pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SyncGcpDestinationArgs', 'SyncGcpDestination']
@@ -15,20 +20,28 @@ __all__ = ['SyncGcpDestinationArgs', 'SyncGcpDestination']
15
20
  class SyncGcpDestinationArgs:
16
21
  def __init__(__self__, *,
17
22
  credentials: Optional[pulumi.Input[str]] = None,
18
- custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
23
+ custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
24
+ granularity: Optional[pulumi.Input[str]] = None,
19
25
  name: Optional[pulumi.Input[str]] = None,
20
26
  namespace: Optional[pulumi.Input[str]] = None,
27
+ project_id: Optional[pulumi.Input[str]] = None,
21
28
  secret_name_template: Optional[pulumi.Input[str]] = None):
22
29
  """
23
30
  The set of arguments for constructing a SyncGcpDestination resource.
24
31
  :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
25
32
  Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
26
33
  variable.
27
- :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
34
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
35
+ :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
36
+ at the destination. Supports `secret-path` and `secret-key`.
28
37
  :param pulumi.Input[str] name: Unique name of the GCP destination.
29
38
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
30
39
  The value should not contain leading or trailing forward slashes.
31
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
40
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
41
+ :param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
42
+ overrides the project ID derived from the service account JSON credentials or application
43
+ default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
44
+ to perform Secret Manager actions in the target project.
32
45
  :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
33
46
  Supports a subset of the Go Template syntax.
34
47
  """
@@ -36,10 +49,14 @@ class SyncGcpDestinationArgs:
36
49
  pulumi.set(__self__, "credentials", credentials)
37
50
  if custom_tags is not None:
38
51
  pulumi.set(__self__, "custom_tags", custom_tags)
52
+ if granularity is not None:
53
+ pulumi.set(__self__, "granularity", granularity)
39
54
  if name is not None:
40
55
  pulumi.set(__self__, "name", name)
41
56
  if namespace is not None:
42
57
  pulumi.set(__self__, "namespace", namespace)
58
+ if project_id is not None:
59
+ pulumi.set(__self__, "project_id", project_id)
43
60
  if secret_name_template is not None:
44
61
  pulumi.set(__self__, "secret_name_template", secret_name_template)
45
62
 
@@ -59,16 +76,29 @@ class SyncGcpDestinationArgs:
59
76
 
60
77
  @property
61
78
  @pulumi.getter(name="customTags")
62
- def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
79
+ def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
63
80
  """
64
81
  Custom tags to set on the secret managed at the destination.
65
82
  """
66
83
  return pulumi.get(self, "custom_tags")
67
84
 
68
85
  @custom_tags.setter
69
- def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
86
+ def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
70
87
  pulumi.set(self, "custom_tags", value)
71
88
 
89
+ @property
90
+ @pulumi.getter
91
+ def granularity(self) -> Optional[pulumi.Input[str]]:
92
+ """
93
+ Determines what level of information is synced as a distinct resource
94
+ at the destination. Supports `secret-path` and `secret-key`.
95
+ """
96
+ return pulumi.get(self, "granularity")
97
+
98
+ @granularity.setter
99
+ def granularity(self, value: Optional[pulumi.Input[str]]):
100
+ pulumi.set(self, "granularity", value)
101
+
72
102
  @property
73
103
  @pulumi.getter
74
104
  def name(self) -> Optional[pulumi.Input[str]]:
@@ -87,7 +117,7 @@ class SyncGcpDestinationArgs:
87
117
  """
88
118
  The namespace to provision the resource in.
89
119
  The value should not contain leading or trailing forward slashes.
90
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
120
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
91
121
  """
92
122
  return pulumi.get(self, "namespace")
93
123
 
@@ -95,6 +125,21 @@ class SyncGcpDestinationArgs:
95
125
  def namespace(self, value: Optional[pulumi.Input[str]]):
96
126
  pulumi.set(self, "namespace", value)
97
127
 
