pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +22 -7
  5. pulumi_vault/ad/secret_backend.py +14 -144
  6. pulumi_vault/ad/secret_library.py +14 -11
  7. pulumi_vault/ad/secret_role.py +12 -11
  8. pulumi_vault/alicloud/auth_backend_role.py +74 -192
  9. pulumi_vault/approle/auth_backend_login.py +12 -11
  10. pulumi_vault/approle/auth_backend_role.py +75 -193
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
  13. pulumi_vault/audit.py +24 -27
  14. pulumi_vault/audit_request_header.py +11 -6
  15. pulumi_vault/auth_backend.py +64 -12
  16. pulumi_vault/aws/auth_backend_cert.py +12 -7
  17. pulumi_vault/aws/auth_backend_client.py +265 -24
  18. pulumi_vault/aws/auth_backend_config_identity.py +12 -11
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +75 -193
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
  24. pulumi_vault/aws/auth_backend_sts_role.py +12 -11
  25. pulumi_vault/aws/get_access_credentials.py +34 -7
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +75 -7
  28. pulumi_vault/aws/secret_backend_role.py +183 -11
  29. pulumi_vault/aws/secret_backend_static_role.py +14 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +151 -17
  32. pulumi_vault/azure/auth_backend_role.py +75 -193
  33. pulumi_vault/azure/backend.py +223 -29
  34. pulumi_vault/azure/backend_role.py +42 -41
  35. pulumi_vault/azure/get_access_credentials.py +39 -11
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -271
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +22 -25
  44. pulumi_vault/consul/secret_backend_role.py +14 -80
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +117 -114
  48. pulumi_vault/database/secret_backend_role.py +29 -24
  49. pulumi_vault/database/secret_backend_static_role.py +85 -15
  50. pulumi_vault/database/secrets_mount.py +425 -138
  51. pulumi_vault/egp_policy.py +16 -15
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +248 -35
  54. pulumi_vault/gcp/auth_backend_role.py +75 -271
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -9
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -16
  58. pulumi_vault/gcp/secret_impersonated_account.py +74 -17
  59. pulumi_vault/gcp/secret_roleset.py +29 -26
  60. pulumi_vault/gcp/secret_static_account.py +37 -34
  61. pulumi_vault/generic/endpoint.py +22 -21
  62. pulumi_vault/generic/get_secret.py +68 -12
  63. pulumi_vault/generic/secret.py +19 -14
  64. pulumi_vault/get_auth_backend.py +24 -11
  65. pulumi_vault/get_auth_backends.py +33 -11
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -15
  69. pulumi_vault/get_policy_document.py +34 -23
  70. pulumi_vault/get_raft_autopilot_state.py +29 -14
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +17 -16
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +14 -13
  75. pulumi_vault/github/user.py +14 -13
  76. pulumi_vault/identity/entity.py +18 -15
  77. pulumi_vault/identity/entity_alias.py +18 -15
  78. pulumi_vault/identity/entity_policies.py +24 -19
  79. pulumi_vault/identity/get_entity.py +40 -14
  80. pulumi_vault/identity/get_group.py +45 -13
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -11
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -13
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -14
  84. pulumi_vault/identity/group.py +50 -49
  85. pulumi_vault/identity/group_alias.py +14 -11
  86. pulumi_vault/identity/group_member_entity_ids.py +24 -74
  87. pulumi_vault/identity/group_member_group_ids.py +36 -27
  88. pulumi_vault/identity/group_policies.py +16 -15
  89. pulumi_vault/identity/mfa_duo.py +9 -8
  90. pulumi_vault/identity/mfa_login_enforcement.py +13 -8
  91. pulumi_vault/identity/mfa_okta.py +9 -8
  92. pulumi_vault/identity/mfa_pingid.py +5 -4
  93. pulumi_vault/identity/mfa_totp.py +5 -4
  94. pulumi_vault/identity/oidc.py +12 -11
  95. pulumi_vault/identity/oidc_assignment.py +22 -13
  96. pulumi_vault/identity/oidc_client.py +34 -25
  97. pulumi_vault/identity/oidc_key.py +28 -19
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
  99. pulumi_vault/identity/oidc_provider.py +34 -23
  100. pulumi_vault/identity/oidc_role.py +40 -27
  101. pulumi_vault/identity/oidc_scope.py +18 -15
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +39 -46
  105. pulumi_vault/jwt/auth_backend_role.py +131 -260
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +22 -21
  108. pulumi_vault/kmip/secret_role.py +12 -11
  109. pulumi_vault/kmip/secret_scope.py +12 -11
  110. pulumi_vault/kubernetes/auth_backend_config.py +55 -7
  111. pulumi_vault/kubernetes/auth_backend_role.py +68 -179
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -15
  115. pulumi_vault/kubernetes/secret_backend.py +314 -29
  116. pulumi_vault/kubernetes/secret_backend_role.py +135 -56
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +23 -12
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
  120. pulumi_vault/kv/get_secret_v2.py +89 -9
  121. pulumi_vault/kv/get_secrets_list.py +22 -15
  122. pulumi_vault/kv/get_secrets_list_v2.py +35 -19
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +19 -18
  125. pulumi_vault/kv/secret_backend_v2.py +12 -11
  126. pulumi_vault/kv/secret_v2.py +55 -52
  127. pulumi_vault/ldap/auth_backend.py +125 -168
  128. pulumi_vault/ldap/auth_backend_group.py +12 -11
  129. pulumi_vault/ldap/auth_backend_user.py +12 -11
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +352 -84
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +14 -11
  135. pulumi_vault/ldap/secret_backend_static_role.py +67 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +27 -43
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +16 -13
  140. pulumi_vault/mfa_okta.py +16 -13
  141. pulumi_vault/mfa_pingid.py +16 -13
  142. pulumi_vault/mfa_totp.py +22 -19
  143. pulumi_vault/mongodbatlas/secret_backend.py +18 -17
  144. pulumi_vault/mongodbatlas/secret_role.py +41 -38
  145. pulumi_vault/mount.py +389 -65
  146. pulumi_vault/namespace.py +26 -21
  147. pulumi_vault/nomad_secret_backend.py +16 -15
  148. pulumi_vault/nomad_secret_role.py +12 -11
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +483 -41
