pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +22 -7
  5. pulumi_vault/ad/secret_backend.py +14 -144
  6. pulumi_vault/ad/secret_library.py +14 -11
  7. pulumi_vault/ad/secret_role.py +12 -11
  8. pulumi_vault/alicloud/auth_backend_role.py +74 -192
  9. pulumi_vault/approle/auth_backend_login.py +12 -11
  10. pulumi_vault/approle/auth_backend_role.py +75 -193
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
  13. pulumi_vault/audit.py +24 -27
  14. pulumi_vault/audit_request_header.py +11 -6
  15. pulumi_vault/auth_backend.py +64 -12
  16. pulumi_vault/aws/auth_backend_cert.py +12 -7
  17. pulumi_vault/aws/auth_backend_client.py +265 -24
  18. pulumi_vault/aws/auth_backend_config_identity.py +12 -11
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +75 -193
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
  24. pulumi_vault/aws/auth_backend_sts_role.py +12 -11
  25. pulumi_vault/aws/get_access_credentials.py +34 -7
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +75 -7
  28. pulumi_vault/aws/secret_backend_role.py +183 -11
  29. pulumi_vault/aws/secret_backend_static_role.py +14 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +151 -17
  32. pulumi_vault/azure/auth_backend_role.py +75 -193
  33. pulumi_vault/azure/backend.py +223 -29
  34. pulumi_vault/azure/backend_role.py +42 -41
  35. pulumi_vault/azure/get_access_credentials.py +39 -11
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -271
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +22 -25
  44. pulumi_vault/consul/secret_backend_role.py +14 -80
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +117 -114
  48. pulumi_vault/database/secret_backend_role.py +29 -24
  49. pulumi_vault/database/secret_backend_static_role.py +85 -15
  50. pulumi_vault/database/secrets_mount.py +425 -138
  51. pulumi_vault/egp_policy.py +16 -15
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +248 -35
  54. pulumi_vault/gcp/auth_backend_role.py +75 -271
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -9
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -16
  58. pulumi_vault/gcp/secret_impersonated_account.py +74 -17
  59. pulumi_vault/gcp/secret_roleset.py +29 -26
  60. pulumi_vault/gcp/secret_static_account.py +37 -34
  61. pulumi_vault/generic/endpoint.py +22 -21
  62. pulumi_vault/generic/get_secret.py +68 -12
  63. pulumi_vault/generic/secret.py +19 -14
  64. pulumi_vault/get_auth_backend.py +24 -11
  65. pulumi_vault/get_auth_backends.py +33 -11
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -15
  69. pulumi_vault/get_policy_document.py +34 -23
  70. pulumi_vault/get_raft_autopilot_state.py +29 -14
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +17 -16
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +14 -13
  75. pulumi_vault/github/user.py +14 -13
  76. pulumi_vault/identity/entity.py +18 -15
  77. pulumi_vault/identity/entity_alias.py +18 -15
  78. pulumi_vault/identity/entity_policies.py +24 -19
  79. pulumi_vault/identity/get_entity.py +40 -14
  80. pulumi_vault/identity/get_group.py +45 -13
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -11
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -13
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -14
  84. pulumi_vault/identity/group.py +50 -49
  85. pulumi_vault/identity/group_alias.py +14 -11
  86. pulumi_vault/identity/group_member_entity_ids.py +24 -74
  87. pulumi_vault/identity/group_member_group_ids.py +36 -27
  88. pulumi_vault/identity/group_policies.py +16 -15
  89. pulumi_vault/identity/mfa_duo.py +9 -8
  90. pulumi_vault/identity/mfa_login_enforcement.py +13 -8
  91. pulumi_vault/identity/mfa_okta.py +9 -8
  92. pulumi_vault/identity/mfa_pingid.py +5 -4
  93. pulumi_vault/identity/mfa_totp.py +5 -4
  94. pulumi_vault/identity/oidc.py +12 -11
  95. pulumi_vault/identity/oidc_assignment.py +22 -13
  96. pulumi_vault/identity/oidc_client.py +34 -25
  97. pulumi_vault/identity/oidc_key.py +28 -19
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
  99. pulumi_vault/identity/oidc_provider.py +34 -23
  100. pulumi_vault/identity/oidc_role.py +40 -27
  101. pulumi_vault/identity/oidc_scope.py +18 -15
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +39 -46
  105. pulumi_vault/jwt/auth_backend_role.py +131 -260
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +22 -21
  108. pulumi_vault/kmip/secret_role.py +12 -11
  109. pulumi_vault/kmip/secret_scope.py +12 -11
  110. pulumi_vault/kubernetes/auth_backend_config.py +55 -7
  111. pulumi_vault/kubernetes/auth_backend_role.py +68 -179
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -15
  115. pulumi_vault/kubernetes/secret_backend.py +314 -29
  116. pulumi_vault/kubernetes/secret_backend_role.py +135 -56
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +23 -12
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
  120. pulumi_vault/kv/get_secret_v2.py +89 -9
  121. pulumi_vault/kv/get_secrets_list.py +22 -15
  122. pulumi_vault/kv/get_secrets_list_v2.py +35 -19
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +19 -18
  125. pulumi_vault/kv/secret_backend_v2.py +12 -11
  126. pulumi_vault/kv/secret_v2.py +55 -52
  127. pulumi_vault/ldap/auth_backend.py +125 -168
  128. pulumi_vault/ldap/auth_backend_group.py +12 -11
  129. pulumi_vault/ldap/auth_backend_user.py +12 -11
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +352 -84
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +14 -11
  135. pulumi_vault/ldap/secret_backend_static_role.py +67 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +27 -43
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +16 -13
  140. pulumi_vault/mfa_okta.py +16 -13
  141. pulumi_vault/mfa_pingid.py +16 -13
  142. pulumi_vault/mfa_totp.py +22 -19
  143. pulumi_vault/mongodbatlas/secret_backend.py +18 -17
  144. pulumi_vault/mongodbatlas/secret_role.py +41 -38
  145. pulumi_vault/mount.py +389 -65
  146. pulumi_vault/namespace.py +26 -21
  147. pulumi_vault/nomad_secret_backend.py +16 -15
  148. pulumi_vault/nomad_secret_role.py +12 -11
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +483 -41
  151. pulumi_vault/okta/auth_backend_group.py +12 -11
  152. pulumi_vault/okta/auth_backend_user.py +12 -11
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +18 -15
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -13
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -12
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
  174. pulumi_vault/pkisecret/secret_backend_key.py +12 -7
  175. pulumi_vault/pkisecret/secret_backend_role.py +19 -16
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +12 -7
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +58 -8
  185. pulumi_vault/quota_rate_limit.py +54 -4
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +16 -15
  189. pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
  190. pulumi_vault/raft_autopilot.py +12 -11
  191. pulumi_vault/raft_snapshot_agent_config.py +121 -311
  192. pulumi_vault/rgp_policy.py +14 -13
  193. pulumi_vault/saml/auth_backend.py +20 -19
  194. pulumi_vault/saml/auth_backend_role.py +90 -199
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -75
  199. pulumi_vault/secrets/sync_aws_destination.py +240 -29
  200. pulumi_vault/secrets/sync_azure_destination.py +90 -33
  201. pulumi_vault/secrets/sync_config.py +7 -6
  202. pulumi_vault/secrets/sync_gcp_destination.py +156 -27
  203. pulumi_vault/secrets/sync_gh_destination.py +187 -15
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +72 -15
  206. pulumi_vault/ssh/_inputs.py +28 -32
  207. pulumi_vault/ssh/outputs.py +11 -32
  208. pulumi_vault/ssh/secret_backend_ca.py +106 -11
  209. pulumi_vault/ssh/secret_backend_role.py +83 -120
  210. pulumi_vault/terraformcloud/secret_backend.py +5 -56
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -24
  212. pulumi_vault/terraformcloud/secret_role.py +14 -76
  213. pulumi_vault/token.py +26 -25
  214. pulumi_vault/tokenauth/auth_backend_role.py +76 -201
  215. pulumi_vault/transform/alphabet.py +16 -13
  216. pulumi_vault/transform/get_decode.py +45 -21
  217. pulumi_vault/transform/get_encode.py +45 -21
  218. pulumi_vault/transform/role.py +16 -13
  219. pulumi_vault/transform/template.py +30 -25
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -25
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +25 -97
  224. pulumi_vault/transit/secret_cache_config.py +12 -11
  225. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
  from . import outputs
12
17
  from ._inputs import *
@@ -18,16 +23,20 @@ class SecretsMountArgs:
18
23
  def __init__(__self__, *,
19
24
  path: pulumi.Input[str],
20
25
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
26
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
21
27
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
22
28
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
23
29
  cassandras: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountCassandraArgs']]]] = None,
24
30
  couchbases: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountCouchbaseArgs']]]] = None,
25
31
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
32
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
26
33
  description: Optional[pulumi.Input[str]] = None,
27
34
  elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountElasticsearchArgs']]]] = None,
28
35
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
29
36
  hanas: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountHanaArgs']]]] = None,
37
+ identity_token_key: Optional[pulumi.Input[str]] = None,
30
38
  influxdbs: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]]] = None,
39
+ listing_visibility: Optional[pulumi.Input[str]] = None,
31
40
  local: Optional[pulumi.Input[bool]] = None,
32
41
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
33
42
  mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountMongodbatlaArgs']]]] = None,
@@ -38,8 +47,10 @@ class SecretsMountArgs:
38
47
  mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountMysqlRdArgs']]]] = None,
39
48
  mysqls: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountMysqlArgs']]]] = None,
40
49
  namespace: Optional[pulumi.Input[str]] = None,
41
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
50
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
42
51
  oracles: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountOracleArgs']]]] = None,
52
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
53
+ plugin_version: Optional[pulumi.Input[str]] = None,
43
54
  postgresqls: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountPostgresqlArgs']]]] = None,
44
55
  redis: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountRediArgs']]]] = None,
45
56
  redis_elasticaches: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountRedisElasticachArgs']]]] = None,
@@ -52,6 +63,7 @@ class SecretsMountArgs:
52
63
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
53
64
 
