pulumi.Input[int]] = None,
40
+ token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
41
+ token_ttl: Optional[pulumi.Input[int]] = None,
42
+ token_type: Optional[pulumi.Input[str]] = None,
29
43
  ttl: Optional[pulumi.Input[str]] = None,
30
44
  users: Optional[pulumi.Input[Sequence[pulumi.Input['AuthBackendUserArgs']]]] = None):
31
45
  """
@@ -42,11 +56,20 @@ class AuthBackendArgs:
42
56
  [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
43
57
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
44
58
  The value should not contain leading or trailing forward slashes.
45
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
59
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
46
60
  *Available only for Vault Enterprise*.
47
61
  :param pulumi.Input[str] path: Path to mount the Okta auth backend. Default to path `okta`.
48
62
  :param pulumi.Input[str] token: The Okta API token. This is required to query Okta for user group membership.
49
63
  If this is not supplied only locally configured groups will be enabled.
64
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
65
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
66
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
67
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
68
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
69
+ :param pulumi.Input[int] token_period: Generated Token's Period
70
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
71
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
72
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
50
73
  :param pulumi.Input[str] ttl: Duration after which authentication will be expired.
51
74
  [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
52
75
  :param pulumi.Input[Sequence[pulumi.Input['AuthBackendUserArgs']]] users: Associate Okta users with groups or policies within Vault.
@@ -63,6 +86,9 @@ class AuthBackendArgs:
63
86
  pulumi.set(__self__, "disable_remount", disable_remount)
64
87
  if groups is not None:
65
88
  pulumi.set(__self__, "groups", groups)
89
+ if max_ttl is not None:
90
+ warnings.warn("""Deprecated. Please use `token_max_ttl` instead.""", DeprecationWarning)
91
+ pulumi.log.warn("""max_ttl is deprecated: Deprecated. Please use `token_max_ttl` instead.""")
66
92
  if max_ttl is not None:
67
93
  pulumi.set(__self__, "max_ttl", max_ttl)
68
94
  if namespace is not None:
@@ -71,6 +97,27 @@ class AuthBackendArgs:
71
97
  pulumi.set(__self__, "path", path)
72
98
  if token is not None:
73
99
  pulumi.set(__self__, "token", token)
100
+ if token_bound_cidrs is not None:
101
+ pulumi.set(__self__, "token_bound_cidrs", token_bound_cidrs)
102
+ if token_explicit_max_ttl is not None:
103
+ pulumi.set(__self__, "token_explicit_max_ttl", token_explicit_max_ttl)
104
+ if token_max_ttl is not None:
105
+ pulumi.set(__self__, "token_max_ttl", token_max_ttl)
106
+ if token_no_default_policy is not None:
107
+ pulumi.set(__self__, "token_no_default_policy", token_no_default_policy)
108
+ if token_num_uses is not None:
109
+ pulumi.set(__self__, "token_num_uses", token_num_uses)
110
+ if token_period is not None:
111
+ pulumi.set(__self__, "token_period", token_period)
112
+ if token_policies is not None:
113
+ pulumi.set(__self__, "token_policies", token_policies)
114
+ if token_ttl is not None:
115
+ pulumi.set(__self__, "token_ttl", token_ttl)
116
+ if token_type is not None:
117
+ pulumi.set(__self__, "token_type", token_type)
118
+ if ttl is not None:
119
+ warnings.warn("""Deprecated. Please use `token_ttl` instead.""", DeprecationWarning)
120
+ pulumi.log.warn("""ttl is deprecated: Deprecated. Please use `token_ttl` instead.""")
74
121
  if ttl is not None:
75
122
  pulumi.set(__self__, "ttl", ttl)
76
123
  if users is not None:
@@ -152,6 +199,7 @@ class AuthBackendArgs:
152
199
 
153
200
  @property
154
201
  @pulumi.getter(name="maxTtl")
202
+ @_utilities.deprecated("""Deprecated. Please use `token_max_ttl` instead.""")
155
203
  def max_ttl(self) -> Optional[pulumi.Input[str]]:
156
204
  """
157
205
  Maximum duration after which authentication will be expired
@@ -169,7 +217,7 @@ class AuthBackendArgs:
169
217
  """
170
218
  The namespace to provision the resource in.
171
219
  The value should not contain leading or trailing forward slashes.
172
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
220
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
173
221
  *Available only for Vault Enterprise*.