  151. pulumi_vault/okta/auth_backend_group.py +12 -11
  152. pulumi_vault/okta/auth_backend_user.py +12 -11
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +18 -15
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -13
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -12
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
  174. pulumi_vault/pkisecret/secret_backend_key.py +12 -7
  175. pulumi_vault/pkisecret/secret_backend_role.py +19 -16
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +12 -7
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +58 -8
  185. pulumi_vault/quota_rate_limit.py +54 -4
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +16 -15
  189. pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
  190. pulumi_vault/raft_autopilot.py +12 -11
  191. pulumi_vault/raft_snapshot_agent_config.py +121 -311
  192. pulumi_vault/rgp_policy.py +14 -13
  193. pulumi_vault/saml/auth_backend.py +20 -19
  194. pulumi_vault/saml/auth_backend_role.py +90 -199
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -75
  199. pulumi_vault/secrets/sync_aws_destination.py +240 -29
  200. pulumi_vault/secrets/sync_azure_destination.py +90 -33
  201. pulumi_vault/secrets/sync_config.py +7 -6
  202. pulumi_vault/secrets/sync_gcp_destination.py +156 -27
  203. pulumi_vault/secrets/sync_gh_destination.py +187 -15
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +72 -15
  206. pulumi_vault/ssh/_inputs.py +28 -32
  207. pulumi_vault/ssh/outputs.py +11 -32
  208. pulumi_vault/ssh/secret_backend_ca.py +106 -11
  209. pulumi_vault/ssh/secret_backend_role.py +83 -120
  210. pulumi_vault/terraformcloud/secret_backend.py +5 -56
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -24
  212. pulumi_vault/terraformcloud/secret_role.py +14 -76
  213. pulumi_vault/token.py +26 -25
  214. pulumi_vault/tokenauth/auth_backend_role.py +76 -201
  215. pulumi_vault/transform/alphabet.py +16 -13
  216. pulumi_vault/transform/get_decode.py +45 -21
  217. pulumi_vault/transform/get_encode.py +45 -21
  218. pulumi_vault/transform/role.py +16 -13
  219. pulumi_vault/transform/template.py +30 -25
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -25
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +25 -97
  224. pulumi_vault/transit/secret_cache_config.py +12 -11
  225. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
@@ -45,33 +50,17 @@ class AuthBackendRoleArgs:
45
50
  :param pulumi.Input[str] backend: Unique name of the kubernetes backend to configure.
46
51
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
47
52
  The value should not contain leading or trailing forward slashes.
48
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
53
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
49
54
  *Available only for Vault Enterprise*.
50
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
51
- addresses which can authenticate successfully, and ties the resulting token to these blocks
52
- as well.
53
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
54
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
55
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
56
- `token_max_ttl` would otherwise allow a renewal.
57
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
58
- Its current value will be referenced at renewal time.
59
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
60
- generated tokens; otherwise it will be added to the policies set in token_policies.
61
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/kubernetes#token_num_uses)
62
- of times a generated token may be used (within its lifetime); 0 means unlimited.
63
- :param pulumi.Input[int] token_period: If set, indicates that the
64
- token generated using this role should never expire. The token should be renewed within the
65
- duration specified by this value. At each renewal, the token's TTL will be set to the
66
- value of this field. Specified in seconds.
67
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
68
- on the auth method, this list may be supplemented by user/group/other values.
55
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
56
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
57
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
58
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
59
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
60
+ :param pulumi.Input[int] token_period: Generated Token's Period
61
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
69
62
  :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
70
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
71
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
72
- `service` tokens). For token store roles, there are two additional possibilities:
73
- `default-service` and `default-batch` which specify the type to return unless the client
74
- requests a different type at generation time.
63
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
75
64
  """
76
65
  pulumi.set(__self__, "bound_service_account_names", bound_service_account_names)
77
66
  pulumi.set(__self__, "bound_service_account_namespaces", bound_service_account_namespaces)
@@ -186,7 +175,7 @@ class AuthBackendRoleArgs:
186
175
  """
187
176
  The namespace to provision the resource in.
188
177
  The value should not contain leading or trailing forward slashes.
189
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
178
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
190
179
  *Available only for Vault Enterprise*.
191
180
  """
192
181
  return pulumi.get(self, "namespace")
@@ -199,9 +188,7 @@ class AuthBackendRoleArgs:
199
188
  @pulumi.getter(name="tokenBoundCidrs")
200
189
  def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
201
190
  """
202
- List of CIDR blocks; if set, specifies blocks of IP
203
- addresses which can authenticate successfully, and ties the resulting token to these blocks
204
- as well.
191
+ Specifies the blocks of IP addresses which are allowed to use the generated token
205
192
  """
206
193
  return pulumi.get(self, "token_bound_cidrs")
207
194
 
