PyPI - pulumi-vault - Versions diffs - 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl - Mend

pulumi-vault 5.21.0a1709368526py3-none-any.whl → 6.5.0a1736836139py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (229) hide show

pulumi_vault/__init__.py +52 -0
pulumi_vault/_inputs.py +560 -0
pulumi_vault/_utilities.py +41 -5
pulumi_vault/ad/get_access_credentials.py +26 -9
pulumi_vault/ad/secret_backend.py +16 -142
pulumi_vault/ad/secret_library.py +16 -9
pulumi_vault/ad/secret_role.py +14 -9
pulumi_vault/alicloud/auth_backend_role.py +76 -190
pulumi_vault/approle/auth_backend_login.py +12 -7
pulumi_vault/approle/auth_backend_role.py +77 -191
pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
pulumi_vault/audit.py +30 -21
pulumi_vault/audit_request_header.py +11 -2
pulumi_vault/auth_backend.py +66 -14
pulumi_vault/aws/auth_backend_cert.py +18 -9
pulumi_vault/aws/auth_backend_client.py +267 -22
pulumi_vault/aws/auth_backend_config_identity.py +14 -9
pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
pulumi_vault/aws/auth_backend_login.py +19 -22
pulumi_vault/aws/auth_backend_role.py +77 -191
pulumi_vault/aws/auth_backend_role_tag.py +12 -7
pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
pulumi_vault/aws/auth_backend_sts_role.py +14 -9
pulumi_vault/aws/get_access_credentials.py +38 -9
pulumi_vault/aws/get_static_access_credentials.py +19 -5
pulumi_vault/aws/secret_backend.py +77 -9
pulumi_vault/aws/secret_backend_role.py +185 -9
pulumi_vault/aws/secret_backend_static_role.py +20 -11
pulumi_vault/azure/_inputs.py +24 -0
pulumi_vault/azure/auth_backend_config.py +153 -15
pulumi_vault/azure/auth_backend_role.py +77 -191
pulumi_vault/azure/backend.py +227 -21
pulumi_vault/azure/backend_role.py +42 -37
pulumi_vault/azure/get_access_credentials.py +41 -7
pulumi_vault/azure/outputs.py +5 -0
pulumi_vault/cert_auth_backend_role.py +87 -267
pulumi_vault/config/__init__.pyi +5 -0
pulumi_vault/config/_inputs.py +73 -0
pulumi_vault/config/outputs.py +35 -0
pulumi_vault/config/ui_custom_message.py +529 -0
pulumi_vault/config/vars.py +5 -0
pulumi_vault/consul/secret_backend.py +28 -19
pulumi_vault/consul/secret_backend_role.py +18 -78
pulumi_vault/database/_inputs.py +2770 -881
pulumi_vault/database/outputs.py +721 -838
pulumi_vault/database/secret_backend_connection.py +119 -112
pulumi_vault/database/secret_backend_role.py +31 -22
pulumi_vault/database/secret_backend_static_role.py +87 -13
pulumi_vault/database/secrets_mount.py +427 -136
pulumi_vault/egp_policy.py +16 -11
pulumi_vault/gcp/_inputs.py +111 -0
pulumi_vault/gcp/auth_backend.py +250 -33
pulumi_vault/gcp/auth_backend_role.py +77 -269
pulumi_vault/gcp/get_auth_backend_role.py +43 -5
pulumi_vault/gcp/outputs.py +5 -0
pulumi_vault/gcp/secret_backend.py +287 -12
pulumi_vault/gcp/secret_impersonated_account.py +76 -15
pulumi_vault/gcp/secret_roleset.py +31 -24
pulumi_vault/gcp/secret_static_account.py +39 -32
pulumi_vault/generic/endpoint.py +24 -17
pulumi_vault/generic/get_secret.py +64 -8
pulumi_vault/generic/secret.py +21 -16
pulumi_vault/get_auth_backend.py +24 -7
pulumi_vault/get_auth_backends.py +51 -9
pulumi_vault/get_namespace.py +226 -0
pulumi_vault/get_namespaces.py +153 -0
pulumi_vault/get_nomad_access_token.py +31 -11
pulumi_vault/get_policy_document.py +34 -19
pulumi_vault/get_raft_autopilot_state.py +29 -10
pulumi_vault/github/_inputs.py +55 -0
pulumi_vault/github/auth_backend.py +19 -14
pulumi_vault/github/outputs.py +5 -0
pulumi_vault/github/team.py +16 -11
pulumi_vault/github/user.py +16 -11
pulumi_vault/identity/entity.py +20 -13
pulumi_vault/identity/entity_alias.py +20 -13
pulumi_vault/identity/entity_policies.py +28 -11
pulumi_vault/identity/get_entity.py +42 -10
pulumi_vault/identity/get_group.py +47 -9
pulumi_vault/identity/get_oidc_client_creds.py +21 -7
pulumi_vault/identity/get_oidc_openid_config.py +39 -9
pulumi_vault/identity/get_oidc_public_keys.py +29 -10
pulumi_vault/identity/group.py +58 -39
pulumi_vault/identity/group_alias.py +16 -9
pulumi_vault/identity/group_member_entity_ids.py +28 -66
pulumi_vault/identity/group_member_group_ids.py +40 -19
pulumi_vault/identity/group_policies.py +20 -7
pulumi_vault/identity/mfa_duo.py +11 -6
pulumi_vault/identity/mfa_login_enforcement.py +15 -6
pulumi_vault/identity/mfa_okta.py +11 -6
pulumi_vault/identity/mfa_pingid.py +7 -2
pulumi_vault/identity/mfa_totp.py +7 -2
pulumi_vault/identity/oidc.py +12 -7
pulumi_vault/identity/oidc_assignment.py +24 -11
pulumi_vault/identity/oidc_client.py +36 -23
pulumi_vault/identity/oidc_key.py +30 -17
pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
pulumi_vault/identity/oidc_provider.py +36 -21
pulumi_vault/identity/oidc_role.py +42 -21
pulumi_vault/identity/oidc_scope.py +20 -13
pulumi_vault/identity/outputs.py +8 -3
pulumi_vault/jwt/_inputs.py +55 -0
pulumi_vault/jwt/auth_backend.py +45 -40
pulumi_vault/jwt/auth_backend_role.py +133 -254
pulumi_vault/jwt/outputs.py +5 -0
pulumi_vault/kmip/secret_backend.py +24 -19
pulumi_vault/kmip/secret_role.py +14 -9
pulumi_vault/kmip/secret_scope.py +14 -9
pulumi_vault/kubernetes/auth_backend_config.py +57 -5
pulumi_vault/kubernetes/auth_backend_role.py +70 -177
pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
pulumi_vault/kubernetes/get_service_account_token.py +39 -11
pulumi_vault/kubernetes/secret_backend.py +316 -27
pulumi_vault/kubernetes/secret_backend_role.py +137 -46
pulumi_vault/kv/_inputs.py +36 -4
pulumi_vault/kv/get_secret.py +25 -8
pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
pulumi_vault/kv/get_secret_v2.py +85 -9
pulumi_vault/kv/get_secrets_list.py +24 -11
pulumi_vault/kv/get_secrets_list_v2.py +37 -15
pulumi_vault/kv/outputs.py +8 -3
pulumi_vault/kv/secret.py +23 -16
pulumi_vault/kv/secret_backend_v2.py +20 -11
pulumi_vault/kv/secret_v2.py +59 -50
pulumi_vault/ldap/auth_backend.py +127 -166
pulumi_vault/ldap/auth_backend_group.py +14 -9
pulumi_vault/ldap/auth_backend_user.py +14 -9
pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
pulumi_vault/ldap/get_static_credentials.py +24 -5
pulumi_vault/ldap/secret_backend.py +354 -82
pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
pulumi_vault/ldap/secret_backend_library_set.py +16 -9
pulumi_vault/ldap/secret_backend_static_role.py +73 -12
pulumi_vault/managed/_inputs.py +289 -132
pulumi_vault/managed/keys.py +29 -57
pulumi_vault/managed/outputs.py +89 -132
pulumi_vault/mfa_duo.py +18 -11
pulumi_vault/mfa_okta.py +18 -11
pulumi_vault/mfa_pingid.py +18 -11
pulumi_vault/mfa_totp.py +24 -17
pulumi_vault/mongodbatlas/secret_backend.py +20 -15
pulumi_vault/mongodbatlas/secret_role.py +47 -38
pulumi_vault/mount.py +391 -51
pulumi_vault/namespace.py +68 -83
pulumi_vault/nomad_secret_backend.py +18 -13
pulumi_vault/nomad_secret_role.py +14 -9
pulumi_vault/okta/_inputs.py +47 -8
pulumi_vault/okta/auth_backend.py +485 -39
pulumi_vault/okta/auth_backend_group.py +14 -9
pulumi_vault/okta/auth_backend_user.py +14 -9
pulumi_vault/okta/outputs.py +13 -8
pulumi_vault/outputs.py +5 -0
pulumi_vault/password_policy.py +20 -13
pulumi_vault/pkisecret/__init__.py +3 -0
pulumi_vault/pkisecret/_inputs.py +81 -0
pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
pulumi_vault/pkisecret/backend_config_est.py +619 -0
pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
pulumi_vault/pkisecret/get_backend_key.py +24 -9
pulumi_vault/pkisecret/get_backend_keys.py +21 -8
pulumi_vault/pkisecret/outputs.py +69 -0
pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
pulumi_vault/pkisecret/secret_backend_key.py +14 -9
pulumi_vault/pkisecret/secret_backend_role.py +21 -14
pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
pulumi_vault/plugin.py +595 -0
pulumi_vault/plugin_pinned_version.py +298 -0
pulumi_vault/policy.py +14 -9
pulumi_vault/provider.py +48 -53
pulumi_vault/pulumi-plugin.json +2 -1
pulumi_vault/quota_lease_count.py +60 -6
pulumi_vault/quota_rate_limit.py +56 -2
pulumi_vault/rabbitmq/_inputs.py +61 -0
pulumi_vault/rabbitmq/outputs.py +5 -0
pulumi_vault/rabbitmq/secret_backend.py +18 -13
pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
pulumi_vault/raft_autopilot.py +14 -9
pulumi_vault/raft_snapshot_agent_config.py +129 -224
pulumi_vault/rgp_policy.py +14 -9
pulumi_vault/saml/auth_backend.py +22 -17
pulumi_vault/saml/auth_backend_role.py +92 -197
pulumi_vault/secrets/__init__.py +3 -0
pulumi_vault/secrets/_inputs.py +110 -0
pulumi_vault/secrets/outputs.py +94 -0
pulumi_vault/secrets/sync_association.py +56 -71
pulumi_vault/secrets/sync_aws_destination.py +242 -27
pulumi_vault/secrets/sync_azure_destination.py +92 -31
pulumi_vault/secrets/sync_config.py +9 -4
pulumi_vault/secrets/sync_gcp_destination.py +158 -25
pulumi_vault/secrets/sync_gh_destination.py +189 -13
pulumi_vault/secrets/sync_github_apps.py +375 -0
pulumi_vault/secrets/sync_vercel_destination.py +74 -13
pulumi_vault/ssh/_inputs.py +28 -28
pulumi_vault/ssh/outputs.py +11 -28
pulumi_vault/ssh/secret_backend_ca.py +108 -9
pulumi_vault/ssh/secret_backend_role.py +85 -118
pulumi_vault/terraformcloud/secret_backend.py +7 -54
pulumi_vault/terraformcloud/secret_creds.py +14 -20
pulumi_vault/terraformcloud/secret_role.py +16 -74
pulumi_vault/token.py +28 -23
pulumi_vault/tokenauth/auth_backend_role.py +78 -199
pulumi_vault/transform/alphabet.py +16 -9
pulumi_vault/transform/get_decode.py +45 -17
pulumi_vault/transform/get_encode.py +45 -17
pulumi_vault/transform/role.py +16 -9
pulumi_vault/transform/template.py +30 -21
pulumi_vault/transform/transformation.py +12 -7
pulumi_vault/transit/get_decrypt.py +26 -21
pulumi_vault/transit/get_encrypt.py +24 -19
pulumi_vault/transit/secret_backend_key.py +27 -93
pulumi_vault/transit/secret_cache_config.py +12 -7
{pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
{pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
{pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0

pulumi_vault/secrets/sync_gcp_destination.py CHANGED Viewed

@@ -4,9 +4,14 @@
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 __all__ = ['SyncGcpDestinationArgs', 'SyncGcpDestination']
@@ -15,20 +20,28 @@ __all__ = ['SyncGcpDestinationArgs', 'SyncGcpDestination']
 class SyncGcpDestinationArgs:
     def __init__(__self__, *,
                  credentials: Optional[pulumi.Input[str]] = None,
-                 custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 granularity: Optional[pulumi.Input[str]] = None,
                  name: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
+                 project_id: Optional[pulumi.Input[str]] = None,
                  secret_name_template: Optional[pulumi.Input[str]] = None):
         """
         The set of arguments for constructing a SyncGcpDestination resource.