174
222
  """
175
223
  return pulumi.get(self, "namespace")
@@ -203,8 +251,117 @@ class AuthBackendArgs:
203
251
  def token(self, value: Optional[pulumi.Input[str]]):
204
252
  pulumi.set(self, "token", value)
205
253
 
254
+ @property
255
+ @pulumi.getter(name="tokenBoundCidrs")
256
+ def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
257
+ """
258
+ Specifies the blocks of IP addresses which are allowed to use the generated token
259
+ """
260
+ return pulumi.get(self, "token_bound_cidrs")
261
+
262
+ @token_bound_cidrs.setter
263
+ def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
264
+ pulumi.set(self, "token_bound_cidrs", value)
265
+
266
+ @property
267
+ @pulumi.getter(name="tokenExplicitMaxTtl")
268
+ def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
269
+ """
270
+ Generated Token's Explicit Maximum TTL in seconds
271
+ """
272
+ return pulumi.get(self, "token_explicit_max_ttl")
273
+
274
+ @token_explicit_max_ttl.setter
275
+ def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
276
+ pulumi.set(self, "token_explicit_max_ttl", value)
277
+
278
+ @property
279
+ @pulumi.getter(name="tokenMaxTtl")
280
+ def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
281
+ """
282
+ The maximum lifetime of the generated token
283
+ """
284
+ return pulumi.get(self, "token_max_ttl")
285
+
286
+ @token_max_ttl.setter
287
+ def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
288
+ pulumi.set(self, "token_max_ttl", value)
289
+
290
+ @property
291
+ @pulumi.getter(name="tokenNoDefaultPolicy")
292
+ def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
293
+ """
294
+ If true, the 'default' policy will not automatically be added to generated tokens
295
+ """
296
+ return pulumi.get(self, "token_no_default_policy")
297
+
298
+ @token_no_default_policy.setter
299
+ def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
300
+ pulumi.set(self, "token_no_default_policy", value)
301
+
302
+ @property
303
+ @pulumi.getter(name="tokenNumUses")
304
+ def token_num_uses(self) -> Optional[pulumi.Input[int]]:
305
+ """
306
+ The maximum number of times a token may be used, a value of zero means unlimited
307
+ """
308
+ return pulumi.get(self, "token_num_uses")
309
+
310
+ @token_num_uses.setter
311
+ def token_num_uses(self, value: Optional[pulumi.Input[int]]):
312
+ pulumi.set(self, "token_num_uses", value)
313
+
314
+ @property
315
+ @pulumi.getter(name="tokenPeriod")
316
+ def token_period(self) -> Optional[pulumi.Input[int]]:
317
+ """
318
+ Generated Token's Period
319
+ """
320
+ return pulumi.get(self, "token_period")
321
+
322
+ @token_period.setter
323
+ def token_period(self, value: Optional[pulumi.Input[int]]):
324
+ pulumi.set(self, "token_period", value)
325
+
326
+ @property
327
+ @pulumi.getter(name="tokenPolicies")
328
+ def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
329
+ """
330
+ Generated Token's Policies
331
+ """
332
+ return pulumi.get(self, "token_policies")
333
+
334
+ @token_policies.setter
335
+ def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
336
+ pulumi.set(self, "token_policies", value)
337
+
338
+ @property
339
+ @pulumi.getter(name="tokenTtl")
340
+ def token_ttl(self) -> Optional[pulumi.Input[int]]:
341
+ """
342
+ The initial ttl of the token to generate in seconds
343
+ """
344
+ return pulumi.get(self, "token_ttl")
345
+
346
+ @token_ttl.setter
347
+ def token_ttl(self, value: Optional[pulumi.Input[int]]):
348
+ pulumi.set(self, "token_ttl", value)
349
+
350
+ @property
351
+ @pulumi.getter(name="tokenType")
352
+ def token_type(self) -> Optional[pulumi.Input[str]]:
353
+ """
354
+ The type of token to generate, service or batch
355
+ """
356
+ return pulumi.get(self, "token_type")
357
+
358
+ @token_type.setter
359
+ def token_type(self, value: Optional[pulumi.Input[str]]):
360
+ pulumi.set(self, "token_type", value)
361
+
206
362
  @property
207
363
  @pulumi.getter
364
+ @_utilities.deprecated("""Deprecated. Please use `token_ttl` instead.""")
208
365
  def ttl(self) -> Optional[pulumi.Input[str]]:
209
366
  """
210
367
  Duration after which authentication will be expired.
