pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +22 -7
  5. pulumi_vault/ad/secret_backend.py +14 -144
  6. pulumi_vault/ad/secret_library.py +14 -11
  7. pulumi_vault/ad/secret_role.py +12 -11
  8. pulumi_vault/alicloud/auth_backend_role.py +74 -192
  9. pulumi_vault/approle/auth_backend_login.py +12 -11
  10. pulumi_vault/approle/auth_backend_role.py +75 -193
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
  13. pulumi_vault/audit.py +24 -27
  14. pulumi_vault/audit_request_header.py +11 -6
  15. pulumi_vault/auth_backend.py +64 -12
  16. pulumi_vault/aws/auth_backend_cert.py +12 -7
  17. pulumi_vault/aws/auth_backend_client.py +265 -24
  18. pulumi_vault/aws/auth_backend_config_identity.py +12 -11
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +75 -193
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
  24. pulumi_vault/aws/auth_backend_sts_role.py +12 -11
  25. pulumi_vault/aws/get_access_credentials.py +34 -7
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +75 -7
  28. pulumi_vault/aws/secret_backend_role.py +183 -11
  29. pulumi_vault/aws/secret_backend_static_role.py +14 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +151 -17
  32. pulumi_vault/azure/auth_backend_role.py +75 -193
  33. pulumi_vault/azure/backend.py +223 -29
  34. pulumi_vault/azure/backend_role.py +42 -41
  35. pulumi_vault/azure/get_access_credentials.py +39 -11
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -271
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +22 -25
  44. pulumi_vault/consul/secret_backend_role.py +14 -80
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +117 -114
  48. pulumi_vault/database/secret_backend_role.py +29 -24
  49. pulumi_vault/database/secret_backend_static_role.py +85 -15
  50. pulumi_vault/database/secrets_mount.py +425 -138
  51. pulumi_vault/egp_policy.py +16 -15
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +248 -35
  54. pulumi_vault/gcp/auth_backend_role.py +75 -271
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -9
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -16
  58. pulumi_vault/gcp/secret_impersonated_account.py +74 -17
  59. pulumi_vault/gcp/secret_roleset.py +29 -26
  60. pulumi_vault/gcp/secret_static_account.py +37 -34
  61. pulumi_vault/generic/endpoint.py +22 -21
  62. pulumi_vault/generic/get_secret.py +68 -12
  63. pulumi_vault/generic/secret.py +19 -14
  64. pulumi_vault/get_auth_backend.py +24 -11
  65. pulumi_vault/get_auth_backends.py +33 -11
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -15
  69. pulumi_vault/get_policy_document.py +34 -23
  70. pulumi_vault/get_raft_autopilot_state.py +29 -14
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +17 -16
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +14 -13
  75. pulumi_vault/github/user.py +14 -13
  76. pulumi_vault/identity/entity.py +18 -15
  77. pulumi_vault/identity/entity_alias.py +18 -15
  78. pulumi_vault/identity/entity_policies.py +24 -19
  79. pulumi_vault/identity/get_entity.py +40 -14
  80. pulumi_vault/identity/get_group.py +45 -13
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -11
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -13
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -14
  84. pulumi_vault/identity/group.py +50 -49
  85. pulumi_vault/identity/group_alias.py +14 -11
  86. pulumi_vault/identity/group_member_entity_ids.py +24 -74
  87. pulumi_vault/identity/group_member_group_ids.py +36 -27
  88. pulumi_vault/identity/group_policies.py +16 -15
  89. pulumi_vault/identity/mfa_duo.py +9 -8
  90. pulumi_vault/identity/mfa_login_enforcement.py +13 -8
  91. pulumi_vault/identity/mfa_okta.py +9 -8
  92. pulumi_vault/identity/mfa_pingid.py +5 -4
  93. pulumi_vault/identity/mfa_totp.py +5 -4
  94. pulumi_vault/identity/oidc.py +12 -11
  95. pulumi_vault/identity/oidc_assignment.py +22 -13
  96. pulumi_vault/identity/oidc_client.py +34 -25
  97. pulumi_vault/identity/oidc_key.py +28 -19
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
  99. pulumi_vault/identity/oidc_provider.py +34 -23
  100. pulumi_vault/identity/oidc_role.py +40 -27
  101. pulumi_vault/identity/oidc_scope.py +18 -15
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +39 -46
  105. pulumi_vault/jwt/auth_backend_role.py +131 -260
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +22 -21
  108. pulumi_vault/kmip/secret_role.py +12 -11
  109. pulumi_vault/kmip/secret_scope.py +12 -11
  110. pulumi_vault/kubernetes/auth_backend_config.py +55 -7
  111. pulumi_vault/kubernetes/auth_backend_role.py +68 -179
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -15
  115. pulumi_vault/kubernetes/secret_backend.py +314 -29
  116. pulumi_vault/kubernetes/secret_backend_role.py +135 -56
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +23 -12
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
  120. pulumi_vault/kv/get_secret_v2.py +89 -9
  121. pulumi_vault/kv/get_secrets_list.py +22 -15
  122. pulumi_vault/kv/get_secrets_list_v2.py +35 -19
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +19 -18
  125. pulumi_vault/kv/secret_backend_v2.py +12 -11
  126. pulumi_vault/kv/secret_v2.py +55 -52
  127. pulumi_vault/ldap/auth_backend.py +125 -168
  128. pulumi_vault/ldap/auth_backend_group.py +12 -11
  129. pulumi_vault/ldap/auth_backend_user.py +12 -11
