pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
  from . import outputs
12
17
  from ._inputs import *
@@ -20,6 +25,7 @@ class SecretBackendRoleArgs:
20
25
  key_type: pulumi.Input[str],
21
26
  algorithm_signer: Optional[pulumi.Input[str]] = None,
22
27
  allow_bare_domains: Optional[pulumi.Input[bool]] = None,
28
+ allow_empty_principals: Optional[pulumi.Input[bool]] = None,
23
29
  allow_host_certificates: Optional[pulumi.Input[bool]] = None,
24
30
  allow_subdomains: Optional[pulumi.Input[bool]] = None,
25
31
  allow_user_certificates: Optional[pulumi.Input[bool]] = None,
@@ -29,12 +35,11 @@ class SecretBackendRoleArgs:
29
35
  allowed_domains_template: Optional[pulumi.Input[bool]] = None,
30
36
  allowed_extensions: Optional[pulumi.Input[str]] = None,
31
37
  allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]] = None,
32
- allowed_user_key_lengths: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]] = None,
33
38
  allowed_users: Optional[pulumi.Input[str]] = None,
34
39
  allowed_users_template: Optional[pulumi.Input[bool]] = None,
35
40
  cidr_list: Optional[pulumi.Input[str]] = None,
36
- default_critical_options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
37
- default_extensions: Optional[pulumi.Input[Mapping[str, Any]]] = None,
41
+ default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
42
+ default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
38
43
  default_user: Optional[pulumi.Input[str]] = None,
39
44
  default_user_template: Optional[pulumi.Input[bool]] = None,
40
45
  key_id_format: Optional[pulumi.Input[str]] = None,
@@ -61,14 +66,11 @@ class SecretBackendRoleArgs:
61
66
  :param pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]] allowed_user_key_configs: Set of configuration blocks to define allowed
62
67
  user key configuration, like key type and their lengths. Can be specified multiple times.
63
68
  *See Configuration-Options for more info*
64
- :param pulumi.Input[Mapping[str, pulumi.Input[int]]] allowed_user_key_lengths: Specifies a map of ssh key types and their expected sizes which
65
- are allowed to be signed by the CA type.
66
- *Deprecated: use* allowed_user_key_config *instead*
67
69
  :param pulumi.Input[str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
68
70
  :param pulumi.Input[bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
69
71
  :param pulumi.Input[str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
70
- :param pulumi.Input[Mapping[str, Any]] default_critical_options: Specifies a map of critical options that certificates have when signed.
71
- :param pulumi.Input[Mapping[str, Any]] default_extensions: Specifies a map of extensions that certificates have when signed.
72
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
73
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
72
74
  :param pulumi.Input[str] default_user: Specifies the default username for which a credential will be generated.
73
75
  :param pulumi.Input[bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
74
76
  :param pulumi.Input[str] key_id_format: Specifies a custom format for the key id of a signed certificate.
@@ -76,7 +78,7 @@ class SecretBackendRoleArgs:
76
78
  :param pulumi.Input[str] name: Specifies the name of the role to create.
77
79
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
78
80
  The value should not contain leading or trailing forward slashes.
79
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
81
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
80
82
  *Available only for Vault Enterprise*.
81
83
  :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
82
84
  :param pulumi.Input[str] ttl: Specifies the Time To Live value.
@@ -87,6 +89,8 @@ class SecretBackendRoleArgs:
87
89
  pulumi.set(__self__, "algorithm_signer", algorithm_signer)
88
90
  if allow_bare_domains is not None:
89
91
  pulumi.set(__self__, "allow_bare_domains", allow_bare_domains)
92
+ if allow_empty_principals is not None:
93
+ pulumi.set(__self__, "allow_empty_principals", allow_empty_principals)
90
94
  if allow_host_certificates is not None:
91
95
  pulumi.set(__self__, "allow_host_certificates", allow_host_certificates)
92
96
  if allow_subdomains is not None:
@@ -105,11 +109,6 @@ class SecretBackendRoleArgs:
105
109
  pulumi.set(__self__, "allowed_extensions", allowed_extensions)
106
110
  if allowed_user_key_configs is not None:
107
111
  pulumi.set(__self__, "allowed_user_key_configs", allowed_user_key_configs)
108
- if allowed_user_key_lengths is not None:
109
- warnings.warn("""Set in allowed_user_key_config""", DeprecationWarning)
110
- pulumi.log.warn("""allowed_user_key_lengths is deprecated: Set in allowed_user_key_config""")
111
- if allowed_user_key_lengths is not None:
112
- pulumi.set(__self__, "allowed_user_key_lengths", allowed_user_key_lengths)
113
112
  if allowed_users is not None:
114
113
  pulumi.set(__self__, "allowed_users", allowed_users)
115
114
  if allowed_users_template is not None:
@@ -185,6 +184,15 @@ class SecretBackendRoleArgs:
185
184
  def allow_bare_domains(self, value: Optional[pulumi.Input[bool]]):
186
185
  pulumi.set(self, "allow_bare_domains", value)
187
186
 