@@ -244,6 +401,15 @@ class _AuthBackendState:
244
401
  organization: Optional[pulumi.Input[str]] = None,
245
402
  path: Optional[pulumi.Input[str]] = None,
246
403
  token: Optional[pulumi.Input[str]] = None,
404
+ token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
405
+ token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
406
+ token_max_ttl: Optional[pulumi.Input[int]] = None,
407
+ token_no_default_policy: Optional[pulumi.Input[bool]] = None,
408
+ token_num_uses: Optional[pulumi.Input[int]] = None,
409
+ token_period: Optional[pulumi.Input[int]] = None,
410
+ token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
411
+ token_ttl: Optional[pulumi.Input[int]] = None,
412
+ token_type: Optional[pulumi.Input[str]] = None,
247
413
  ttl: Optional[pulumi.Input[str]] = None,
248
414
  users: Optional[pulumi.Input[Sequence[pulumi.Input['AuthBackendUserArgs']]]] = None):
249
415
  """
@@ -260,12 +426,21 @@ class _AuthBackendState:
260
426
  [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
261
427
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
262
428
  The value should not contain leading or trailing forward slashes.
263
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
429
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
264
430
  *Available only for Vault Enterprise*.
265
431
  :param pulumi.Input[str] organization: The Okta organization. This will be the first part of the url `https://XXX.okta.com`
266
432
  :param pulumi.Input[str] path: Path to mount the Okta auth backend. Default to path `okta`.
267
433
  :param pulumi.Input[str] token: The Okta API token. This is required to query Okta for user group membership.
268
434
  If this is not supplied only locally configured groups will be enabled.
435
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
436
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
437
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
438
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
439
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
440
+ :param pulumi.Input[int] token_period: Generated Token's Period
441
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
442
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
443
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
269
444
  :param pulumi.Input[str] ttl: Duration after which authentication will be expired.
270
445
  [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
271
446
  :param pulumi.Input[Sequence[pulumi.Input['AuthBackendUserArgs']]] users: Associate Okta users with groups or policies within Vault.
@@ -283,6 +458,9 @@ class _AuthBackendState:
283
458
  pulumi.set(__self__, "disable_remount", disable_remount)
284
459
  if groups is not None:
285
460
  pulumi.set(__self__, "groups", groups)
461
+ if max_ttl is not None:
462
+ warnings.warn("""Deprecated. Please use `token_max_ttl` instead.""", DeprecationWarning)
463
+ pulumi.log.warn("""max_ttl is deprecated: Deprecated. Please use `token_max_ttl` instead.""")
286
464
  if max_ttl is not None:
287
465
  pulumi.set(__self__, "max_ttl", max_ttl)
288
466
  if namespace is not None:
@@ -293,6 +471,27 @@ class _AuthBackendState:
293
471
  pulumi.set(__self__, "path", path)
294
472
  if token is not None:
295
473
  pulumi.set(__self__, "token", token)
474
+ if token_bound_cidrs is not None:
475
+ pulumi.set(__self__, "token_bound_cidrs", token_bound_cidrs)
476
+ if token_explicit_max_ttl is not None:
477
+ pulumi.set(__self__, "token_explicit_max_ttl", token_explicit_max_ttl)
478
+ if token_max_ttl is not None:
479
+ pulumi.set(__self__, "token_max_ttl", token_max_ttl)
480
+ if token_no_default_policy is not None:
481
+ pulumi.set(__self__, "token_no_default_policy", token_no_default_policy)
482
+ if token_num_uses is not None:
483
+ pulumi.set(__self__, "token_num_uses", token_num_uses)
484
+ if token_period is not None:
485
+ pulumi.set(__self__, "token_period", token_period)
486
+ if token_policies is not None:
487
+ pulumi.set(__self__, "token_policies", token_policies)
488
+ if token_ttl is not None:
489
+ pulumi.set(__self__, "token_ttl", token_ttl)
490
+ if token_type is not None:
491
+ pulumi.set(__self__, "token_type", token_type)
492
+ if ttl is not None:
493
+ warnings.warn("""Deprecated. Please use `token_ttl` instead.""", DeprecationWarning)
494
+ pulumi.log.warn("""ttl is deprecated: Deprecated. Please use `token_ttl` instead.""")
296
495
  if ttl is not None:
297
496
  pulumi.set(__self__, "ttl", ttl)
298
497
  if users is not None:
@@ -374,6 +573,7 @@ class _AuthBackendState:
374
573
 
375
574
  @property
376
575
  @pulumi.getter(name="maxTtl")
576
+ @_utilities.deprecated("""Deprecated. Please use `token_max_ttl` instead.""")