@@ -213,10 +200,7 @@ class AuthBackendRoleArgs:
213
200
  @pulumi.getter(name="tokenExplicitMaxTtl")
214
201
  def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
215
202
  """
216
- If set, will encode an
217
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
218
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
219
- `token_max_ttl` would otherwise allow a renewal.
203
+ Generated Token's Explicit Maximum TTL in seconds
220
204
  """
221
205
  return pulumi.get(self, "token_explicit_max_ttl")
222
206
 
@@ -228,8 +212,7 @@ class AuthBackendRoleArgs:
228
212
  @pulumi.getter(name="tokenMaxTtl")
229
213
  def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
230
214
  """
231
- The maximum lifetime for generated tokens in number of seconds.
232
- Its current value will be referenced at renewal time.
215
+ The maximum lifetime of the generated token
233
216
  """
234
217
  return pulumi.get(self, "token_max_ttl")
235
218
 
@@ -241,8 +224,7 @@ class AuthBackendRoleArgs:
241
224
  @pulumi.getter(name="tokenNoDefaultPolicy")
242
225
  def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
243
226
  """
244
- If set, the default policy will not be set on
245
- generated tokens; otherwise it will be added to the policies set in token_policies.
227
+ If true, the 'default' policy will not automatically be added to generated tokens
246
228
  """
247
229
  return pulumi.get(self, "token_no_default_policy")
248
230
 
@@ -254,8 +236,7 @@ class AuthBackendRoleArgs:
254
236
  @pulumi.getter(name="tokenNumUses")
255
237
  def token_num_uses(self) -> Optional[pulumi.Input[int]]:
256
238
  """
257
- The [maximum number](https://www.vaultproject.io/api-docs/kubernetes#token_num_uses)
258
- of times a generated token may be used (within its lifetime); 0 means unlimited.
239
+ The maximum number of times a token may be used, a value of zero means unlimited
259
240
  """
260
241
  return pulumi.get(self, "token_num_uses")
261
242
 