187
+ @property
188
+ @pulumi.getter(name="allowEmptyPrincipals")
189
+ def allow_empty_principals(self) -> Optional[pulumi.Input[bool]]:
190
+ return pulumi.get(self, "allow_empty_principals")
191
+
192
+ @allow_empty_principals.setter
193
+ def allow_empty_principals(self, value: Optional[pulumi.Input[bool]]):
194
+ pulumi.set(self, "allow_empty_principals", value)
195
+
188
196
  @property
189
197
  @pulumi.getter(name="allowHostCertificates")
190
198
  def allow_host_certificates(self) -> Optional[pulumi.Input[bool]]:
@@ -296,23 +304,6 @@ class SecretBackendRoleArgs:
296
304
  def allowed_user_key_configs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]]):
297
305
  pulumi.set(self, "allowed_user_key_configs", value)
298
306
 
299
- @property
300
- @pulumi.getter(name="allowedUserKeyLengths")
301
- def allowed_user_key_lengths(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]]:
302
- """
303
- Specifies a map of ssh key types and their expected sizes which
304
- are allowed to be signed by the CA type.
305
- *Deprecated: use* allowed_user_key_config *instead*
306
- """
307
- warnings.warn("""Set in allowed_user_key_config""", DeprecationWarning)
308
- pulumi.log.warn("""allowed_user_key_lengths is deprecated: Set in allowed_user_key_config""")
309
-
310
- return pulumi.get(self, "allowed_user_key_lengths")
311
-
312
- @allowed_user_key_lengths.setter
313
- def allowed_user_key_lengths(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]]):
314
- pulumi.set(self, "allowed_user_key_lengths", value)
315
-
316
307
  @property
317
308
  @pulumi.getter(name="allowedUsers")
318
309
  def allowed_users(self) -> Optional[pulumi.Input[str]]:
@@ -351,26 +342,26 @@ class SecretBackendRoleArgs:
351
342
 
352
343
  @property
353
344
  @pulumi.getter(name="defaultCriticalOptions")
354
- def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
345
+ def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
355
346
  """
356
347
  Specifies a map of critical options that certificates have when signed.
357
348
  """
358
349
  return pulumi.get(self, "default_critical_options")
359
350
 
360
351
  @default_critical_options.setter
361
- def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
352
+ def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
362
353
  pulumi.set(self, "default_critical_options", value)
363
354
 
364
355
  @property
365
356
  @pulumi.getter(name="defaultExtensions")
366
- def default_extensions(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
357
+ def default_extensions(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
367
358
  """
368
359
  Specifies a map of extensions that certificates have when signed.
369
360
  """
370
361
  return pulumi.get(self, "default_extensions")
371
362
 
372
363
  @default_extensions.setter
373
- def default_extensions(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
364
+ def default_extensions(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
374
365
  pulumi.set(self, "default_extensions", value)
375
366
 