54
65
  The following arguments are common to all database engines:
66
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
55
67
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
56
68
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
57
69
  :param pulumi.Input[Sequence[pulumi.Input['SecretsMountCassandraArgs']]] cassandras: A nested block containing configuration options for Cassandra connections.
@@ -59,14 +71,17 @@ class SecretsMountArgs:
59
71
  :param pulumi.Input[Sequence[pulumi.Input['SecretsMountCouchbaseArgs']]] couchbases: A nested block containing configuration options for Couchbase connections.
60
72
  *See Configuration Options for more info*
61
73
  :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
74
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
62
75
  :param pulumi.Input[str] description: Human-friendly description of the mount
63
76
  :param pulumi.Input[Sequence[pulumi.Input['SecretsMountElasticsearchArgs']]] elasticsearches: A nested block containing configuration options for Elasticsearch connections.
64
77
  *See Configuration Options for more info*
65
78
  :param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
66
79
  :param pulumi.Input[Sequence[pulumi.Input['SecretsMountHanaArgs']]] hanas: A nested block containing configuration options for SAP HanaDB connections.
67
80
  *See Configuration Options for more info*
81
+ :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
68
82
  :param pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]] influxdbs: A nested block containing configuration options for InfluxDB connections.
69
83
  *See Configuration Options for more info*
84
+ :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
70
85
  :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
71
86
  :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
72
87
  :param pulumi.Input[Sequence[pulumi.Input['SecretsMountMongodbatlaArgs']]] mongodbatlas: A nested block containing configuration options for MongoDB Atlas connections.
@@ -84,9 +99,11 @@ class SecretsMountArgs:
84
99
  :param pulumi.Input[Sequence[pulumi.Input['SecretsMountMysqlArgs']]] mysqls: A nested block containing configuration options for MySQL connections.
85
100
  *See Configuration Options for more info*
86
101
  :param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
87
- :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
102
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
88
103
  :param pulumi.Input[Sequence[pulumi.Input['SecretsMountOracleArgs']]] oracles: A nested block containing configuration options for Oracle connections.
89
104
  *See Configuration Options for more info*
105
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
106
+ :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
90
107
  :param pulumi.Input[Sequence[pulumi.Input['SecretsMountPostgresqlArgs']]] postgresqls: A nested block containing configuration options for PostgreSQL connections.
91
108
  *See Configuration Options for more info*
92
109
  :param pulumi.Input[Sequence[pulumi.Input['SecretsMountRediArgs']]] redis: A nested block containing configuration options for Redis connections.
@@ -102,6 +119,8 @@ class SecretsMountArgs:
102
119
  pulumi.set(__self__, "path", path)
103
120
  if allowed_managed_keys is not None:
104
121
  pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
122
+ if allowed_response_headers is not None:
123
+ pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
105
124
  if audit_non_hmac_request_keys is not None:
106
125
  pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
107
126
  if audit_non_hmac_response_keys is not None:
@@ -112,6 +131,8 @@ class SecretsMountArgs:
112
131
  pulumi.set(__self__, "couchbases", couchbases)
113
132
  if default_lease_ttl_seconds is not None:
114
133
  pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
134
+ if delegated_auth_accessors is not None:
135
+ pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
115
136
  if description is not None:
116
137
  pulumi.set(__self__, "description", description)
117
138
  if elasticsearches is not None:
@@ -120,8 +141,12 @@ class SecretsMountArgs:
120
141
  pulumi.set(__self__, "external_entropy_access", external_entropy_access)
121
142
  if hanas is not None:
122
143
  pulumi.set(__self__, "hanas", hanas)
144
+ if identity_token_key is not None:
145
+ pulumi.set(__self__, "identity_token_key", identity_token_key)
123
146
  if influxdbs is not None:
124
147
  pulumi.set(__self__, "influxdbs", influxdbs)
148
+ if listing_visibility is not None:
149
+ pulumi.set(__self__, "listing_visibility", listing_visibility)
125
150
  if local is not None:
126
151
  pulumi.set(__self__, "local", local)
127
152
  if max_lease_ttl_seconds is not None:
@@ -146,6 +171,10 @@ class SecretsMountArgs:
146
171
  pulumi.set(__self__, "options", options)
147
172
  if oracles is not None:
148
173
  pulumi.set(__self__, "oracles", oracles)
174
+ if passthrough_request_headers is not None:
175
+ pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
176
+ if plugin_version is not None:
177
+ pulumi.set(__self__, "plugin_version", plugin_version)
149
178
  if postgresqls is not None:
150
179
  pulumi.set(__self__, "postgresqls", postgresqls)
151
180
  if redis is not None:
@@ -185,6 +214,18 @@ class SecretsMountArgs:
185
214
  def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
186
215
  pulumi.set(self, "allowed_managed_keys", value)
187
216
 
217
+ @property
218
+ @pulumi.getter(name="allowedResponseHeaders")
219
+ def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
220
+ """
221
+ List of headers to allow and pass from the request to the plugin
222
+ """
223
+ return pulumi.get(self, "allowed_response_headers")
224
+
225
+ @allowed_response_headers.setter
226
+ def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
227
+ pulumi.set(self, "allowed_response_headers", value)
228
+
188
229
  @property
189
230
  @pulumi.getter(name="auditNonHmacRequestKeys")
190
231
  def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -247,6 +288,18 @@ class SecretsMountArgs:
247
288
  def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
248
289
  pulumi.set(self, "default_lease_ttl_seconds", value)
249
290
 
291
+ @property
292
+ @pulumi.getter(name="delegatedAuthAccessors")
293
+ def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
294
+ """
295
+ List of headers to allow and pass from the request to the plugin
296
+ """
297
+ return pulumi.get(self, "delegated_auth_accessors")
298
+
299
+ @delegated_auth_accessors.setter
300
+ def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
301
+ pulumi.set(self, "delegated_auth_accessors", value)
302
+
250
303
  @property
251
304
  @pulumi.getter
252
305
  def description(self) -> Optional[pulumi.Input[str]]:
@@ -297,6 +350,18 @@ class SecretsMountArgs:
297
350
  def hanas(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountHanaArgs']]]]):
298
351
  pulumi.set(self, "hanas", value)
299
352
 
353
+ @property
354
+ @pulumi.getter(name="identityTokenKey")
355
+ def identity_token_key(self) -> Optional[pulumi.Input[str]]:
356
+ """
357
+ The key to use for signing plugin workload identity tokens
358
+ """
359
+ return pulumi.get(self, "identity_token_key")
360
+
361
+ @identity_token_key.setter
362
+ def identity_token_key(self, value: Optional[pulumi.Input[str]]):
363
+ pulumi.set(self, "identity_token_key", value)
364
+
300
365
  @property
301
366
  @pulumi.getter
302
367
  def influxdbs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]]]:
@@ -310,6 +375,18 @@ class SecretsMountArgs:
310
375
  def influxdbs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]]]):
311
376
  pulumi.set(self, "influxdbs", value)
312
377
 
378
+ @property
379
+ @pulumi.getter(name="listingVisibility")
380
+ def listing_visibility(self) -> Optional[pulumi.Input[str]]:
381
+ """
382
+ Specifies whether to show this mount in the UI-specific listing endpoint
383
+ """
384
+ return pulumi.get(self, "listing_visibility")
385
+
386
+ @listing_visibility.setter
387
+ def listing_visibility(self, value: Optional[pulumi.Input[str]]):
388
+ pulumi.set(self, "listing_visibility", value)
389
+
313
390
  @property
314
391
  @pulumi.getter
315
392
  def local(self) -> Optional[pulumi.Input[bool]]:
@@ -439,14 +516,14 @@ class SecretsMountArgs:
439
516
 