@@ -267,10 +248,7 @@ class AuthBackendRoleArgs:
267
248
  @pulumi.getter(name="tokenPeriod")
268
249
  def token_period(self) -> Optional[pulumi.Input[int]]:
269
250
  """
270
- If set, indicates that the
271
- token generated using this role should never expire. The token should be renewed within the
272
- duration specified by this value. At each renewal, the token's TTL will be set to the
273
- value of this field. Specified in seconds.
251
+ Generated Token's Period
274
252
  """
275
253
  return pulumi.get(self, "token_period")
276
254
 
@@ -282,8 +260,7 @@ class AuthBackendRoleArgs:
282
260
  @pulumi.getter(name="tokenPolicies")
283
261
  def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
284
262
  """
285
- List of policies to encode onto generated tokens. Depending
286
- on the auth method, this list may be supplemented by user/group/other values.
263
+ Generated Token's Policies
287
264
  """
288
265
  return pulumi.get(self, "token_policies")
289
266
 
@@ -307,11 +284,7 @@ class AuthBackendRoleArgs:
307
284
  @pulumi.getter(name="tokenType")
308
285
  def token_type(self) -> Optional[pulumi.Input[str]]:
309
286
  """
310
- The type of token that should be generated. Can be `service`,
311
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
312
- `service` tokens). For token store roles, there are two additional possibilities:
313
- `default-service` and `default-batch` which specify the type to return unless the client
314
- requests a different type at generation time.
287
+ The type of token to generate, service or batch
315
288
  """
316
289
  return pulumi.get(self, "token_type")
317
290
 
@@ -353,34 +326,18 @@ class _AuthBackendRoleState:
353
326
  :param pulumi.Input[Sequence[pulumi.Input[str]]] bound_service_account_namespaces: List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
354
327
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
355
328
  The value should not contain leading or trailing forward slashes.
356
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
329
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
357
330
  *Available only for Vault Enterprise*.
358
331
  :param pulumi.Input[str] role_name: Name of the role.
359
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
360
- addresses which can authenticate successfully, and ties the resulting token to these blocks
361
- as well.
362
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
363
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
364
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
365
- `token_max_ttl` would otherwise allow a renewal.
366
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
367
- Its current value will be referenced at renewal time.
368
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
369
- generated tokens; otherwise it will be added to the policies set in token_policies.
370
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/kubernetes#token_num_uses)
371
- of times a generated token may be used (within its lifetime); 0 means unlimited.
372
- :param pulumi.Input[int] token_period: If set, indicates that the
373
- token generated using this role should never expire. The token should be renewed within the
374
- duration specified by this value. At each renewal, the token's TTL will be set to the
375
- value of this field. Specified in seconds.
376
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
377
- on the auth method, this list may be supplemented by user/group/other values.
332
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
333
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
334
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
335
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
336
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
337
+ :param pulumi.Input[int] token_period: Generated Token's Period
338
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
378
339
  :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
379
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
380
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
381
- `service` tokens). For token store roles, there are two additional possibilities:
382
- `default-service` and `default-batch` which specify the type to return unless the client
383
- requests a different type at generation time.
340
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
384
341
  """
385
342
  if alias_name_source is not None:
386
343
  pulumi.set(__self__, "alias_name_source", alias_name_source)
@@ -486,7 +443,7 @@ class _AuthBackendRoleState:
486
443
  """
487
444
  The namespace to provision the resource in.
488
445
  The value should not contain leading or trailing forward slashes.
489
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
446
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
490
447
  *Available only for Vault Enterprise*.
491
448
  """
492
449
  return pulumi.get(self, "namespace")
@@ -511,9 +468,7 @@ class _AuthBackendRoleState:
511
468
  @pulumi.getter(name="tokenBoundCidrs")
512
469
  def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
513
470
  """
514
- List of CIDR blocks; if set, specifies blocks of IP
515
- addresses which can authenticate successfully, and ties the resulting token to these blocks
516
- as well.
471
+ Specifies the blocks of IP addresses which are allowed to use the generated token
517
472
  """
518
473
  return pulumi.get(self, "token_bound_cidrs")
519
474
 
