pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +22 -7
  5. pulumi_vault/ad/secret_backend.py +14 -144
  6. pulumi_vault/ad/secret_library.py +14 -11
  7. pulumi_vault/ad/secret_role.py +12 -11
  8. pulumi_vault/alicloud/auth_backend_role.py +74 -192
  9. pulumi_vault/approle/auth_backend_login.py +12 -11
  10. pulumi_vault/approle/auth_backend_role.py +75 -193
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
  13. pulumi_vault/audit.py +24 -27
  14. pulumi_vault/audit_request_header.py +11 -6
  15. pulumi_vault/auth_backend.py +64 -12
  16. pulumi_vault/aws/auth_backend_cert.py +12 -7
  17. pulumi_vault/aws/auth_backend_client.py +265 -24
  18. pulumi_vault/aws/auth_backend_config_identity.py +12 -11
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +75 -193
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
  24. pulumi_vault/aws/auth_backend_sts_role.py +12 -11
  25. pulumi_vault/aws/get_access_credentials.py +34 -7
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +75 -7
  28. pulumi_vault/aws/secret_backend_role.py +183 -11
  29. pulumi_vault/aws/secret_backend_static_role.py +14 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +151 -17
  32. pulumi_vault/azure/auth_backend_role.py +75 -193
  33. pulumi_vault/azure/backend.py +223 -29
  34. pulumi_vault/azure/backend_role.py +42 -41
  35. pulumi_vault/azure/get_access_credentials.py +39 -11
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -271
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +22 -25
  44. pulumi_vault/consul/secret_backend_role.py +14 -80
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +117 -114
  48. pulumi_vault/database/secret_backend_role.py +29 -24
  49. pulumi_vault/database/secret_backend_static_role.py +85 -15
  50. pulumi_vault/database/secrets_mount.py +425 -138
  51. pulumi_vault/egp_policy.py +16 -15
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +248 -35
  54. pulumi_vault/gcp/auth_backend_role.py +75 -271
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -9
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -16
  58. pulumi_vault/gcp/secret_impersonated_account.py +74 -17
  59. pulumi_vault/gcp/secret_roleset.py +29 -26
  60. pulumi_vault/gcp/secret_static_account.py +37 -34
  61. pulumi_vault/generic/endpoint.py +22 -21
  62. pulumi_vault/generic/get_secret.py +68 -12
  63. pulumi_vault/generic/secret.py +19 -14
  64. pulumi_vault/get_auth_backend.py +24 -11
  65. pulumi_vault/get_auth_backends.py +33 -11
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -15
  69. pulumi_vault/get_policy_document.py +34 -23
  70. pulumi_vault/get_raft_autopilot_state.py +29 -14
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +17 -16
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +14 -13
  75. pulumi_vault/github/user.py +14 -13
  76. pulumi_vault/identity/entity.py +18 -15
  77. pulumi_vault/identity/entity_alias.py +18 -15
  78. pulumi_vault/identity/entity_policies.py +24 -19
  79. pulumi_vault/identity/get_entity.py +40 -14
  80. pulumi_vault/identity/get_group.py +45 -13
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -11
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -13
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -14
  84. pulumi_vault/identity/group.py +50 -49
  85. pulumi_vault/identity/group_alias.py +14 -11
  86. pulumi_vault/identity/group_member_entity_ids.py +24 -74
  87. pulumi_vault/identity/group_member_group_ids.py +36 -27
  88. pulumi_vault/identity/group_policies.py +16 -15
  89. pulumi_vault/identity/mfa_duo.py +9 -8
  90. pulumi_vault/identity/mfa_login_enforcement.py +13 -8
  91. pulumi_vault/identity/mfa_okta.py +9 -8
  92. pulumi_vault/identity/mfa_pingid.py +5 -4
  93. pulumi_vault/identity/mfa_totp.py +5 -4
  94. pulumi_vault/identity/oidc.py +12 -11
  95. pulumi_vault/identity/oidc_assignment.py +22 -13
  96. pulumi_vault/identity/oidc_client.py +34 -25
  97. pulumi_vault/identity/oidc_key.py +28 -19
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
  99. pulumi_vault/identity/oidc_provider.py +34 -23
  100. pulumi_vault/identity/oidc_role.py +40 -27
  101. pulumi_vault/identity/oidc_scope.py +18 -15
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +39 -46
  105. pulumi_vault/jwt/auth_backend_role.py +131 -260
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +22 -21
  108. pulumi_vault/kmip/secret_role.py +12 -11
  109. pulumi_vault/kmip/secret_scope.py +12 -11
  110. pulumi_vault/kubernetes/auth_backend_config.py +55 -7
  111. pulumi_vault/kubernetes/auth_backend_role.py +68 -179
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -15
  115. pulumi_vault/kubernetes/secret_backend.py +314 -29
  116. pulumi_vault/kubernetes/secret_backend_role.py +135 -56
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +23 -12
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
  120. pulumi_vault/kv/get_secret_v2.py +89 -9
  121. pulumi_vault/kv/get_secrets_list.py +22 -15
  122. pulumi_vault/kv/get_secrets_list_v2.py +35 -19
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +19 -18
  125. pulumi_vault/kv/secret_backend_v2.py +12 -11
  126. pulumi_vault/kv/secret_v2.py +55 -52
  127. pulumi_vault/ldap/auth_backend.py +125 -168
  128. pulumi_vault/ldap/auth_backend_group.py +12 -11
  129. pulumi_vault/ldap/auth_backend_user.py +12 -11
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +352 -84