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +352 -84
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +14 -11
  135. pulumi_vault/ldap/secret_backend_static_role.py +67 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +27 -43
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +16 -13
  140. pulumi_vault/mfa_okta.py +16 -13
  141. pulumi_vault/mfa_pingid.py +16 -13
  142. pulumi_vault/mfa_totp.py +22 -19
  143. pulumi_vault/mongodbatlas/secret_backend.py +18 -17
  144. pulumi_vault/mongodbatlas/secret_role.py +41 -38
  145. pulumi_vault/mount.py +389 -65
  146. pulumi_vault/namespace.py +26 -21
  147. pulumi_vault/nomad_secret_backend.py +16 -15
  148. pulumi_vault/nomad_secret_role.py +12 -11
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +483 -41
  151. pulumi_vault/okta/auth_backend_group.py +12 -11
  152. pulumi_vault/okta/auth_backend_user.py +12 -11
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +18 -15
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -13
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -12
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
  174. pulumi_vault/pkisecret/secret_backend_key.py +12 -7
  175. pulumi_vault/pkisecret/secret_backend_role.py +19 -16
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +12 -7
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +58 -8
  185. pulumi_vault/quota_rate_limit.py +54 -4
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +16 -15
  189. pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
  190. pulumi_vault/raft_autopilot.py +12 -11
  191. pulumi_vault/raft_snapshot_agent_config.py +121 -311
  192. pulumi_vault/rgp_policy.py +14 -13
  193. pulumi_vault/saml/auth_backend.py +20 -19
  194. pulumi_vault/saml/auth_backend_role.py +90 -199
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -75
  199. pulumi_vault/secrets/sync_aws_destination.py +240 -29
  200. pulumi_vault/secrets/sync_azure_destination.py +90 -33
  201. pulumi_vault/secrets/sync_config.py +7 -6
  202. pulumi_vault/secrets/sync_gcp_destination.py +156 -27
  203. pulumi_vault/secrets/sync_gh_destination.py +187 -15
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +72 -15
  206. pulumi_vault/ssh/_inputs.py +28 -32
  207. pulumi_vault/ssh/outputs.py +11 -32
  208. pulumi_vault/ssh/secret_backend_ca.py +106 -11
  209. pulumi_vault/ssh/secret_backend_role.py +83 -120
  210. pulumi_vault/terraformcloud/secret_backend.py +5 -56
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -24
  212. pulumi_vault/terraformcloud/secret_role.py +14 -76
  213. pulumi_vault/token.py +26 -25
  214. pulumi_vault/tokenauth/auth_backend_role.py +76 -201
  215. pulumi_vault/transform/alphabet.py +16 -13
  216. pulumi_vault/transform/get_decode.py +45 -21
  217. pulumi_vault/transform/get_encode.py +45 -21
  218. pulumi_vault/transform/role.py +16 -13
  219. pulumi_vault/transform/template.py +30 -25
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -25
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +25 -97
  224. pulumi_vault/transit/secret_cache_config.py +12 -11
  225. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretBackendStaticRoleArgs', 'SecretBackendStaticRole']
@@ -29,7 +34,7 @@ class SecretBackendStaticRoleArgs:
29
34
  Must be unique within the backend.
30
35
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
31
36
  The value should not contain leading or trailing forward slashes.
32
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
37
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
33
38
  *Available only for Vault Enterprise*.
34
39
  """
35
40
  pulumi.set(__self__, "rotation_period", rotation_period)
@@ -97,7 +102,7 @@ class SecretBackendStaticRoleArgs:
97
102
  """
98
103
  The namespace to provision the resource in.
99
104
  The value should not contain leading or trailing forward slashes.
100
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
105
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
101
106
  *Available only for Vault Enterprise*.
102
107
  """
103
108
  return pulumi.get(self, "namespace")
@@ -123,7 +128,7 @@ class _SecretBackendStaticRoleState:
123
128
  Must be unique within the backend.
124
129
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
125
130
  The value should not contain leading or trailing forward slashes.
126
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
131
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
127
132
  *Available only for Vault Enterprise*.
128
133
  :param pulumi.Input[int] rotation_period: How often Vault should rotate the password of the user entry.
129
134
  :param pulumi.Input[str] username: The username of the existing AWS IAM to manage password rotation for.
@@ -171,7 +176,7 @@ class _SecretBackendStaticRoleState:
171
176
  """
172
177
  The namespace to provision the resource in.
173
178
  The value should not contain leading or trailing forward slashes.
174
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
179
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
175
180
  *Available only for Vault Enterprise*.
176
181
  """
177
182
  return pulumi.get(self, "namespace")
@@ -219,7 +224,6 @@ class SecretBackendStaticRole(pulumi.CustomResource):
219
224
  """
220
225
  ## Example Usage
221
226
 