440
517
  @property
441
518
  @pulumi.getter
442
- def options(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
519
+ def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
443
520
  """
444
521
  Specifies mount type specific options that are passed to the backend
445
522
  """
446
523
  return pulumi.get(self, "options")
447
524
 
448
525
  @options.setter
449
- def options(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
526
+ def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
450
527
  pulumi.set(self, "options", value)
451
528
 
452
529
  @property
@@ -462,6 +539,30 @@ class SecretsMountArgs:
462
539
  def oracles(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountOracleArgs']]]]):
463
540
  pulumi.set(self, "oracles", value)
464
541
 
542
+ @property
543
+ @pulumi.getter(name="passthroughRequestHeaders")
544
+ def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
545
+ """
546
+ List of headers to allow and pass from the request to the plugin
547
+ """
548
+ return pulumi.get(self, "passthrough_request_headers")
549
+
550
+ @passthrough_request_headers.setter
551
+ def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
552
+ pulumi.set(self, "passthrough_request_headers", value)
553
+
554
+ @property
555
+ @pulumi.getter(name="pluginVersion")
556
+ def plugin_version(self) -> Optional[pulumi.Input[str]]:
557
+ """
558
+ Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
559
+ """
560
+ return pulumi.get(self, "plugin_version")
561
+
562
+ @plugin_version.setter
563
+ def plugin_version(self, value: Optional[pulumi.Input[str]]):
564
+ pulumi.set(self, "plugin_version", value)
565
+
465
566
  @property
466
567
  @pulumi.getter
467
568
  def postgresqls(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountPostgresqlArgs']]]]:
@@ -545,17 +646,21 @@ class _SecretsMountState:
545
646
  def __init__(__self__, *,
546
647
  accessor: Optional[pulumi.Input[str]] = None,
547
648
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
649
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
548
650
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
549
651
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
550
652
  cassandras: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountCassandraArgs']]]] = None,
551
653
  couchbases: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountCouchbaseArgs']]]] = None,
552
654
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
655
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
553
656
  description: Optional[pulumi.Input[str]] = None,
554
657
  elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountElasticsearchArgs']]]] = None,
555
658
  engine_count: Optional[pulumi.Input[int]] = None,
556
659
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
557
660
  hanas: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountHanaArgs']]]] = None,
661
+ identity_token_key: Optional[pulumi.Input[str]] = None,
558
662
  influxdbs: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]]] = None,
663
+ listing_visibility: Optional[pulumi.Input[str]] = None,
559
664
  local: Optional[pulumi.Input[bool]] = None,
560
665
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
561
666
  mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountMongodbatlaArgs']]]] = None,
@@ -566,9 +671,11 @@ class _SecretsMountState:
566
671
  mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountMysqlRdArgs']]]] = None,
567
672
  mysqls: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountMysqlArgs']]]] = None,
568
673
  namespace: Optional[pulumi.Input[str]] = None,
569
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
674
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
570
675
  oracles: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountOracleArgs']]]] = None,
676
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
571
677
  path: Optional[pulumi.Input[str]] = None,
678
+ plugin_version: Optional[pulumi.Input[str]] = None,
572
679
  postgresqls: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountPostgresqlArgs']]]] = None,
573
680
  redis: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountRediArgs']]]] = None,
574
681
  redis_elasticaches: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountRedisElasticachArgs']]]] = None,
@@ -581,6 +688,7 @@ class _SecretsMountState:
581
688
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
582
689
 
583
690
  The following arguments are common to all database engines:
691
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
584
692
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
585
693
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
586
694
  :param pulumi.Input[Sequence[pulumi.Input['SecretsMountCassandraArgs']]] cassandras: A nested block containing configuration options for Cassandra connections.
@@ -588,6 +696,7 @@ class _SecretsMountState:
588
696
  :param pulumi.Input[Sequence[pulumi.Input['SecretsMountCouchbaseArgs']]] couchbases: A nested block containing configuration options for Couchbase connections.
589
697
  *See Configuration Options for more info*
590
698
  :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
699
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
591
700
  :param pulumi.Input[str] description: Human-friendly description of the mount
592
701
  :param pulumi.Input[Sequence[pulumi.Input['SecretsMountElasticsearchArgs']]] elasticsearches: A nested block containing configuration options for Elasticsearch connections.
593
702
  *See Configuration Options for more info*
@@ -595,8 +704,10 @@ class _SecretsMountState:
595
704
  :param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
596
705
  :param pulumi.Input[Sequence[pulumi.Input['SecretsMountHanaArgs']]] hanas: A nested block containing configuration options for SAP HanaDB connections.
597
706
  *See Configuration Options for more info*
707
+ :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
598
708
  :param pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]] influxdbs: A nested block containing configuration options for InfluxDB connections.
599
709
  *See Configuration Options for more info*
710
+ :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
600
711
  :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
601
712
  :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
602
713
  :param pulumi.Input[Sequence[pulumi.Input['SecretsMountMongodbatlaArgs']]] mongodbatlas: A nested block containing configuration options for MongoDB Atlas connections.
@@ -614,10 +725,12 @@ class _SecretsMountState:
614
725
  :param pulumi.Input[Sequence[pulumi.Input['SecretsMountMysqlArgs']]] mysqls: A nested block containing configuration options for MySQL connections.
615
726
  *See Configuration Options for more info*
616
727
  :param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
617
- :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
728
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
618
729
  :param pulumi.Input[Sequence[pulumi.Input['SecretsMountOracleArgs']]] oracles: A nested block containing configuration options for Oracle connections.
619
730
  *See Configuration Options for more info*
731
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
620
732
  :param pulumi.Input[str] path: Where the secret backend will be mounted
733
+ :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
621
734
  :param pulumi.Input[Sequence[pulumi.Input['SecretsMountPostgresqlArgs']]] postgresqls: A nested block containing configuration options for PostgreSQL connections.
622
735
  *See Configuration Options for more info*
623
736
  :param pulumi.Input[Sequence[pulumi.Input['SecretsMountRediArgs']]] redis: A nested block containing configuration options for Redis connections.
@@ -634,6 +747,8 @@ class _SecretsMountState:
634
747
  pulumi.set(__self__, "accessor", accessor)
635
748
  if allowed_managed_keys is not None:
636
749
  pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
750
+ if allowed_response_headers is not None:
751
+ pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
637
752
  if audit_non_hmac_request_keys is not None:
638
753
  pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
639
754
  if audit_non_hmac_response_keys is not None:
@@ -644,6 +759,8 @@ class _SecretsMountState:
644
759
  pulumi.set(__self__, "couchbases", couchbases)
645
760
  if default_lease_ttl_seconds is not None:
646
761
  pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
762
+ if delegated_auth_accessors is not None:
763
+ pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
647
764
  if description is not None:
648
765
  pulumi.set(__self__, "description", description)
649
766
  if elasticsearches is not None:
@@ -654,8 +771,12 @@ class _SecretsMountState:
654
771
  pulumi.set(__self__, "external_entropy_access", external_entropy_access)
655
772
  if hanas is not None:
656
773
  pulumi.set(__self__, "hanas", hanas)
774
+ if identity_token_key is not None:
775
+ pulumi.set(__self__, "identity_token_key", identity_token_key)
657
776
  if influxdbs is not None:
658
777
  pulumi.set(__self__, "influxdbs", influxdbs)
778
+ if listing_visibility is not None:
779
+ pulumi.set(__self__, "listing_visibility", listing_visibility)
659
780
  if local is not None:
660
781
  pulumi.set(__self__, "local", local)
661
782
  if max_lease_ttl_seconds is not None:
@@ -680,8 +801,12 @@ class _SecretsMountState:
680
801
  pulumi.set(__self__, "options", options)
681
802
  if oracles is not None:
682
803
  pulumi.set(__self__, "oracles", oracles)
804
+ if passthrough_request_headers is not None:
805
+ pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
683
806
  if path is not None:
684
807
  pulumi.set(__self__, "path", path)
808
+ if plugin_version is not None:
809
+ pulumi.set(__self__, "plugin_version", plugin_version)
685
810
  if postgresqls is not None:
686
811
  pulumi.set(__self__, "postgresqls", postgresqls)
687
812
  if redis is not None:
@@ -721,6 +846,18 @@ class _SecretsMountState:
721
846
  def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
722
847
  pulumi.set(self, "allowed_managed_keys", value)
723
848
 
849
+ @property
850
+ @pulumi.getter(name="allowedResponseHeaders")
851
+ def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
852
+ """
853
+ List of headers to allow and pass from the request to the plugin
854
+ """
855
+ return pulumi.get(self, "allowed_response_headers")
856
+
857
+ @allowed_response_headers.setter
858
+ def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
859
+ pulumi.set(self, "allowed_response_headers", value)
860
+
724
861
  @property
725
862
  @pulumi.getter(name="auditNonHmacRequestKeys")
726
863
  def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -783,6 +920,18 @@ class _SecretsMountState:
783
920
  def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
784
921
  pulumi.set(self, "default_lease_ttl_seconds", value)
785
922
 
