pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

pulumi_vault/secrets/sync_azure_destination.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['SyncAzureDestinationArgs', 'SyncAzureDestination']
@@ -17,7 +22,8 @@ class SyncAzureDestinationArgs:
                  client_id: Optional[pulumi.Input[str]] = None,
                  client_secret: Optional[pulumi.Input[str]] = None,
                  cloud: Optional[pulumi.Input[str]] = None,
-                 custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 granularity: Optional[pulumi.Input[str]] = None,
                  key_vault_uri: Optional[pulumi.Input[str]] = None,
                  name: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
@@ -32,14 +38,16 @@ class SyncAzureDestinationArgs:
                Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment
                variable.
         :param pulumi.Input[str] cloud: Specifies a cloud for the client. The default is Azure Public Cloud.
-        :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
+               at the destination. Supports `secret-path` and `secret-key`.
         :param pulumi.Input[str] key_vault_uri: URI of an existing Azure Key Vault instance.
                Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment
                variable.
         :param pulumi.Input[str] name: Unique name of the Azure destination.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
                Supports a subset of the Go Template syntax.
         :param pulumi.Input[str] tenant_id: ID of the target Azure tenant.
@@ -54,6 +62,8 @@ class SyncAzureDestinationArgs:
             pulumi.set(__self__, "cloud", cloud)
         if custom_tags is not None:
             pulumi.set(__self__, "custom_tags", custom_tags)
+        if granularity is not None:
+            pulumi.set(__self__, "granularity", granularity)
         if key_vault_uri is not None:
             pulumi.set(__self__, "key_vault_uri", key_vault_uri)
         if name is not None:
@@ -107,16 +117,29 @@ class SyncAzureDestinationArgs:
 
     @property
     @pulumi.getter(name="customTags")
-    def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
+    def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
         """
         Custom tags to set on the secret managed at the destination.
         """
         return pulumi.get(self, "custom_tags")
 
     @custom_tags.setter
-    def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
+    def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "custom_tags", value)
 
+    @property
+    @pulumi.getter
+    def granularity(self) -> Optional[pulumi.Input[str]]:
+        """
+        Determines what level of information is synced as a distinct resource
+        at the destination. Supports `secret-path` and `secret-key`.
+        """
+        return pulumi.get(self, "granularity")
+
+    @granularity.setter
+    def granularity(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "granularity", value)
+
     @property
     @pulumi.getter(name="keyVaultUri")
     def key_vault_uri(self) -> Optional[pulumi.Input[str]]:
@@ -149,7 +172,7 @@ class SyncAzureDestinationArgs:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         """
         return pulumi.get(self, "namespace")
 
@@ -191,7 +214,8 @@ class _SyncAzureDestinationState:
                  client_id: Optional[pulumi.Input[str]] = None,
                  client_secret: Optional[pulumi.Input[str]] = None,
                  cloud: Optional[pulumi.Input[str]] = None,
-                 custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 granularity: Optional[pulumi.Input[str]] = None,
                  key_vault_uri: Optional[pulumi.Input[str]] = None,
                  name: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
@@ -207,14 +231,16 @@ class _SyncAzureDestinationState:
                Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment
                variable.
         :param pulumi.Input[str] cloud: Specifies a cloud for the client. The default is Azure Public Cloud.
-        :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
+               at the destination. Supports `secret-path` and `secret-key`.
         :param pulumi.Input[str] key_vault_uri: URI of an existing Azure Key Vault instance.
                Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment
                variable.
         :param pulumi.Input[str] name: Unique name of the Azure destination.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
                Supports a subset of the Go Template syntax.
         :param pulumi.Input[str] tenant_id: ID of the target Azure tenant.
@@ -230,6 +256,8 @@ class _SyncAzureDestinationState:
             pulumi.set(__self__, "cloud", cloud)
         if custom_tags is not None:
             pulumi.set(__self__, "custom_tags", custom_tags)
+        if granularity is not None:
+            pulumi.set(__self__, "granularity", granularity)
         if key_vault_uri is not None:
             pulumi.set(__self__, "key_vault_uri", key_vault_uri)
         if name is not None:
@@ -285,16 +313,29 @@ class _SyncAzureDestinationState:
 
     @property
     @pulumi.getter(name="customTags")
-    def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
+    def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
         """
         Custom tags to set on the secret managed at the destination.
         """
         return pulumi.get(self, "custom_tags")
 
     @custom_tags.setter
-    def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
+    def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "custom_tags", value)
 