         :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
                Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
                variable.
-        :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
+               at the destination. Supports `secret-path` and `secret-key`.
         :param pulumi.Input[str] name: Unique name of the GCP destination.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        :param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
+               overrides the project ID derived from the service account JSON credentials or application
+               default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
+               to perform Secret Manager actions in the target project.
         :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
                Supports a subset of the Go Template syntax.
         """
@@ -36,10 +49,14 @@ class SyncGcpDestinationArgs:
             pulumi.set(__self__, "credentials", credentials)
         if custom_tags is not None:
             pulumi.set(__self__, "custom_tags", custom_tags)
+        if granularity is not None:
+            pulumi.set(__self__, "granularity", granularity)
         if name is not None:
             pulumi.set(__self__, "name", name)
         if namespace is not None:
             pulumi.set(__self__, "namespace", namespace)
+        if project_id is not None:
+            pulumi.set(__self__, "project_id", project_id)
         if secret_name_template is not None:
             pulumi.set(__self__, "secret_name_template", secret_name_template)
@@ -59,16 +76,29 @@ class SyncGcpDestinationArgs:
     @property
     @pulumi.getter(name="customTags")
-    def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
+    def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
         """
         Custom tags to set on the secret managed at the destination.
         """
         return pulumi.get(self, "custom_tags")
     @custom_tags.setter
-    def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
+    def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "custom_tags", value)
+    @property
+    @pulumi.getter
+    def granularity(self) -> Optional[pulumi.Input[str]]:
+        """
+        Determines what level of information is synced as a distinct resource
+        at the destination. Supports `secret-path` and `secret-key`.
+        """
+        return pulumi.get(self, "granularity")
+    @granularity.setter
+    def granularity(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "granularity", value)
     @property
     @pulumi.getter
     def name(self) -> Optional[pulumi.Input[str]]:
@@ -87,7 +117,7 @@ class SyncGcpDestinationArgs:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         """
         return pulumi.get(self, "namespace")
@@ -95,6 +125,21 @@ class SyncGcpDestinationArgs:
     def namespace(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "namespace", value)
+    @property
+    @pulumi.getter(name="projectId")
+    def project_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        The target project to manage secrets in. If set,
+        overrides the project ID derived from the service account JSON credentials or application
+        default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
+        to perform Secret Manager actions in the target project.
+        """
+        return pulumi.get(self, "project_id")
+    @project_id.setter
+    def project_id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "project_id", value)
     @property
     @pulumi.getter(name="secretNameTemplate")
     def secret_name_template(self) -> Optional[pulumi.Input[str]]:
@@ -113,9 +158,11 @@ class SyncGcpDestinationArgs:
 class _SyncGcpDestinationState:
     def __init__(__self__, *,
                  credentials: Optional[pulumi.Input[str]] = None,
-                 custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 granularity: Optional[pulumi.Input[str]] = None,
                  name: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
+                 project_id: Optional[pulumi.Input[str]] = None,
                  secret_name_template: Optional[pulumi.Input[str]] = None,
                  type: Optional[pulumi.Input[str]] = None):
         """
@@ -123,11 +170,17 @@ class _SyncGcpDestinationState:
         :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
                Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
                variable.
-        :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
+               at the destination. Supports `secret-path` and `secret-key`.
         :param pulumi.Input[str] name: Unique name of the GCP destination.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        :param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
+               overrides the project ID derived from the service account JSON credentials or application
+               default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
+               to perform Secret Manager actions in the target project.
         :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
                Supports a subset of the Go Template syntax.
         :param pulumi.Input[str] type: The type of the secrets destination (`gcp-sm`).
@@ -136,10 +189,14 @@ class _SyncGcpDestinationState:
             pulumi.set(__self__, "credentials", credentials)
         if custom_tags is not None:
             pulumi.set(__self__, "custom_tags", custom_tags)
+        if granularity is not None:
+            pulumi.set(__self__, "granularity", granularity)
         if name is not None:
             pulumi.set(__self__, "name", name)
         if namespace is not None:
             pulumi.set(__self__, "namespace", namespace)
+        if project_id is not None:
+            pulumi.set(__self__, "project_id", project_id)
         if secret_name_template is not None:
             pulumi.set(__self__, "secret_name_template", secret_name_template)
         if type is not None:
@@ -161,16 +218,29 @@ class _SyncGcpDestinationState:
     @property
     @pulumi.getter(name="customTags")
-    def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
+    def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
         """
         Custom tags to set on the secret managed at the destination.
         """
         return pulumi.get(self, "custom_tags")
     @custom_tags.setter
-    def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
+    def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "custom_tags", value)
+    @property
+    @pulumi.getter
+    def granularity(self) -> Optional[pulumi.Input[str]]:
+        """
+        Determines what level of information is synced as a distinct resource
+        at the destination. Supports `secret-path` and `secret-key`.
+        """
+        return pulumi.get(self, "granularity")
+    @granularity.setter
+    def granularity(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "granularity", value)
     @property
     @pulumi.getter
     def name(self) -> Optional[pulumi.Input[str]]:
@@ -189,7 +259,7 @@ class _SyncGcpDestinationState:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         """
         return pulumi.get(self, "namespace")
@@ -197,6 +267,21 @@ class _SyncGcpDestinationState:
     def namespace(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "namespace", value)
+    @property
+    @pulumi.getter(name="projectId")
+    def project_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        The target project to manage secrets in. If set,
+        overrides the project ID derived from the service account JSON credentials or application
+        default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
+        to perform Secret Manager actions in the target project.
+        """
+        return pulumi.get(self, "project_id")
+    @project_id.setter
+    def project_id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "project_id", value)
     @property
     @pulumi.getter(name="secretNameTemplate")
     def secret_name_template(self) -> Optional[pulumi.Input[str]]:
@@ -229,9 +314,11 @@ class SyncGcpDestination(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  credentials: Optional[pulumi.Input[str]] = None,
-                 custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 granularity: Optional[pulumi.Input[str]] = None,
                  name: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
+                 project_id: Optional[pulumi.Input[str]] = None,
                  secret_name_template: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
@@ -239,10 +326,13 @@ class SyncGcpDestination(pulumi.CustomResource):
         ```python
         import pulumi
+        import pulumi_std as std
         import pulumi_vault as vault
         gcp = vault.secrets.SyncGcpDestination("gcp",
-            credentials=(lambda path: open(path).read())(var["credentials_file"]),
+            name="gcp-dest",
+            project_id="gcp-project-id",
+            credentials=std.file(input=credentials_file).result,
             secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
             custom_tags={
                 "foo": "bar",
@@ -254,7 +344,7 @@ class SyncGcpDestination(pulumi.CustomResource):
         GCP Secrets sync destinations can be imported using the `name`, e.g.
         ```sh
-         $ pulumi import vault:secrets/syncGcpDestination:SyncGcpDestination gcp gcp-dest
+        $ pulumi import vault:secrets/syncGcpDestination:SyncGcpDestination gcp gcp-dest
         ```
         :param str resource_name: The name of the resource.
@@ -262,11 +352,17 @@ class SyncGcpDestination(pulumi.CustomResource):
         :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
                Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
                variable.
-        :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
+               at the destination. Supports `secret-path` and `secret-key`.
         :param pulumi.Input[str] name: Unique name of the GCP destination.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        :param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
+               overrides the project ID derived from the service account JSON credentials or application
+               default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
+               to perform Secret Manager actions in the target project.
         :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
                Supports a subset of the Go Template syntax.
         """
@@ -281,10 +377,13 @@ class SyncGcpDestination(pulumi.CustomResource):
         ```python
         import pulumi
+        import pulumi_std as std
         import pulumi_vault as vault
         gcp = vault.secrets.SyncGcpDestination("gcp",
-            credentials=(lambda path: open(path).read())(var["credentials_file"]),
+            name="gcp-dest",
+            project_id="gcp-project-id",
+            credentials=std.file(input=credentials_file).result,
             secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
             custom_tags={
                 "foo": "bar",
@@ -296,7 +395,7 @@ class SyncGcpDestination(pulumi.CustomResource):
         GCP Secrets sync destinations can be imported using the `name`, e.g.
         ```sh
-         $ pulumi import vault:secrets/syncGcpDestination:SyncGcpDestination gcp gcp-dest
+        $ pulumi import vault:secrets/syncGcpDestination:SyncGcpDestination gcp gcp-dest
         ```
         :param str resource_name: The name of the resource.
@@ -315,9 +414,11 @@ class SyncGcpDestination(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  credentials: Optional[pulumi.Input[str]] = None,
-                 custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 granularity: Optional[pulumi.Input[str]] = None,
                  name: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
+                 project_id: Optional[pulumi.Input[str]] = None,
                  secret_name_template: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -330,8 +431,10 @@ class SyncGcpDestination(pulumi.CustomResource):
             __props__.__dict__["credentials"] = None if credentials is None else pulumi.Output.secret(credentials)
             __props__.__dict__["custom_tags"] = custom_tags
+            __props__.__dict__["granularity"] = granularity
             __props__.__dict__["name"] = name
             __props__.__dict__["namespace"] = namespace
+            __props__.__dict__["project_id"] = project_id
             __props__.__dict__["secret_name_template"] = secret_name_template
             __props__.__dict__["type"] = None
         secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["credentials"])
@@ -347,9 +450,11 @@ class SyncGcpDestination(pulumi.CustomResource):
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
             credentials: Optional[pulumi.Input[str]] = None,
-            custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+            custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+            granularity: Optional[pulumi.Input[str]] = None,
             name: Optional[pulumi.Input[str]] = None,
             namespace: Optional[pulumi.Input[str]] = None,
+            project_id: Optional[pulumi.Input[str]] = None,
             secret_name_template: Optional[pulumi.Input[str]] = None,
             type: Optional[pulumi.Input[str]] = None) -> 'SyncGcpDestination':
         """
@@ -362,11 +467,17 @@ class SyncGcpDestination(pulumi.CustomResource):
         :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
                Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
                variable.
-        :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
+               at the destination. Supports `secret-path` and `secret-key`.
         :param pulumi.Input[str] name: Unique name of the GCP destination.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        :param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
+               overrides the project ID derived from the service account JSON credentials or application
+               default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
+               to perform Secret Manager actions in the target project.
         :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
                Supports a subset of the Go Template syntax.
         :param pulumi.Input[str] type: The type of the secrets destination (`gcp-sm`).
@@ -377,8 +488,10 @@ class SyncGcpDestination(pulumi.CustomResource):
         __props__.__dict__["credentials"] = credentials
         __props__.__dict__["custom_tags"] = custom_tags
+        __props__.__dict__["granularity"] = granularity
         __props__.__dict__["name"] = name
         __props__.__dict__["namespace"] = namespace
+        __props__.__dict__["project_id"] = project_id
         __props__.__dict__["secret_name_template"] = secret_name_template
         __props__.__dict__["type"] = type
         return SyncGcpDestination(resource_name, opts=opts, __props__=__props__)
@@ -395,12 +508,21 @@ class SyncGcpDestination(pulumi.CustomResource):
     @property
     @pulumi.getter(name="customTags")
-    def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
+    def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
         """
         Custom tags to set on the secret managed at the destination.
         """
         return pulumi.get(self, "custom_tags")
+    @property
+    @pulumi.getter
+    def granularity(self) -> pulumi.Output[Optional[str]]:
+        """
+        Determines what level of information is synced as a distinct resource
+        at the destination. Supports `secret-path` and `secret-key`.
+        """
+        return pulumi.get(self, "granularity")
     @property
     @pulumi.getter
     def name(self) -> pulumi.Output[str]:
@@ -415,10 +537,21 @@ class SyncGcpDestination(pulumi.CustomResource):
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         """
         return pulumi.get(self, "namespace")
+    @property
+    @pulumi.getter(name="projectId")
+    def project_id(self) -> pulumi.Output[Optional[str]]:
+        """
+        The target project to manage secrets in. If set,
+        overrides the project ID derived from the service account JSON credentials or application
+        default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
+        to perform Secret Manager actions in the target project.
+        """
+        return pulumi.get(self, "project_id")
     @property
     @pulumi.getter(name="secretNameTemplate")
     def secret_name_template(self) -> pulumi.Output[str]:

pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

pulumi-vault 5.21.0a1709368526py3-none-any.whl → 6.5.0a1736836139py3-none-any.whl