923
+ @property
924
+ @pulumi.getter(name="delegatedAuthAccessors")
925
+ def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
926
+ """
927
+ List of headers to allow and pass from the request to the plugin
928
+ """
929
+ return pulumi.get(self, "delegated_auth_accessors")
930
+
931
+ @delegated_auth_accessors.setter
932
+ def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
933
+ pulumi.set(self, "delegated_auth_accessors", value)
934
+
786
935
  @property
787
936
  @pulumi.getter
788
937
  def description(self) -> Optional[pulumi.Input[str]]:
@@ -845,6 +994,18 @@ class _SecretsMountState:
845
994
  def hanas(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountHanaArgs']]]]):
846
995
  pulumi.set(self, "hanas", value)
847
996
 
997
+ @property
998
+ @pulumi.getter(name="identityTokenKey")
999
+ def identity_token_key(self) -> Optional[pulumi.Input[str]]:
1000
+ """
1001
+ The key to use for signing plugin workload identity tokens
1002
+ """
1003
+ return pulumi.get(self, "identity_token_key")
1004
+
1005
+ @identity_token_key.setter
1006
+ def identity_token_key(self, value: Optional[pulumi.Input[str]]):
1007
+ pulumi.set(self, "identity_token_key", value)
1008
+
848
1009
  @property
849
1010
  @pulumi.getter
850
1011
  def influxdbs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]]]:
@@ -858,6 +1019,18 @@ class _SecretsMountState:
858
1019
  def influxdbs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountInfluxdbArgs']]]]):
859
1020
  pulumi.set(self, "influxdbs", value)
860
1021
 
1022
+ @property
1023
+ @pulumi.getter(name="listingVisibility")
1024
+ def listing_visibility(self) -> Optional[pulumi.Input[str]]:
1025
+ """
1026
+ Specifies whether to show this mount in the UI-specific listing endpoint
1027
+ """
1028
+ return pulumi.get(self, "listing_visibility")
1029
+
1030
+ @listing_visibility.setter
1031
+ def listing_visibility(self, value: Optional[pulumi.Input[str]]):
1032
+ pulumi.set(self, "listing_visibility", value)
1033
+
861
1034
  @property
862
1035
  @pulumi.getter
863
1036
  def local(self) -> Optional[pulumi.Input[bool]]:
@@ -987,14 +1160,14 @@ class _SecretsMountState:
987
1160
 
988
1161
  @property
989
1162
  @pulumi.getter
990
- def options(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
1163
+ def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
991
1164
  """
992
1165
  Specifies mount type specific options that are passed to the backend
993
1166
  """
994
1167
  return pulumi.get(self, "options")
995
1168
 
996
1169
  @options.setter
997
- def options(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
1170
+ def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
998
1171
  pulumi.set(self, "options", value)
999
1172
 
1000
1173
  @property
@@ -1010,6 +1183,18 @@ class _SecretsMountState:
1010
1183
  def oracles(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountOracleArgs']]]]):
1011
1184
  pulumi.set(self, "oracles", value)
1012
1185
 
1186
+ @property
1187
+ @pulumi.getter(name="passthroughRequestHeaders")
1188
+ def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1189
+ """
1190
+ List of headers to allow and pass from the request to the plugin
1191
+ """
1192
+ return pulumi.get(self, "passthrough_request_headers")
1193
+
1194
+ @passthrough_request_headers.setter
1195
+ def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1196
+ pulumi.set(self, "passthrough_request_headers", value)
1197
+
1013
1198
  @property
1014
1199
  @pulumi.getter
1015
1200
  def path(self) -> Optional[pulumi.Input[str]]:
@@ -1022,6 +1207,18 @@ class _SecretsMountState:
1022
1207
  def path(self, value: Optional[pulumi.Input[str]]):
1023
1208
  pulumi.set(self, "path", value)
1024
1209
 
1210
+ @property
1211
+ @pulumi.getter(name="pluginVersion")
1212
+ def plugin_version(self) -> Optional[pulumi.Input[str]]:
1213
+ """
1214
+ Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
1215
+ """
1216
+ return pulumi.get(self, "plugin_version")
1217
+
1218
+ @plugin_version.setter
1219
+ def plugin_version(self, value: Optional[pulumi.Input[str]]):
1220
+ pulumi.set(self, "plugin_version", value)
1221
+
1025
1222
  @property
1026
1223
  @pulumi.getter
1027
1224
  def postgresqls(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SecretsMountPostgresqlArgs']]]]:
@@ -1106,62 +1303,68 @@ class SecretsMount(pulumi.CustomResource):
1106
1303
  resource_name: str,
1107
1304
  opts: Optional[pulumi.ResourceOptions] = None,
1108
1305
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1306
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1109
1307
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1110
1308
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1111
- cassandras: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountCassandraArgs']]]]] = None,
1112
- couchbases: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountCouchbaseArgs']]]]] = None,
1309
+ cassandras: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCassandraArgs', 'SecretsMountCassandraArgsDict']]]]] = None,
1310
+ couchbases: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCouchbaseArgs', 'SecretsMountCouchbaseArgsDict']]]]] = None,
1113
1311
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
1312
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1114
1313
  description: Optional[pulumi.Input[str]] = None,
1115
- elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountElasticsearchArgs']]]]] = None,
1314
+ elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountElasticsearchArgs', 'SecretsMountElasticsearchArgsDict']]]]] = None,
1116
1315
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
1117
- hanas: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountHanaArgs']]]]] = None,
1118
- influxdbs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountInfluxdbArgs']]]]] = None,
1316
+ hanas: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountHanaArgs', 'SecretsMountHanaArgsDict']]]]] = None,
1317
+ identity_token_key: Optional[pulumi.Input[str]] = None,
1318
+ influxdbs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountInfluxdbArgs', 'SecretsMountInfluxdbArgsDict']]]]] = None,
1319
+ listing_visibility: Optional[pulumi.Input[str]] = None,
1119
1320
  local: Optional[pulumi.Input[bool]] = None,
1120
1321
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
1121
- mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMongodbatlaArgs']]]]] = None,
1122
- mongodbs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMongodbArgs']]]]] = None,
1123
- mssqls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMssqlArgs']]]]] = None,
1124
- mysql_auroras: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlAuroraArgs']]]]] = None,
1125
- mysql_legacies: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlLegacyArgs']]]]] = None,
1126
- mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlRdArgs']]]]] = None,
1127
- mysqls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlArgs']]]]] = None,
1322
+ mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbatlaArgs', 'SecretsMountMongodbatlaArgsDict']]]]] = None,
1323
+ mongodbs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbArgs', 'SecretsMountMongodbArgsDict']]]]] = None,
1324
+ mssqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMssqlArgs', 'SecretsMountMssqlArgsDict']]]]] = None,
1325
+ mysql_auroras: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlAuroraArgs', 'SecretsMountMysqlAuroraArgsDict']]]]] = None,
1326
+ mysql_legacies: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlLegacyArgs', 'SecretsMountMysqlLegacyArgsDict']]]]] = None,
1327
+ mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlRdArgs', 'SecretsMountMysqlRdArgsDict']]]]] = None,
1328
+ mysqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlArgs', 'SecretsMountMysqlArgsDict']]]]] = None,
1128
1329
  namespace: Optional[pulumi.Input[str]] = None,
1129
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
1130
- oracles: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountOracleArgs']]]]] = None,
1330
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1331
+ oracles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountOracleArgs', 'SecretsMountOracleArgsDict']]]]] = None,
1332
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1131
1333
  path: Optional[pulumi.Input[str]] = None,
1132
- postgresqls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountPostgresqlArgs']]]]] = None,
1133
- redis: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRediArgs']]]]] = None,
1134
- redis_elasticaches: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRedisElasticachArgs']]]]] = None,
1135
- redshifts: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRedshiftArgs']]]]] = None,
1334
+ plugin_version: Optional[pulumi.Input[str]] = None,
1335
+ postgresqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountPostgresqlArgs', 'SecretsMountPostgresqlArgsDict']]]]] = None,
1336
+ redis: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRediArgs', 'SecretsMountRediArgsDict']]]]] = None,
1337
+ redis_elasticaches: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedisElasticachArgs', 'SecretsMountRedisElasticachArgsDict']]]]] = None,
1338
+ redshifts: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedshiftArgs', 'SecretsMountRedshiftArgsDict']]]]] = None,
1136
1339
  seal_wrap: Optional[pulumi.Input[bool]] = None,
1137
- snowflakes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountSnowflakeArgs']]]]] = None,
1340
+ snowflakes: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountSnowflakeArgs', 'SecretsMountSnowflakeArgsDict']]]]] = None,
1138
1341
  __props__=None):
1139
1342
  """
1140
1343
  ## Example Usage
1141
1344
 