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +14 -11
  135. pulumi_vault/ldap/secret_backend_static_role.py +67 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +27 -43
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +16 -13
  140. pulumi_vault/mfa_okta.py +16 -13
  141. pulumi_vault/mfa_pingid.py +16 -13
  142. pulumi_vault/mfa_totp.py +22 -19
  143. pulumi_vault/mongodbatlas/secret_backend.py +18 -17
  144. pulumi_vault/mongodbatlas/secret_role.py +41 -38
  145. pulumi_vault/mount.py +389 -65
  146. pulumi_vault/namespace.py +26 -21
  147. pulumi_vault/nomad_secret_backend.py +16 -15
  148. pulumi_vault/nomad_secret_role.py +12 -11
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +483 -41
  151. pulumi_vault/okta/auth_backend_group.py +12 -11
  152. pulumi_vault/okta/auth_backend_user.py +12 -11
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +18 -15
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -13
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -12
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
  174. pulumi_vault/pkisecret/secret_backend_key.py +12 -7
  175. pulumi_vault/pkisecret/secret_backend_role.py +19 -16
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +12 -7
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +58 -8
  185. pulumi_vault/quota_rate_limit.py +54 -4
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +16 -15
  189. pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
  190. pulumi_vault/raft_autopilot.py +12 -11
  191. pulumi_vault/raft_snapshot_agent_config.py +121 -311
  192. pulumi_vault/rgp_policy.py +14 -13
  193. pulumi_vault/saml/auth_backend.py +20 -19
  194. pulumi_vault/saml/auth_backend_role.py +90 -199
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -75
  199. pulumi_vault/secrets/sync_aws_destination.py +240 -29
  200. pulumi_vault/secrets/sync_azure_destination.py +90 -33
  201. pulumi_vault/secrets/sync_config.py +7 -6
  202. pulumi_vault/secrets/sync_gcp_destination.py +156 -27
  203. pulumi_vault/secrets/sync_gh_destination.py +187 -15
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +72 -15
  206. pulumi_vault/ssh/_inputs.py +28 -32
  207. pulumi_vault/ssh/outputs.py +11 -32
  208. pulumi_vault/ssh/secret_backend_ca.py +106 -11
  209. pulumi_vault/ssh/secret_backend_role.py +83 -120
  210. pulumi_vault/terraformcloud/secret_backend.py +5 -56
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -24
  212. pulumi_vault/terraformcloud/secret_role.py +14 -76
  213. pulumi_vault/token.py +26 -25
  214. pulumi_vault/tokenauth/auth_backend_role.py +76 -201
  215. pulumi_vault/transform/alphabet.py +16 -13
  216. pulumi_vault/transform/get_decode.py +45 -21
  217. pulumi_vault/transform/get_encode.py +45 -21
  218. pulumi_vault/transform/role.py +16 -13
  219. pulumi_vault/transform/template.py +30 -25
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -25
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +25 -97
  224. pulumi_vault/transit/secret_cache_config.py +12 -11
  225. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = [
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretBackendArgs', 'SecretBackend']
@@ -40,7 +45,7 @@ class SecretBackendArgs:
40
45
  :param pulumi.Input[Sequence[pulumi.Input[str]]] listen_addrs: Addresses the KMIP server should listen on (`host:port`).
41
46
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
42
47
  The value should not contain leading or trailing forward slashes.
43
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
48
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
44
49
  *Available only for Vault Enterprise*.
45
50
  :param pulumi.Input[Sequence[pulumi.Input[str]]] server_hostnames: Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN).
46
51
  :param pulumi.Input[Sequence[pulumi.Input[str]]] server_ips: IPs to include in the server's TLS certificate as SAN IP addresses.
@@ -166,7 +171,7 @@ class SecretBackendArgs:
166
171
  """
167
172
  The namespace to provision the resource in.
168
173
  The value should not contain leading or trailing forward slashes.
169
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
174
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
170
175
  *Available only for Vault Enterprise*.
171
176
  """
172
177
  return pulumi.get(self, "namespace")
@@ -263,7 +268,7 @@ class _SecretBackendState:
263
268
  :param pulumi.Input[Sequence[pulumi.Input[str]]] listen_addrs: Addresses the KMIP server should listen on (`host:port`).
264
269
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
265
270
  The value should not contain leading or trailing forward slashes.
266
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
271
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
267
272
  *Available only for Vault Enterprise*.
268
273
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
269
274
  not begin or end with a `/`. Defaults to `kmip`.
@@ -379,7 +384,7 @@ class _SecretBackendState:
379
384
  """
380
385
  The namespace to provision the resource in.
381
386
  The value should not contain leading or trailing forward slashes.
382
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
387
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
383
388
  *Available only for Vault Enterprise*.
384
389
  """
385
390
  return pulumi.get(self, "namespace")
@@ -488,25 +493,23 @@ class SecretBackend(pulumi.CustomResource):
488
493
 