@@ -525,10 +480,7 @@ class _AuthBackendRoleState:
525
480
  @pulumi.getter(name="tokenExplicitMaxTtl")
526
481
  def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
527
482
  """
528
- If set, will encode an
529
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
530
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
531
- `token_max_ttl` would otherwise allow a renewal.
483
+ Generated Token's Explicit Maximum TTL in seconds
532
484
  """
533
485
  return pulumi.get(self, "token_explicit_max_ttl")
534
486
 
@@ -540,8 +492,7 @@ class _AuthBackendRoleState:
540
492
  @pulumi.getter(name="tokenMaxTtl")
541
493
  def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
542
494
  """
543
- The maximum lifetime for generated tokens in number of seconds.
544
- Its current value will be referenced at renewal time.
495
+ The maximum lifetime of the generated token
545
496
  """
546
497
  return pulumi.get(self, "token_max_ttl")
547
498
 
@@ -553,8 +504,7 @@ class _AuthBackendRoleState:
553
504
  @pulumi.getter(name="tokenNoDefaultPolicy")
554
505
  def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
555
506
  """
556
- If set, the default policy will not be set on
557
- generated tokens; otherwise it will be added to the policies set in token_policies.
507
+ If true, the 'default' policy will not automatically be added to generated tokens
558
508
  """
559
509
  return pulumi.get(self, "token_no_default_policy")
560
510
 
@@ -566,8 +516,7 @@ class _AuthBackendRoleState:
566
516
  @pulumi.getter(name="tokenNumUses")
567
517
  def token_num_uses(self) -> Optional[pulumi.Input[int]]:
568
518
  """
569
- The [maximum number](https://www.vaultproject.io/api-docs/kubernetes#token_num_uses)
570
- of times a generated token may be used (within its lifetime); 0 means unlimited.
519
+ The maximum number of times a token may be used, a value of zero means unlimited
571
520
  """
572
521
  return pulumi.get(self, "token_num_uses")
573
522
 
@@ -579,10 +528,7 @@ class _AuthBackendRoleState:
579
528
  @pulumi.getter(name="tokenPeriod")
580
529
  def token_period(self) -> Optional[pulumi.Input[int]]:
581
530
  """
582
- If set, indicates that the
583
- token generated using this role should never expire. The token should be renewed within the
584
- duration specified by this value. At each renewal, the token's TTL will be set to the
585
- value of this field. Specified in seconds.
531
+ Generated Token's Period
586
532
  """
587
533
  return pulumi.get(self, "token_period")
588
534
 
@@ -594,8 +540,7 @@ class _AuthBackendRoleState:
594
540
  @pulumi.getter(name="tokenPolicies")
595
541
  def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
596
542
  """
597
- List of policies to encode onto generated tokens. Depending
598
- on the auth method, this list may be supplemented by user/group/other values.
543
+ Generated Token's Policies
599
544
  """
600
545
  return pulumi.get(self, "token_policies")
601
546
 
@@ -619,11 +564,7 @@ class _AuthBackendRoleState:
619
564
  @pulumi.getter(name="tokenType")
620
565
  def token_type(self) -> Optional[pulumi.Input[str]]:
621
566
  """
622
- The type of token that should be generated. Can be `service`,
623
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
624
- `service` tokens). For token store roles, there are two additional possibilities:
625
- `default-service` and `default-batch` which specify the type to return unless the client
626
- requests a different type at generation time.
567
+ The type of token to generate, service or batch
627
568
  """
628
569
  return pulumi.get(self, "token_type")
629
570
 
@@ -661,7 +602,6 @@ class AuthBackendRole(pulumi.CustomResource):
661
602
 
662
603
  ## Example Usage
663
604
 
664
- <!--Start PulumiCodeChooser -->
665
605
  ```python
666
606
  import pulumi
667
607
  import pulumi_vault as vault
@@ -680,7 +620,6 @@ class AuthBackendRole(pulumi.CustomResource):
680
620
  ],
681
621
  audience="vault")
682
622
  ```
683
- <!--End PulumiCodeChooser -->
684
623
 