377
577
  def max_ttl(self) -> Optional[pulumi.Input[str]]:
378
578
  """
379
579
  Maximum duration after which authentication will be expired
@@ -391,7 +591,7 @@ class _AuthBackendState:
391
591
  """
392
592
  The namespace to provision the resource in.
393
593
  The value should not contain leading or trailing forward slashes.
394
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
594
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
395
595
  *Available only for Vault Enterprise*.
396
596
  """
397
597
  return pulumi.get(self, "namespace")
@@ -437,8 +637,117 @@ class _AuthBackendState:
437
637
  def token(self, value: Optional[pulumi.Input[str]]):
438
638
  pulumi.set(self, "token", value)
439
639
 
640
+ @property
641
+ @pulumi.getter(name="tokenBoundCidrs")
642
+ def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
643
+ """
644
+ Specifies the blocks of IP addresses which are allowed to use the generated token
645
+ """
646
+ return pulumi.get(self, "token_bound_cidrs")
647
+
648
+ @token_bound_cidrs.setter
649
+ def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
650
+ pulumi.set(self, "token_bound_cidrs", value)
651
+
652
+ @property
653
+ @pulumi.getter(name="tokenExplicitMaxTtl")
654
+ def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
655
+ """
656
+ Generated Token's Explicit Maximum TTL in seconds
657
+ """
658
+ return pulumi.get(self, "token_explicit_max_ttl")
659
+
660
+ @token_explicit_max_ttl.setter
661
+ def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
662
+ pulumi.set(self, "token_explicit_max_ttl", value)
663
+
664
+ @property
665
+ @pulumi.getter(name="tokenMaxTtl")
666
+ def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
667
+ """
668
+ The maximum lifetime of the generated token
669
+ """
670
+ return pulumi.get(self, "token_max_ttl")
671
+
672
+ @token_max_ttl.setter
673
+ def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
674
+ pulumi.set(self, "token_max_ttl", value)
675
+
676
+ @property
677
+ @pulumi.getter(name="tokenNoDefaultPolicy")
678
+ def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
679
+ """
680
+ If true, the 'default' policy will not automatically be added to generated tokens
681
+ """
682
+ return pulumi.get(self, "token_no_default_policy")
683
+
684
+ @token_no_default_policy.setter
685
+ def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
686
+ pulumi.set(self, "token_no_default_policy", value)
687
+
688
+ @property
689
+ @pulumi.getter(name="tokenNumUses")
690
+ def token_num_uses(self) -> Optional[pulumi.Input[int]]:
691
+ """
692
+ The maximum number of times a token may be used, a value of zero means unlimited
693
+ """
694
+ return pulumi.get(self, "token_num_uses")
695
+
696
+ @token_num_uses.setter
697
+ def token_num_uses(self, value: Optional[pulumi.Input[int]]):
698
+ pulumi.set(self, "token_num_uses", value)
699
+
700
+ @property
701
+ @pulumi.getter(name="tokenPeriod")
702
+ def token_period(self) -> Optional[pulumi.Input[int]]:
703
+ """
704
+ Generated Token's Period
705
+ """
706
+ return pulumi.get(self, "token_period")
707
+
708
+ @token_period.setter
709
+ def token_period(self, value: Optional[pulumi.Input[int]]):
710
+ pulumi.set(self, "token_period", value)
711
+
712
+ @property
713
+ @pulumi.getter(name="tokenPolicies")
714
+ def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
715
+ """
716
+ Generated Token's Policies
717
+ """
718
+ return pulumi.get(self, "token_policies")
719
+
720
+ @token_policies.setter
721
+ def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
722
+ pulumi.set(self, "token_policies", value)
723
+
724
+ @property
725
+ @pulumi.getter(name="tokenTtl")
726
+ def token_ttl(self) -> Optional[pulumi.Input[int]]:
727
+ """
728
+ The initial ttl of the token to generate in seconds
729
+ """
730
+ return pulumi.get(self, "token_ttl")
731
+
732
+ @token_ttl.setter
733
+ def token_ttl(self, value: Optional[pulumi.Input[int]]):
734
+ pulumi.set(self, "token_ttl", value)
735
+
736
+ @property
737
+ @pulumi.getter(name="tokenType")
738
+ def token_type(self) -> Optional[pulumi.Input[str]]:
739
+ """
740
+ The type of token to generate, service or batch
741
+ """
742
+ return pulumi.get(self, "token_type")
743
+
744
+ @token_type.setter
745
+ def token_type(self, value: Optional[pulumi.Input[str]]):
746
+ pulumi.set(self, "token_type", value)
747
+
440
748
  @property
441
749
  @pulumi.getter
750
+ @_utilities.deprecated("""Deprecated. Please use `token_ttl` instead.""")