489
494
  ## Example Usage
490
495
 
491
- <!--Start PulumiCodeChooser -->
492
496
  ```python
493
497
  import pulumi
494
498
  import pulumi_vault as vault
495
499
 
496
500
  default = vault.kmip.SecretBackend("default",
497
- default_tls_client_key_bits=4096,
498
- default_tls_client_key_type="rsa",
499
- default_tls_client_ttl=86400,
501
+ path="kmip",
500
502
  description="Vault KMIP backend",
501
503
  listen_addrs=[
502
504
  "127.0.0.1:5696",
503
505
  "127.0.0.1:8080",
504
506
  ],
505
- path="kmip",
507
+ tls_ca_key_type="rsa",
506
508
  tls_ca_key_bits=4096,
507
- tls_ca_key_type="rsa")
509
+ default_tls_client_key_type="rsa",
510
+ default_tls_client_key_bits=4096,
511
+ default_tls_client_ttl=86400)
508
512
  ```
509
- <!--End PulumiCodeChooser -->
510
513
 
511
514
  ## Import
512
515
 
@@ -527,7 +530,7 @@ class SecretBackend(pulumi.CustomResource):
527
530
  :param pulumi.Input[Sequence[pulumi.Input[str]]] listen_addrs: Addresses the KMIP server should listen on (`host:port`).
528
531
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
529
532
  The value should not contain leading or trailing forward slashes.
530
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
533
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
531
534
  *Available only for Vault Enterprise*.
532
535
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
533
536
  not begin or end with a `/`. Defaults to `kmip`.
@@ -550,25 +553,23 @@ class SecretBackend(pulumi.CustomResource):
550
553
 