376
367
  @property
@@ -439,7 +430,7 @@ class SecretBackendRoleArgs:
439
430
  """
440
431
  The namespace to provision the resource in.
441
432
  The value should not contain leading or trailing forward slashes.
442
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
433
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
443
434
  *Available only for Vault Enterprise*.
444
435
  """
445
436
  return pulumi.get(self, "namespace")
@@ -478,6 +469,7 @@ class _SecretBackendRoleState:
478
469
  def __init__(__self__, *,
479
470
  algorithm_signer: Optional[pulumi.Input[str]] = None,
480
471
  allow_bare_domains: Optional[pulumi.Input[bool]] = None,
472
+ allow_empty_principals: Optional[pulumi.Input[bool]] = None,
481
473
  allow_host_certificates: Optional[pulumi.Input[bool]] = None,
482
474
  allow_subdomains: Optional[pulumi.Input[bool]] = None,
483
475
  allow_user_certificates: Optional[pulumi.Input[bool]] = None,
@@ -487,13 +479,12 @@ class _SecretBackendRoleState:
487
479
  allowed_domains_template: Optional[pulumi.Input[bool]] = None,
488
480
  allowed_extensions: Optional[pulumi.Input[str]] = None,
489
481
  allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]] = None,
490
- allowed_user_key_lengths: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]] = None,
491
482
  allowed_users: Optional[pulumi.Input[str]] = None,
492
483
  allowed_users_template: Optional[pulumi.Input[bool]] = None,
493
484
  backend: Optional[pulumi.Input[str]] = None,
494
485
  cidr_list: Optional[pulumi.Input[str]] = None,
495
- default_critical_options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
496
- default_extensions: Optional[pulumi.Input[Mapping[str, Any]]] = None,
486
+ default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
487
+ default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
497
488
  default_user: Optional[pulumi.Input[str]] = None,
498
489
  default_user_template: Optional[pulumi.Input[bool]] = None,
499
490
  key_id_format: Optional[pulumi.Input[str]] = None,
@@ -519,15 +510,12 @@ class _SecretBackendRoleState:
519
510
  :param pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]] allowed_user_key_configs: Set of configuration blocks to define allowed
520
511
  user key configuration, like key type and their lengths. Can be specified multiple times.
521
512
  *See Configuration-Options for more info*
522
- :param pulumi.Input[Mapping[str, pulumi.Input[int]]] allowed_user_key_lengths: Specifies a map of ssh key types and their expected sizes which
523
- are allowed to be signed by the CA type.
524
- *Deprecated: use* allowed_user_key_config *instead*
525
513
  :param pulumi.Input[str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
526
514
  :param pulumi.Input[bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
527
515
  :param pulumi.Input[str] backend: The path where the SSH secret backend is mounted.
528
516
  :param pulumi.Input[str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
529
- :param pulumi.Input[Mapping[str, Any]] default_critical_options: Specifies a map of critical options that certificates have when signed.
530
- :param pulumi.Input[Mapping[str, Any]] default_extensions: Specifies a map of extensions that certificates have when signed.
517
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
518
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
531
519
  :param pulumi.Input[str] default_user: Specifies the default username for which a credential will be generated.
532
520
  :param pulumi.Input[bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
533
521
  :param pulumi.Input[str] key_id_format: Specifies a custom format for the key id of a signed certificate.
@@ -536,7 +524,7 @@ class _SecretBackendRoleState:
536
524
  :param pulumi.Input[str] name: Specifies the name of the role to create.
537
525
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
538
526
  The value should not contain leading or trailing forward slashes.
539
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
527
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
540
528
  *Available only for Vault Enterprise*.
541
529
  :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
542
530
  :param pulumi.Input[str] ttl: Specifies the Time To Live value.
@@ -545,6 +533,8 @@ class _SecretBackendRoleState:
545
533
  pulumi.set(__self__, "algorithm_signer", algorithm_signer)
546
534
  if allow_bare_domains is not None:
547
535
  pulumi.set(__self__, "allow_bare_domains", allow_bare_domains)
536
+ if allow_empty_principals is not None:
537
+ pulumi.set(__self__, "allow_empty_principals", allow_empty_principals)
548
538
  if allow_host_certificates is not None:
549
539
  pulumi.set(__self__, "allow_host_certificates", allow_host_certificates)
550
540
  if allow_subdomains is not None:
@@ -563,11 +553,6 @@ class _SecretBackendRoleState:
563
553
  pulumi.set(__self__, "allowed_extensions", allowed_extensions)
564
554
  if allowed_user_key_configs is not None:
565
555
  pulumi.set(__self__, "allowed_user_key_configs", allowed_user_key_configs)
566
- if allowed_user_key_lengths is not None:
567
- warnings.warn("""Set in allowed_user_key_config""", DeprecationWarning)
568
- pulumi.log.warn("""allowed_user_key_lengths is deprecated: Set in allowed_user_key_config""")
569
- if allowed_user_key_lengths is not None:
570
- pulumi.set(__self__, "allowed_user_key_lengths", allowed_user_key_lengths)
571
556
  if allowed_users is not None:
572
557
  pulumi.set(__self__, "allowed_users", allowed_users)
573
558
  if allowed_users_template is not None:
@@ -623,6 +608,15 @@ class _SecretBackendRoleState:
623
608
  def allow_bare_domains(self, value: Optional[pulumi.Input[bool]]):
624
609
  pulumi.set(self, "allow_bare_domains", value)
625
610
 