222
- <!--Start PulumiCodeChooser -->
223
227
  ```python
224
228
  import pulumi
225
229
  import pulumi_vault as vault
@@ -229,10 +233,10 @@ class SecretBackendStaticRole(pulumi.CustomResource):
229
233
  description="Obtain AWS credentials.")
230
234
  role = vault.aws.SecretBackendStaticRole("role",
231
235
  backend=aws.path,
236
+ name="test",
232
237
  username="my-test-user",
233
238
  rotation_period=3600)
234
239
  ```
235
- <!--End PulumiCodeChooser -->
236
240
 
237
241
  ## Import
238
242
 
@@ -251,7 +255,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
251
255
  Must be unique within the backend.
252
256
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
253
257
  The value should not contain leading or trailing forward slashes.
254
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
258
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
255
259
  *Available only for Vault Enterprise*.
256
260
  :param pulumi.Input[int] rotation_period: How often Vault should rotate the password of the user entry.
257
261
  :param pulumi.Input[str] username: The username of the existing AWS IAM to manage password rotation for.
@@ -265,7 +269,6 @@ class SecretBackendStaticRole(pulumi.CustomResource):
265
269
  """
266
270
  ## Example Usage
267
271
 
268
- <!--Start PulumiCodeChooser -->
269
272
  ```python
270
273
  import pulumi
271
274
  import pulumi_vault as vault
@@ -275,10 +278,10 @@ class SecretBackendStaticRole(pulumi.CustomResource):
275
278
  description="Obtain AWS credentials.")
276
279
  role = vault.aws.SecretBackendStaticRole("role",
277
280
  backend=aws.path,
281
+ name="test",
278
282
  username="my-test-user",
279
283
  rotation_period=3600)
280
284
  ```
281
- <!--End PulumiCodeChooser -->
282
285
 
283
286
  ## Import
284
287
 
@@ -355,7 +358,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
355
358
  Must be unique within the backend.
356
359
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
357
360
  The value should not contain leading or trailing forward slashes.
358
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
361
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
359
362
  *Available only for Vault Enterprise*.
360
363
  :param pulumi.Input[int] rotation_period: How often Vault should rotate the password of the user entry.
361
364
  :param pulumi.Input[str] username: The username of the existing AWS IAM to manage password rotation for.
@@ -395,7 +398,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
395
398
  """
396
399
  The namespace to provision the resource in.
397
400
  The value should not contain leading or trailing forward slashes.
398
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
401
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
399
402
  *Available only for Vault Enterprise*.
400
403
  """
401
404
  return pulumi.get(self, "namespace")
@@ -4,16 +4,32 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = [
13
18
  'BackendRoleAzureGroupArgs',
19
+ 'BackendRoleAzureGroupArgsDict',
14
20
  'BackendRoleAzureRoleArgs',
21
+ 'BackendRoleAzureRoleArgsDict',
15
22
  ]
16
23
 
24
+ MYPY = False
25
+
26
+ if not MYPY:
27
+ class BackendRoleAzureGroupArgsDict(TypedDict):
28
+ group_name: pulumi.Input[str]
29
+ object_id: NotRequired[pulumi.Input[str]]
30
+ elif False:
31
+ BackendRoleAzureGroupArgsDict: TypeAlias = Mapping[str, Any]
32
+
17
33
  @pulumi.input_type
18
34
  class BackendRoleAzureGroupArgs:
19
35
  def __init__(__self__, *,
@@ -42,6 +58,14 @@ class BackendRoleAzureGroupArgs:
42
58
  pulumi.set(self, "object_id", value)
43
59
 
44
60
 
61
+ if not MYPY:
62
+ class BackendRoleAzureRoleArgsDict(TypedDict):
63
+ scope: pulumi.Input[str]
64
+ role_id: NotRequired[pulumi.Input[str]]
65
+ role_name: NotRequired[pulumi.Input[str]]
66
+ elif False:
67
+ BackendRoleAzureRoleArgsDict: TypeAlias = Mapping[str, Any]
68
+
45
69
  @pulumi.input_type
46
70
  class BackendRoleAzureRoleArgs:
47
71
  def __init__(__self__, *,
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['AuthBackendConfigArgs', 'AuthBackendConfig']
@@ -20,6 +25,8 @@ class AuthBackendConfigArgs:
20
25
  client_id: Optional[pulumi.Input[str]] = None,
21
26
  client_secret: Optional[pulumi.Input[str]] = None,
22
27
  environment: Optional[pulumi.Input[str]] = None,
28
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
29
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
23
30
  namespace: Optional[pulumi.Input[str]] = None):
24
31
  """
25
32
  The set of arguments for constructing a AuthBackendConfig resource.
@@ -36,9 +43,12 @@ class AuthBackendConfigArgs:
36
43
  :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
37
44
  AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
38
45
  AzureGermanCloud. Defaults to `AzurePublicCloud`.
46
+ :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
47
+ *Available only for Vault Enterprise*
48
+ :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
39
49
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
40
50
  The value should not contain leading or trailing forward slashes.
41
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
51
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
42
52
  *Available only for Vault Enterprise*.
43
53
  """
44
54
  pulumi.set(__self__, "resource", resource)
@@ -51,6 +61,10 @@ class AuthBackendConfigArgs:
51
61
  pulumi.set(__self__, "client_secret", client_secret)
52
62
  if environment is not None:
53
63
  pulumi.set(__self__, "environment", environment)
64
+ if identity_token_audience is not None:
65
+ pulumi.set(__self__, "identity_token_audience", identity_token_audience)
66
+ if identity_token_ttl is not None:
67
+ pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
54
68
  if namespace is not None:
55
69
  pulumi.set(__self__, "namespace", namespace)
56
70
 
@@ -133,13 +147,38 @@ class AuthBackendConfigArgs:
133
147
  def environment(self, value: Optional[pulumi.Input[str]]):
134
148
  pulumi.set(self, "environment", value)
135
149
 