551
554
  ## Example Usage
552
555
 
553
- <!--Start PulumiCodeChooser -->
554
556
  ```python
555
557
  import pulumi
556
558
  import pulumi_vault as vault
557
559
 
558
560
  default = vault.kmip.SecretBackend("default",
559
- default_tls_client_key_bits=4096,
560
- default_tls_client_key_type="rsa",
561
- default_tls_client_ttl=86400,
561
+ path="kmip",
562
562
  description="Vault KMIP backend",
563
563
  listen_addrs=[
564
564
  "127.0.0.1:5696",
565
565
  "127.0.0.1:8080",
566
566
  ],
567
- path="kmip",
567
+ tls_ca_key_type="rsa",
568
568
  tls_ca_key_bits=4096,
569
- tls_ca_key_type="rsa")
569
+ default_tls_client_key_type="rsa",
570
+ default_tls_client_key_bits=4096,
571
+ default_tls_client_ttl=86400)
570
572
  ```
571
- <!--End PulumiCodeChooser -->
572
573
 
573
574
  ## Import
574
575
 
@@ -669,7 +670,7 @@ class SecretBackend(pulumi.CustomResource):
669
670
  :param pulumi.Input[Sequence[pulumi.Input[str]]] listen_addrs: Addresses the KMIP server should listen on (`host:port`).
670
671
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
671
672
  The value should not contain leading or trailing forward slashes.
672
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
673
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
673
674
  *Available only for Vault Enterprise*.
674
675
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
675
676
  not begin or end with a `/`. Defaults to `kmip`.
@@ -753,7 +754,7 @@ class SecretBackend(pulumi.CustomResource):
753
754
  """
754
755
  The namespace to provision the resource in.
755
756
  The value should not contain leading or trailing forward slashes.
756
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
757
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
757
758
  *Available only for Vault Enterprise*.
758
759
  """
759
760
  return pulumi.get(self, "namespace")
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretRoleArgs', 'SecretRole']
@@ -43,7 +48,7 @@ class SecretRoleArgs:
43
48
  :param pulumi.Input[str] scope: Name of the scope.
44
49
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
45
50
  The value should not contain leading or trailing forward slashes.
46
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
51
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
47
52
  *Available only for Vault Enterprise*.
48
53
  :param pulumi.Input[bool] operation_activate: Grant permission to use the KMIP Activate operation.
49
54
  :param pulumi.Input[bool] operation_add_attribute: Grant permission to use the KMIP Add Attribute operation.
@@ -146,7 +151,7 @@ class SecretRoleArgs:
146
151
  """
147
152
  The namespace to provision the resource in.
148
153
  The value should not contain leading or trailing forward slashes.
149
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
154
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
150
155
  *Available only for Vault Enterprise*.
151
156
  """
152
157
  return pulumi.get(self, "namespace")
@@ -388,7 +393,7 @@ class _SecretRoleState:
388
393
  Input properties used for looking up and filtering SecretRole resources.
389
394
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
390
395
  The value should not contain leading or trailing forward slashes.
391
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
396
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
392
397
  *Available only for Vault Enterprise*.
393
398
  :param pulumi.Input[bool] operation_activate: Grant permission to use the KMIP Activate operation.
394
399
  :param pulumi.Input[bool] operation_add_attribute: Grant permission to use the KMIP Add Attribute operation.
@@ -461,7 +466,7 @@ class _SecretRoleState:
461
466
  """
462
467
  The namespace to provision the resource in.
463
468
  The value should not contain leading or trailing forward slashes.
464
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
469
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
465
470
  *Available only for Vault Enterprise*.
466
471
  """
467
472
  return pulumi.get(self, "namespace")
@@ -746,7 +751,6 @@ class SecretRole(pulumi.CustomResource):
746
751
 
747
752
  ## Example Usage
748
753
 
749
- <!--Start PulumiCodeChooser -->
750
754
  ```python
751
755
  import pulumi
752
756
  import pulumi_vault as vault
@@ -770,7 +774,6 @@ class SecretRole(pulumi.CustomResource):
770
774
  operation_create=True,
771
775
  operation_destroy=True)
772
776
  ```
773
- <!--End PulumiCodeChooser -->
774
777
 
775
778
  ## Import
776
779
 
@@ -784,7 +787,7 @@ class SecretRole(pulumi.CustomResource):
784
787
  :param pulumi.ResourceOptions opts: Options for the resource.
785
788
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
786
789
  The value should not contain leading or trailing forward slashes.
787
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
790
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
788
791
  *Available only for Vault Enterprise*.
789
792
  :param pulumi.Input[bool] operation_activate: Grant permission to use the KMIP Activate operation.
790
793
  :param pulumi.Input[bool] operation_add_attribute: Grant permission to use the KMIP Add Attribute operation.
@@ -821,7 +824,6 @@ class SecretRole(pulumi.CustomResource):
821
824
 
822
825
  ## Example Usage
823
826
 
824
- <!--Start PulumiCodeChooser -->
825
827
  ```python
826
828
  import pulumi
827
829
  import pulumi_vault as vault
@@ -845,7 +847,6 @@ class SecretRole(pulumi.CustomResource):
845
847
  operation_create=True,
846
848
  operation_destroy=True)
847
849
  ```
848
- <!--End PulumiCodeChooser -->
849
850
 
850
851
  ## Import
851
852
 
@@ -967,7 +968,7 @@ class SecretRole(pulumi.CustomResource):
967
968
  :param pulumi.ResourceOptions opts: Options for the resource.
968
969
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
969
970
  The value should not contain leading or trailing forward slashes.
970
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
971
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
971
972
  *Available only for Vault Enterprise*.
972
973
  :param pulumi.Input[bool] operation_activate: Grant permission to use the KMIP Activate operation.
973
974
  :param pulumi.Input[bool] operation_add_attribute: Grant permission to use the KMIP Add Attribute operation.
@@ -1024,7 +1025,7 @@ class SecretRole(pulumi.CustomResource):
1024
1025
  """
1025
1026
  The namespace to provision the resource in.
1026
1027
  The value should not contain leading or trailing forward slashes.
1027
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1028
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1028
1029
  *Available only for Vault Enterprise*.
1029
1030
  """
1030
1031
  return pulumi.get(self, "namespace")
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretScopeArgs', 'SecretScope']
@@ -26,7 +31,7 @@ class SecretScopeArgs:
26
31
  :param pulumi.Input[bool] force: Boolean field to force deletion even if there are managed objects in the scope.
27
32
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
28
33
  The value should not contain leading or trailing forward slashes.
29
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
34
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
30
35
  *Available only for Vault Enterprise*.
31
36
  """
32
37
  pulumi.set(__self__, "path", path)
@@ -79,7 +84,7 @@ class SecretScopeArgs:
79
84
  """
80
85
  The namespace to provision the resource in.
81
86
  The value should not contain leading or trailing forward slashes.
82
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
87
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
83
88
  *Available only for Vault Enterprise*.
84
89
  """
85
90
  return pulumi.get(self, "namespace")
@@ -101,7 +106,7 @@ class _SecretScopeState:
101
106
  :param pulumi.Input[bool] force: Boolean field to force deletion even if there are managed objects in the scope.
102
107
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
103
108
  The value should not contain leading or trailing forward slashes.
104
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
109
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
105
110
  *Available only for Vault Enterprise*.
106
111
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
107
112
  not begin or end with a `/`. Defaults to `kmip`.
@@ -134,7 +139,7 @@ class _SecretScopeState:
134
139
  """
135
140
  The namespace to provision the resource in.
136
141
  The value should not contain leading or trailing forward slashes.
137
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
142
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
138
143
  *Available only for Vault Enterprise*.
139
144
  """
140
145
  return pulumi.get(self, "namespace")
@@ -186,7 +191,6 @@ class SecretScope(pulumi.CustomResource):
186
191
 
187
192
  ## Example Usage
188
193
 
189
- <!--Start PulumiCodeChooser -->
190
194
  ```python
191
195
  import pulumi
192
196
  import pulumi_vault as vault
@@ -199,7 +203,6 @@ class SecretScope(pulumi.CustomResource):
199
203
  scope="dev",
200
204
  force=True)
201
205
  ```
202
- <!--End PulumiCodeChooser -->
203
206
 
204
207
  ## Import
205
208
 
@@ -214,7 +217,7 @@ class SecretScope(pulumi.CustomResource):
214
217
  :param pulumi.Input[bool] force: Boolean field to force deletion even if there are managed objects in the scope.
215
218
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
216
219
  The value should not contain leading or trailing forward slashes.
217
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
220
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
218
221
  *Available only for Vault Enterprise*.
219
222
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
220
223
  not begin or end with a `/`. Defaults to `kmip`.
@@ -233,7 +236,6 @@ class SecretScope(pulumi.CustomResource):
233
236
 
234
237
  ## Example Usage
235
238
 
236
- <!--Start PulumiCodeChooser -->
237
239
  ```python
238
240
  import pulumi
239
241
  import pulumi_vault as vault
@@ -246,7 +248,6 @@ class SecretScope(pulumi.CustomResource):
246
248
  scope="dev",
247
249
  force=True)
248
250
  ```
249
- <!--End PulumiCodeChooser -->
250
251
 
251
252
  ## Import
252
253
 
@@ -316,7 +317,7 @@ class SecretScope(pulumi.CustomResource):
316
317
  :param pulumi.Input[bool] force: Boolean field to force deletion even if there are managed objects in the scope.
317
318
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
318
319
  The value should not contain leading or trailing forward slashes.
319
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
320
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
320
321
  *Available only for Vault Enterprise*.
321
322
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
322
323
  not begin or end with a `/`. Defaults to `kmip`.
@@ -346,7 +347,7 @@ class SecretScope(pulumi.CustomResource):
346
347
  """
347
348
  The namespace to provision the resource in.
348
349
  The value should not contain leading or trailing forward slashes.
349
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
350
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
350
351
  *Available only for Vault Enterprise*.
351
352
  """
352
353
  return pulumi.get(self, "namespace")
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['AuthBackendConfigArgs', 'AuthBackendConfig']
@@ -22,7 +27,8 @@ class AuthBackendConfigArgs:
22
27
  kubernetes_ca_cert: Optional[pulumi.Input[str]] = None,
23
28
  namespace: Optional[pulumi.Input[str]] = None,
24
29
  pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
25
- token_reviewer_jwt: Optional[pulumi.Input[str]] = None):
30
+ token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
31
+ use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None):
26
32
  """
27
33
  The set of arguments for constructing a AuthBackendConfig resource.
28
34
  :param pulumi.Input[str] kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
@@ -37,6 +43,7 @@ class AuthBackendConfigArgs:
37
43
  *Available only for Vault Enterprise*.
38
44
  :param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
39
45
  :param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
46
+ :param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
40
47
  """
41
48
  pulumi.set(__self__, "kubernetes_host", kubernetes_host)
42
49
  if backend is not None:
@@ -55,6 +62,8 @@ class AuthBackendConfigArgs:
55
62
  pulumi.set(__self__, "pem_keys", pem_keys)
56
63
  if token_reviewer_jwt is not None:
57
64
  pulumi.set(__self__, "token_reviewer_jwt", token_reviewer_jwt)
65
+ if use_annotations_as_alias_metadata is not None:
66
+ pulumi.set(__self__, "use_annotations_as_alias_metadata", use_annotations_as_alias_metadata)
58
67
 
59
68
  @property
60
69
  @pulumi.getter(name="kubernetesHost")
@@ -167,6 +176,18 @@ class AuthBackendConfigArgs:
167
176
  def token_reviewer_jwt(self, value: Optional[pulumi.Input[str]]):
168
177
  pulumi.set(self, "token_reviewer_jwt", value)
169
178
 
179
+ @property
180
+ @pulumi.getter(name="useAnnotationsAsAliasMetadata")
181
+ def use_annotations_as_alias_metadata(self) -> Optional[pulumi.Input[bool]]:
182
+ """
183
+ Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
184
+ """
185
+ return pulumi.get(self, "use_annotations_as_alias_metadata")
186
+
187
+ @use_annotations_as_alias_metadata.setter
188
+ def use_annotations_as_alias_metadata(self, value: Optional[pulumi.Input[bool]]):
189
+ pulumi.set(self, "use_annotations_as_alias_metadata", value)
190
+
170
191
 
171
192
  @pulumi.input_type
172
193
  class _AuthBackendConfigState:
@@ -179,7 +200,8 @@ class _AuthBackendConfigState:
179
200
  kubernetes_host: Optional[pulumi.Input[str]] = None,
180
201
  namespace: Optional[pulumi.Input[str]] = None,
181
202
  pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
182
- token_reviewer_jwt: Optional[pulumi.Input[str]] = None):
203
+ token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
204
+ use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None):
183
205
  """
184
206
  Input properties used for looking up and filtering AuthBackendConfig resources.
185
207
  :param pulumi.Input[str] backend: Unique name of the kubernetes backend to configure.
@@ -194,6 +216,7 @@ class _AuthBackendConfigState:
194
216
  *Available only for Vault Enterprise*.
195
217
  :param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
196
218
  :param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
219
+ :param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
197
220
  """
198
221
  if backend is not None:
199
222
  pulumi.set(__self__, "backend", backend)
@@ -213,6 +236,8 @@ class _AuthBackendConfigState:
213
236
  pulumi.set(__self__, "pem_keys", pem_keys)
214
237
  if token_reviewer_jwt is not None:
215
238
  pulumi.set(__self__, "token_reviewer_jwt", token_reviewer_jwt)
239
+ if use_annotations_as_alias_metadata is not None:
240
+ pulumi.set(__self__, "use_annotations_as_alias_metadata", use_annotations_as_alias_metadata)
216
241
 
217
242
  @property
218
243
  @pulumi.getter
@@ -325,6 +350,18 @@ class _AuthBackendConfigState:
325
350
  def token_reviewer_jwt(self, value: Optional[pulumi.Input[str]]):
326
351
  pulumi.set(self, "token_reviewer_jwt", value)
327
352
 
353
+ @property
354
+ @pulumi.getter(name="useAnnotationsAsAliasMetadata")
355
+ def use_annotations_as_alias_metadata(self) -> Optional[pulumi.Input[bool]]:
356
+ """
357
+ Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
358
+ """
359
+ return pulumi.get(self, "use_annotations_as_alias_metadata")
360
+
361
+ @use_annotations_as_alias_metadata.setter
362
+ def use_annotations_as_alias_metadata(self, value: Optional[pulumi.Input[bool]]):
363
+ pulumi.set(self, "use_annotations_as_alias_metadata", value)
364
+
328
365
 
329
366
  class AuthBackendConfig(pulumi.CustomResource):
330
367
  @overload
@@ -340,6 +377,7 @@ class AuthBackendConfig(pulumi.CustomResource):
340
377
  namespace: Optional[pulumi.Input[str]] = None,
341
378
  pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
342
379
  token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
380
+ use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None,
343
381
  __props__=None):
344
382
  """
345
383
  Manages an Kubernetes auth backend config in a Vault server. See the [Vault
@@ -348,7 +386,6 @@ class AuthBackendConfig(pulumi.CustomResource):
348
386
 
349
387
  ## Example Usage
350
388
 
351
- <!--Start PulumiCodeChooser -->
352
389
  ```python
353
390
  import pulumi
354
391
  import pulumi_vault as vault
@@ -364,7 +401,6 @@ class AuthBackendConfig(pulumi.CustomResource):
364
401
  issuer="api",
365
402
  disable_iss_validation=True)
366
403
  ```
367
- <!--End PulumiCodeChooser -->
368
404
 
369
405
  ## Import
370
406
 
@@ -388,6 +424,7 @@ class AuthBackendConfig(pulumi.CustomResource):
388
424
  *Available only for Vault Enterprise*.
389
425
  :param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
390
426
  :param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
427
+ :param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
391
428
  """
392
429
  ...
393
430
  @overload
@@ -402,7 +439,6 @@ class AuthBackendConfig(pulumi.CustomResource):
402
439
 
403
440
  ## Example Usage
404
441
 
405
- <!--Start PulumiCodeChooser -->
406
442
  ```python
407
443
  import pulumi
408
444
  import pulumi_vault as vault
@@ -418,7 +454,6 @@ class AuthBackendConfig(pulumi.CustomResource):
418
454
  issuer="api",
419
455
  disable_iss_validation=True)
420
456
  ```
421
- <!--End PulumiCodeChooser -->
422
457
 
423
458
  ## Import
424
459
 
@@ -452,6 +487,7 @@ class AuthBackendConfig(pulumi.CustomResource):
452
487
  namespace: Optional[pulumi.Input[str]] = None,
453
488
  pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
454
489
  token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
490
+ use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None,
455
491
  __props__=None):
456
492
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
457
493
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -472,6 +508,7 @@ class AuthBackendConfig(pulumi.CustomResource):
472
508
  __props__.__dict__["namespace"] = namespace
473
509
  __props__.__dict__["pem_keys"] = pem_keys
474
510
  __props__.__dict__["token_reviewer_jwt"] = None if token_reviewer_jwt is None else pulumi.Output.secret(token_reviewer_jwt)
511
+ __props__.__dict__["use_annotations_as_alias_metadata"] = use_annotations_as_alias_metadata
475
512
  secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["tokenReviewerJwt"])
476
513
  opts = pulumi.ResourceOptions.merge(opts, secret_opts)
477
514
  super(AuthBackendConfig, __self__).__init__(
@@ -492,7 +529,8 @@ class AuthBackendConfig(pulumi.CustomResource):
492
529
  kubernetes_host: Optional[pulumi.Input[str]] = None,
493
530
  namespace: Optional[pulumi.Input[str]] = None,
494
531
  pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
495
- token_reviewer_jwt: Optional[pulumi.Input[str]] = None) -> 'AuthBackendConfig':
532
+ token_reviewer_jwt: Optional[pulumi.Input[str]] = None,
533
+ use_annotations_as_alias_metadata: Optional[pulumi.Input[bool]] = None) -> 'AuthBackendConfig':
496
534
  """
497
535
  Get an existing AuthBackendConfig resource's state with the given name, id, and optional extra
498
536
  properties used to qualify the lookup.
@@ -512,6 +550,7 @@ class AuthBackendConfig(pulumi.CustomResource):
512
550
  *Available only for Vault Enterprise*.
513
551
  :param pulumi.Input[Sequence[pulumi.Input[str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
514
552
  :param pulumi.Input[str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
553
+ :param pulumi.Input[bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
515
554
  """
516
555
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
517
556
 
@@ -526,6 +565,7 @@ class AuthBackendConfig(pulumi.CustomResource):
526
565
  __props__.__dict__["namespace"] = namespace
527
566
  __props__.__dict__["pem_keys"] = pem_keys
528
567
  __props__.__dict__["token_reviewer_jwt"] = token_reviewer_jwt
568
+ __props__.__dict__["use_annotations_as_alias_metadata"] = use_annotations_as_alias_metadata
529
569
  return AuthBackendConfig(resource_name, opts=opts, __props__=__props__)
530
570
 
531
571
  @property
@@ -603,3 +643,11 @@ class AuthBackendConfig(pulumi.CustomResource):
603
643
  """
604
644
  return pulumi.get(self, "token_reviewer_jwt")
605
645
 
646
+ @property
647
+ @pulumi.getter(name="useAnnotationsAsAliasMetadata")
648
+ def use_annotations_as_alias_metadata(self) -> pulumi.Output[bool]:
649
+ """
650
+ Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
651
+ """
652
+ return pulumi.get(self, "use_annotations_as_alias_metadata")
653
+