128
+ @property
129
+ @pulumi.getter(name="projectId")
130
+ def project_id(self) -> Optional[pulumi.Input[str]]:
131
+ """
132
+ The target project to manage secrets in. If set,
133
+ overrides the project ID derived from the service account JSON credentials or application
134
+ default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
135
+ to perform Secret Manager actions in the target project.
136
+ """
137
+ return pulumi.get(self, "project_id")
138
+
139
+ @project_id.setter
140
+ def project_id(self, value: Optional[pulumi.Input[str]]):
141
+ pulumi.set(self, "project_id", value)
142
+
98
143
  @property
99
144
  @pulumi.getter(name="secretNameTemplate")
100
145
  def secret_name_template(self) -> Optional[pulumi.Input[str]]:
@@ -113,9 +158,11 @@ class SyncGcpDestinationArgs:
113
158
  class _SyncGcpDestinationState:
114
159
  def __init__(__self__, *,
115
160
  credentials: Optional[pulumi.Input[str]] = None,
116
- custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
161
+ custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
162
+ granularity: Optional[pulumi.Input[str]] = None,
117
163
  name: Optional[pulumi.Input[str]] = None,
118
164
  namespace: Optional[pulumi.Input[str]] = None,
165
+ project_id: Optional[pulumi.Input[str]] = None,
119
166
  secret_name_template: Optional[pulumi.Input[str]] = None,
120
167
  type: Optional[pulumi.Input[str]] = None):
121
168
  """
@@ -123,11 +170,17 @@ class _SyncGcpDestinationState:
123
170
  :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
124
171
  Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
125
172
  variable.
126
- :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
173
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
174
+ :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
175
+ at the destination. Supports `secret-path` and `secret-key`.
127
176
  :param pulumi.Input[str] name: Unique name of the GCP destination.
128
177
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
129
178
  The value should not contain leading or trailing forward slashes.
130
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
179
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
180
+ :param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
181
+ overrides the project ID derived from the service account JSON credentials or application
182
+ default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
183
+ to perform Secret Manager actions in the target project.
131
184
  :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
132
185
  Supports a subset of the Go Template syntax.
133
186
  :param pulumi.Input[str] type: The type of the secrets destination (`gcp-sm`).
@@ -136,10 +189,14 @@ class _SyncGcpDestinationState:
136
189
  pulumi.set(__self__, "credentials", credentials)
137
190
  if custom_tags is not None:
138
191
  pulumi.set(__self__, "custom_tags", custom_tags)
192
+ if granularity is not None:
193
+ pulumi.set(__self__, "granularity", granularity)
139
194
  if name is not None:
140
195
  pulumi.set(__self__, "name", name)
141
196
  if namespace is not None:
142
197
  pulumi.set(__self__, "namespace", namespace)
198
+ if project_id is not None:
199
+ pulumi.set(__self__, "project_id", project_id)
143
200
  if secret_name_template is not None:
144
201
  pulumi.set(__self__, "secret_name_template", secret_name_template)
145
202
  if type is not None:
@@ -161,16 +218,29 @@ class _SyncGcpDestinationState:
161
218
 
162
219
  @property
163
220
  @pulumi.getter(name="customTags")
164
- def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
221
+ def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
165
222
  """
166
223
  Custom tags to set on the secret managed at the destination.
167
224
  """
168
225
  return pulumi.get(self, "custom_tags")
169
226
 
170
227
  @custom_tags.setter
171
- def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
228
+ def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
172
229
  pulumi.set(self, "custom_tags", value)
173
230
 
231
+ @property
232
+ @pulumi.getter
233
+ def granularity(self) -> Optional[pulumi.Input[str]]:
234
+ """
235
+ Determines what level of information is synced as a distinct resource
236
+ at the destination. Supports `secret-path` and `secret-key`.
237
+ """
238
+ return pulumi.get(self, "granularity")
239
+
240
+ @granularity.setter
241
+ def granularity(self, value: Optional[pulumi.Input[str]]):
242
+ pulumi.set(self, "granularity", value)
243
+
174
244
  @property
175
245
  @pulumi.getter
176
246
  def name(self) -> Optional[pulumi.Input[str]]:
@@ -189,7 +259,7 @@ class _SyncGcpDestinationState:
189
259
  """
190
260
  The namespace to provision the resource in.
191
261
  The value should not contain leading or trailing forward slashes.
192
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
262
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
193
263
  """
194
264
  return pulumi.get(self, "namespace")
195
265
 
@@ -197,6 +267,21 @@ class _SyncGcpDestinationState:
197
267
  def namespace(self, value: Optional[pulumi.Input[str]]):
198
268
  pulumi.set(self, "namespace", value)
199
269
 