685
624
  ## Import
686
625
 
@@ -704,34 +643,18 @@ class AuthBackendRole(pulumi.CustomResource):
704
643
  :param pulumi.Input[Sequence[pulumi.Input[str]]] bound_service_account_namespaces: List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
705
644
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
706
645
  The value should not contain leading or trailing forward slashes.
707
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
646
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
708
647
  *Available only for Vault Enterprise*.
709
648
  :param pulumi.Input[str] role_name: Name of the role.
710
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
711
- addresses which can authenticate successfully, and ties the resulting token to these blocks
712
- as well.
713
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
714
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
715
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
716
- `token_max_ttl` would otherwise allow a renewal.
717
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
718
- Its current value will be referenced at renewal time.
719
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
720
- generated tokens; otherwise it will be added to the policies set in token_policies.
721
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/kubernetes#token_num_uses)
722
- of times a generated token may be used (within its lifetime); 0 means unlimited.
723
- :param pulumi.Input[int] token_period: If set, indicates that the
724
- token generated using this role should never expire. The token should be renewed within the
725
- duration specified by this value. At each renewal, the token's TTL will be set to the
726
- value of this field. Specified in seconds.
727
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
728
- on the auth method, this list may be supplemented by user/group/other values.
649
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
650
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
651
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
652
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
653
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
654
+ :param pulumi.Input[int] token_period: Generated Token's Period
655
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
729
656
  :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
730
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
731
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
732
- `service` tokens). For token store roles, there are two additional possibilities:
733
- `default-service` and `default-batch` which specify the type to return unless the client
734
- requests a different type at generation time.
657
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
735
658
  """
736
659
  ...
737
660
  @overload
@@ -746,7 +669,6 @@ class AuthBackendRole(pulumi.CustomResource):
746
669
 
747
670
  ## Example Usage
748
671
 
749
- <!--Start PulumiCodeChooser -->
750
672
  ```python
751
673
  import pulumi
752
674
  import pulumi_vault as vault
@@ -765,7 +687,6 @@ class AuthBackendRole(pulumi.CustomResource):
765
687
  ],
766
688
  audience="vault")
767
689
  ```
768
- <!--End PulumiCodeChooser -->
769
690
 
770
691
  ## Import
771
692
 
@@ -882,34 +803,18 @@ class AuthBackendRole(pulumi.CustomResource):
882
803
  :param pulumi.Input[Sequence[pulumi.Input[str]]] bound_service_account_namespaces: List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
883
804
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
884
805
  The value should not contain leading or trailing forward slashes.
885
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
806
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
886
807
  *Available only for Vault Enterprise*.
887
808
  :param pulumi.Input[str] role_name: Name of the role.
888
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
889
- addresses which can authenticate successfully, and ties the resulting token to these blocks
890
- as well.
891
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
892
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
893
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
894
- `token_max_ttl` would otherwise allow a renewal.
895
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
896
- Its current value will be referenced at renewal time.
897
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
898
- generated tokens; otherwise it will be added to the policies set in token_policies.
899
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/kubernetes#token_num_uses)
900
- of times a generated token may be used (within its lifetime); 0 means unlimited.
901
- :param pulumi.Input[int] token_period: If set, indicates that the
902
- token generated using this role should never expire. The token should be renewed within the
903
- duration specified by this value. At each renewal, the token's TTL will be set to the
904
- value of this field. Specified in seconds.
905
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
906
- on the auth method, this list may be supplemented by user/group/other values.
809
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
810
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
811
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
812
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
813
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
814
+ :param pulumi.Input[int] token_period: Generated Token's Period
815
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
907
816
  :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
908
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
909
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
910
- `service` tokens). For token store roles, there are two additional possibilities:
911
- `default-service` and `default-batch` which specify the type to return unless the client
912
- requests a different type at generation time.
817
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
913
818
  """
914
819
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
915
820
 
@@ -984,7 +889,7 @@ class AuthBackendRole(pulumi.CustomResource):
984
889
  """
985
890
  The namespace to provision the resource in.
986
891
  The value should not contain leading or trailing forward slashes.
987
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
892
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
988
893
  *Available only for Vault Enterprise*.
989
894
  """
990
895
  return pulumi.get(self, "namespace")
@@ -1001,9 +906,7 @@ class AuthBackendRole(pulumi.CustomResource):
1001
906
  @pulumi.getter(name="tokenBoundCidrs")
1002
907
  def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
1003
908
  """
1004
- List of CIDR blocks; if set, specifies blocks of IP
1005
- addresses which can authenticate successfully, and ties the resulting token to these blocks
1006
- as well.
909
+ Specifies the blocks of IP addresses which are allowed to use the generated token
1007
910
  """
1008
911
  return pulumi.get(self, "token_bound_cidrs")
1009
912
 