442
751
  def ttl(self) -> Optional[pulumi.Input[str]]:
443
752
  """
444
753
  Duration after which authentication will be expired.
@@ -473,14 +782,23 @@ class AuthBackend(pulumi.CustomResource):
473
782
  bypass_okta_mfa: Optional[pulumi.Input[bool]] = None,
474
783
  description: Optional[pulumi.Input[str]] = None,
475
784
  disable_remount: Optional[pulumi.Input[bool]] = None,
476
- groups: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['AuthBackendGroupArgs']]]]] = None,
785
+ groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendGroupArgs', 'AuthBackendGroupArgsDict']]]]] = None,
477
786
  max_ttl: Optional[pulumi.Input[str]] = None,
478
787
  namespace: Optional[pulumi.Input[str]] = None,
479
788
  organization: Optional[pulumi.Input[str]] = None,
480
789
  path: Optional[pulumi.Input[str]] = None,
481
790
  token: Optional[pulumi.Input[str]] = None,
791
+ token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
792
+ token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
793
+ token_max_ttl: Optional[pulumi.Input[int]] = None,
794
+ token_no_default_policy: Optional[pulumi.Input[bool]] = None,
795
+ token_num_uses: Optional[pulumi.Input[int]] = None,
796
+ token_period: Optional[pulumi.Input[int]] = None,
797
+ token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
798
+ token_ttl: Optional[pulumi.Input[int]] = None,
799
+ token_type: Optional[pulumi.Input[str]] = None,
482
800
  ttl: Optional[pulumi.Input[str]] = None,
483
- users: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['AuthBackendUserArgs']]]]] = None,
801
+ users: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendUserArgs', 'AuthBackendUserArgsDict']]]]] = None,
484
802
  __props__=None):
485
803
  """
486
804
  Provides a resource for managing an
@@ -494,19 +812,19 @@ class AuthBackend(pulumi.CustomResource):
494
812
 
495
813
  example = vault.okta.AuthBackend("example",
496
814
  description="Demonstration of the Terraform Okta auth backend",
497
- groups=[vault.okta.AuthBackendGroupArgs(
498
- group_name="foo",
499
- policies=[
815
+ organization="example",
816
+ token="something that should be kept secret",
817
+ groups=[{
818
+ "group_name": "foo",
819
+ "policies": [
500
820
  "one",
501
821
  "two",
502
822
  ],
503
- )],
504
- organization="example",
505
- token="something that should be kept secret",
506
- users=[vault.okta.AuthBackendUserArgs(
507
- groups=["foo"],
508
- username="bar",
509
- )])
823
+ }],
824
+ users=[{
825
+ "username": "bar",
826
+ "groups": ["foo"],
827
+ }])
510
828
  ```
511
829
 
512
830
  ## Import
@@ -514,7 +832,7 @@ class AuthBackend(pulumi.CustomResource):
514
832
  Okta authentication backends can be imported using its `path`, e.g.
515
833
 
516
834
  ```sh
517
- $ pulumi import vault:okta/authBackend:AuthBackend example okta
835
+ $ pulumi import vault:okta/authBackend:AuthBackend example okta
518
836
  ```
519
837
 
520
838
  :param str resource_name: The name of the resource.
@@ -524,21 +842,30 @@ class AuthBackend(pulumi.CustomResource):
524
842
  :param pulumi.Input[str] description: The description of the auth backend
525
843
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
526
844
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
527
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['AuthBackendGroupArgs']]]] groups: Associate Okta groups with policies within Vault.
845
+ :param pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendGroupArgs', 'AuthBackendGroupArgsDict']]]] groups: Associate Okta groups with policies within Vault.
528
846
  See below for more details.
529
847
  :param pulumi.Input[str] max_ttl: Maximum duration after which authentication will be expired
530
848
  [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
531
849
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
532
850
  The value should not contain leading or trailing forward slashes.
533
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
851
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
534
852
  *Available only for Vault Enterprise*.
535
853
  :param pulumi.Input[str] organization: The Okta organization. This will be the first part of the url `https://XXX.okta.com`
536
854
  :param pulumi.Input[str] path: Path to mount the Okta auth backend. Default to path `okta`.
537
855
  :param pulumi.Input[str] token: The Okta API token. This is required to query Okta for user group membership.
