pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
@@ -15,7 +20,7 @@ __all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
15
20
  class AuthBackendRoleArgs:
16
21
  def __init__(__self__, *,
17
22
  path: pulumi.Input[str],
18
- bound_attributes: Optional[pulumi.Input[Mapping[str, Any]]] = None,
23
+ bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
19
24
  bound_attributes_type: Optional[pulumi.Input[str]] = None,
20
25
  bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
21
26
  bound_subjects_type: Optional[pulumi.Input[str]] = None,
@@ -34,7 +39,7 @@ class AuthBackendRoleArgs:
34
39
  """
35
40
  The set of arguments for constructing a AuthBackendRole resource.
36
41
  :param pulumi.Input[str] path: Path where the auth backend is mounted.
37
- :param pulumi.Input[Mapping[str, Any]] bound_attributes: Mapping of attribute names to values that are expected to
42
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_attributes: Mapping of attribute names to values that are expected to
38
43
  exist in the SAML assertion.
39
44
  :param pulumi.Input[str] bound_attributes_type: The type of matching assertion to perform on
40
45
  `bound_attributes_type`.
@@ -45,33 +50,17 @@ class AuthBackendRoleArgs:
45
50
  :param pulumi.Input[str] name: Unique name of the role.
46
51
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
47
52
  The value should not contain leading or trailing forward slashes.
48
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
53
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
49
54
  *Available only for Vault Enterprise*.
50
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
51
- addresses which can authenticate successfully, and ties the resulting token to these blocks
52
- as well.
53
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
54
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
55
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
56
- `token_max_ttl` would otherwise allow a renewal.
57
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
58
- Its current value will be referenced at renewal time.
59
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
60
- generated tokens; otherwise it will be added to the policies set in token_policies.
55
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
56
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
57
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
58
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
61
59
  :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
62
- :param pulumi.Input[int] token_period: If set, indicates that the
63
- token generated using this role should never expire. The token should be renewed within the
64
- duration specified by this value. At each renewal, the token's TTL will be set to the
65
- value of this field. Specified in seconds.
66
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
67
- on the auth method, this list may be supplemented by user/group/other values.
68
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
69
- Its current value will be referenced at renewal time.
70
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
71
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
72
- `service` tokens). For token store roles, there are two additional possibilities:
73
- `default-service` and `default-batch` which specify the type to return unless the client
74
- requests a different type at generation time.
60
+ :param pulumi.Input[int] token_period: Generated Token's Period
61
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
62
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
63
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
75
64
  """
76
65
  pulumi.set(__self__, "path", path)
77
66
  if bound_attributes is not None:
@@ -121,7 +110,7 @@ class AuthBackendRoleArgs:
121
110
 
122
111
  @property
123
112
  @pulumi.getter(name="boundAttributes")
124
- def bound_attributes(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
113
+ def bound_attributes(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
125
114
  """
126
115
  Mapping of attribute names to values that are expected to
127
116
  exist in the SAML assertion.
@@ -129,7 +118,7 @@ class AuthBackendRoleArgs:
129
118
  return pulumi.get(self, "bound_attributes")
130
119
 
131
120
  @bound_attributes.setter
132
- def bound_attributes(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
121
+ def bound_attributes(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
133
122
  pulumi.set(self, "bound_attributes", value)
134
123
 
135
124
  @property
@@ -200,7 +189,7 @@ class AuthBackendRoleArgs:
200
189
  """
201
190
  The namespace to provision the resource in.
202
191
  The value should not contain leading or trailing forward slashes.
203
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
192
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
204
193
  *Available only for Vault Enterprise*.
205
194
  """
206
195
  return pulumi.get(self, "namespace")
@@ -213,9 +202,7 @@ class AuthBackendRoleArgs:
213
202
  @pulumi.getter(name="tokenBoundCidrs")
214
203
  def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
215
204
  """
216
- List of CIDR blocks; if set, specifies blocks of IP
217
- addresses which can authenticate successfully, and ties the resulting token to these blocks
218
- as well.
205
+ Specifies the blocks of IP addresses which are allowed to use the generated token
219
206
  """
220
207
  return pulumi.get(self, "token_bound_cidrs")
221
208
 