270
+ @property
271
+ @pulumi.getter(name="projectId")
272
+ def project_id(self) -> Optional[pulumi.Input[str]]:
273
+ """
274
+ The target project to manage secrets in. If set,
275
+ overrides the project ID derived from the service account JSON credentials or application
276
+ default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
277
+ to perform Secret Manager actions in the target project.
278
+ """
279
+ return pulumi.get(self, "project_id")
280
+
281
+ @project_id.setter
282
+ def project_id(self, value: Optional[pulumi.Input[str]]):
283
+ pulumi.set(self, "project_id", value)
284
+
200
285
  @property
201
286
  @pulumi.getter(name="secretNameTemplate")
202
287
  def secret_name_template(self) -> Optional[pulumi.Input[str]]:
@@ -229,9 +314,11 @@ class SyncGcpDestination(pulumi.CustomResource):
229
314
  resource_name: str,
230
315
  opts: Optional[pulumi.ResourceOptions] = None,
231
316
  credentials: Optional[pulumi.Input[str]] = None,
232
- custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
317
+ custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
318
+ granularity: Optional[pulumi.Input[str]] = None,
233
319
  name: Optional[pulumi.Input[str]] = None,
234
320
  namespace: Optional[pulumi.Input[str]] = None,
321
+ project_id: Optional[pulumi.Input[str]] = None,
235
322
  secret_name_template: Optional[pulumi.Input[str]] = None,
236
323
  __props__=None):
237
324
  """
@@ -239,10 +326,13 @@ class SyncGcpDestination(pulumi.CustomResource):
239
326
 
240
327
  ```python
241
328
  import pulumi
329
+ import pulumi_std as std
242
330
  import pulumi_vault as vault
243
331
 
244
332
  gcp = vault.secrets.SyncGcpDestination("gcp",
245
- credentials=(lambda path: open(path).read())(var["credentials_file"]),
333
+ name="gcp-dest",
334
+ project_id="gcp-project-id",
335
+ credentials=std.file(input=credentials_file).result,
246
336
  secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
247
337
  custom_tags={
248
338
  "foo": "bar",
@@ -254,7 +344,7 @@ class SyncGcpDestination(pulumi.CustomResource):
254
344
  GCP Secrets sync destinations can be imported using the `name`, e.g.
255
345
 
256
346
  ```sh
257
- $ pulumi import vault:secrets/syncGcpDestination:SyncGcpDestination gcp gcp-dest
347
+ $ pulumi import vault:secrets/syncGcpDestination:SyncGcpDestination gcp gcp-dest
258
348
  ```
259
349
 
260
350
  :param str resource_name: The name of the resource.
@@ -262,11 +352,17 @@ class SyncGcpDestination(pulumi.CustomResource):
262
352
  :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
263
353
  Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
264
354
  variable.
265
- :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
355
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
356
+ :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
357
+ at the destination. Supports `secret-path` and `secret-key`.
266
358
  :param pulumi.Input[str] name: Unique name of the GCP destination.
267
359
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
268
360
  The value should not contain leading or trailing forward slashes.
269
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
361
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
362
+ :param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
363
+ overrides the project ID derived from the service account JSON credentials or application
364
+ default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
365
+ to perform Secret Manager actions in the target project.
270
366
  :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
271
367
  Supports a subset of the Go Template syntax.
272
368
  """
@@ -281,10 +377,13 @@ class SyncGcpDestination(pulumi.CustomResource):
281
377
 
282
378
  ```python
283
379
  import pulumi
380
+ import pulumi_std as std
284
381
  import pulumi_vault as vault
285
382
 
286
383
  gcp = vault.secrets.SyncGcpDestination("gcp",
287
- credentials=(lambda path: open(path).read())(var["credentials_file"]),
384
+ name="gcp-dest",
385
+ project_id="gcp-project-id",
386
+ credentials=std.file(input=credentials_file).result,
288
387
  secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
289
388
  custom_tags={
290
389
  "foo": "bar",
@@ -296,7 +395,7 @@ class SyncGcpDestination(pulumi.CustomResource):
296
395
  GCP Secrets sync destinations can be imported using the `name`, e.g.
297
396
 
298
397
  ```sh
299
- $ pulumi import vault:secrets/syncGcpDestination:SyncGcpDestination gcp gcp-dest
398
+ $ pulumi import vault:secrets/syncGcpDestination:SyncGcpDestination gcp gcp-dest
300
399
  ```
301
400
 
302
401
  :param str resource_name: The name of the resource.
@@ -315,9 +414,11 @@ class SyncGcpDestination(pulumi.CustomResource):
315
414
  resource_name: str,
316
415
  opts: Optional[pulumi.ResourceOptions] = None,
317
416
  credentials: Optional[pulumi.Input[str]] = None,
318
- custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
417
+ custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
418
+ granularity: Optional[pulumi.Input[str]] = None,
319
419
  name: Optional[pulumi.Input[str]] = None,
320
420
  namespace: Optional[pulumi.Input[str]] = None,
421
+ project_id: Optional[pulumi.Input[str]] = None,
321
422
  secret_name_template: Optional[pulumi.Input[str]] = None,
322
423
  __props__=None):
323
424
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -330,8 +431,10 @@ class SyncGcpDestination(pulumi.CustomResource):
330
431
 