538
856
  If this is not supplied only locally configured groups will be enabled.
857
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
858
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
859
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
860
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
861
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
862
+ :param pulumi.Input[int] token_period: Generated Token's Period
863
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
864
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
865
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
539
866
  :param pulumi.Input[str] ttl: Duration after which authentication will be expired.
540
867
  [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
541
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['AuthBackendUserArgs']]]] users: Associate Okta users with groups or policies within Vault.
868
+ :param pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendUserArgs', 'AuthBackendUserArgsDict']]]] users: Associate Okta users with groups or policies within Vault.
542
869
  See below for more details.
543
870
  """
544
871
  ...
@@ -559,19 +886,19 @@ class AuthBackend(pulumi.CustomResource):
559
886
 
560
887
  example = vault.okta.AuthBackend("example",
561
888
  description="Demonstration of the Terraform Okta auth backend",
562
- groups=[vault.okta.AuthBackendGroupArgs(
563
- group_name="foo",
564
- policies=[
889
+ organization="example",
890
+ token="something that should be kept secret",
891
+ groups=[{
892
+ "group_name": "foo",
893
+ "policies": [
565
894
  "one",
566
895
  "two",
567
896
  ],
568
- )],
569
- organization="example",
570
- token="something that should be kept secret",
571
- users=[vault.okta.AuthBackendUserArgs(
572
- groups=["foo"],
573
- username="bar",
574
- )])
897
+ }],
898
+ users=[{
899
+ "username": "bar",
900
+ "groups": ["foo"],
901
+ }])
575
902
  ```
576
903
 
577
904
  ## Import
@@ -579,7 +906,7 @@ class AuthBackend(pulumi.CustomResource):
579
906
  Okta authentication backends can be imported using its `path`, e.g.
580
907
 
581
908
  ```sh
582
- $ pulumi import vault:okta/authBackend:AuthBackend example okta
909
+ $ pulumi import vault:okta/authBackend:AuthBackend example okta
583
910
  ```
584
911
 
585
912
  :param str resource_name: The name of the resource.
@@ -601,14 +928,23 @@ class AuthBackend(pulumi.CustomResource):
601
928
  bypass_okta_mfa: Optional[pulumi.Input[bool]] = None,
602
929
  description: Optional[pulumi.Input[str]] = None,
603
930
  disable_remount: Optional[pulumi.Input[bool]] = None,
604
- groups: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['AuthBackendGroupArgs']]]]] = None,
931
+ groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendGroupArgs', 'AuthBackendGroupArgsDict']]]]] = None,
605
932
  max_ttl: Optional[pulumi.Input[str]] = None,
606
933
  namespace: Optional[pulumi.Input[str]] = None,
607
934
  organization: Optional[pulumi.Input[str]] = None,
608
935
  path: Optional[pulumi.Input[str]] = None,
609
936
  token: Optional[pulumi.Input[str]] = None,
937
+ token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
938
+ token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
939
+ token_max_ttl: Optional[pulumi.Input[int]] = None,
940
+ token_no_default_policy: Optional[pulumi.Input[bool]] = None,
941
+ token_num_uses: Optional[pulumi.Input[int]] = None,
942
+ token_period: Optional[pulumi.Input[int]] = None,
943
+ token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
944
+ token_ttl: Optional[pulumi.Input[int]] = None,
945
+ token_type: Optional[pulumi.Input[str]] = None,
610
946
  ttl: Optional[pulumi.Input[str]] = None,
611
- users: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['AuthBackendUserArgs']]]]] = None,
947
+ users: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendUserArgs', 'AuthBackendUserArgsDict']]]]] = None,
612
948
  __props__=None):
613
949
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
614
950
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -630,6 +966,15 @@ class AuthBackend(pulumi.CustomResource):
630
966
  __props__.__dict__["organization"] = organization
631
967
  __props__.__dict__["path"] = path
632
968
  __props__.__dict__["token"] = None if token is None else pulumi.Output.secret(token)
969
+ __props__.__dict__["token_bound_cidrs"] = token_bound_cidrs
970
+ __props__.__dict__["token_explicit_max_ttl"] = token_explicit_max_ttl
971
+ __props__.__dict__["token_max_ttl"] = token_max_ttl
972
+ __props__.__dict__["token_no_default_policy"] = token_no_default_policy
973
+ __props__.__dict__["token_num_uses"] = token_num_uses
974
+ __props__.__dict__["token_period"] = token_period