150
+ @property
151
+ @pulumi.getter(name="identityTokenAudience")
152
+ def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
153
+ """
154
+ The audience claim value for plugin identity tokens. Requires Vault 1.17+.
155
+ *Available only for Vault Enterprise*
156
+ """
157
+ return pulumi.get(self, "identity_token_audience")
158
+
159
+ @identity_token_audience.setter
160
+ def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
161
+ pulumi.set(self, "identity_token_audience", value)
162
+
163
+ @property
164
+ @pulumi.getter(name="identityTokenTtl")
165
+ def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
166
+ """
167
+ The TTL of generated identity tokens in seconds.
168
+ """
169
+ return pulumi.get(self, "identity_token_ttl")
170
+
171
+ @identity_token_ttl.setter
172
+ def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
173
+ pulumi.set(self, "identity_token_ttl", value)
174
+
136
175
  @property
137
176
  @pulumi.getter
138
177
  def namespace(self) -> Optional[pulumi.Input[str]]:
139
178
  """
140
179
  The namespace to provision the resource in.
141
180
  The value should not contain leading or trailing forward slashes.
142
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
181
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
143
182
  *Available only for Vault Enterprise*.
144
183
  """
145
184
  return pulumi.get(self, "namespace")
@@ -156,6 +195,8 @@ class _AuthBackendConfigState:
156
195
  client_id: Optional[pulumi.Input[str]] = None,
157
196
  client_secret: Optional[pulumi.Input[str]] = None,
158
197
  environment: Optional[pulumi.Input[str]] = None,
198
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
199
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
159
200
  namespace: Optional[pulumi.Input[str]] = None,
160
201
  resource: Optional[pulumi.Input[str]] = None,
161
202
  tenant_id: Optional[pulumi.Input[str]] = None):
@@ -170,9 +211,12 @@ class _AuthBackendConfigState:
170
211
  :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
171
212
  AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
172
213
  AzureGermanCloud. Defaults to `AzurePublicCloud`.
214
+ :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
215
+ *Available only for Vault Enterprise*
216
+ :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
173
217
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
174
218
  The value should not contain leading or trailing forward slashes.
175
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
219
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
176
220
  *Available only for Vault Enterprise*.
177
221
  :param pulumi.Input[str] resource: The configured URL for the application registered in
178
222
  Azure Active Directory.
@@ -187,6 +231,10 @@ class _AuthBackendConfigState:
187
231
  pulumi.set(__self__, "client_secret", client_secret)
188
232
  if environment is not None:
189
233
  pulumi.set(__self__, "environment", environment)
234
+ if identity_token_audience is not None:
235
+ pulumi.set(__self__, "identity_token_audience", identity_token_audience)
236
+ if identity_token_ttl is not None:
237
+ pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
190
238
  if namespace is not None:
191
239
  pulumi.set(__self__, "namespace", namespace)
192
240
  if resource is not None:
@@ -247,13 +295,38 @@ class _AuthBackendConfigState:
247
295
  def environment(self, value: Optional[pulumi.Input[str]]):
248
296
  pulumi.set(self, "environment", value)
249
297
 
298
+ @property
299
+ @pulumi.getter(name="identityTokenAudience")
300
+ def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
301
+ """
302
+ The audience claim value for plugin identity tokens. Requires Vault 1.17+.
303
+ *Available only for Vault Enterprise*
304
+ """
305
+ return pulumi.get(self, "identity_token_audience")
306
+
307
+ @identity_token_audience.setter
308
+ def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
309
+ pulumi.set(self, "identity_token_audience", value)
310
+
311
+ @property
312
+ @pulumi.getter(name="identityTokenTtl")
313
+ def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
314
+ """
315
+ The TTL of generated identity tokens in seconds.
316
+ """
317
+ return pulumi.get(self, "identity_token_ttl")
318
+
319
+ @identity_token_ttl.setter
320
+ def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
321
+ pulumi.set(self, "identity_token_ttl", value)
322
+
250
323
  @property
251
324
  @pulumi.getter
252
325
  def namespace(self) -> Optional[pulumi.Input[str]]:
253
326
  """
254
327
  The namespace to provision the resource in.
255
328
  The value should not contain leading or trailing forward slashes.
256
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
329
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
257
330
  *Available only for Vault Enterprise*.
258
331
  """
259
332
  return pulumi.get(self, "namespace")
@@ -298,6 +371,8 @@ class AuthBackendConfig(pulumi.CustomResource):
298
371
  client_id: Optional[pulumi.Input[str]] = None,
299
372
  client_secret: Optional[pulumi.Input[str]] = None,
300
373
  environment: Optional[pulumi.Input[str]] = None,
374
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
375
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
301
376
  namespace: Optional[pulumi.Input[str]] = None,
302
377
  resource: Optional[pulumi.Input[str]] = None,
303
378
  tenant_id: Optional[pulumi.Input[str]] = None,
@@ -305,20 +380,34 @@ class AuthBackendConfig(pulumi.CustomResource):
305
380
  """
306
381
  ## Example Usage
307
382
 
308
- <!--Start PulumiCodeChooser -->
383
+ You can setup the Azure auth engine with Workload Identity Federation (WIF) for a secret-less configuration:
384
+ ```python
385
+ import pulumi
386
+ import pulumi_vault as vault
387
+
388
+ example = vault.AuthBackend("example",
389
+ type="azure",
390
+ identity_token_key="example-key")
391
+ example_auth_backend_config = vault.azure.AuthBackendConfig("example",
392
+ backend=example.path,
393
+ tenant_id="11111111-2222-3333-4444-555555555555",
394
+ client_id="11111111-2222-3333-4444-555555555555",
395
+ identity_token_audience="<TOKEN_AUDIENCE>",
396
+ identity_token_ttl="<TOKEN_TTL>")
397
+ ```
398
+
309
399
  ```python
310
400
  import pulumi
311
401
  import pulumi_vault as vault
312
402
 
313
- example_auth_backend = vault.AuthBackend("exampleAuthBackend", type="azure")
314
- example_auth_backend_config = vault.azure.AuthBackendConfig("exampleAuthBackendConfig",
315
- backend=example_auth_backend.path,
403
+ example = vault.AuthBackend("example", type="azure")
404
+ example_auth_backend_config = vault.azure.AuthBackendConfig("example",
405
+ backend=example.path,
316
406
  tenant_id="11111111-2222-3333-4444-555555555555",
317
407
  client_id="11111111-2222-3333-4444-555555555555",
318
408
  client_secret="01234567890123456789",
319
409
  resource="https://vault.hashicorp.com")
320
410
  ```
321
- <!--End PulumiCodeChooser -->
322
411
 
323
412
  ## Import
324
413
 
@@ -339,9 +428,12 @@ class AuthBackendConfig(pulumi.CustomResource):
339
428
  :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
340
429
  AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
341
430
  AzureGermanCloud. Defaults to `AzurePublicCloud`.
431
+ :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
432
+ *Available only for Vault Enterprise*
433
+ :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
342
434
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
343
435
  The value should not contain leading or trailing forward slashes.
344
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
436
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
345
437
  *Available only for Vault Enterprise*.
346
438
  :param pulumi.Input[str] resource: The configured URL for the application registered in
347
439
  Azure Active Directory.
@@ -357,20 +449,34 @@ class AuthBackendConfig(pulumi.CustomResource):
357
449
  """
358
450
  ## Example Usage
359
451
 
360
- <!--Start PulumiCodeChooser -->
452
+ You can setup the Azure auth engine with Workload Identity Federation (WIF) for a secret-less configuration:
453
+ ```python
454
+ import pulumi
455
+ import pulumi_vault as vault
456
+
457
+ example = vault.AuthBackend("example",
458
+ type="azure",
459
+ identity_token_key="example-key")
460
+ example_auth_backend_config = vault.azure.AuthBackendConfig("example",
461
+ backend=example.path,
462
+ tenant_id="11111111-2222-3333-4444-555555555555",
463
+ client_id="11111111-2222-3333-4444-555555555555",
464
+ identity_token_audience="<TOKEN_AUDIENCE>",
465
+ identity_token_ttl="<TOKEN_TTL>")
466
+ ```
467
+
361
468
  ```python
362
469
  import pulumi
363
470
  import pulumi_vault as vault
364
471
 
365
- example_auth_backend = vault.AuthBackend("exampleAuthBackend", type="azure")
366
- example_auth_backend_config = vault.azure.AuthBackendConfig("exampleAuthBackendConfig",
367
- backend=example_auth_backend.path,
472
+ example = vault.AuthBackend("example", type="azure")
473
+ example_auth_backend_config = vault.azure.AuthBackendConfig("example",
474
+ backend=example.path,
368
475
  tenant_id="11111111-2222-3333-4444-555555555555",
369
476
  client_id="11111111-2222-3333-4444-555555555555",
370
477
  client_secret="01234567890123456789",
371
478
  resource="https://vault.hashicorp.com")
372
479
  ```
373
- <!--End PulumiCodeChooser -->
374
480
 