@@ -227,10 +214,7 @@ class AuthBackendRoleArgs:
227
214
  @pulumi.getter(name="tokenExplicitMaxTtl")
228
215
  def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
229
216
  """
230
- If set, will encode an
231
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
232
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
233
- `token_max_ttl` would otherwise allow a renewal.
217
+ Generated Token's Explicit Maximum TTL in seconds
234
218
  """
235
219
  return pulumi.get(self, "token_explicit_max_ttl")
236
220
 
@@ -242,8 +226,7 @@ class AuthBackendRoleArgs:
242
226
  @pulumi.getter(name="tokenMaxTtl")
243
227
  def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
244
228
  """
245
- The maximum lifetime for generated tokens in number of seconds.
246
- Its current value will be referenced at renewal time.
229
+ The maximum lifetime of the generated token
247
230
  """
248
231
  return pulumi.get(self, "token_max_ttl")
249
232
 
@@ -255,8 +238,7 @@ class AuthBackendRoleArgs:
255
238
  @pulumi.getter(name="tokenNoDefaultPolicy")
256
239
  def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
257
240
  """
258
- If set, the default policy will not be set on
259
- generated tokens; otherwise it will be added to the policies set in token_policies.
241
+ If true, the 'default' policy will not automatically be added to generated tokens
260
242
  """
261
243
  return pulumi.get(self, "token_no_default_policy")
262
244
 
@@ -280,10 +262,7 @@ class AuthBackendRoleArgs:
280
262
  @pulumi.getter(name="tokenPeriod")
281
263
  def token_period(self) -> Optional[pulumi.Input[int]]:
282
264
  """
283
- If set, indicates that the
284
- token generated using this role should never expire. The token should be renewed within the
285
- duration specified by this value. At each renewal, the token's TTL will be set to the
286
- value of this field. Specified in seconds.
265
+ Generated Token's Period
287
266
  """
288
267
  return pulumi.get(self, "token_period")
289
268
 
@@ -295,8 +274,7 @@ class AuthBackendRoleArgs:
295
274
  @pulumi.getter(name="tokenPolicies")
296
275
  def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
297
276
  """
298
- List of policies to encode onto generated tokens. Depending
299
- on the auth method, this list may be supplemented by user/group/other values.
277
+ Generated Token's Policies
300
278
  """
301
279
  return pulumi.get(self, "token_policies")
302
280
 
@@ -308,8 +286,7 @@ class AuthBackendRoleArgs:
308
286
  @pulumi.getter(name="tokenTtl")
309
287
  def token_ttl(self) -> Optional[pulumi.Input[int]]:
310
288
  """
311
- The incremental lifetime for generated tokens in number of seconds.
312
- Its current value will be referenced at renewal time.
289
+ The initial ttl of the token to generate in seconds
313
290
  """
314
291
  return pulumi.get(self, "token_ttl")
315
292
 
@@ -321,11 +298,7 @@ class AuthBackendRoleArgs:
321
298
  @pulumi.getter(name="tokenType")
322
299
  def token_type(self) -> Optional[pulumi.Input[str]]:
323
300
  """
324
- The type of token that should be generated. Can be `service`,
325
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
326
- `service` tokens). For token store roles, there are two additional possibilities:
327
- `default-service` and `default-batch` which specify the type to return unless the client
328
- requests a different type at generation time.
301
+ The type of token to generate, service or batch
329
302
  """
330
303
  return pulumi.get(self, "token_type")
331
304
 