975
+ __props__.__dict__["token_policies"] = token_policies
976
+ __props__.__dict__["token_ttl"] = token_ttl
977
+ __props__.__dict__["token_type"] = token_type
633
978
  __props__.__dict__["ttl"] = ttl
634
979
  __props__.__dict__["users"] = users
635
980
  __props__.__dict__["accessor"] = None
@@ -650,14 +995,23 @@ class AuthBackend(pulumi.CustomResource):
650
995
  bypass_okta_mfa: Optional[pulumi.Input[bool]] = None,
651
996
  description: Optional[pulumi.Input[str]] = None,
652
997
  disable_remount: Optional[pulumi.Input[bool]] = None,
653
- groups: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['AuthBackendGroupArgs']]]]] = None,
998
+ groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendGroupArgs', 'AuthBackendGroupArgsDict']]]]] = None,
654
999
  max_ttl: Optional[pulumi.Input[str]] = None,
655
1000
  namespace: Optional[pulumi.Input[str]] = None,
656
1001
  organization: Optional[pulumi.Input[str]] = None,
657
1002
  path: Optional[pulumi.Input[str]] = None,
658
1003
  token: Optional[pulumi.Input[str]] = None,
1004
+ token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1005
+ token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
1006
+ token_max_ttl: Optional[pulumi.Input[int]] = None,
1007
+ token_no_default_policy: Optional[pulumi.Input[bool]] = None,
1008
+ token_num_uses: Optional[pulumi.Input[int]] = None,
1009
+ token_period: Optional[pulumi.Input[int]] = None,
1010
+ token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1011
+ token_ttl: Optional[pulumi.Input[int]] = None,
1012
+ token_type: Optional[pulumi.Input[str]] = None,
659
1013
  ttl: Optional[pulumi.Input[str]] = None,
660
- users: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['AuthBackendUserArgs']]]]] = None) -> 'AuthBackend':
1014
+ users: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendUserArgs', 'AuthBackendUserArgsDict']]]]] = None) -> 'AuthBackend':
661
1015
  """
662
1016
  Get an existing AuthBackend resource's state with the given name, id, and optional extra
663
1017
  properties used to qualify the lookup.
@@ -671,21 +1025,30 @@ class AuthBackend(pulumi.CustomResource):
671
1025
  :param pulumi.Input[str] description: The description of the auth backend
672
1026
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
673
1027
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
674
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['AuthBackendGroupArgs']]]] groups: Associate Okta groups with policies within Vault.
1028
+ :param pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendGroupArgs', 'AuthBackendGroupArgsDict']]]] groups: Associate Okta groups with policies within Vault.
675
1029
  See below for more details.
676
1030
  :param pulumi.Input[str] max_ttl: Maximum duration after which authentication will be expired
677
1031
  [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
678
1032
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
679
1033
  The value should not contain leading or trailing forward slashes.
680
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1034
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
681
1035
  *Available only for Vault Enterprise*.
682
1036
  :param pulumi.Input[str] organization: The Okta organization. This will be the first part of the url `https://XXX.okta.com`
683
1037
  :param pulumi.Input[str] path: Path to mount the Okta auth backend. Default to path `okta`.
684
1038
  :param pulumi.Input[str] token: The Okta API token. This is required to query Okta for user group membership.
685
1039
  If this is not supplied only locally configured groups will be enabled.
1040
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
1041
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
1042
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
1043
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
1044
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
1045
+ :param pulumi.Input[int] token_period: Generated Token's Period
1046
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
1047
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
1048
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
686
1049
  :param pulumi.Input[str] ttl: Duration after which authentication will be expired.
687
1050
  [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
688
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['AuthBackendUserArgs']]]] users: Associate Okta users with groups or policies within Vault.
1051
+ :param pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendUserArgs', 'AuthBackendUserArgsDict']]]] users: Associate Okta users with groups or policies within Vault.
689
1052
  See below for more details.