+    @property
+    @pulumi.getter
+    def granularity(self) -> Optional[pulumi.Input[str]]:
+        """
+        Determines what level of information is synced as a distinct resource
+        at the destination. Supports `secret-path` and `secret-key`.
+        """
+        return pulumi.get(self, "granularity")
+
+    @granularity.setter
+    def granularity(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "granularity", value)
+
     @property
     @pulumi.getter(name="keyVaultUri")
     def key_vault_uri(self) -> Optional[pulumi.Input[str]]:
@@ -327,7 +368,7 @@ class _SyncAzureDestinationState:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         """
         return pulumi.get(self, "namespace")
 
@@ -383,7 +424,8 @@ class SyncAzureDestination(pulumi.CustomResource):
                  client_id: Optional[pulumi.Input[str]] = None,
                  client_secret: Optional[pulumi.Input[str]] = None,
                  cloud: Optional[pulumi.Input[str]] = None,
-                 custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 granularity: Optional[pulumi.Input[str]] = None,
                  key_vault_uri: Optional[pulumi.Input[str]] = None,
                  name: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
@@ -398,10 +440,11 @@ class SyncAzureDestination(pulumi.CustomResource):
         import pulumi_vault as vault
 
         az = vault.secrets.SyncAzureDestination("az",
-            key_vault_uri=var["key_vault_uri"],
-            client_id=var["client_id"],
-            client_secret=var["client_secret"],
-            tenant_id=var["tenant_id"],
+            name="az-dest",
+            key_vault_uri=key_vault_uri,
+            client_id=client_id,
+            client_secret=client_secret,
+            tenant_id=tenant_id,
             secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
             custom_tags={
                 "foo": "bar",
@@ -413,7 +456,7 @@ class SyncAzureDestination(pulumi.CustomResource):
         Azure Secrets sync destinations can be imported using the `name`, e.g.
 
         ```sh
-         $ pulumi import vault:secrets/syncAzureDestination:SyncAzureDestination az az-dest
+        $ pulumi import vault:secrets/syncAzureDestination:SyncAzureDestination az az-dest
         ```
 
         :param str resource_name: The name of the resource.
@@ -425,14 +468,16 @@ class SyncAzureDestination(pulumi.CustomResource):
                Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment
                variable.
         :param pulumi.Input[str] cloud: Specifies a cloud for the client. The default is Azure Public Cloud.
-        :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
+               at the destination. Supports `secret-path` and `secret-key`.
         :param pulumi.Input[str] key_vault_uri: URI of an existing Azure Key Vault instance.
                Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment
                variable.
         :param pulumi.Input[str] name: Unique name of the Azure destination.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
                Supports a subset of the Go Template syntax.
         :param pulumi.Input[str] tenant_id: ID of the target Azure tenant.
@@ -453,10 +498,11 @@ class SyncAzureDestination(pulumi.CustomResource):
         import pulumi_vault as vault
 
         az = vault.secrets.SyncAzureDestination("az",
-            key_vault_uri=var["key_vault_uri"],
-            client_id=var["client_id"],
-            client_secret=var["client_secret"],
-            tenant_id=var["tenant_id"],
+            name="az-dest",
+            key_vault_uri=key_vault_uri,
+            client_id=client_id,
+            client_secret=client_secret,
+            tenant_id=tenant_id,
             secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
             custom_tags={
                 "foo": "bar",
@@ -468,7 +514,7 @@ class SyncAzureDestination(pulumi.CustomResource):
         Azure Secrets sync destinations can be imported using the `name`, e.g.
 
         ```sh
-         $ pulumi import vault:secrets/syncAzureDestination:SyncAzureDestination az az-dest
+        $ pulumi import vault:secrets/syncAzureDestination:SyncAzureDestination az az-dest
         ```
 