@@ -1011,10 +914,7 @@ class AuthBackendRole(pulumi.CustomResource):
1011
914
  @pulumi.getter(name="tokenExplicitMaxTtl")
1012
915
  def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
1013
916
  """
1014
- If set, will encode an
1015
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
1016
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
1017
- `token_max_ttl` would otherwise allow a renewal.
917
+ Generated Token's Explicit Maximum TTL in seconds
1018
918
  """
1019
919
  return pulumi.get(self, "token_explicit_max_ttl")
1020
920
 
@@ -1022,8 +922,7 @@ class AuthBackendRole(pulumi.CustomResource):
1022
922
  @pulumi.getter(name="tokenMaxTtl")
1023
923
  def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
1024
924
  """
1025
- The maximum lifetime for generated tokens in number of seconds.
1026
- Its current value will be referenced at renewal time.
925
+ The maximum lifetime of the generated token
1027
926
  """
1028
927
  return pulumi.get(self, "token_max_ttl")
1029
928
 
@@ -1031,8 +930,7 @@ class AuthBackendRole(pulumi.CustomResource):
1031
930
  @pulumi.getter(name="tokenNoDefaultPolicy")
1032
931
  def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
1033
932
  """
1034
- If set, the default policy will not be set on
1035
- generated tokens; otherwise it will be added to the policies set in token_policies.
933
+ If true, the 'default' policy will not automatically be added to generated tokens
1036
934
  """
1037
935
  return pulumi.get(self, "token_no_default_policy")
1038
936
 
@@ -1040,8 +938,7 @@ class AuthBackendRole(pulumi.CustomResource):
1040
938
  @pulumi.getter(name="tokenNumUses")
1041
939
  def token_num_uses(self) -> pulumi.Output[Optional[int]]:
1042
940
  """
1043
- The [maximum number](https://www.vaultproject.io/api-docs/kubernetes#token_num_uses)
1044
- of times a generated token may be used (within its lifetime); 0 means unlimited.
941
+ The maximum number of times a token may be used, a value of zero means unlimited
1045
942
  """
1046
943
  return pulumi.get(self, "token_num_uses")
1047
944
 
@@ -1049,10 +946,7 @@ class AuthBackendRole(pulumi.CustomResource):
1049
946
  @pulumi.getter(name="tokenPeriod")
1050
947
  def token_period(self) -> pulumi.Output[Optional[int]]:
1051
948
  """
1052
- If set, indicates that the
1053
- token generated using this role should never expire. The token should be renewed within the
1054
- duration specified by this value. At each renewal, the token's TTL will be set to the
1055
- value of this field. Specified in seconds.
949
+ Generated Token's Period
1056
950
  """
1057
951
  return pulumi.get(self, "token_period")
1058
952
 
@@ -1060,8 +954,7 @@ class AuthBackendRole(pulumi.CustomResource):
1060
954
  @pulumi.getter(name="tokenPolicies")
1061
955
  def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
1062
956
  """
1063
- List of policies to encode onto generated tokens. Depending
1064
- on the auth method, this list may be supplemented by user/group/other values.
957
+ Generated Token's Policies
1065
958
  """
1066
959
  return pulumi.get(self, "token_policies")
1067
960
 
@@ -1077,11 +970,7 @@ class AuthBackendRole(pulumi.CustomResource):
1077
970
  @pulumi.getter(name="tokenType")
1078
971
  def token_type(self) -> pulumi.Output[Optional[str]]:
1079
972
  """
1080
- The type of token that should be generated. Can be `service`,
1081
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
1082
- `service` tokens). For token store roles, there are two additional possibilities:
1083
- `default-service` and `default-batch` which specify the type to return unless the client
1084
- requests a different type at generation time.
973
+ The type of token to generate, service or batch
1085
974
  """
1086
975
  return pulumi.get(self, "token_type")
1087
976