690
1053
  """
691
1054
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -703,6 +1066,15 @@ class AuthBackend(pulumi.CustomResource):
703
1066
  __props__.__dict__["organization"] = organization
704
1067
  __props__.__dict__["path"] = path
705
1068
  __props__.__dict__["token"] = token
1069
+ __props__.__dict__["token_bound_cidrs"] = token_bound_cidrs
1070
+ __props__.__dict__["token_explicit_max_ttl"] = token_explicit_max_ttl
1071
+ __props__.__dict__["token_max_ttl"] = token_max_ttl
1072
+ __props__.__dict__["token_no_default_policy"] = token_no_default_policy
1073
+ __props__.__dict__["token_num_uses"] = token_num_uses
1074
+ __props__.__dict__["token_period"] = token_period
1075
+ __props__.__dict__["token_policies"] = token_policies
1076
+ __props__.__dict__["token_ttl"] = token_ttl
1077
+ __props__.__dict__["token_type"] = token_type
706
1078
  __props__.__dict__["ttl"] = ttl
707
1079
  __props__.__dict__["users"] = users
708
1080
  return AuthBackend(resource_name, opts=opts, __props__=__props__)
@@ -759,6 +1131,7 @@ class AuthBackend(pulumi.CustomResource):
759
1131
 
760
1132
  @property
761
1133
  @pulumi.getter(name="maxTtl")
1134
+ @_utilities.deprecated("""Deprecated. Please use `token_max_ttl` instead.""")
762
1135
  def max_ttl(self) -> pulumi.Output[Optional[str]]:
763
1136
  """
764
1137
  Maximum duration after which authentication will be expired
@@ -772,7 +1145,7 @@ class AuthBackend(pulumi.CustomResource):
772
1145
  """
773
1146
  The namespace to provision the resource in.
774
1147
  The value should not contain leading or trailing forward slashes.
775
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1148
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
776
1149
  *Available only for Vault Enterprise*.
777
1150
  """
778
1151
  return pulumi.get(self, "namespace")
@@ -802,8 +1175,81 @@ class AuthBackend(pulumi.CustomResource):
802
1175
  """
803
1176
  return pulumi.get(self, "token")
804
1177
 
1178
+ @property
1179
+ @pulumi.getter(name="tokenBoundCidrs")
1180
+ def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
1181
+ """
1182
+ Specifies the blocks of IP addresses which are allowed to use the generated token
1183
+ """
1184
+ return pulumi.get(self, "token_bound_cidrs")
1185
+
1186
+ @property
1187
+ @pulumi.getter(name="tokenExplicitMaxTtl")
1188
+ def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
1189
+ """
1190
+ Generated Token's Explicit Maximum TTL in seconds
1191
+ """
1192
+ return pulumi.get(self, "token_explicit_max_ttl")
1193
+
1194
+ @property
1195
+ @pulumi.getter(name="tokenMaxTtl")
1196
+ def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
1197
+ """
1198
+ The maximum lifetime of the generated token
1199
+ """
1200
+ return pulumi.get(self, "token_max_ttl")
1201
+
1202
+ @property
1203
+ @pulumi.getter(name="tokenNoDefaultPolicy")
1204
+ def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
1205
+ """
1206
+ If true, the 'default' policy will not automatically be added to generated tokens
1207
+ """
1208
+ return pulumi.get(self, "token_no_default_policy")
1209
+
1210
+ @property
1211
+ @pulumi.getter(name="tokenNumUses")
1212
+ def token_num_uses(self) -> pulumi.Output[Optional[int]]:
1213
+ """
1214
+ The maximum number of times a token may be used, a value of zero means unlimited
1215
+ """
1216
+ return pulumi.get(self, "token_num_uses")
1217
+
1218
+ @property
1219
+ @pulumi.getter(name="tokenPeriod")
1220
+ def token_period(self) -> pulumi.Output[Optional[int]]:
1221
+ """
1222
+ Generated Token's Period
1223
+ """
1224
+ return pulumi.get(self, "token_period")
1225
+
1226
+ @property
1227
+ @pulumi.getter(name="tokenPolicies")
1228
+ def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
1229
+ """
1230
+ Generated Token's Policies
1231
+ """
1232
+ return pulumi.get(self, "token_policies")
1233
+
1234
+ @property
1235
+ @pulumi.getter(name="tokenTtl")
1236
+ def token_ttl(self) -> pulumi.Output[Optional[int]]:
1237
+ """
1238
+ The initial ttl of the token to generate in seconds
1239
+ """
1240
+ return pulumi.get(self, "token_ttl")
1241
+
1242
+ @property
1243
+ @pulumi.getter(name="tokenType")
1244
+ def token_type(self) -> pulumi.Output[Optional[str]]:
1245
+ """
1246
+ The type of token to generate, service or batch
1247
+ """
1248
+ return pulumi.get(self, "token_type")
1249
+
805
1250
  @property
806
1251
  @pulumi.getter
1252
+ @_utilities.deprecated("""Deprecated. Please use `token_ttl` instead.""")
807
1253
  def ttl(self) -> pulumi.Output[Optional[str]]:
808
1254
  """
809
1255
  Duration after which authentication will be expired.