331
432
  __props__.__dict__["credentials"] = None if credentials is None else pulumi.Output.secret(credentials)
332
433
  __props__.__dict__["custom_tags"] = custom_tags
434
+ __props__.__dict__["granularity"] = granularity
333
435
  __props__.__dict__["name"] = name
334
436
  __props__.__dict__["namespace"] = namespace
437
+ __props__.__dict__["project_id"] = project_id
335
438
  __props__.__dict__["secret_name_template"] = secret_name_template
336
439
  __props__.__dict__["type"] = None
337
440
  secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["credentials"])
@@ -347,9 +450,11 @@ class SyncGcpDestination(pulumi.CustomResource):
347
450
  id: pulumi.Input[str],
348
451
  opts: Optional[pulumi.ResourceOptions] = None,
349
452
  credentials: Optional[pulumi.Input[str]] = None,
350
- custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
453
+ custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
454
+ granularity: Optional[pulumi.Input[str]] = None,
351
455
  name: Optional[pulumi.Input[str]] = None,
352
456
  namespace: Optional[pulumi.Input[str]] = None,
457
+ project_id: Optional[pulumi.Input[str]] = None,
353
458
  secret_name_template: Optional[pulumi.Input[str]] = None,
354
459
  type: Optional[pulumi.Input[str]] = None) -> 'SyncGcpDestination':
355
460
  """
@@ -362,11 +467,17 @@ class SyncGcpDestination(pulumi.CustomResource):
362
467
  :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
363
468
  Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
364
469
  variable.
365
- :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
470
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
471
+ :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
472
+ at the destination. Supports `secret-path` and `secret-key`.
366
473
  :param pulumi.Input[str] name: Unique name of the GCP destination.
367
474
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
368
475
  The value should not contain leading or trailing forward slashes.
369
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
476
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
477
+ :param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
478
+ overrides the project ID derived from the service account JSON credentials or application
479
+ default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
480
+ to perform Secret Manager actions in the target project.
370
481
  :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
371
482
  Supports a subset of the Go Template syntax.
372
483
  :param pulumi.Input[str] type: The type of the secrets destination (`gcp-sm`).
@@ -377,8 +488,10 @@ class SyncGcpDestination(pulumi.CustomResource):
377
488
 
378
489
  __props__.__dict__["credentials"] = credentials
379
490
  __props__.__dict__["custom_tags"] = custom_tags
491
+ __props__.__dict__["granularity"] = granularity
380
492
  __props__.__dict__["name"] = name
381
493
  __props__.__dict__["namespace"] = namespace
494
+ __props__.__dict__["project_id"] = project_id
382
495
  __props__.__dict__["secret_name_template"] = secret_name_template
383
496
  __props__.__dict__["type"] = type
384
497
  return SyncGcpDestination(resource_name, opts=opts, __props__=__props__)
@@ -395,12 +508,21 @@ class SyncGcpDestination(pulumi.CustomResource):
395
508
 
396
509
  @property
397
510
  @pulumi.getter(name="customTags")
398
- def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
511
+ def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
399
512
  """
400
513
  Custom tags to set on the secret managed at the destination.
401
514
  """
402
515
  return pulumi.get(self, "custom_tags")
403
516
 
517
+ @property
518
+ @pulumi.getter
519
+ def granularity(self) -> pulumi.Output[Optional[str]]:
520
+ """
521
+ Determines what level of information is synced as a distinct resource
522
+ at the destination. Supports `secret-path` and `secret-key`.
523
+ """
524
+ return pulumi.get(self, "granularity")
525
+
404
526
  @property
405
527
  @pulumi.getter
406
528
  def name(self) -> pulumi.Output[str]:
@@ -415,10 +537,21 @@ class SyncGcpDestination(pulumi.CustomResource):
415
537
  """
416
538
  The namespace to provision the resource in.
417
539
  The value should not contain leading or trailing forward slashes.
418
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
540
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
419
541
  """
420
542
  return pulumi.get(self, "namespace")
421
543
 
544
+ @property
545
+ @pulumi.getter(name="projectId")
546
+ def project_id(self) -> pulumi.Output[Optional[str]]:
547
+ """
548
+ The target project to manage secrets in. If set,
549
+ overrides the project ID derived from the service account JSON credentials or application
550
+ default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
551
+ to perform Secret Manager actions in the target project.
552
+ """
553
+ return pulumi.get(self, "project_id")
554
+
422
555
  @property
423
556
  @pulumi.getter(name="secretNameTemplate")
424
557
  def secret_name_template(self) -> pulumi.Output[str]: