pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +22 -7
  5. pulumi_vault/ad/secret_backend.py +14 -144
  6. pulumi_vault/ad/secret_library.py +14 -11
  7. pulumi_vault/ad/secret_role.py +12 -11
  8. pulumi_vault/alicloud/auth_backend_role.py +74 -192
  9. pulumi_vault/approle/auth_backend_login.py +12 -11
  10. pulumi_vault/approle/auth_backend_role.py +75 -193
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
  13. pulumi_vault/audit.py +24 -27
  14. pulumi_vault/audit_request_header.py +11 -6
  15. pulumi_vault/auth_backend.py +64 -12
  16. pulumi_vault/aws/auth_backend_cert.py +12 -7
  17. pulumi_vault/aws/auth_backend_client.py +265 -24
  18. pulumi_vault/aws/auth_backend_config_identity.py +12 -11
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +75 -193
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
  24. pulumi_vault/aws/auth_backend_sts_role.py +12 -11
  25. pulumi_vault/aws/get_access_credentials.py +34 -7
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +75 -7
  28. pulumi_vault/aws/secret_backend_role.py +183 -11
  29. pulumi_vault/aws/secret_backend_static_role.py +14 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +151 -17
  32. pulumi_vault/azure/auth_backend_role.py +75 -193
  33. pulumi_vault/azure/backend.py +223 -29
  34. pulumi_vault/azure/backend_role.py +42 -41
  35. pulumi_vault/azure/get_access_credentials.py +39 -11
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -271
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +22 -25
  44. pulumi_vault/consul/secret_backend_role.py +14 -80
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +117 -114
  48. pulumi_vault/database/secret_backend_role.py +29 -24
  49. pulumi_vault/database/secret_backend_static_role.py +85 -15
  50. pulumi_vault/database/secrets_mount.py +425 -138
  51. pulumi_vault/egp_policy.py +16 -15
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +248 -35
  54. pulumi_vault/gcp/auth_backend_role.py +75 -271
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -9
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -16
  58. pulumi_vault/gcp/secret_impersonated_account.py +74 -17
  59. pulumi_vault/gcp/secret_roleset.py +29 -26
  60. pulumi_vault/gcp/secret_static_account.py +37 -34
  61. pulumi_vault/generic/endpoint.py +22 -21
  62. pulumi_vault/generic/get_secret.py +68 -12
  63. pulumi_vault/generic/secret.py +19 -14
  64. pulumi_vault/get_auth_backend.py +24 -11
  65. pulumi_vault/get_auth_backends.py +33 -11
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -15
  69. pulumi_vault/get_policy_document.py +34 -23
  70. pulumi_vault/get_raft_autopilot_state.py +29 -14
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +17 -16
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +14 -13
  75. pulumi_vault/github/user.py +14 -13
  76. pulumi_vault/identity/entity.py +18 -15
  77. pulumi_vault/identity/entity_alias.py +18 -15
  78. pulumi_vault/identity/entity_policies.py +24 -19
  79. pulumi_vault/identity/get_entity.py +40 -14
  80. pulumi_vault/identity/get_group.py +45 -13
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -11
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -13
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -14
  84. pulumi_vault/identity/group.py +50 -49
  85. pulumi_vault/identity/group_alias.py +14 -11
  86. pulumi_vault/identity/group_member_entity_ids.py +24 -74
  87. pulumi_vault/identity/group_member_group_ids.py +36 -27
  88. pulumi_vault/identity/group_policies.py +16 -15
  89. pulumi_vault/identity/mfa_duo.py +9 -8
  90. pulumi_vault/identity/mfa_login_enforcement.py +13 -8
  91. pulumi_vault/identity/mfa_okta.py +9 -8
  92. pulumi_vault/identity/mfa_pingid.py +5 -4
  93. pulumi_vault/identity/mfa_totp.py +5 -4
  94. pulumi_vault/identity/oidc.py +12 -11
  95. pulumi_vault/identity/oidc_assignment.py +22 -13
  96. pulumi_vault/identity/oidc_client.py +34 -25
  97. pulumi_vault/identity/oidc_key.py +28 -19
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
  99. pulumi_vault/identity/oidc_provider.py +34 -23
  100. pulumi_vault/identity/oidc_role.py +40 -27
  101. pulumi_vault/identity/oidc_scope.py +18 -15
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +39 -46
  105. pulumi_vault/jwt/auth_backend_role.py +131 -260
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +22 -21
  108. pulumi_vault/kmip/secret_role.py +12 -11
  109. pulumi_vault/kmip/secret_scope.py +12 -11
  110. pulumi_vault/kubernetes/auth_backend_config.py +55 -7
  111. pulumi_vault/kubernetes/auth_backend_role.py +68 -179
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -15
  115. pulumi_vault/kubernetes/secret_backend.py +314 -29
  116. pulumi_vault/kubernetes/secret_backend_role.py +135 -56
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +23 -12
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
  120. pulumi_vault/kv/get_secret_v2.py +89 -9
  121. pulumi_vault/kv/get_secrets_list.py +22 -15
  122. pulumi_vault/kv/get_secrets_list_v2.py +35 -19
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +19 -18
  125. pulumi_vault/kv/secret_backend_v2.py +12 -11
  126. pulumi_vault/kv/secret_v2.py +55 -52
  127. pulumi_vault/ldap/auth_backend.py +125 -168
  128. pulumi_vault/ldap/auth_backend_group.py +12 -11
  129. pulumi_vault/ldap/auth_backend_user.py +12 -11
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +352 -84
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +14 -11
  135. pulumi_vault/ldap/secret_backend_static_role.py +67 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +27 -43
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +16 -13
  140. pulumi_vault/mfa_okta.py +16 -13
  141. pulumi_vault/mfa_pingid.py +16 -13
  142. pulumi_vault/mfa_totp.py +22 -19
  143. pulumi_vault/mongodbatlas/secret_backend.py +18 -17
  144. pulumi_vault/mongodbatlas/secret_role.py +41 -38
  145. pulumi_vault/mount.py +389 -65
  146. pulumi_vault/namespace.py +26 -21
  147. pulumi_vault/nomad_secret_backend.py +16 -15
  148. pulumi_vault/nomad_secret_role.py +12 -11
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +483 -41
  151. pulumi_vault/okta/auth_backend_group.py +12 -11
  152. pulumi_vault/okta/auth_backend_user.py +12 -11
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +18 -15
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -13
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -12
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
  174. pulumi_vault/pkisecret/secret_backend_key.py +12 -7
  175. pulumi_vault/pkisecret/secret_backend_role.py +19 -16
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +12 -7
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +58 -8
  185. pulumi_vault/quota_rate_limit.py +54 -4
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +16 -15
  189. pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
  190. pulumi_vault/raft_autopilot.py +12 -11
  191. pulumi_vault/raft_snapshot_agent_config.py +121 -311
  192. pulumi_vault/rgp_policy.py +14 -13
  193. pulumi_vault/saml/auth_backend.py +20 -19
  194. pulumi_vault/saml/auth_backend_role.py +90 -199
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -75
  199. pulumi_vault/secrets/sync_aws_destination.py +240 -29
  200. pulumi_vault/secrets/sync_azure_destination.py +90 -33
  201. pulumi_vault/secrets/sync_config.py +7 -6
  202. pulumi_vault/secrets/sync_gcp_destination.py +156 -27
  203. pulumi_vault/secrets/sync_gh_destination.py +187 -15
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +72 -15
  206. pulumi_vault/ssh/_inputs.py +28 -32
  207. pulumi_vault/ssh/outputs.py +11 -32
  208. pulumi_vault/ssh/secret_backend_ca.py +106 -11
  209. pulumi_vault/ssh/secret_backend_role.py +83 -120
  210. pulumi_vault/terraformcloud/secret_backend.py +5 -56
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -24
  212. pulumi_vault/terraformcloud/secret_role.py +14 -76
  213. pulumi_vault/token.py +26 -25
  214. pulumi_vault/tokenauth/auth_backend_role.py +76 -201
  215. pulumi_vault/transform/alphabet.py +16 -13
  216. pulumi_vault/transform/get_decode.py +45 -21
  217. pulumi_vault/transform/get_encode.py +45 -21
  218. pulumi_vault/transform/role.py +16 -13
  219. pulumi_vault/transform/template.py +30 -25
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -25
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +25 -97
  224. pulumi_vault/transit/secret_cache_config.py +12 -11
  225. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['BackendArgs', 'Backend']
@@ -21,6 +26,9 @@ class BackendArgs:
21
26
  description: Optional[pulumi.Input[str]] = None,
22
27
  disable_remount: Optional[pulumi.Input[bool]] = None,
23
28
  environment: Optional[pulumi.Input[str]] = None,
29
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
30
+ identity_token_key: Optional[pulumi.Input[str]] = None,
31
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
24
32
  namespace: Optional[pulumi.Input[str]] = None,
25
33
  path: Optional[pulumi.Input[str]] = None,
26
34
  use_microsoft_graph_api: Optional[pulumi.Input[bool]] = None):
@@ -34,9 +42,15 @@ class BackendArgs:
34
42
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
35
43
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
36
44
  :param pulumi.Input[str] environment: The Azure environment.
45
+ :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
46
+ *Available only for Vault Enterprise*
47
+ :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
48
+ *Available only for Vault Enterprise*
49
+ :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
50
+ *Available only for Vault Enterprise*
37
51
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
38
52
  The value should not contain leading or trailing forward slashes.
39
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
53
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
40
54
  *Available only for Vault Enterprise*.
41
55
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
42
56
  :param pulumi.Input[bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
@@ -53,10 +67,19 @@ class BackendArgs:
53
67
  pulumi.set(__self__, "disable_remount", disable_remount)
54
68
  if environment is not None:
55
69
  pulumi.set(__self__, "environment", environment)
70
+ if identity_token_audience is not None:
71
+ pulumi.set(__self__, "identity_token_audience", identity_token_audience)
72
+ if identity_token_key is not None:
73
+ pulumi.set(__self__, "identity_token_key", identity_token_key)
74
+ if identity_token_ttl is not None:
75
+ pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
56
76
  if namespace is not None:
57
77
  pulumi.set(__self__, "namespace", namespace)
58
78
  if path is not None:
59
79
  pulumi.set(__self__, "path", path)
80
+ if use_microsoft_graph_api is not None:
81
+ warnings.warn("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""", DeprecationWarning)
82
+ pulumi.log.warn("""use_microsoft_graph_api is deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
60
83
  if use_microsoft_graph_api is not None:
61
84
  pulumi.set(__self__, "use_microsoft_graph_api", use_microsoft_graph_api)
62
85
 
@@ -145,13 +168,52 @@ class BackendArgs:
145
168
  def environment(self, value: Optional[pulumi.Input[str]]):
146
169
  pulumi.set(self, "environment", value)
147
170
 
171
+ @property
172
+ @pulumi.getter(name="identityTokenAudience")
173
+ def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
174
+ """
175
+ The audience claim value. Requires Vault 1.17+.
176
+ *Available only for Vault Enterprise*
177
+ """
178
+ return pulumi.get(self, "identity_token_audience")
179
+
180
+ @identity_token_audience.setter
181
+ def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
182
+ pulumi.set(self, "identity_token_audience", value)
183
+
184
+ @property
185
+ @pulumi.getter(name="identityTokenKey")
186
+ def identity_token_key(self) -> Optional[pulumi.Input[str]]:
187
+ """
188
+ The key to use for signing identity tokens. Requires Vault 1.17+.
189
+ *Available only for Vault Enterprise*
190
+ """
191
+ return pulumi.get(self, "identity_token_key")
192
+
193
+ @identity_token_key.setter
194
+ def identity_token_key(self, value: Optional[pulumi.Input[str]]):
195
+ pulumi.set(self, "identity_token_key", value)
196
+
197
+ @property
198
+ @pulumi.getter(name="identityTokenTtl")
199
+ def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
200
+ """
201
+ The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
202
+ *Available only for Vault Enterprise*
203
+ """
204
+ return pulumi.get(self, "identity_token_ttl")
205
+
206
+ @identity_token_ttl.setter
207
+ def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
208
+ pulumi.set(self, "identity_token_ttl", value)
209
+
148
210
  @property
149
211
  @pulumi.getter
150
212
  def namespace(self) -> Optional[pulumi.Input[str]]:
151
213
  """
152
214
  The namespace to provision the resource in.
153
215
  The value should not contain leading or trailing forward slashes.
154
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
216
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
155
217
  *Available only for Vault Enterprise*.
156
218
  """
157
219
  return pulumi.get(self, "namespace")
@@ -174,6 +236,7 @@ class BackendArgs:
174
236
 
175
237
  @property
176
238
  @pulumi.getter(name="useMicrosoftGraphApi")
239
+ @_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
177
240
  def use_microsoft_graph_api(self) -> Optional[pulumi.Input[bool]]:
178
241
  """
179
242
  Use the Microsoft Graph API. Should be set to true on vault-1.10+
@@ -193,6 +256,9 @@ class _BackendState:
193
256
  description: Optional[pulumi.Input[str]] = None,
194
257
  disable_remount: Optional[pulumi.Input[bool]] = None,
195
258
  environment: Optional[pulumi.Input[str]] = None,
259
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
260
+ identity_token_key: Optional[pulumi.Input[str]] = None,
261
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
196
262
  namespace: Optional[pulumi.Input[str]] = None,
197
263
  path: Optional[pulumi.Input[str]] = None,
198
264
  subscription_id: Optional[pulumi.Input[str]] = None,
@@ -206,9 +272,15 @@ class _BackendState:
206
272
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
207
273
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
208
274
  :param pulumi.Input[str] environment: The Azure environment.
275
+ :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
276
+ *Available only for Vault Enterprise*
277
+ :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
278
+ *Available only for Vault Enterprise*
279
+ :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
280
+ *Available only for Vault Enterprise*
209
281
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
210
282
  The value should not contain leading or trailing forward slashes.
211
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
283
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
212
284
  *Available only for Vault Enterprise*.
213
285
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
214
286
  :param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
@@ -225,6 +297,12 @@ class _BackendState:
225
297
  pulumi.set(__self__, "disable_remount", disable_remount)
226
298
  if environment is not None:
227
299
  pulumi.set(__self__, "environment", environment)
300
+ if identity_token_audience is not None:
301
+ pulumi.set(__self__, "identity_token_audience", identity_token_audience)
302
+ if identity_token_key is not None:
303
+ pulumi.set(__self__, "identity_token_key", identity_token_key)
304
+ if identity_token_ttl is not None:
305
+ pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
228
306
  if namespace is not None:
229
307
  pulumi.set(__self__, "namespace", namespace)
230
308
  if path is not None:
@@ -233,6 +311,9 @@ class _BackendState:
233
311
  pulumi.set(__self__, "subscription_id", subscription_id)
234
312
  if tenant_id is not None:
235
313
  pulumi.set(__self__, "tenant_id", tenant_id)
314
+ if use_microsoft_graph_api is not None:
315
+ warnings.warn("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""", DeprecationWarning)
316
+ pulumi.log.warn("""use_microsoft_graph_api is deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
236
317
  if use_microsoft_graph_api is not None:
237
318
  pulumi.set(__self__, "use_microsoft_graph_api", use_microsoft_graph_api)
238
319
 
@@ -297,13 +378,52 @@ class _BackendState:
297
378
  def environment(self, value: Optional[pulumi.Input[str]]):
298
379
  pulumi.set(self, "environment", value)
299
380
 
381
+ @property
382
+ @pulumi.getter(name="identityTokenAudience")
383
+ def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
384
+ """
385
+ The audience claim value. Requires Vault 1.17+.
386
+ *Available only for Vault Enterprise*
387
+ """
388
+ return pulumi.get(self, "identity_token_audience")
389
+
390
+ @identity_token_audience.setter
391
+ def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
392
+ pulumi.set(self, "identity_token_audience", value)
393
+
394
+ @property
395
+ @pulumi.getter(name="identityTokenKey")
396
+ def identity_token_key(self) -> Optional[pulumi.Input[str]]:
397
+ """
398
+ The key to use for signing identity tokens. Requires Vault 1.17+.
399
+ *Available only for Vault Enterprise*
400
+ """
401
+ return pulumi.get(self, "identity_token_key")
402
+
403
+ @identity_token_key.setter
404
+ def identity_token_key(self, value: Optional[pulumi.Input[str]]):
405
+ pulumi.set(self, "identity_token_key", value)
406
+
407
+ @property
408
+ @pulumi.getter(name="identityTokenTtl")
409
+ def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
410
+ """
411
+ The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
412
+ *Available only for Vault Enterprise*
413
+ """
414
+ return pulumi.get(self, "identity_token_ttl")
415
+
416
+ @identity_token_ttl.setter
417
+ def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
418
+ pulumi.set(self, "identity_token_ttl", value)
419
+
300
420
  @property
301
421
  @pulumi.getter
302
422
  def namespace(self) -> Optional[pulumi.Input[str]]:
303
423
  """
304
424
  The namespace to provision the resource in.
305
425
  The value should not contain leading or trailing forward slashes.
306
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
426
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
307
427
  *Available only for Vault Enterprise*.
308
428
  """
309
429
  return pulumi.get(self, "namespace")
@@ -350,6 +470,7 @@ class _BackendState:
350
470
 
351
471
  @property
352
472
  @pulumi.getter(name="useMicrosoftGraphApi")
473
+ @_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
353
474
  def use_microsoft_graph_api(self) -> Optional[pulumi.Input[bool]]:
354
475
  """
355
476
  Use the Microsoft Graph API. Should be set to true on vault-1.10+
@@ -371,6 +492,9 @@ class Backend(pulumi.CustomResource):
371
492
  description: Optional[pulumi.Input[str]] = None,
372
493
  disable_remount: Optional[pulumi.Input[bool]] = None,
373
494
  environment: Optional[pulumi.Input[str]] = None,
495
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
496
+ identity_token_key: Optional[pulumi.Input[str]] = None,
497
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
374
498
  namespace: Optional[pulumi.Input[str]] = None,
375
499
  path: Optional[pulumi.Input[str]] = None,
376
500
  subscription_id: Optional[pulumi.Input[str]] = None,
@@ -382,37 +506,46 @@ class Backend(pulumi.CustomResource):
382
506
 
383
507
  ### *Vault-1.9 And Above*
384
508
 
385
- <!--Start PulumiCodeChooser -->
509
+ You can setup the Azure secrets engine with Workload Identity Federation (WIF) for a secret-less configuration:
386
510
  ```python
387
511
  import pulumi
388
512
  import pulumi_vault as vault
389
513
 
390
514
  azure = vault.azure.Backend("azure",
515
+ subscription_id="11111111-2222-3333-4444-111111111111",
516
+ tenant_id="11111111-2222-3333-4444-222222222222",
391
517
  client_id="11111111-2222-3333-4444-333333333333",
392
- client_secret="12345678901234567890",
393
- environment="AzurePublicCloud",
518
+ identity_token_audience="<TOKEN_AUDIENCE>",
519
+ identity_token_ttl="<TOKEN_TTL>")
520
+ ```
521
+
522
+ ```python
523
+ import pulumi
524
+ import pulumi_vault as vault
525
+
526
+ azure = vault.azure.Backend("azure",
527
+ use_microsoft_graph_api=True,
394
528
  subscription_id="11111111-2222-3333-4444-111111111111",
395
529
  tenant_id="11111111-2222-3333-4444-222222222222",
396
- use_microsoft_graph_api=True)
530
+ client_id="11111111-2222-3333-4444-333333333333",
531
+ client_secret="12345678901234567890",
532
+ environment="AzurePublicCloud")
397
533
  ```
398
- <!--End PulumiCodeChooser -->
399
534
 
400
535
  ### *Vault-1.8 And Below*
401
536
 
402
- <!--Start PulumiCodeChooser -->
403
537
  ```python
404
538
  import pulumi
405
539
  import pulumi_vault as vault
406
540
 
407
541
  azure = vault.azure.Backend("azure",
408
- client_id="11111111-2222-3333-4444-333333333333",
409
- client_secret="12345678901234567890",
410
- environment="AzurePublicCloud",
542
+ use_microsoft_graph_api=False,
411
543
  subscription_id="11111111-2222-3333-4444-111111111111",
412
544
  tenant_id="11111111-2222-3333-4444-222222222222",
413
- use_microsoft_graph_api=False)
545
+ client_id="11111111-2222-3333-4444-333333333333",
546
+ client_secret="12345678901234567890",
547
+ environment="AzurePublicCloud")
414
548
  ```
415
- <!--End PulumiCodeChooser -->
416
549
 
417
550
  :param str resource_name: The name of the resource.
418
551
  :param pulumi.ResourceOptions opts: Options for the resource.
@@ -422,9 +555,15 @@ class Backend(pulumi.CustomResource):
422
555
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
423
556
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
424
557
  :param pulumi.Input[str] environment: The Azure environment.
558
+ :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
559
+ *Available only for Vault Enterprise*
560
+ :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
561
+ *Available only for Vault Enterprise*
562
+ :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
563
+ *Available only for Vault Enterprise*
425
564
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
426
565
  The value should not contain leading or trailing forward slashes.
427
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
566
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
428
567
  *Available only for Vault Enterprise*.
429
568
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
430
569
  :param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
@@ -442,37 +581,46 @@ class Backend(pulumi.CustomResource):
442
581
 
443
582
  ### *Vault-1.9 And Above*
444
583
 
445
- <!--Start PulumiCodeChooser -->
584
+ You can setup the Azure secrets engine with Workload Identity Federation (WIF) for a secret-less configuration:
446
585
  ```python
447
586
  import pulumi
448
587
  import pulumi_vault as vault
449
588
 
450
589
  azure = vault.azure.Backend("azure",
590
+ subscription_id="11111111-2222-3333-4444-111111111111",
591
+ tenant_id="11111111-2222-3333-4444-222222222222",
451
592
  client_id="11111111-2222-3333-4444-333333333333",
452
- client_secret="12345678901234567890",
453
- environment="AzurePublicCloud",
593
+ identity_token_audience="<TOKEN_AUDIENCE>",
594
+ identity_token_ttl="<TOKEN_TTL>")
595
+ ```
596
+
597
+ ```python
598
+ import pulumi
599
+ import pulumi_vault as vault
600
+
601
+ azure = vault.azure.Backend("azure",
602
+ use_microsoft_graph_api=True,
454
603
  subscription_id="11111111-2222-3333-4444-111111111111",
455
604
  tenant_id="11111111-2222-3333-4444-222222222222",
456
- use_microsoft_graph_api=True)
605
+ client_id="11111111-2222-3333-4444-333333333333",
606
+ client_secret="12345678901234567890",
607
+ environment="AzurePublicCloud")
457
608
  ```
458
- <!--End PulumiCodeChooser -->
459
609
 
460
610
  ### *Vault-1.8 And Below*
461
611
 
462
- <!--Start PulumiCodeChooser -->
463
612
  ```python
464
613
  import pulumi
465
614
  import pulumi_vault as vault
466
615
 
467
616
  azure = vault.azure.Backend("azure",
468
- client_id="11111111-2222-3333-4444-333333333333",
469
- client_secret="12345678901234567890",
470
- environment="AzurePublicCloud",
617
+ use_microsoft_graph_api=False,
471
618
  subscription_id="11111111-2222-3333-4444-111111111111",
472
619
  tenant_id="11111111-2222-3333-4444-222222222222",
473
- use_microsoft_graph_api=False)
620
+ client_id="11111111-2222-3333-4444-333333333333",
621
+ client_secret="12345678901234567890",
622
+ environment="AzurePublicCloud")
474
623
  ```
475
- <!--End PulumiCodeChooser -->
476
624
 