611
+ @property
612
+ @pulumi.getter(name="allowEmptyPrincipals")
613
+ def allow_empty_principals(self) -> Optional[pulumi.Input[bool]]:
614
+ return pulumi.get(self, "allow_empty_principals")
615
+
616
+ @allow_empty_principals.setter
617
+ def allow_empty_principals(self, value: Optional[pulumi.Input[bool]]):
618
+ pulumi.set(self, "allow_empty_principals", value)
619
+
626
620
  @property
627
621
  @pulumi.getter(name="allowHostCertificates")
628
622
  def allow_host_certificates(self) -> Optional[pulumi.Input[bool]]:
@@ -734,23 +728,6 @@ class _SecretBackendRoleState:
734
728
  def allowed_user_key_configs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]]):
735
729
  pulumi.set(self, "allowed_user_key_configs", value)
736
730
 
737
- @property
738
- @pulumi.getter(name="allowedUserKeyLengths")
739
- def allowed_user_key_lengths(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]]:
740
- """
741
- Specifies a map of ssh key types and their expected sizes which
742
- are allowed to be signed by the CA type.
743
- *Deprecated: use* allowed_user_key_config *instead*
744
- """
745
- warnings.warn("""Set in allowed_user_key_config""", DeprecationWarning)
746
- pulumi.log.warn("""allowed_user_key_lengths is deprecated: Set in allowed_user_key_config""")
747
-
748
- return pulumi.get(self, "allowed_user_key_lengths")
749
-
750
- @allowed_user_key_lengths.setter
751
- def allowed_user_key_lengths(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]]):
752
- pulumi.set(self, "allowed_user_key_lengths", value)
753
-
754
731
  @property
755
732
  @pulumi.getter(name="allowedUsers")
756
733
  def allowed_users(self) -> Optional[pulumi.Input[str]]:
@@ -801,26 +778,26 @@ class _SecretBackendRoleState:
801
778
 
802
779
  @property
803
780
  @pulumi.getter(name="defaultCriticalOptions")
804
- def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
781
+ def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
805
782
  """
806
783
  Specifies a map of critical options that certificates have when signed.
807
784
  """
808
785
  return pulumi.get(self, "default_critical_options")
809
786
 
810
787
  @default_critical_options.setter
811
- def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
788
+ def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
812
789
  pulumi.set(self, "default_critical_options", value)
813
790
 
814
791
  @property
815
792
  @pulumi.getter(name="defaultExtensions")
816
- def default_extensions(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
793
+ def default_extensions(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
817
794
  """
818
795
  Specifies a map of extensions that certificates have when signed.
819
796
  """
820
797
  return pulumi.get(self, "default_extensions")
821
798
 
822
799
  @default_extensions.setter
823
- def default_extensions(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
800
+ def default_extensions(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
824
801
  pulumi.set(self, "default_extensions", value)
825
802
 
826
803
  @property
@@ -901,7 +878,7 @@ class _SecretBackendRoleState:
901
878
  """
902
879
  The namespace to provision the resource in.
903
880
  The value should not contain leading or trailing forward slashes.
904
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
881
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
905
882
  *Available only for Vault Enterprise*.
906
883
  """
907
884
  return pulumi.get(self, "namespace")
@@ -942,6 +919,7 @@ class SecretBackendRole(pulumi.CustomResource):
942
919
  opts: Optional[pulumi.ResourceOptions] = None,
943
920
  algorithm_signer: Optional[pulumi.Input[str]] = None,
944
921
  allow_bare_domains: Optional[pulumi.Input[bool]] = None,
922
+ allow_empty_principals: Optional[pulumi.Input[bool]] = None,
945
923
  allow_host_certificates: Optional[pulumi.Input[bool]] = None,
946
924
  allow_subdomains: Optional[pulumi.Input[bool]] = None,
947
925
  allow_user_certificates: Optional[pulumi.Input[bool]] = None,
@@ -950,14 +928,13 @@ class SecretBackendRole(pulumi.CustomResource):
950
928
  allowed_domains: Optional[pulumi.Input[str]] = None,
951
929
  allowed_domains_template: Optional[pulumi.Input[bool]] = None,
952
930
  allowed_extensions: Optional[pulumi.Input[str]] = None,
953
- allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretBackendRoleAllowedUserKeyConfigArgs']]]]] = None,
954
- allowed_user_key_lengths: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]] = None,
931
+ allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]]] = None,
955
932
  allowed_users: Optional[pulumi.Input[str]] = None,
956
933
  allowed_users_template: Optional[pulumi.Input[bool]] = None,
957
934
  backend: Optional[pulumi.Input[str]] = None,
958
935
  cidr_list: Optional[pulumi.Input[str]] = None,
959
- default_critical_options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
960
- default_extensions: Optional[pulumi.Input[Mapping[str, Any]]] = None,
936
+ default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
937
+ default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
961
938
  default_user: Optional[pulumi.Input[str]] = None,
962
939
  default_user_template: Optional[pulumi.Input[bool]] = None,
963
940
  key_id_format: Optional[pulumi.Input[str]] = None,
@@ -980,10 +957,12 @@ class SecretBackendRole(pulumi.CustomResource):
980
957
 