@@ -337,7 +310,7 @@ class AuthBackendRoleArgs:
337
310
  @pulumi.input_type
338
311
  class _AuthBackendRoleState:
339
312
  def __init__(__self__, *,
340
- bound_attributes: Optional[pulumi.Input[Mapping[str, Any]]] = None,
313
+ bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
341
314
  bound_attributes_type: Optional[pulumi.Input[str]] = None,
342
315
  bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
343
316
  bound_subjects_type: Optional[pulumi.Input[str]] = None,
@@ -356,7 +329,7 @@ class _AuthBackendRoleState:
356
329
  token_type: Optional[pulumi.Input[str]] = None):
357
330
  """
358
331
  Input properties used for looking up and filtering AuthBackendRole resources.
359
- :param pulumi.Input[Mapping[str, Any]] bound_attributes: Mapping of attribute names to values that are expected to
332
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_attributes: Mapping of attribute names to values that are expected to
360
333
  exist in the SAML assertion.
361
334
  :param pulumi.Input[str] bound_attributes_type: The type of matching assertion to perform on
362
335
  `bound_attributes_type`.
@@ -367,34 +340,18 @@ class _AuthBackendRoleState:
367
340
  :param pulumi.Input[str] name: Unique name of the role.
368
341
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
369
342
  The value should not contain leading or trailing forward slashes.
370
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
343
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
371
344
  *Available only for Vault Enterprise*.
372
345
  :param pulumi.Input[str] path: Path where the auth backend is mounted.
373
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
374
- addresses which can authenticate successfully, and ties the resulting token to these blocks
375
- as well.
376
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
377
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
378
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
379
- `token_max_ttl` would otherwise allow a renewal.
380
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
381
- Its current value will be referenced at renewal time.
382
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
383
- generated tokens; otherwise it will be added to the policies set in token_policies.
346
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
347
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
348
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
349
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
384
350
  :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
385
- :param pulumi.Input[int] token_period: If set, indicates that the
386
- token generated using this role should never expire. The token should be renewed within the
387
- duration specified by this value. At each renewal, the token's TTL will be set to the
388
- value of this field. Specified in seconds.
389
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
390
- on the auth method, this list may be supplemented by user/group/other values.
391
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
392
- Its current value will be referenced at renewal time.
393
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
394
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
395
- `service` tokens). For token store roles, there are two additional possibilities:
396
- `default-service` and `default-batch` which specify the type to return unless the client
397
- requests a different type at generation time.
351
+ :param pulumi.Input[int] token_period: Generated Token's Period
352
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
353
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
354
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
398
355
  """
399
356
  if bound_attributes is not None:
400
357
  pulumi.set(__self__, "bound_attributes", bound_attributes)
@@ -433,7 +390,7 @@ class _AuthBackendRoleState:
433
390
 
434
391
  @property
435
392
  @pulumi.getter(name="boundAttributes")
436
- def bound_attributes(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
393
+ def bound_attributes(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
437
394
  """
438
395
  Mapping of attribute names to values that are expected to
439
396
  exist in the SAML assertion.
@@ -441,7 +398,7 @@ class _AuthBackendRoleState:
441
398
  return pulumi.get(self, "bound_attributes")
442
399
 
443
400
  @bound_attributes.setter
444
- def bound_attributes(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
401
+ def bound_attributes(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
445
402
  pulumi.set(self, "bound_attributes", value)
446
403
 
447
404
  @property
@@ -512,7 +469,7 @@ class _AuthBackendRoleState:
512
469
  """
513
470
  The namespace to provision the resource in.
514
471
  The value should not contain leading or trailing forward slashes.
515
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
472
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
516
473
  *Available only for Vault Enterprise*.
517
474
  """
518
475
  return pulumi.get(self, "namespace")
@@ -537,9 +494,7 @@ class _AuthBackendRoleState:
537
494
  @pulumi.getter(name="tokenBoundCidrs")
538
495
  def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
539
496
  """
540
- List of CIDR blocks; if set, specifies blocks of IP
541
- addresses which can authenticate successfully, and ties the resulting token to these blocks
542
- as well.
497
+ Specifies the blocks of IP addresses which are allowed to use the generated token
543
498
  """
544
499
  return pulumi.get(self, "token_bound_cidrs")
545
500
 
@@ -551,10 +506,7 @@ class _AuthBackendRoleState:
551
506
  @pulumi.getter(name="tokenExplicitMaxTtl")
552
507
  def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
553
508
  """
554
- If set, will encode an
555
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
556
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
557
- `token_max_ttl` would otherwise allow a renewal.
509
+ Generated Token's Explicit Maximum TTL in seconds
558
510
  """
559
511
  return pulumi.get(self, "token_explicit_max_ttl")
560
512
 