1142
- <!--Start PulumiCodeChooser -->
1143
1345
  ```python
1144
1346
  import pulumi
1145
1347
  import pulumi_vault as vault
1146
1348
 
1147
1349
  db = vault.database.SecretsMount("db",
1148
1350
  path="db",
1149
- mssqls=[vault.database.SecretsMountMssqlArgs(
1150
- name="db1",
1151
- username="sa",
1152
- password="super_secret_1",
1153
- connection_url="sqlserver://{{username}}:{{password}}@127.0.0.1:1433",
1154
- allowed_roles=["dev1"],
1155
- )],
1156
- postgresqls=[vault.database.SecretsMountPostgresqlArgs(
1157
- name="db2",
1158
- username="postgres",
1159
- password="super_secret_2",
1160
- connection_url="postgresql://{{username}}:{{password}}@127.0.0.1:5432/postgres",
1161
- verify_connection=True,
1162
- allowed_roles=["dev2"],
1163
- )])
1351
+ mssqls=[{
1352
+ "name": "db1",
1353
+ "username": "sa",
1354
+ "password": "super_secret_1",
1355
+ "connection_url": "sqlserver://{{username}}:{{password}}@127.0.0.1:1433",
1356
+ "allowed_roles": ["dev1"],
1357
+ }],
1358
+ postgresqls=[{
1359
+ "name": "db2",
1360
+ "username": "postgres",
1361
+ "password": "super_secret_2",
1362
+ "connection_url": "postgresql://{{username}}:{{password}}@127.0.0.1:5432/postgres",
1363
+ "verify_connection": True,
1364
+ "allowed_roles": ["dev2"],
1365
+ }])
1164
1366
  dev1 = vault.database.SecretBackendRole("dev1",
1367
+ name="dev1",
1165
1368
  backend=db.path,
1166
1369
  db_name=db.mssqls[0].name,
1167
1370
  creation_statements=[
@@ -1170,6 +1373,7 @@ class SecretsMount(pulumi.CustomResource):
1170
1373
  "GRANT SELECT ON SCHEMA::dbo TO [{{name}}];",
1171
1374
  ])
1172
1375
  dev2 = vault.database.SecretBackendRole("dev2",
1376
+ name="dev2",
1173
1377
  backend=db.path,
1174
1378
  db_name=db.postgresqls[0].name,
1175
1379
  creation_statements=[
@@ -1177,7 +1381,6 @@ class SecretsMount(pulumi.CustomResource):
1177
1381
  "GRANT SELECT ON ALL TABLES IN SCHEMA public TO \\"{{name}}\\";",
1178
1382
  ])
1179
1383
  ```
1180
- <!--End PulumiCodeChooser -->
1181
1384
 
1182
1385
  ## Import
1183
1386
 
@@ -1192,52 +1395,58 @@ class SecretsMount(pulumi.CustomResource):
1192
1395
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
1193
1396
 
1194
1397
  The following arguments are common to all database engines:
1398
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
1195
1399
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
1196
1400
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
1197
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountCassandraArgs']]]] cassandras: A nested block containing configuration options for Cassandra connections.
1401
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCassandraArgs', 'SecretsMountCassandraArgsDict']]]] cassandras: A nested block containing configuration options for Cassandra connections.
1198
1402
  *See Configuration Options for more info*
1199
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountCouchbaseArgs']]]] couchbases: A nested block containing configuration options for Couchbase connections.
1403
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCouchbaseArgs', 'SecretsMountCouchbaseArgsDict']]]] couchbases: A nested block containing configuration options for Couchbase connections.
1200
1404
  *See Configuration Options for more info*
1201
1405
  :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
1406
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
1202
1407
  :param pulumi.Input[str] description: Human-friendly description of the mount
1203
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountElasticsearchArgs']]]] elasticsearches: A nested block containing configuration options for Elasticsearch connections.
1408
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountElasticsearchArgs', 'SecretsMountElasticsearchArgsDict']]]] elasticsearches: A nested block containing configuration options for Elasticsearch connections.
1204
1409
  *See Configuration Options for more info*
1205
1410
  :param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
1206
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountHanaArgs']]]] hanas: A nested block containing configuration options for SAP HanaDB connections.
1411
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountHanaArgs', 'SecretsMountHanaArgsDict']]]] hanas: A nested block containing configuration options for SAP HanaDB connections.
1207
1412
  *See Configuration Options for more info*
1208
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountInfluxdbArgs']]]] influxdbs: A nested block containing configuration options for InfluxDB connections.
1413
+ :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
1414
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountInfluxdbArgs', 'SecretsMountInfluxdbArgsDict']]]] influxdbs: A nested block containing configuration options for InfluxDB connections.
1209
1415
  *See Configuration Options for more info*
1416
+ :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
1210
1417
  :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
1211
1418
  :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
1212
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMongodbatlaArgs']]]] mongodbatlas: A nested block containing configuration options for MongoDB Atlas connections.
1419
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbatlaArgs', 'SecretsMountMongodbatlaArgsDict']]]] mongodbatlas: A nested block containing configuration options for MongoDB Atlas connections.
1213
1420
  *See Configuration Options for more info*
1214
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMongodbArgs']]]] mongodbs: A nested block containing configuration options for MongoDB connections.
1421
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbArgs', 'SecretsMountMongodbArgsDict']]]] mongodbs: A nested block containing configuration options for MongoDB connections.
1215
1422
  *See Configuration Options for more info*
1216
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMssqlArgs']]]] mssqls: A nested block containing configuration options for MSSQL connections.
1423
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMssqlArgs', 'SecretsMountMssqlArgsDict']]]] mssqls: A nested block containing configuration options for MSSQL connections.
1217
1424
  *See Configuration Options for more info*
1218
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlAuroraArgs']]]] mysql_auroras: A nested block containing configuration options for Aurora MySQL connections.
1425
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlAuroraArgs', 'SecretsMountMysqlAuroraArgsDict']]]] mysql_auroras: A nested block containing configuration options for Aurora MySQL connections.
1219
1426
  *See Configuration Options for more info*
1220
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlLegacyArgs']]]] mysql_legacies: A nested block containing configuration options for legacy MySQL connections.
1427
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlLegacyArgs', 'SecretsMountMysqlLegacyArgsDict']]]] mysql_legacies: A nested block containing configuration options for legacy MySQL connections.
1221
1428
  *See Configuration Options for more info*
1222
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlRdArgs']]]] mysql_rds: A nested block containing configuration options for RDS MySQL connections.
1429
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlRdArgs', 'SecretsMountMysqlRdArgsDict']]]] mysql_rds: A nested block containing configuration options for RDS MySQL connections.
1223
1430
  *See Configuration Options for more info*
1224
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlArgs']]]] mysqls: A nested block containing configuration options for MySQL connections.
1431
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlArgs', 'SecretsMountMysqlArgsDict']]]] mysqls: A nested block containing configuration options for MySQL connections.
1225
1432
  *See Configuration Options for more info*
1226
1433
  :param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
1227
- :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
1228
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountOracleArgs']]]] oracles: A nested block containing configuration options for Oracle connections.
1434
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
1435
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountOracleArgs', 'SecretsMountOracleArgsDict']]]] oracles: A nested block containing configuration options for Oracle connections.
1229
1436
  *See Configuration Options for more info*
1437
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
1230
1438
  :param pulumi.Input[str] path: Where the secret backend will be mounted
1231
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountPostgresqlArgs']]]] postgresqls: A nested block containing configuration options for PostgreSQL connections.
1439
+ :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
1440
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountPostgresqlArgs', 'SecretsMountPostgresqlArgsDict']]]] postgresqls: A nested block containing configuration options for PostgreSQL connections.
1232
1441
  *See Configuration Options for more info*
1233
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRediArgs']]]] redis: A nested block containing configuration options for Redis connections.
1442
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRediArgs', 'SecretsMountRediArgsDict']]]] redis: A nested block containing configuration options for Redis connections.
1234
1443
  *See Configuration Options for more info*
1235
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRedisElasticachArgs']]]] redis_elasticaches: A nested block containing configuration options for Redis ElastiCache connections.
1444
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedisElasticachArgs', 'SecretsMountRedisElasticachArgsDict']]]] redis_elasticaches: A nested block containing configuration options for Redis ElastiCache connections.
1236
1445
  *See Configuration Options for more info*
1237
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRedshiftArgs']]]] redshifts: A nested block containing configuration options for AWS Redshift connections.
1446
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedshiftArgs', 'SecretsMountRedshiftArgsDict']]]] redshifts: A nested block containing configuration options for AWS Redshift connections.
1238
1447
  *See Configuration Options for more info*
1239
1448
  :param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
1240
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountSnowflakeArgs']]]] snowflakes: A nested block containing configuration options for Snowflake connections.
1449
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountSnowflakeArgs', 'SecretsMountSnowflakeArgsDict']]]] snowflakes: A nested block containing configuration options for Snowflake connections.
1241
1450
  *See Configuration Options for more info*
1242
1451
  """
1243
1452
  ...
@@ -1249,29 +1458,29 @@ class SecretsMount(pulumi.CustomResource):
1249
1458
  """
1250
1459
  ## Example Usage
1251
1460
 