981
958
  example = vault.Mount("example", type="ssh")
982
959
  foo = vault.ssh.SecretBackendRole("foo",
960
+ name="my-role",
983
961
  backend=example.path,
984
962
  key_type="ca",
985
963
  allow_user_certificates=True)
986
964
  bar = vault.ssh.SecretBackendRole("bar",
965
+ name="otp-role",
987
966
  backend=example.path,
988
967
  key_type="otp",
989
968
  default_user="default",
@@ -996,7 +975,7 @@ class SecretBackendRole(pulumi.CustomResource):
996
975
  SSH secret backend roles can be imported using the `path`, e.g.
997
976
 
998
977
  ```sh
999
- $ pulumi import vault:ssh/secretBackendRole:SecretBackendRole foo ssh/roles/my-role
978
+ $ pulumi import vault:ssh/secretBackendRole:SecretBackendRole foo ssh/roles/my-role
1000
979
  ```
1001
980
 
1002
981
  :param str resource_name: The name of the resource.
@@ -1012,18 +991,15 @@ class SecretBackendRole(pulumi.CustomResource):
1012
991
  :param pulumi.Input[bool] allowed_domains_template: Specifies if `allowed_domains` can be declared using
1013
992
  identity template policies. Non-templated domains are also permitted.
1014
993
  :param pulumi.Input[str] allowed_extensions: Specifies a comma-separated list of extensions that certificates can have when signed.
1015
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretBackendRoleAllowedUserKeyConfigArgs']]]] allowed_user_key_configs: Set of configuration blocks to define allowed
994
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]] allowed_user_key_configs: Set of configuration blocks to define allowed
1016
995
  user key configuration, like key type and their lengths. Can be specified multiple times.
1017
996
  *See Configuration-Options for more info*
1018
- :param pulumi.Input[Mapping[str, pulumi.Input[int]]] allowed_user_key_lengths: Specifies a map of ssh key types and their expected sizes which
1019
- are allowed to be signed by the CA type.
1020
- *Deprecated: use* allowed_user_key_config *instead*
1021
997
  :param pulumi.Input[str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
1022
998
  :param pulumi.Input[bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
1023
999
  :param pulumi.Input[str] backend: The path where the SSH secret backend is mounted.
1024
1000
  :param pulumi.Input[str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
1025
- :param pulumi.Input[Mapping[str, Any]] default_critical_options: Specifies a map of critical options that certificates have when signed.
1026
- :param pulumi.Input[Mapping[str, Any]] default_extensions: Specifies a map of extensions that certificates have when signed.
1001
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
1002
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
1027
1003
  :param pulumi.Input[str] default_user: Specifies the default username for which a credential will be generated.
1028
1004
  :param pulumi.Input[bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
1029
1005
  :param pulumi.Input[str] key_id_format: Specifies a custom format for the key id of a signed certificate.
@@ -1032,7 +1008,7 @@ class SecretBackendRole(pulumi.CustomResource):
1032
1008
  :param pulumi.Input[str] name: Specifies the name of the role to create.
1033
1009
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1034
1010
  The value should not contain leading or trailing forward slashes.
1035
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1011
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1036
1012
  *Available only for Vault Enterprise*.
1037
1013
  :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
1038
1014
  :param pulumi.Input[str] ttl: Specifies the Time To Live value.
@@ -1055,10 +1031,12 @@ class SecretBackendRole(pulumi.CustomResource):
1055
1031
 