@@ -566,8 +518,7 @@ class _AuthBackendRoleState:
566
518
  @pulumi.getter(name="tokenMaxTtl")
567
519
  def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
568
520
  """
569
- The maximum lifetime for generated tokens in number of seconds.
570
- Its current value will be referenced at renewal time.
521
+ The maximum lifetime of the generated token
571
522
  """
572
523
  return pulumi.get(self, "token_max_ttl")
573
524
 
@@ -579,8 +530,7 @@ class _AuthBackendRoleState:
579
530
  @pulumi.getter(name="tokenNoDefaultPolicy")
580
531
  def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
581
532
  """
582
- If set, the default policy will not be set on
583
- generated tokens; otherwise it will be added to the policies set in token_policies.
533
+ If true, the 'default' policy will not automatically be added to generated tokens
584
534
  """
585
535
  return pulumi.get(self, "token_no_default_policy")
586
536
 
@@ -604,10 +554,7 @@ class _AuthBackendRoleState:
604
554
  @pulumi.getter(name="tokenPeriod")
605
555
  def token_period(self) -> Optional[pulumi.Input[int]]:
606
556
  """
607
- If set, indicates that the
608
- token generated using this role should never expire. The token should be renewed within the
609
- duration specified by this value. At each renewal, the token's TTL will be set to the
610
- value of this field. Specified in seconds.
557
+ Generated Token's Period
611
558
  """
612
559
  return pulumi.get(self, "token_period")
613
560
 
@@ -619,8 +566,7 @@ class _AuthBackendRoleState:
619
566
  @pulumi.getter(name="tokenPolicies")
620
567
  def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
621
568
  """
622
- List of policies to encode onto generated tokens. Depending
623
- on the auth method, this list may be supplemented by user/group/other values.
569
+ Generated Token's Policies
624
570
  """
625
571
  return pulumi.get(self, "token_policies")
626
572
 
@@ -632,8 +578,7 @@ class _AuthBackendRoleState:
632
578
  @pulumi.getter(name="tokenTtl")
633
579
  def token_ttl(self) -> Optional[pulumi.Input[int]]:
634
580
  """
635
- The incremental lifetime for generated tokens in number of seconds.
636
- Its current value will be referenced at renewal time.
581
+ The initial ttl of the token to generate in seconds
637
582
  """
638
583
  return pulumi.get(self, "token_ttl")
639
584
 
@@ -645,11 +590,7 @@ class _AuthBackendRoleState:
645
590
  @pulumi.getter(name="tokenType")
646
591
  def token_type(self) -> Optional[pulumi.Input[str]]:
647
592
  """
648
- The type of token that should be generated. Can be `service`,
649
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
650
- `service` tokens). For token store roles, there are two additional possibilities:
651
- `default-service` and `default-batch` which specify the type to return unless the client
652
- requests a different type at generation time.
593
+ The type of token to generate, service or batch
653
594
  """
654
595
  return pulumi.get(self, "token_type")
655
596
 
@@ -663,7 +604,7 @@ class AuthBackendRole(pulumi.CustomResource):
663
604
  def __init__(__self__,
664
605
  resource_name: str,
665
606
  opts: Optional[pulumi.ResourceOptions] = None,
666
- bound_attributes: Optional[pulumi.Input[Mapping[str, Any]]] = None,
607
+ bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
667
608
  bound_attributes_type: Optional[pulumi.Input[str]] = None,
668
609
  bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
669
610
  bound_subjects_type: Optional[pulumi.Input[str]] = None,
@@ -692,14 +633,15 @@ class AuthBackendRole(pulumi.CustomResource):
692
633
  import pulumi
693
634
  import pulumi_vault as vault
694
635
 
695
- example_auth_backend = vault.saml.AuthBackend("exampleAuthBackend",
636
+ example = vault.saml.AuthBackend("example",
696
637
  path="saml",
697
638
  idp_metadata_url="https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
698
639
  entity_id="https://my.vault/v1/auth/saml",
699
640
  acs_urls=["https://my.vault.primary/v1/auth/saml/callback"],
700
641
  default_role="default-role")
701
- example_auth_backend_role = vault.saml.AuthBackendRole("exampleAuthBackendRole",
702
- path=example_auth_backend.path,
642
+ example_auth_backend_role = vault.saml.AuthBackendRole("example",
643
+ path=example.path,
644
+ name="my-role",
703
645
  groups_attribute="groups",
704
646
  bound_attributes={
705
647
  "group": "admin",
@@ -714,12 +656,12 @@ class AuthBackendRole(pulumi.CustomResource):
714
656
  SAML authentication backend roles can be imported using the `path`, e.g.
715
657
 