477
625
  :param str resource_name: The name of the resource.
478
626
  :param BackendArgs args: The arguments to use to populate this resource's properties.
@@ -494,6 +642,9 @@ class Backend(pulumi.CustomResource):
494
642
  description: Optional[pulumi.Input[str]] = None,
495
643
  disable_remount: Optional[pulumi.Input[bool]] = None,
496
644
  environment: Optional[pulumi.Input[str]] = None,
645
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
646
+ identity_token_key: Optional[pulumi.Input[str]] = None,
647
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
497
648
  namespace: Optional[pulumi.Input[str]] = None,
498
649
  path: Optional[pulumi.Input[str]] = None,
499
650
  subscription_id: Optional[pulumi.Input[str]] = None,
@@ -513,6 +664,9 @@ class Backend(pulumi.CustomResource):
513
664
  __props__.__dict__["description"] = description
514
665
  __props__.__dict__["disable_remount"] = disable_remount
515
666
  __props__.__dict__["environment"] = environment
667
+ __props__.__dict__["identity_token_audience"] = identity_token_audience
668
+ __props__.__dict__["identity_token_key"] = identity_token_key
669
+ __props__.__dict__["identity_token_ttl"] = identity_token_ttl
516
670
  __props__.__dict__["namespace"] = namespace
517
671
  __props__.__dict__["path"] = path
518
672
  if subscription_id is None and not opts.urn:
@@ -539,6 +693,9 @@ class Backend(pulumi.CustomResource):
539
693
  description: Optional[pulumi.Input[str]] = None,
540
694
  disable_remount: Optional[pulumi.Input[bool]] = None,
541
695
  environment: Optional[pulumi.Input[str]] = None,
696
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
697
+ identity_token_key: Optional[pulumi.Input[str]] = None,
698
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
542
699
  namespace: Optional[pulumi.Input[str]] = None,
543
700
  path: Optional[pulumi.Input[str]] = None,
544
701
  subscription_id: Optional[pulumi.Input[str]] = None,
@@ -557,9 +714,15 @@ class Backend(pulumi.CustomResource):
557
714
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
558
715
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
559
716
  :param pulumi.Input[str] environment: The Azure environment.
717
+ :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
718
+ *Available only for Vault Enterprise*
719
+ :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
720
+ *Available only for Vault Enterprise*
721
+ :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
722
+ *Available only for Vault Enterprise*
560
723
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
561
724
  The value should not contain leading or trailing forward slashes.
562
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
725
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
563
726
  *Available only for Vault Enterprise*.
564
727
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
565
728
  :param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
@@ -575,6 +738,9 @@ class Backend(pulumi.CustomResource):
575
738
  __props__.__dict__["description"] = description
576
739
  __props__.__dict__["disable_remount"] = disable_remount
577
740
  __props__.__dict__["environment"] = environment
741
+ __props__.__dict__["identity_token_audience"] = identity_token_audience
742
+ __props__.__dict__["identity_token_key"] = identity_token_key
743
+ __props__.__dict__["identity_token_ttl"] = identity_token_ttl
578
744
  __props__.__dict__["namespace"] = namespace
579
745
  __props__.__dict__["path"] = path
580
746
  __props__.__dict__["subscription_id"] = subscription_id
@@ -623,13 +789,40 @@ class Backend(pulumi.CustomResource):
623
789
  """
624
790
  return pulumi.get(self, "environment")
625
791
 
792
+ @property
793
+ @pulumi.getter(name="identityTokenAudience")
794
+ def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
795
+ """
796
+ The audience claim value. Requires Vault 1.17+.
797
+ *Available only for Vault Enterprise*
798
+ """
799
+ return pulumi.get(self, "identity_token_audience")
800
+
801
+ @property
802
+ @pulumi.getter(name="identityTokenKey")
803
+ def identity_token_key(self) -> pulumi.Output[Optional[str]]:
804
+ """
805
+ The key to use for signing identity tokens. Requires Vault 1.17+.
806
+ *Available only for Vault Enterprise*
807
+ """
808
+ return pulumi.get(self, "identity_token_key")
809
+
810
+ @property
811
+ @pulumi.getter(name="identityTokenTtl")
812
+ def identity_token_ttl(self) -> pulumi.Output[int]:
813
+ """
814
+ The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
815
+ *Available only for Vault Enterprise*
816
+ """
817
+ return pulumi.get(self, "identity_token_ttl")
818
+
626
819
  @property
627
820
  @pulumi.getter
628
821
  def namespace(self) -> pulumi.Output[Optional[str]]:
629
822
  """
630
823
  The namespace to provision the resource in.
631
824
  The value should not contain leading or trailing forward slashes.
632
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
825
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
633
826
  *Available only for Vault Enterprise*.
634
827
  """
635
828
  return pulumi.get(self, "namespace")
@@ -660,6 +853,7 @@ class Backend(pulumi.CustomResource):
660
853
 
661
854
  @property
662
855
  @pulumi.getter(name="useMicrosoftGraphApi")
856
+ @_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
663
857
  def use_microsoft_graph_api(self) -> pulumi.Output[bool]:
664
858
  """
665
859
  Use the Microsoft Graph API. Should be set to true on vault-1.10+