1056
1032
  example = vault.Mount("example", type="ssh")
1057
1033
  foo = vault.ssh.SecretBackendRole("foo",
1034
+ name="my-role",
1058
1035
  backend=example.path,
1059
1036
  key_type="ca",
1060
1037
  allow_user_certificates=True)
1061
1038
  bar = vault.ssh.SecretBackendRole("bar",
1039
+ name="otp-role",
1062
1040
  backend=example.path,
1063
1041
  key_type="otp",
1064
1042
  default_user="default",
@@ -1071,7 +1049,7 @@ class SecretBackendRole(pulumi.CustomResource):
1071
1049
  SSH secret backend roles can be imported using the `path`, e.g.
1072
1050
 
1073
1051
  ```sh
1074
- $ pulumi import vault:ssh/secretBackendRole:SecretBackendRole foo ssh/roles/my-role
1052
+ $ pulumi import vault:ssh/secretBackendRole:SecretBackendRole foo ssh/roles/my-role
1075
1053
  ```
1076
1054
 
1077
1055
  :param str resource_name: The name of the resource.
@@ -1091,6 +1069,7 @@ class SecretBackendRole(pulumi.CustomResource):
1091
1069
  opts: Optional[pulumi.ResourceOptions] = None,
1092
1070
  algorithm_signer: Optional[pulumi.Input[str]] = None,
1093
1071
  allow_bare_domains: Optional[pulumi.Input[bool]] = None,
1072
+ allow_empty_principals: Optional[pulumi.Input[bool]] = None,
1094
1073
  allow_host_certificates: Optional[pulumi.Input[bool]] = None,
1095
1074
  allow_subdomains: Optional[pulumi.Input[bool]] = None,
1096
1075
  allow_user_certificates: Optional[pulumi.Input[bool]] = None,
@@ -1099,14 +1078,13 @@ class SecretBackendRole(pulumi.CustomResource):
1099
1078
  allowed_domains: Optional[pulumi.Input[str]] = None,
1100
1079
  allowed_domains_template: Optional[pulumi.Input[bool]] = None,
1101
1080
  allowed_extensions: Optional[pulumi.Input[str]] = None,
1102
- allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretBackendRoleAllowedUserKeyConfigArgs']]]]] = None,
1103
- allowed_user_key_lengths: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]] = None,
1081
+ allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]]] = None,
1104
1082
  allowed_users: Optional[pulumi.Input[str]] = None,
1105
1083
  allowed_users_template: Optional[pulumi.Input[bool]] = None,
1106
1084
  backend: Optional[pulumi.Input[str]] = None,
1107
1085
  cidr_list: Optional[pulumi.Input[str]] = None,
1108
- default_critical_options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
1109
- default_extensions: Optional[pulumi.Input[Mapping[str, Any]]] = None,
1086
+ default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1087
+ default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1110
1088
  default_user: Optional[pulumi.Input[str]] = None,
1111
1089
  default_user_template: Optional[pulumi.Input[bool]] = None,
1112
1090
  key_id_format: Optional[pulumi.Input[str]] = None,
@@ -1127,6 +1105,7 @@ class SecretBackendRole(pulumi.CustomResource):
1127
1105
 