716
658
  ```sh
717
- $ pulumi import vault:saml/authBackendRole:AuthBackendRole example auth/saml/role/my-role
659
+ $ pulumi import vault:saml/authBackendRole:AuthBackendRole example auth/saml/role/my-role
718
660
  ```
719
661
 
720
662
  :param str resource_name: The name of the resource.
721
663
  :param pulumi.ResourceOptions opts: Options for the resource.
722
- :param pulumi.Input[Mapping[str, Any]] bound_attributes: Mapping of attribute names to values that are expected to
664
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_attributes: Mapping of attribute names to values that are expected to
723
665
  exist in the SAML assertion.
724
666
  :param pulumi.Input[str] bound_attributes_type: The type of matching assertion to perform on
725
667
  `bound_attributes_type`.
@@ -730,34 +672,18 @@ class AuthBackendRole(pulumi.CustomResource):
730
672
  :param pulumi.Input[str] name: Unique name of the role.
731
673
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
732
674
  The value should not contain leading or trailing forward slashes.
733
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
675
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
734
676
  *Available only for Vault Enterprise*.
735
677
  :param pulumi.Input[str] path: Path where the auth backend is mounted.
736
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
737
- addresses which can authenticate successfully, and ties the resulting token to these blocks
738
- as well.
739
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
740
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
741
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
742
- `token_max_ttl` would otherwise allow a renewal.
743
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
744
- Its current value will be referenced at renewal time.
745
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
746
- generated tokens; otherwise it will be added to the policies set in token_policies.
678
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
679
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
680
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
681
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
747
682
  :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
748
- :param pulumi.Input[int] token_period: If set, indicates that the
749
- token generated using this role should never expire. The token should be renewed within the
750
- duration specified by this value. At each renewal, the token's TTL will be set to the
751
- value of this field. Specified in seconds.
752
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
753
- on the auth method, this list may be supplemented by user/group/other values.
754
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
755
- Its current value will be referenced at renewal time.
756
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
757
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
758
- `service` tokens). For token store roles, there are two additional possibilities:
759
- `default-service` and `default-batch` which specify the type to return unless the client
760
- requests a different type at generation time.
683
+ :param pulumi.Input[int] token_period: Generated Token's Period
684
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
685
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
686
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
761
687
  """
762
688
  ...
763
689
  @overload
@@ -776,14 +702,15 @@ class AuthBackendRole(pulumi.CustomResource):
776
702
  import pulumi
777
703
  import pulumi_vault as vault
778
704
 
779
- example_auth_backend = vault.saml.AuthBackend("exampleAuthBackend",
705
+ example = vault.saml.AuthBackend("example",
780
706
  path="saml",
781
707
  idp_metadata_url="https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
782
708
  entity_id="https://my.vault/v1/auth/saml",
783
709
  acs_urls=["https://my.vault.primary/v1/auth/saml/callback"],
784
710
  default_role="default-role")
785
- example_auth_backend_role = vault.saml.AuthBackendRole("exampleAuthBackendRole",
786
- path=example_auth_backend.path,
711
+ example_auth_backend_role = vault.saml.AuthBackendRole("example",
712
+ path=example.path,
713
+ name="my-role",
787
714
  groups_attribute="groups",
788
715
  bound_attributes={
789
716
  "group": "admin",
@@ -798,7 +725,7 @@ class AuthBackendRole(pulumi.CustomResource):
798
725
  SAML authentication backend roles can be imported using the `path`, e.g.
799
726
 
800
727
  ```sh
801
- $ pulumi import vault:saml/authBackendRole:AuthBackendRole example auth/saml/role/my-role
728
+ $ pulumi import vault:saml/authBackendRole:AuthBackendRole example auth/saml/role/my-role
802
729
  ```
803
730
 
804
731
  :param str resource_name: The name of the resource.
@@ -816,7 +743,7 @@ class AuthBackendRole(pulumi.CustomResource):
816
743
  def _internal_init(__self__,
817
744
  resource_name: str,
818
745
  opts: Optional[pulumi.ResourceOptions] = None,
819
- bound_attributes: Optional[pulumi.Input[Mapping[str, Any]]] = None,
746
+ bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
820
747
  bound_attributes_type: Optional[pulumi.Input[str]] = None,
821
748
  bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
822
749
  bound_subjects_type: Optional[pulumi.Input[str]] = None,
@@ -871,7 +798,7 @@ class AuthBackendRole(pulumi.CustomResource):
871
798
  def get(resource_name: str,
872
799
  id: pulumi.Input[str],
873
800
  opts: Optional[pulumi.ResourceOptions] = None,
874
- bound_attributes: Optional[pulumi.Input[Mapping[str, Any]]] = None,
801
+ bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
875
802
  bound_attributes_type: Optional[pulumi.Input[str]] = None,
876
803
  bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
877
804
  bound_subjects_type: Optional[pulumi.Input[str]] = None,
@@ -895,7 +822,7 @@ class AuthBackendRole(pulumi.CustomResource):
895
822
  :param str resource_name: The unique name of the resulting resource.
896
823
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
897
824
  :param pulumi.ResourceOptions opts: Options for the resource.
898
- :param pulumi.Input[Mapping[str, Any]] bound_attributes: Mapping of attribute names to values that are expected to
825
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_attributes: Mapping of attribute names to values that are expected to
899
826
  exist in the SAML assertion.
900
827
  :param pulumi.Input[str] bound_attributes_type: The type of matching assertion to perform on
901
828
  `bound_attributes_type`.
@@ -906,34 +833,18 @@ class AuthBackendRole(pulumi.CustomResource):
906
833
  :param pulumi.Input[str] name: Unique name of the role.
907
834
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
908
835
  The value should not contain leading or trailing forward slashes.
909
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
836
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
910
837
  *Available only for Vault Enterprise*.
911
838
  :param pulumi.Input[str] path: Path where the auth backend is mounted.
912
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
913
- addresses which can authenticate successfully, and ties the resulting token to these blocks
914
- as well.
915
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
916
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
917
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
918
- `token_max_ttl` would otherwise allow a renewal.
919
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
920
- Its current value will be referenced at renewal time.
921
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
922
- generated tokens; otherwise it will be added to the policies set in token_policies.
839
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
840
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
841
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
842
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
923
843
  :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
924
- :param pulumi.Input[int] token_period: If set, indicates that the
925
- token generated using this role should never expire. The token should be renewed within the
926
- duration specified by this value. At each renewal, the token's TTL will be set to the
927
- value of this field. Specified in seconds.
928
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
929
- on the auth method, this list may be supplemented by user/group/other values.
930
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
931
- Its current value will be referenced at renewal time.
932
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
933
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
934
- `service` tokens). For token store roles, there are two additional possibilities:
935
- `default-service` and `default-batch` which specify the type to return unless the client
936
- requests a different type at generation time.
844
+ :param pulumi.Input[int] token_period: Generated Token's Period
845
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
846
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
847
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
937
848
  """
938
849
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
939
850
 
@@ -960,7 +871,7 @@ class AuthBackendRole(pulumi.CustomResource):
960
871
 
961
872
  @property
962
873
  @pulumi.getter(name="boundAttributes")
963
- def bound_attributes(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
874
+ def bound_attributes(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
964
875
  """
965
876
  Mapping of attribute names to values that are expected to
966
877
  exist in the SAML assertion.
@@ -1015,7 +926,7 @@ class AuthBackendRole(pulumi.CustomResource):
1015
926
  """
1016
927
  The namespace to provision the resource in.
1017
928
  The value should not contain leading or trailing forward slashes.
1018
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
929
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1019
930
  *Available only for Vault Enterprise*.
1020
931
  """
1021
932
  return pulumi.get(self, "namespace")
@@ -1032,9 +943,7 @@ class AuthBackendRole(pulumi.CustomResource):
1032
943
  @pulumi.getter(name="tokenBoundCidrs")
1033
944
  def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
1034
945
  """
1035
- List of CIDR blocks; if set, specifies blocks of IP
1036
- addresses which can authenticate successfully, and ties the resulting token to these blocks
1037
- as well.
946
+ Specifies the blocks of IP addresses which are allowed to use the generated token
1038
947
  """
1039
948
  return pulumi.get(self, "token_bound_cidrs")
1040
949
 