1252
- <!--Start PulumiCodeChooser -->
1253
1461
  ```python
1254
1462
  import pulumi
1255
1463
  import pulumi_vault as vault
1256
1464
 
1257
1465
  db = vault.database.SecretsMount("db",
1258
1466
  path="db",
1259
- mssqls=[vault.database.SecretsMountMssqlArgs(
1260
- name="db1",
1261
- username="sa",
1262
- password="super_secret_1",
1263
- connection_url="sqlserver://{{username}}:{{password}}@127.0.0.1:1433",
1264
- allowed_roles=["dev1"],
1265
- )],
1266
- postgresqls=[vault.database.SecretsMountPostgresqlArgs(
1267
- name="db2",
1268
- username="postgres",
1269
- password="super_secret_2",
1270
- connection_url="postgresql://{{username}}:{{password}}@127.0.0.1:5432/postgres",
1271
- verify_connection=True,
1272
- allowed_roles=["dev2"],
1273
- )])
1467
+ mssqls=[{
1468
+ "name": "db1",
1469
+ "username": "sa",
1470
+ "password": "super_secret_1",
1471
+ "connection_url": "sqlserver://{{username}}:{{password}}@127.0.0.1:1433",
1472
+ "allowed_roles": ["dev1"],
1473
+ }],
1474
+ postgresqls=[{
1475
+ "name": "db2",
1476
+ "username": "postgres",
1477
+ "password": "super_secret_2",
1478
+ "connection_url": "postgresql://{{username}}:{{password}}@127.0.0.1:5432/postgres",
1479
+ "verify_connection": True,
1480
+ "allowed_roles": ["dev2"],
1481
+ }])
1274
1482
  dev1 = vault.database.SecretBackendRole("dev1",
1483
+ name="dev1",
1275
1484
  backend=db.path,
1276
1485
  db_name=db.mssqls[0].name,
1277
1486
  creation_statements=[
@@ -1280,6 +1489,7 @@ class SecretsMount(pulumi.CustomResource):
1280
1489
  "GRANT SELECT ON SCHEMA::dbo TO [{{name}}];",
1281
1490
  ])
1282
1491
  dev2 = vault.database.SecretBackendRole("dev2",
1492
+ name="dev2",
1283
1493
  backend=db.path,
1284
1494
  db_name=db.postgresqls[0].name,
1285
1495
  creation_statements=[
@@ -1287,7 +1497,6 @@ class SecretsMount(pulumi.CustomResource):
1287
1497
  "GRANT SELECT ON ALL TABLES IN SCHEMA public TO \\"{{name}}\\";",
1288
1498
  ])
1289
1499
  ```
1290
- <!--End PulumiCodeChooser -->
1291
1500
 
1292
1501
  ## Import
1293
1502
 
@@ -1313,35 +1522,41 @@ class SecretsMount(pulumi.CustomResource):
1313
1522
  resource_name: str,
1314
1523
  opts: Optional[pulumi.ResourceOptions] = None,
1315
1524
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1525
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1316
1526
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1317
1527
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1318
- cassandras: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountCassandraArgs']]]]] = None,
1319
- couchbases: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountCouchbaseArgs']]]]] = None,
1528
+ cassandras: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCassandraArgs', 'SecretsMountCassandraArgsDict']]]]] = None,
1529
+ couchbases: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCouchbaseArgs', 'SecretsMountCouchbaseArgsDict']]]]] = None,
1320
1530
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
1531
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1321
1532
  description: Optional[pulumi.Input[str]] = None,
1322
- elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountElasticsearchArgs']]]]] = None,
1533
+ elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountElasticsearchArgs', 'SecretsMountElasticsearchArgsDict']]]]] = None,
1323
1534
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
1324
- hanas: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountHanaArgs']]]]] = None,
1325
- influxdbs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountInfluxdbArgs']]]]] = None,
1535
+ hanas: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountHanaArgs', 'SecretsMountHanaArgsDict']]]]] = None,
1536
+ identity_token_key: Optional[pulumi.Input[str]] = None,
1537
+ influxdbs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountInfluxdbArgs', 'SecretsMountInfluxdbArgsDict']]]]] = None,
1538
+ listing_visibility: Optional[pulumi.Input[str]] = None,
1326
1539
  local: Optional[pulumi.Input[bool]] = None,
1327
1540
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
1328
- mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMongodbatlaArgs']]]]] = None,
1329
- mongodbs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMongodbArgs']]]]] = None,
1330
- mssqls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMssqlArgs']]]]] = None,
1331
- mysql_auroras: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlAuroraArgs']]]]] = None,
1332
- mysql_legacies: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlLegacyArgs']]]]] = None,
1333
- mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlRdArgs']]]]] = None,
1334
- mysqls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlArgs']]]]] = None,
1541
+ mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbatlaArgs', 'SecretsMountMongodbatlaArgsDict']]]]] = None,
1542
+ mongodbs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbArgs', 'SecretsMountMongodbArgsDict']]]]] = None,
1543
+ mssqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMssqlArgs', 'SecretsMountMssqlArgsDict']]]]] = None,
1544
+ mysql_auroras: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlAuroraArgs', 'SecretsMountMysqlAuroraArgsDict']]]]] = None,
1545
+ mysql_legacies: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlLegacyArgs', 'SecretsMountMysqlLegacyArgsDict']]]]] = None,
1546
+ mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlRdArgs', 'SecretsMountMysqlRdArgsDict']]]]] = None,
1547
+ mysqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlArgs', 'SecretsMountMysqlArgsDict']]]]] = None,
1335
1548
  namespace: Optional[pulumi.Input[str]] = None,
1336
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
1337
- oracles: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountOracleArgs']]]]] = None,
1549
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1550
+ oracles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountOracleArgs', 'SecretsMountOracleArgsDict']]]]] = None,
1551
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1338
1552
  path: Optional[pulumi.Input[str]] = None,
1339
- postgresqls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountPostgresqlArgs']]]]] = None,
1340
- redis: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRediArgs']]]]] = None,
1341
- redis_elasticaches: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRedisElasticachArgs']]]]] = None,
1342
- redshifts: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRedshiftArgs']]]]] = None,
1553
+ plugin_version: Optional[pulumi.Input[str]] = None,
1554
+ postgresqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountPostgresqlArgs', 'SecretsMountPostgresqlArgsDict']]]]] = None,
1555
+ redis: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRediArgs', 'SecretsMountRediArgsDict']]]]] = None,
1556
+ redis_elasticaches: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedisElasticachArgs', 'SecretsMountRedisElasticachArgsDict']]]]] = None,
1557
+ redshifts: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedshiftArgs', 'SecretsMountRedshiftArgsDict']]]]] = None,
1343
1558
  seal_wrap: Optional[pulumi.Input[bool]] = None,
1344
- snowflakes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountSnowflakeArgs']]]]] = None,
1559
+ snowflakes: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountSnowflakeArgs', 'SecretsMountSnowflakeArgsDict']]]]] = None,
1345
1560
  __props__=None):
1346
1561
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
1347
1562
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -1352,16 +1567,20 @@ class SecretsMount(pulumi.CustomResource):
1352
1567
  __props__ = SecretsMountArgs.__new__(SecretsMountArgs)
1353
1568
 