375
481
  ## Import
376
482
 
@@ -399,6 +505,8 @@ class AuthBackendConfig(pulumi.CustomResource):
399
505
  client_id: Optional[pulumi.Input[str]] = None,
400
506
  client_secret: Optional[pulumi.Input[str]] = None,
401
507
  environment: Optional[pulumi.Input[str]] = None,
508
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
509
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
402
510
  namespace: Optional[pulumi.Input[str]] = None,
403
511
  resource: Optional[pulumi.Input[str]] = None,
404
512
  tenant_id: Optional[pulumi.Input[str]] = None,
@@ -415,6 +523,8 @@ class AuthBackendConfig(pulumi.CustomResource):
415
523
  __props__.__dict__["client_id"] = None if client_id is None else pulumi.Output.secret(client_id)
416
524
  __props__.__dict__["client_secret"] = None if client_secret is None else pulumi.Output.secret(client_secret)
417
525
  __props__.__dict__["environment"] = environment
526
+ __props__.__dict__["identity_token_audience"] = identity_token_audience
527
+ __props__.__dict__["identity_token_ttl"] = identity_token_ttl
418
528
  __props__.__dict__["namespace"] = namespace
419
529
  if resource is None and not opts.urn:
420
530
  raise TypeError("Missing required property 'resource'")
@@ -438,6 +548,8 @@ class AuthBackendConfig(pulumi.CustomResource):
438
548
  client_id: Optional[pulumi.Input[str]] = None,
439
549
  client_secret: Optional[pulumi.Input[str]] = None,
440
550
  environment: Optional[pulumi.Input[str]] = None,
551
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
552
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
441
553
  namespace: Optional[pulumi.Input[str]] = None,
442
554
  resource: Optional[pulumi.Input[str]] = None,
443
555
  tenant_id: Optional[pulumi.Input[str]] = None) -> 'AuthBackendConfig':
@@ -457,9 +569,12 @@ class AuthBackendConfig(pulumi.CustomResource):
457
569
  :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
458
570
  AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
459
571
  AzureGermanCloud. Defaults to `AzurePublicCloud`.
572
+ :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
573
+ *Available only for Vault Enterprise*
574
+ :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
460
575
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
461
576
  The value should not contain leading or trailing forward slashes.
462
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
577
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
463
578
  *Available only for Vault Enterprise*.
464
579
  :param pulumi.Input[str] resource: The configured URL for the application registered in
465
580
  Azure Active Directory.
@@ -474,6 +589,8 @@ class AuthBackendConfig(pulumi.CustomResource):
474
589
  __props__.__dict__["client_id"] = client_id
475
590
  __props__.__dict__["client_secret"] = client_secret
476
591
  __props__.__dict__["environment"] = environment
592
+ __props__.__dict__["identity_token_audience"] = identity_token_audience
593
+ __props__.__dict__["identity_token_ttl"] = identity_token_ttl
477
594
  __props__.__dict__["namespace"] = namespace
478
595
  __props__.__dict__["resource"] = resource
479
596
  __props__.__dict__["tenant_id"] = tenant_id
@@ -516,13 +633,30 @@ class AuthBackendConfig(pulumi.CustomResource):
516
633
  """
517
634
  return pulumi.get(self, "environment")
518
635
 
636
+ @property
637
+ @pulumi.getter(name="identityTokenAudience")
638
+ def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
639
+ """
640
+ The audience claim value for plugin identity tokens. Requires Vault 1.17+.
641
+ *Available only for Vault Enterprise*
642
+ """
643
+ return pulumi.get(self, "identity_token_audience")
644
+
645
+ @property
646
+ @pulumi.getter(name="identityTokenTtl")
647
+ def identity_token_ttl(self) -> pulumi.Output[int]:
648
+ """
649
+ The TTL of generated identity tokens in seconds.
650
+ """
651
+ return pulumi.get(self, "identity_token_ttl")
652
+
519
653
  @property
520
654
  @pulumi.getter
521
655
  def namespace(self) -> pulumi.Output[Optional[str]]:
522
656
  """
523
657
  The namespace to provision the resource in.
524
658
  The value should not contain leading or trailing forward slashes.
525
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
659
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
526
660
  *Available only for Vault Enterprise*.
527
661
  """
528
662
  return pulumi.get(self, "namespace")