@@ -1042,10 +951,7 @@ class AuthBackendRole(pulumi.CustomResource):
1042
951
  @pulumi.getter(name="tokenExplicitMaxTtl")
1043
952
  def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
1044
953
  """
1045
- If set, will encode an
1046
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
1047
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
1048
- `token_max_ttl` would otherwise allow a renewal.
954
+ Generated Token's Explicit Maximum TTL in seconds
1049
955
  """
1050
956
  return pulumi.get(self, "token_explicit_max_ttl")
1051
957
 
@@ -1053,8 +959,7 @@ class AuthBackendRole(pulumi.CustomResource):
1053
959
  @pulumi.getter(name="tokenMaxTtl")
1054
960
  def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
1055
961
  """
1056
- The maximum lifetime for generated tokens in number of seconds.
1057
- Its current value will be referenced at renewal time.
962
+ The maximum lifetime of the generated token
1058
963
  """
1059
964
  return pulumi.get(self, "token_max_ttl")
1060
965
 
@@ -1062,8 +967,7 @@ class AuthBackendRole(pulumi.CustomResource):
1062
967
  @pulumi.getter(name="tokenNoDefaultPolicy")
1063
968
  def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
1064
969
  """
1065
- If set, the default policy will not be set on
1066
- generated tokens; otherwise it will be added to the policies set in token_policies.
970
+ If true, the 'default' policy will not automatically be added to generated tokens
1067
971
  """
1068
972
  return pulumi.get(self, "token_no_default_policy")
1069
973
 
@@ -1079,10 +983,7 @@ class AuthBackendRole(pulumi.CustomResource):
1079
983
  @pulumi.getter(name="tokenPeriod")
1080
984
  def token_period(self) -> pulumi.Output[Optional[int]]:
1081
985
  """
1082
- If set, indicates that the
1083
- token generated using this role should never expire. The token should be renewed within the
1084
- duration specified by this value. At each renewal, the token's TTL will be set to the
1085
- value of this field. Specified in seconds.
986
+ Generated Token's Period
1086
987
  """
1087
988
  return pulumi.get(self, "token_period")
1088
989
 
@@ -1090,8 +991,7 @@ class AuthBackendRole(pulumi.CustomResource):
1090
991
  @pulumi.getter(name="tokenPolicies")
1091
992
  def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
1092
993
  """
1093
- List of policies to encode onto generated tokens. Depending
1094
- on the auth method, this list may be supplemented by user/group/other values.
994
+ Generated Token's Policies
1095
995
  """
1096
996
  return pulumi.get(self, "token_policies")
1097
997
 
@@ -1099,8 +999,7 @@ class AuthBackendRole(pulumi.CustomResource):
1099
999
  @pulumi.getter(name="tokenTtl")
1100
1000
  def token_ttl(self) -> pulumi.Output[Optional[int]]:
1101
1001
  """
1102
- The incremental lifetime for generated tokens in number of seconds.
1103
- Its current value will be referenced at renewal time.
1002
+ The initial ttl of the token to generate in seconds
1104
1003
  """
1105
1004
  return pulumi.get(self, "token_ttl")
1106
1005
 
@@ -1108,11 +1007,7 @@ class AuthBackendRole(pulumi.CustomResource):
1108
1007
  @pulumi.getter(name="tokenType")
1109
1008
  def token_type(self) -> pulumi.Output[Optional[str]]:
1110
1009
  """
1111
- The type of token that should be generated. Can be `service`,
1112
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
1113
- `service` tokens). For token store roles, there are two additional possibilities:
1114
- `default-service` and `default-batch` which specify the type to return unless the client
1115
- requests a different type at generation time.
1010
+ The type of token to generate, service or batch
1116
1011
  """
1117
1012
  return pulumi.get(self, "token_type")
1118
1013