         :param str resource_name: The name of the resource.
@@ -489,7 +535,8 @@ class SyncAzureDestination(pulumi.CustomResource):
                  client_id: Optional[pulumi.Input[str]] = None,
                  client_secret: Optional[pulumi.Input[str]] = None,
                  cloud: Optional[pulumi.Input[str]] = None,
-                 custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 granularity: Optional[pulumi.Input[str]] = None,
                  key_vault_uri: Optional[pulumi.Input[str]] = None,
                  name: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
@@ -508,6 +555,7 @@ class SyncAzureDestination(pulumi.CustomResource):
             __props__.__dict__["client_secret"] = None if client_secret is None else pulumi.Output.secret(client_secret)
             __props__.__dict__["cloud"] = cloud
             __props__.__dict__["custom_tags"] = custom_tags
+            __props__.__dict__["granularity"] = granularity
             __props__.__dict__["key_vault_uri"] = key_vault_uri
             __props__.__dict__["name"] = name
             __props__.__dict__["namespace"] = namespace
@@ -529,7 +577,8 @@ class SyncAzureDestination(pulumi.CustomResource):
             client_id: Optional[pulumi.Input[str]] = None,
             client_secret: Optional[pulumi.Input[str]] = None,
             cloud: Optional[pulumi.Input[str]] = None,
-            custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+            custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+            granularity: Optional[pulumi.Input[str]] = None,
             key_vault_uri: Optional[pulumi.Input[str]] = None,
             name: Optional[pulumi.Input[str]] = None,
             namespace: Optional[pulumi.Input[str]] = None,
@@ -550,14 +599,16 @@ class SyncAzureDestination(pulumi.CustomResource):
                Can be omitted and directly provided to Vault using the `AZURE_CLIENT_SECRET` environment
                variable.
         :param pulumi.Input[str] cloud: Specifies a cloud for the client. The default is Azure Public Cloud.
-        :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
+               at the destination. Supports `secret-path` and `secret-key`.
         :param pulumi.Input[str] key_vault_uri: URI of an existing Azure Key Vault instance.
                Can be omitted and directly provided to Vault using the `KEY_VAULT_URI` environment
                variable.
         :param pulumi.Input[str] name: Unique name of the Azure destination.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
                Supports a subset of the Go Template syntax.
         :param pulumi.Input[str] tenant_id: ID of the target Azure tenant.
@@ -573,6 +624,7 @@ class SyncAzureDestination(pulumi.CustomResource):
         __props__.__dict__["client_secret"] = client_secret
         __props__.__dict__["cloud"] = cloud
         __props__.__dict__["custom_tags"] = custom_tags
+        __props__.__dict__["granularity"] = granularity
         __props__.__dict__["key_vault_uri"] = key_vault_uri
         __props__.__dict__["name"] = name
         __props__.__dict__["namespace"] = namespace
@@ -611,12 +663,21 @@ class SyncAzureDestination(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="customTags")
-    def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
+    def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
         """
         Custom tags to set on the secret managed at the destination.
         """
         return pulumi.get(self, "custom_tags")
 
+    @property
+    @pulumi.getter
+    def granularity(self) -> pulumi.Output[Optional[str]]:
+        """
+        Determines what level of information is synced as a distinct resource
+        at the destination. Supports `secret-path` and `secret-key`.
+        """
+        return pulumi.get(self, "granularity")
+
     @property
     @pulumi.getter(name="keyVaultUri")
     def key_vault_uri(self) -> pulumi.Output[Optional[str]]:
@@ -641,7 +702,7 @@ class SyncAzureDestination(pulumi.CustomResource):
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         """
         return pulumi.get(self, "namespace")
 

pulumi_vault/secrets/sync_config.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['SyncConfigArgs', 'SyncConfig']
@@ -154,7 +159,7 @@ class SyncConfig(pulumi.CustomResource):
         import pulumi
         import pulumi_vault as vault
 
-        global_config = vault.secrets.SyncConfig("globalConfig",
+        global_config = vault.secrets.SyncConfig("global_config",
             disabled=True,
             queue_capacity=500000)
         ```
@@ -162,7 +167,7 @@ class SyncConfig(pulumi.CustomResource):
         ## Import
 
         ```sh
-         $ pulumi import vault:secrets/syncConfig:SyncConfig config global_config
+        $ pulumi import vault:secrets/syncConfig:SyncConfig config global_config
         ```
 
         :param str resource_name: The name of the resource.
@@ -193,7 +198,7 @@ class SyncConfig(pulumi.CustomResource):
         import pulumi
         import pulumi_vault as vault
 
-        global_config = vault.secrets.SyncConfig("globalConfig",
+        global_config = vault.secrets.SyncConfig("global_config",
             disabled=True,
             queue_capacity=500000)
         ```
@@ -201,7 +206,7 @@ class SyncConfig(pulumi.CustomResource):
         ## Import
 
         ```sh
-         $ pulumi import vault:secrets/syncConfig:SyncConfig config global_config
+        $ pulumi import vault:secrets/syncConfig:SyncConfig config global_config
         ```
 
         :param str resource_name: The name of the resource.