1128
1106
  __props__.__dict__["algorithm_signer"] = algorithm_signer
1129
1107
  __props__.__dict__["allow_bare_domains"] = allow_bare_domains
1108
+ __props__.__dict__["allow_empty_principals"] = allow_empty_principals
1130
1109
  __props__.__dict__["allow_host_certificates"] = allow_host_certificates
1131
1110
  __props__.__dict__["allow_subdomains"] = allow_subdomains
1132
1111
  __props__.__dict__["allow_user_certificates"] = allow_user_certificates
@@ -1136,7 +1115,6 @@ class SecretBackendRole(pulumi.CustomResource):
1136
1115
  __props__.__dict__["allowed_domains_template"] = allowed_domains_template
1137
1116
  __props__.__dict__["allowed_extensions"] = allowed_extensions
1138
1117
  __props__.__dict__["allowed_user_key_configs"] = allowed_user_key_configs
1139
- __props__.__dict__["allowed_user_key_lengths"] = allowed_user_key_lengths
1140
1118
  __props__.__dict__["allowed_users"] = allowed_users
1141
1119
  __props__.__dict__["allowed_users_template"] = allowed_users_template
1142
1120
  if backend is None and not opts.urn:
@@ -1168,6 +1146,7 @@ class SecretBackendRole(pulumi.CustomResource):
1168
1146
  opts: Optional[pulumi.ResourceOptions] = None,
1169
1147
  algorithm_signer: Optional[pulumi.Input[str]] = None,
1170
1148
  allow_bare_domains: Optional[pulumi.Input[bool]] = None,
1149
+ allow_empty_principals: Optional[pulumi.Input[bool]] = None,
1171
1150
  allow_host_certificates: Optional[pulumi.Input[bool]] = None,
1172
1151
  allow_subdomains: Optional[pulumi.Input[bool]] = None,
1173
1152
  allow_user_certificates: Optional[pulumi.Input[bool]] = None,
@@ -1176,14 +1155,13 @@ class SecretBackendRole(pulumi.CustomResource):
1176
1155
  allowed_domains: Optional[pulumi.Input[str]] = None,
1177
1156
  allowed_domains_template: Optional[pulumi.Input[bool]] = None,
1178
1157
  allowed_extensions: Optional[pulumi.Input[str]] = None,
1179
- allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretBackendRoleAllowedUserKeyConfigArgs']]]]] = None,
1180
- allowed_user_key_lengths: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]] = None,
1158
+ allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]]] = None,
1181
1159
  allowed_users: Optional[pulumi.Input[str]] = None,
1182
1160
  allowed_users_template: Optional[pulumi.Input[bool]] = None,
1183
1161
  backend: Optional[pulumi.Input[str]] = None,
1184
1162
  cidr_list: Optional[pulumi.Input[str]] = None,
1185
- default_critical_options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
1186
- default_extensions: Optional[pulumi.Input[Mapping[str, Any]]] = None,
1163
+ default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1164
+ default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1187
1165
  default_user: Optional[pulumi.Input[str]] = None,
1188
1166
  default_user_template: Optional[pulumi.Input[bool]] = None,
1189
1167
  key_id_format: Optional[pulumi.Input[str]] = None,
@@ -1211,18 +1189,15 @@ class SecretBackendRole(pulumi.CustomResource):
1211
1189
  :param pulumi.Input[bool] allowed_domains_template: Specifies if `allowed_domains` can be declared using
1212
1190
  identity template policies. Non-templated domains are also permitted.
1213
1191
  :param pulumi.Input[str] allowed_extensions: Specifies a comma-separated list of extensions that certificates can have when signed.
1214
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretBackendRoleAllowedUserKeyConfigArgs']]]] allowed_user_key_configs: Set of configuration blocks to define allowed
1192
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]] allowed_user_key_configs: Set of configuration blocks to define allowed
1215
1193
  user key configuration, like key type and their lengths. Can be specified multiple times.
1216
1194
  *See Configuration-Options for more info*
1217
- :param pulumi.Input[Mapping[str, pulumi.Input[int]]] allowed_user_key_lengths: Specifies a map of ssh key types and their expected sizes which
1218
- are allowed to be signed by the CA type.
1219
- *Deprecated: use* allowed_user_key_config *instead*
1220
1195
  :param pulumi.Input[str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
1221
1196
  :param pulumi.Input[bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
1222
1197
  :param pulumi.Input[str] backend: The path where the SSH secret backend is mounted.
1223
1198
  :param pulumi.Input[str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
1224
- :param pulumi.Input[Mapping[str, Any]] default_critical_options: Specifies a map of critical options that certificates have when signed.
1225
- :param pulumi.Input[Mapping[str, Any]] default_extensions: Specifies a map of extensions that certificates have when signed.
1199
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
1200
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
1226
1201
  :param pulumi.Input[str] default_user: Specifies the default username for which a credential will be generated.
1227
1202
  :param pulumi.Input[bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
1228
1203
  :param pulumi.Input[str] key_id_format: Specifies a custom format for the key id of a signed certificate.
@@ -1231,7 +1206,7 @@ class SecretBackendRole(pulumi.CustomResource):
1231
1206
  :param pulumi.Input[str] name: Specifies the name of the role to create.
1232
1207
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1233
1208
  The value should not contain leading or trailing forward slashes.
1234
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1209
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1235
1210
  *Available only for Vault Enterprise*.
1236
1211
  :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
1237
1212
  :param pulumi.Input[str] ttl: Specifies the Time To Live value.
@@ -1242,6 +1217,7 @@ class SecretBackendRole(pulumi.CustomResource):
1242
1217
 