1354
1569
  __props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
1570
+ __props__.__dict__["allowed_response_headers"] = allowed_response_headers
1355
1571
  __props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
1356
1572
  __props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
1357
1573
  __props__.__dict__["cassandras"] = cassandras
1358
1574
  __props__.__dict__["couchbases"] = couchbases
1359
1575
  __props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
1576
+ __props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
1360
1577
  __props__.__dict__["description"] = description
1361
1578
  __props__.__dict__["elasticsearches"] = elasticsearches
1362
1579
  __props__.__dict__["external_entropy_access"] = external_entropy_access
1363
1580
  __props__.__dict__["hanas"] = hanas
1581
+ __props__.__dict__["identity_token_key"] = identity_token_key
1364
1582
  __props__.__dict__["influxdbs"] = influxdbs
1583
+ __props__.__dict__["listing_visibility"] = listing_visibility
1365
1584
  __props__.__dict__["local"] = local
1366
1585
  __props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
1367
1586
  __props__.__dict__["mongodbatlas"] = mongodbatlas
@@ -1374,9 +1593,11 @@ class SecretsMount(pulumi.CustomResource):
1374
1593
  __props__.__dict__["namespace"] = namespace
1375
1594
  __props__.__dict__["options"] = options
1376
1595
  __props__.__dict__["oracles"] = oracles
1596
+ __props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
1377
1597
  if path is None and not opts.urn:
1378
1598
  raise TypeError("Missing required property 'path'")
1379
1599
  __props__.__dict__["path"] = path
1600
+ __props__.__dict__["plugin_version"] = plugin_version
1380
1601
  __props__.__dict__["postgresqls"] = postgresqls
1381
1602
  __props__.__dict__["redis"] = redis
1382
1603
  __props__.__dict__["redis_elasticaches"] = redis_elasticaches
@@ -1397,36 +1618,42 @@ class SecretsMount(pulumi.CustomResource):
1397
1618
  opts: Optional[pulumi.ResourceOptions] = None,
1398
1619
  accessor: Optional[pulumi.Input[str]] = None,
1399
1620
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1621
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1400
1622
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1401
1623
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1402
- cassandras: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountCassandraArgs']]]]] = None,
1403
- couchbases: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountCouchbaseArgs']]]]] = None,
1624
+ cassandras: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCassandraArgs', 'SecretsMountCassandraArgsDict']]]]] = None,
1625
+ couchbases: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCouchbaseArgs', 'SecretsMountCouchbaseArgsDict']]]]] = None,
1404
1626
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
1627
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1405
1628
  description: Optional[pulumi.Input[str]] = None,
1406
- elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountElasticsearchArgs']]]]] = None,
1629
+ elasticsearches: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountElasticsearchArgs', 'SecretsMountElasticsearchArgsDict']]]]] = None,
1407
1630
  engine_count: Optional[pulumi.Input[int]] = None,
1408
1631
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
1409
- hanas: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountHanaArgs']]]]] = None,
1410
- influxdbs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountInfluxdbArgs']]]]] = None,
1632
+ hanas: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountHanaArgs', 'SecretsMountHanaArgsDict']]]]] = None,
1633
+ identity_token_key: Optional[pulumi.Input[str]] = None,
1634
+ influxdbs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountInfluxdbArgs', 'SecretsMountInfluxdbArgsDict']]]]] = None,
1635
+ listing_visibility: Optional[pulumi.Input[str]] = None,
1411
1636
  local: Optional[pulumi.Input[bool]] = None,
1412
1637
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
1413
- mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMongodbatlaArgs']]]]] = None,
1414
- mongodbs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMongodbArgs']]]]] = None,
1415
- mssqls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMssqlArgs']]]]] = None,
1416
- mysql_auroras: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlAuroraArgs']]]]] = None,
1417
- mysql_legacies: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlLegacyArgs']]]]] = None,
1418
- mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlRdArgs']]]]] = None,
1419
- mysqls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlArgs']]]]] = None,
1638
+ mongodbatlas: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbatlaArgs', 'SecretsMountMongodbatlaArgsDict']]]]] = None,
1639
+ mongodbs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbArgs', 'SecretsMountMongodbArgsDict']]]]] = None,
1640
+ mssqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMssqlArgs', 'SecretsMountMssqlArgsDict']]]]] = None,
1641
+ mysql_auroras: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlAuroraArgs', 'SecretsMountMysqlAuroraArgsDict']]]]] = None,
1642
+ mysql_legacies: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlLegacyArgs', 'SecretsMountMysqlLegacyArgsDict']]]]] = None,
1643
+ mysql_rds: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlRdArgs', 'SecretsMountMysqlRdArgsDict']]]]] = None,
1644
+ mysqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlArgs', 'SecretsMountMysqlArgsDict']]]]] = None,
1420
1645
  namespace: Optional[pulumi.Input[str]] = None,
1421
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
1422
- oracles: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountOracleArgs']]]]] = None,
1646
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1647
+ oracles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountOracleArgs', 'SecretsMountOracleArgsDict']]]]] = None,
1648
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1423
1649
  path: Optional[pulumi.Input[str]] = None,
1424
- postgresqls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountPostgresqlArgs']]]]] = None,
1425
- redis: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRediArgs']]]]] = None,
1426
- redis_elasticaches: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRedisElasticachArgs']]]]] = None,
1427
- redshifts: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRedshiftArgs']]]]] = None,
1650
+ plugin_version: Optional[pulumi.Input[str]] = None,
1651
+ postgresqls: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountPostgresqlArgs', 'SecretsMountPostgresqlArgsDict']]]]] = None,
1652
+ redis: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRediArgs', 'SecretsMountRediArgsDict']]]]] = None,
1653
+ redis_elasticaches: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedisElasticachArgs', 'SecretsMountRedisElasticachArgsDict']]]]] = None,
1654
+ redshifts: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedshiftArgs', 'SecretsMountRedshiftArgsDict']]]]] = None,
1428
1655
  seal_wrap: Optional[pulumi.Input[bool]] = None,
1429
- snowflakes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountSnowflakeArgs']]]]] = None) -> 'SecretsMount':
1656
+ snowflakes: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountSnowflakeArgs', 'SecretsMountSnowflakeArgsDict']]]]] = None) -> 'SecretsMount':
1430
1657
  """
1431
1658
  Get an existing SecretsMount resource's state with the given name, id, and optional extra
1432
1659
  properties used to qualify the lookup.
@@ -1438,53 +1665,59 @@ class SecretsMount(pulumi.CustomResource):
1438
1665
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
1439
1666
 
1440
1667
  The following arguments are common to all database engines:
1668
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
1441
1669
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
1442
1670
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
1443
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountCassandraArgs']]]] cassandras: A nested block containing configuration options for Cassandra connections.
1671
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCassandraArgs', 'SecretsMountCassandraArgsDict']]]] cassandras: A nested block containing configuration options for Cassandra connections.
1444
1672
  *See Configuration Options for more info*
1445
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountCouchbaseArgs']]]] couchbases: A nested block containing configuration options for Couchbase connections.
1673
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountCouchbaseArgs', 'SecretsMountCouchbaseArgsDict']]]] couchbases: A nested block containing configuration options for Couchbase connections.
1446
1674
  *See Configuration Options for more info*
1447
1675
  :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
1676
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
1448
1677
  :param pulumi.Input[str] description: Human-friendly description of the mount
1449
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountElasticsearchArgs']]]] elasticsearches: A nested block containing configuration options for Elasticsearch connections.
1678
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountElasticsearchArgs', 'SecretsMountElasticsearchArgsDict']]]] elasticsearches: A nested block containing configuration options for Elasticsearch connections.
1450
1679
  *See Configuration Options for more info*
1451
1680
  :param pulumi.Input[int] engine_count: The total number of database secrets engines configured.
1452
1681
  :param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
1453
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountHanaArgs']]]] hanas: A nested block containing configuration options for SAP HanaDB connections.
1682
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountHanaArgs', 'SecretsMountHanaArgsDict']]]] hanas: A nested block containing configuration options for SAP HanaDB connections.
1454
1683
  *See Configuration Options for more info*
1455
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountInfluxdbArgs']]]] influxdbs: A nested block containing configuration options for InfluxDB connections.
1684
+ :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
1685
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountInfluxdbArgs', 'SecretsMountInfluxdbArgsDict']]]] influxdbs: A nested block containing configuration options for InfluxDB connections.
1456
1686
  *See Configuration Options for more info*
1687
+ :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
1457
1688
  :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
1458
1689
  :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
1459
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMongodbatlaArgs']]]] mongodbatlas: A nested block containing configuration options for MongoDB Atlas connections.
1690
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbatlaArgs', 'SecretsMountMongodbatlaArgsDict']]]] mongodbatlas: A nested block containing configuration options for MongoDB Atlas connections.
1460
1691
  *See Configuration Options for more info*
1461
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMongodbArgs']]]] mongodbs: A nested block containing configuration options for MongoDB connections.
1692
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMongodbArgs', 'SecretsMountMongodbArgsDict']]]] mongodbs: A nested block containing configuration options for MongoDB connections.
1462
1693
  *See Configuration Options for more info*
1463
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMssqlArgs']]]] mssqls: A nested block containing configuration options for MSSQL connections.
1694
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMssqlArgs', 'SecretsMountMssqlArgsDict']]]] mssqls: A nested block containing configuration options for MSSQL connections.
1464
1695
  *See Configuration Options for more info*
1465
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlAuroraArgs']]]] mysql_auroras: A nested block containing configuration options for Aurora MySQL connections.
1696
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlAuroraArgs', 'SecretsMountMysqlAuroraArgsDict']]]] mysql_auroras: A nested block containing configuration options for Aurora MySQL connections.
1466
1697
  *See Configuration Options for more info*
1467
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlLegacyArgs']]]] mysql_legacies: A nested block containing configuration options for legacy MySQL connections.
1698
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlLegacyArgs', 'SecretsMountMysqlLegacyArgsDict']]]] mysql_legacies: A nested block containing configuration options for legacy MySQL connections.
1468
1699
  *See Configuration Options for more info*
1469
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlRdArgs']]]] mysql_rds: A nested block containing configuration options for RDS MySQL connections.
1700
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlRdArgs', 'SecretsMountMysqlRdArgsDict']]]] mysql_rds: A nested block containing configuration options for RDS MySQL connections.
1470
1701
  *See Configuration Options for more info*
1471
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountMysqlArgs']]]] mysqls: A nested block containing configuration options for MySQL connections.
1702
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountMysqlArgs', 'SecretsMountMysqlArgsDict']]]] mysqls: A nested block containing configuration options for MySQL connections.
1472
1703
  *See Configuration Options for more info*
1473
1704
  :param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
1474
- :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
1475
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountOracleArgs']]]] oracles: A nested block containing configuration options for Oracle connections.
1705
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
1706
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountOracleArgs', 'SecretsMountOracleArgsDict']]]] oracles: A nested block containing configuration options for Oracle connections.
1476
1707
  *See Configuration Options for more info*
1708
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
1477
1709
  :param pulumi.Input[str] path: Where the secret backend will be mounted
1478
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountPostgresqlArgs']]]] postgresqls: A nested block containing configuration options for PostgreSQL connections.
1710
+ :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
1711
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountPostgresqlArgs', 'SecretsMountPostgresqlArgsDict']]]] postgresqls: A nested block containing configuration options for PostgreSQL connections.
1479
1712
  *See Configuration Options for more info*
1480
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRediArgs']]]] redis: A nested block containing configuration options for Redis connections.
1713
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRediArgs', 'SecretsMountRediArgsDict']]]] redis: A nested block containing configuration options for Redis connections.
1481
1714
  *See Configuration Options for more info*
1482
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRedisElasticachArgs']]]] redis_elasticaches: A nested block containing configuration options for Redis ElastiCache connections.
1715
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedisElasticachArgs', 'SecretsMountRedisElasticachArgsDict']]]] redis_elasticaches: A nested block containing configuration options for Redis ElastiCache connections.
1483
1716
  *See Configuration Options for more info*
1484
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountRedshiftArgs']]]] redshifts: A nested block containing configuration options for AWS Redshift connections.
1717
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountRedshiftArgs', 'SecretsMountRedshiftArgsDict']]]] redshifts: A nested block containing configuration options for AWS Redshift connections.
1485
1718
  *See Configuration Options for more info*
1486
1719
  :param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
1487
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretsMountSnowflakeArgs']]]] snowflakes: A nested block containing configuration options for Snowflake connections.
1720
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretsMountSnowflakeArgs', 'SecretsMountSnowflakeArgsDict']]]] snowflakes: A nested block containing configuration options for Snowflake connections.
1488
1721
  *See Configuration Options for more info*
1489
1722
  """
1490
1723
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -1493,17 +1726,21 @@ class SecretsMount(pulumi.CustomResource):
1493
1726
 