1243
1218
  __props__.__dict__["algorithm_signer"] = algorithm_signer
1244
1219
  __props__.__dict__["allow_bare_domains"] = allow_bare_domains
1220
+ __props__.__dict__["allow_empty_principals"] = allow_empty_principals
1245
1221
  __props__.__dict__["allow_host_certificates"] = allow_host_certificates
1246
1222
  __props__.__dict__["allow_subdomains"] = allow_subdomains
1247
1223
  __props__.__dict__["allow_user_certificates"] = allow_user_certificates
@@ -1251,7 +1227,6 @@ class SecretBackendRole(pulumi.CustomResource):
1251
1227
  __props__.__dict__["allowed_domains_template"] = allowed_domains_template
1252
1228
  __props__.__dict__["allowed_extensions"] = allowed_extensions
1253
1229
  __props__.__dict__["allowed_user_key_configs"] = allowed_user_key_configs
1254
- __props__.__dict__["allowed_user_key_lengths"] = allowed_user_key_lengths
1255
1230
  __props__.__dict__["allowed_users"] = allowed_users
1256
1231
  __props__.__dict__["allowed_users_template"] = allowed_users_template
1257
1232
  __props__.__dict__["backend"] = backend
@@ -1285,6 +1260,11 @@ class SecretBackendRole(pulumi.CustomResource):
1285
1260
  """
1286
1261
  return pulumi.get(self, "allow_bare_domains")
1287
1262
 
1263
+ @property
1264
+ @pulumi.getter(name="allowEmptyPrincipals")
1265
+ def allow_empty_principals(self) -> pulumi.Output[Optional[bool]]:
1266
+ return pulumi.get(self, "allow_empty_principals")
1267
+
1288
1268
  @property
1289
1269
  @pulumi.getter(name="allowHostCertificates")
1290
1270
  def allow_host_certificates(self) -> pulumi.Output[Optional[bool]]:
@@ -1360,19 +1340,6 @@ class SecretBackendRole(pulumi.CustomResource):
1360
1340
  """
1361
1341
  return pulumi.get(self, "allowed_user_key_configs")
1362
1342
 
1363
- @property
1364
- @pulumi.getter(name="allowedUserKeyLengths")
1365
- def allowed_user_key_lengths(self) -> pulumi.Output[Optional[Mapping[str, int]]]:
1366
- """
1367
- Specifies a map of ssh key types and their expected sizes which
1368
- are allowed to be signed by the CA type.
1369
- *Deprecated: use* allowed_user_key_config *instead*
1370
- """
1371
- warnings.warn("""Set in allowed_user_key_config""", DeprecationWarning)
1372
- pulumi.log.warn("""allowed_user_key_lengths is deprecated: Set in allowed_user_key_config""")
1373
-
1374
- return pulumi.get(self, "allowed_user_key_lengths")
1375
-
1376
1343
  @property
1377
1344
  @pulumi.getter(name="allowedUsers")
1378
1345
  def allowed_users(self) -> pulumi.Output[Optional[str]]:
@@ -1407,7 +1374,7 @@ class SecretBackendRole(pulumi.CustomResource):
1407
1374
 
1408
1375
  @property
1409
1376
  @pulumi.getter(name="defaultCriticalOptions")
1410
- def default_critical_options(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
1377
+ def default_critical_options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
1411
1378
  """
1412
1379
  Specifies a map of critical options that certificates have when signed.
1413
1380
  """
@@ -1415,7 +1382,7 @@ class SecretBackendRole(pulumi.CustomResource):
1415
1382
 
1416
1383
  @property
1417
1384
  @pulumi.getter(name="defaultExtensions")
1418
- def default_extensions(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
1385
+ def default_extensions(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
1419
1386
  """
1420
1387
  Specifies a map of extensions that certificates have when signed.
1421
1388
  """
@@ -1475,7 +1442,7 @@ class SecretBackendRole(pulumi.CustomResource):
1475
1442
  """
1476
1443
  The namespace to provision the resource in.
1477
1444
  The value should not contain leading or trailing forward slashes.
1478
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1445
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1479
1446
  *Available only for Vault Enterprise*.
1480
1447
  """
1481
1448
  return pulumi.get(self, "namespace")