1494
1727
  __props__.__dict__["accessor"] = accessor
1495
1728
  __props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
1729
+ __props__.__dict__["allowed_response_headers"] = allowed_response_headers
1496
1730
  __props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
1497
1731
  __props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
1498
1732
  __props__.__dict__["cassandras"] = cassandras
1499
1733
  __props__.__dict__["couchbases"] = couchbases
1500
1734
  __props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
1735
+ __props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
1501
1736
  __props__.__dict__["description"] = description
1502
1737
  __props__.__dict__["elasticsearches"] = elasticsearches
1503
1738
  __props__.__dict__["engine_count"] = engine_count
1504
1739
  __props__.__dict__["external_entropy_access"] = external_entropy_access
1505
1740
  __props__.__dict__["hanas"] = hanas
1741
+ __props__.__dict__["identity_token_key"] = identity_token_key
1506
1742
  __props__.__dict__["influxdbs"] = influxdbs
1743
+ __props__.__dict__["listing_visibility"] = listing_visibility
1507
1744
  __props__.__dict__["local"] = local
1508
1745
  __props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
1509
1746
  __props__.__dict__["mongodbatlas"] = mongodbatlas
@@ -1516,7 +1753,9 @@ class SecretsMount(pulumi.CustomResource):
1516
1753
  __props__.__dict__["namespace"] = namespace
1517
1754
  __props__.__dict__["options"] = options
1518
1755
  __props__.__dict__["oracles"] = oracles
1756
+ __props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
1519
1757
  __props__.__dict__["path"] = path
1758
+ __props__.__dict__["plugin_version"] = plugin_version
1520
1759
  __props__.__dict__["postgresqls"] = postgresqls
1521
1760
  __props__.__dict__["redis"] = redis
1522
1761
  __props__.__dict__["redis_elasticaches"] = redis_elasticaches
@@ -1543,6 +1782,14 @@ class SecretsMount(pulumi.CustomResource):
1543
1782
  """
1544
1783
  return pulumi.get(self, "allowed_managed_keys")
1545
1784
 
1785
+ @property
1786
+ @pulumi.getter(name="allowedResponseHeaders")
1787
+ def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
1788
+ """
1789
+ List of headers to allow and pass from the request to the plugin
1790
+ """
1791
+ return pulumi.get(self, "allowed_response_headers")
1792
+
1546
1793
  @property
1547
1794
  @pulumi.getter(name="auditNonHmacRequestKeys")
1548
1795
  def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[str]]:
@@ -1585,6 +1832,14 @@ class SecretsMount(pulumi.CustomResource):
1585
1832
  """
1586
1833
  return pulumi.get(self, "default_lease_ttl_seconds")
1587
1834
 
1835
+ @property
1836
+ @pulumi.getter(name="delegatedAuthAccessors")
1837
+ def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[str]]]:
1838
+ """
1839
+ List of headers to allow and pass from the request to the plugin
1840
+ """
1841
+ return pulumi.get(self, "delegated_auth_accessors")
1842
+
1588
1843
  @property
1589
1844
  @pulumi.getter
1590
1845
  def description(self) -> pulumi.Output[Optional[str]]:
@@ -1627,6 +1882,14 @@ class SecretsMount(pulumi.CustomResource):
1627
1882
  """
1628
1883
  return pulumi.get(self, "hanas")
1629
1884
 
1885
+ @property
1886
+ @pulumi.getter(name="identityTokenKey")
1887
+ def identity_token_key(self) -> pulumi.Output[Optional[str]]:
1888
+ """
1889
+ The key to use for signing plugin workload identity tokens
1890
+ """
1891
+ return pulumi.get(self, "identity_token_key")
1892
+
1630
1893
  @property
1631
1894
  @pulumi.getter
1632
1895
  def influxdbs(self) -> pulumi.Output[Optional[Sequence['outputs.SecretsMountInfluxdb']]]:
@@ -1636,6 +1899,14 @@ class SecretsMount(pulumi.CustomResource):
1636
1899
  """
1637
1900
  return pulumi.get(self, "influxdbs")
1638
1901
 
1902
+ @property
1903
+ @pulumi.getter(name="listingVisibility")
1904
+ def listing_visibility(self) -> pulumi.Output[Optional[str]]:
1905
+ """
1906
+ Specifies whether to show this mount in the UI-specific listing endpoint
1907
+ """
1908
+ return pulumi.get(self, "listing_visibility")
1909
+
1639
1910
  @property
1640
1911
  @pulumi.getter
1641
1912
  def local(self) -> pulumi.Output[Optional[bool]]:
@@ -1725,7 +1996,7 @@ class SecretsMount(pulumi.CustomResource):
1725
1996
 
1726
1997
  @property
1727
1998
  @pulumi.getter
1728
- def options(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
1999
+ def options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
1729
2000
  """
1730
2001
  Specifies mount type specific options that are passed to the backend
1731
2002
  """
@@ -1740,6 +2011,14 @@ class SecretsMount(pulumi.CustomResource):
1740
2011
  """
1741
2012
  return pulumi.get(self, "oracles")
1742
2013
 
2014
+ @property
2015
+ @pulumi.getter(name="passthroughRequestHeaders")
2016
+ def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
2017
+ """
2018
+ List of headers to allow and pass from the request to the plugin
2019
+ """
2020
+ return pulumi.get(self, "passthrough_request_headers")
2021
+
1743
2022
  @property
1744
2023
  @pulumi.getter
1745
2024
  def path(self) -> pulumi.Output[str]:
@@ -1748,6 +2027,14 @@ class SecretsMount(pulumi.CustomResource):
1748
2027
  """
1749
2028
  return pulumi.get(self, "path")
1750
2029
 
2030
+ @property
2031
+ @pulumi.getter(name="pluginVersion")
2032
+ def plugin_version(self) -> pulumi.Output[Optional[str]]:
2033
+ """
2034
+ Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
2035
+ """
2036
+ return pulumi.get(self, "plugin_version")
2037
+
1751
2038
  @property
1752
2039
  @pulumi.getter
1753
2040
  def postgresqls(self) -> pulumi.Output[Optional[Sequence['outputs.SecretsMountPostgresql']]]: