pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +22 -7
  5. pulumi_vault/ad/secret_backend.py +14 -144
  6. pulumi_vault/ad/secret_library.py +14 -11
  7. pulumi_vault/ad/secret_role.py +12 -11
  8. pulumi_vault/alicloud/auth_backend_role.py +74 -192
  9. pulumi_vault/approle/auth_backend_login.py +12 -11
  10. pulumi_vault/approle/auth_backend_role.py +75 -193
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
  13. pulumi_vault/audit.py +24 -27
  14. pulumi_vault/audit_request_header.py +11 -6
  15. pulumi_vault/auth_backend.py +64 -12
  16. pulumi_vault/aws/auth_backend_cert.py +12 -7
  17. pulumi_vault/aws/auth_backend_client.py +265 -24
  18. pulumi_vault/aws/auth_backend_config_identity.py +12 -11
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +75 -193
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
  24. pulumi_vault/aws/auth_backend_sts_role.py +12 -11
  25. pulumi_vault/aws/get_access_credentials.py +34 -7
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +75 -7
  28. pulumi_vault/aws/secret_backend_role.py +183 -11
  29. pulumi_vault/aws/secret_backend_static_role.py +14 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +151 -17
  32. pulumi_vault/azure/auth_backend_role.py +75 -193
  33. pulumi_vault/azure/backend.py +223 -29
  34. pulumi_vault/azure/backend_role.py +42 -41
  35. pulumi_vault/azure/get_access_credentials.py +39 -11
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -271
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +22 -25
  44. pulumi_vault/consul/secret_backend_role.py +14 -80
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +117 -114
  48. pulumi_vault/database/secret_backend_role.py +29 -24
  49. pulumi_vault/database/secret_backend_static_role.py +85 -15
  50. pulumi_vault/database/secrets_mount.py +425 -138
  51. pulumi_vault/egp_policy.py +16 -15
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +248 -35
  54. pulumi_vault/gcp/auth_backend_role.py +75 -271
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -9
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -16
  58. pulumi_vault/gcp/secret_impersonated_account.py +74 -17
  59. pulumi_vault/gcp/secret_roleset.py +29 -26
  60. pulumi_vault/gcp/secret_static_account.py +37 -34
  61. pulumi_vault/generic/endpoint.py +22 -21
  62. pulumi_vault/generic/get_secret.py +68 -12
  63. pulumi_vault/generic/secret.py +19 -14
  64. pulumi_vault/get_auth_backend.py +24 -11
  65. pulumi_vault/get_auth_backends.py +33 -11
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -15
  69. pulumi_vault/get_policy_document.py +34 -23
  70. pulumi_vault/get_raft_autopilot_state.py +29 -14
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +17 -16
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +14 -13
  75. pulumi_vault/github/user.py +14 -13
  76. pulumi_vault/identity/entity.py +18 -15
  77. pulumi_vault/identity/entity_alias.py +18 -15
  78. pulumi_vault/identity/entity_policies.py +24 -19
  79. pulumi_vault/identity/get_entity.py +40 -14
  80. pulumi_vault/identity/get_group.py +45 -13
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -11
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -13
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -14
  84. pulumi_vault/identity/group.py +50 -49
  85. pulumi_vault/identity/group_alias.py +14 -11
  86. pulumi_vault/identity/group_member_entity_ids.py +24 -74
  87. pulumi_vault/identity/group_member_group_ids.py +36 -27
  88. pulumi_vault/identity/group_policies.py +16 -15
  89. pulumi_vault/identity/mfa_duo.py +9 -8
  90. pulumi_vault/identity/mfa_login_enforcement.py +13 -8
  91. pulumi_vault/identity/mfa_okta.py +9 -8
  92. pulumi_vault/identity/mfa_pingid.py +5 -4
  93. pulumi_vault/identity/mfa_totp.py +5 -4
  94. pulumi_vault/identity/oidc.py +12 -11
  95. pulumi_vault/identity/oidc_assignment.py +22 -13
  96. pulumi_vault/identity/oidc_client.py +34 -25
  97. pulumi_vault/identity/oidc_key.py +28 -19
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
  99. pulumi_vault/identity/oidc_provider.py +34 -23
  100. pulumi_vault/identity/oidc_role.py +40 -27
  101. pulumi_vault/identity/oidc_scope.py +18 -15
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +39 -46
  105. pulumi_vault/jwt/auth_backend_role.py +131 -260
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +22 -21
  108. pulumi_vault/kmip/secret_role.py +12 -11
  109. pulumi_vault/kmip/secret_scope.py +12 -11
  110. pulumi_vault/kubernetes/auth_backend_config.py +55 -7
  111. pulumi_vault/kubernetes/auth_backend_role.py +68 -179
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -15
  115. pulumi_vault/kubernetes/secret_backend.py +314 -29
  116. pulumi_vault/kubernetes/secret_backend_role.py +135 -56
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +23 -12
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
  120. pulumi_vault/kv/get_secret_v2.py +89 -9
  121. pulumi_vault/kv/get_secrets_list.py +22 -15
  122. pulumi_vault/kv/get_secrets_list_v2.py +35 -19
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +19 -18
  125. pulumi_vault/kv/secret_backend_v2.py +12 -11
  126. pulumi_vault/kv/secret_v2.py +55 -52
  127. pulumi_vault/ldap/auth_backend.py +125 -168
  128. pulumi_vault/ldap/auth_backend_group.py +12 -11
  129. pulumi_vault/ldap/auth_backend_user.py +12 -11
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +352 -84
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +14 -11
  135. pulumi_vault/ldap/secret_backend_static_role.py +67 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +27 -43
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +16 -13
  140. pulumi_vault/mfa_okta.py +16 -13
  141. pulumi_vault/mfa_pingid.py +16 -13
  142. pulumi_vault/mfa_totp.py +22 -19
  143. pulumi_vault/mongodbatlas/secret_backend.py +18 -17
  144. pulumi_vault/mongodbatlas/secret_role.py +41 -38
  145. pulumi_vault/mount.py +389 -65
  146. pulumi_vault/namespace.py +26 -21
  147. pulumi_vault/nomad_secret_backend.py +16 -15
  148. pulumi_vault/nomad_secret_role.py +12 -11
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +483 -41
  151. pulumi_vault/okta/auth_backend_group.py +12 -11
  152. pulumi_vault/okta/auth_backend_user.py +12 -11
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +18 -15
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -13
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -12
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
  174. pulumi_vault/pkisecret/secret_backend_key.py +12 -7
  175. pulumi_vault/pkisecret/secret_backend_role.py +19 -16
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +12 -7
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +58 -8
  185. pulumi_vault/quota_rate_limit.py +54 -4
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +16 -15
  189. pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
  190. pulumi_vault/raft_autopilot.py +12 -11
  191. pulumi_vault/raft_snapshot_agent_config.py +121 -311
  192. pulumi_vault/rgp_policy.py +14 -13
  193. pulumi_vault/saml/auth_backend.py +20 -19
  194. pulumi_vault/saml/auth_backend_role.py +90 -199
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -75
  199. pulumi_vault/secrets/sync_aws_destination.py +240 -29
  200. pulumi_vault/secrets/sync_azure_destination.py +90 -33
  201. pulumi_vault/secrets/sync_config.py +7 -6
  202. pulumi_vault/secrets/sync_gcp_destination.py +156 -27
  203. pulumi_vault/secrets/sync_gh_destination.py +187 -15
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +72 -15
  206. pulumi_vault/ssh/_inputs.py +28 -32
  207. pulumi_vault/ssh/outputs.py +11 -32
  208. pulumi_vault/ssh/secret_backend_ca.py +106 -11
  209. pulumi_vault/ssh/secret_backend_role.py +83 -120
  210. pulumi_vault/terraformcloud/secret_backend.py +5 -56
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -24
  212. pulumi_vault/terraformcloud/secret_role.py +14 -76
  213. pulumi_vault/token.py +26 -25
  214. pulumi_vault/tokenauth/auth_backend_role.py +76 -201
  215. pulumi_vault/transform/alphabet.py +16 -13
  216. pulumi_vault/transform/get_decode.py +45 -21
  217. pulumi_vault/transform/get_encode.py +45 -21
  218. pulumi_vault/transform/role.py +16 -13
  219. pulumi_vault/transform/template.py +30 -25
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -25
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +25 -97
  224. pulumi_vault/transit/secret_cache_config.py +12 -11
  225. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
@@ -14,8 +19,9 @@ __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
14
19
  @pulumi.input_type
15
20
  class SecretBackendRoleArgs:
16
21
  def __init__(__self__, *,
17
- allowed_kubernetes_namespaces: pulumi.Input[Sequence[pulumi.Input[str]]],
18
22
  backend: pulumi.Input[str],
23
+ allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
24
+ allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
19
25
  extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
20
26
  extra_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
21
27
  generated_role_rules: Optional[pulumi.Input[str]] = None,
@@ -29,10 +35,15 @@ class SecretBackendRoleArgs:
29
35
  token_max_ttl: Optional[pulumi.Input[int]] = None):
30
36
  """
31
37
  The set of arguments for constructing a SecretBackendRole resource.
32
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
33
- can generate credentials for. If set to `*` all namespaces are allowed.
34
38
  :param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
35
39
  the role in.
40
+ :param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
41
+ in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
42
+ of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
43
+ If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
44
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
45
+ can generate credentials for. If set to `*` all namespaces are allowed. If set with
46
+ `allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
36
47
  :param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated
37
48
  Kubernetes objects.
38
49
  :param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_labels: Additional labels to apply to all generated Kubernetes
@@ -54,7 +65,7 @@ class SecretBackendRoleArgs:
54
65
  roles and role bindings. If unset, a default template is used.
55
66
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
56
67
  The value should not contain leading or trailing forward slashes.
57
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
68
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
58
69
  *Available only for Vault Enterprise*.
59
70
  :param pulumi.Input[str] service_account_name: The pre-existing service account to generate tokens for.
60
71
  Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
@@ -62,8 +73,11 @@ class SecretBackendRoleArgs:
62
73
  :param pulumi.Input[int] token_default_ttl: The default TTL for generated Kubernetes tokens in seconds.
63
74
  :param pulumi.Input[int] token_max_ttl: The maximum TTL for generated Kubernetes tokens in seconds.
64
75
  """
65
- pulumi.set(__self__, "allowed_kubernetes_namespaces", allowed_kubernetes_namespaces)
66
76
  pulumi.set(__self__, "backend", backend)
77
+ if allowed_kubernetes_namespace_selector is not None:
78
+ pulumi.set(__self__, "allowed_kubernetes_namespace_selector", allowed_kubernetes_namespace_selector)
79
+ if allowed_kubernetes_namespaces is not None:
80
+ pulumi.set(__self__, "allowed_kubernetes_namespaces", allowed_kubernetes_namespaces)
67
81
  if extra_annotations is not None:
68
82
  pulumi.set(__self__, "extra_annotations", extra_annotations)
69
83
  if extra_labels is not None:
@@ -87,19 +101,6 @@ class SecretBackendRoleArgs:
87
101
  if token_max_ttl is not None:
88
102
  pulumi.set(__self__, "token_max_ttl", token_max_ttl)
89
103
 
90
- @property
91
- @pulumi.getter(name="allowedKubernetesNamespaces")
92
- def allowed_kubernetes_namespaces(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
93
- """
94
- The list of Kubernetes namespaces this role
95
- can generate credentials for. If set to `*` all namespaces are allowed.
96
- """
97
- return pulumi.get(self, "allowed_kubernetes_namespaces")
98
-
99
- @allowed_kubernetes_namespaces.setter
100
- def allowed_kubernetes_namespaces(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
101
- pulumi.set(self, "allowed_kubernetes_namespaces", value)
102
-
103
104
  @property
104
105
  @pulumi.getter
105
106
  def backend(self) -> pulumi.Input[str]:
@@ -113,6 +114,35 @@ class SecretBackendRoleArgs:
113
114
  def backend(self, value: pulumi.Input[str]):
114
115
  pulumi.set(self, "backend", value)
115
116
 
117
+ @property
118
+ @pulumi.getter(name="allowedKubernetesNamespaceSelector")
119
+ def allowed_kubernetes_namespace_selector(self) -> Optional[pulumi.Input[str]]:
120
+ """
121
+ A label selector for Kubernetes namespaces
122
+ in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
123
+ of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
124
+ If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
125
+ """
126
+ return pulumi.get(self, "allowed_kubernetes_namespace_selector")
127
+
128
+ @allowed_kubernetes_namespace_selector.setter
129
+ def allowed_kubernetes_namespace_selector(self, value: Optional[pulumi.Input[str]]):
130
+ pulumi.set(self, "allowed_kubernetes_namespace_selector", value)
131
+
132
+ @property
133
+ @pulumi.getter(name="allowedKubernetesNamespaces")
134
+ def allowed_kubernetes_namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
135
+ """
136
+ The list of Kubernetes namespaces this role
137
+ can generate credentials for. If set to `*` all namespaces are allowed. If set with
138
+ `allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
139
+ """
140
+ return pulumi.get(self, "allowed_kubernetes_namespaces")
141
+
142
+ @allowed_kubernetes_namespaces.setter
143
+ def allowed_kubernetes_namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
144
+ pulumi.set(self, "allowed_kubernetes_namespaces", value)
145
+
116
146
  @property
117
147
  @pulumi.getter(name="extraAnnotations")
118
148
  def extra_annotations(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
@@ -215,7 +245,7 @@ class SecretBackendRoleArgs:
215
245
  """
216
246
  The namespace to provision the resource in.
217
247
  The value should not contain leading or trailing forward slashes.
218
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
248
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
219
249
  *Available only for Vault Enterprise*.
220
250
  """
221
251
  return pulumi.get(self, "namespace")
@@ -266,6 +296,7 @@ class SecretBackendRoleArgs:
266
296
  @pulumi.input_type
267
297
  class _SecretBackendRoleState:
268
298
  def __init__(__self__, *,
299
+ allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
269
300
  allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
270
301
  backend: Optional[pulumi.Input[str]] = None,
271
302
  extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
@@ -281,8 +312,13 @@ class _SecretBackendRoleState:
281
312
  token_max_ttl: Optional[pulumi.Input[int]] = None):
282
313
  """
283
314
  Input properties used for looking up and filtering SecretBackendRole resources.
315
+ :param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
316
+ in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
317
+ of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
318
+ If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
284
319
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
285
- can generate credentials for. If set to `*` all namespaces are allowed.
320
+ can generate credentials for. If set to `*` all namespaces are allowed. If set with
321
+ `allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
286
322
  :param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
287
323
  the role in.
288
324
  :param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated
@@ -306,7 +342,7 @@ class _SecretBackendRoleState:
306
342
  roles and role bindings. If unset, a default template is used.
307
343
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
308
344
  The value should not contain leading or trailing forward slashes.
309
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
345
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
310
346
  *Available only for Vault Enterprise*.
311
347
  :param pulumi.Input[str] service_account_name: The pre-existing service account to generate tokens for.
312
348
  Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
@@ -314,6 +350,8 @@ class _SecretBackendRoleState:
314
350
  :param pulumi.Input[int] token_default_ttl: The default TTL for generated Kubernetes tokens in seconds.
315
351
  :param pulumi.Input[int] token_max_ttl: The maximum TTL for generated Kubernetes tokens in seconds.
316
352
  """
353
+ if allowed_kubernetes_namespace_selector is not None:
354
+ pulumi.set(__self__, "allowed_kubernetes_namespace_selector", allowed_kubernetes_namespace_selector)
317
355
  if allowed_kubernetes_namespaces is not None:
318
356
  pulumi.set(__self__, "allowed_kubernetes_namespaces", allowed_kubernetes_namespaces)
319
357
  if backend is not None:
@@ -341,12 +379,28 @@ class _SecretBackendRoleState:
341
379
  if token_max_ttl is not None:
342
380
  pulumi.set(__self__, "token_max_ttl", token_max_ttl)
343
381
 
382
+ @property
383
+ @pulumi.getter(name="allowedKubernetesNamespaceSelector")
384
+ def allowed_kubernetes_namespace_selector(self) -> Optional[pulumi.Input[str]]:
385
+ """
386
+ A label selector for Kubernetes namespaces
387
+ in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
388
+ of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
389
+ If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
390
+ """
391
+ return pulumi.get(self, "allowed_kubernetes_namespace_selector")
392
+
393
+ @allowed_kubernetes_namespace_selector.setter
394
+ def allowed_kubernetes_namespace_selector(self, value: Optional[pulumi.Input[str]]):
395
+ pulumi.set(self, "allowed_kubernetes_namespace_selector", value)
396
+
344
397
  @property
345
398
  @pulumi.getter(name="allowedKubernetesNamespaces")
346
399
  def allowed_kubernetes_namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
347
400
  """
348
401
  The list of Kubernetes namespaces this role
349
- can generate credentials for. If set to `*` all namespaces are allowed.
402
+ can generate credentials for. If set to `*` all namespaces are allowed. If set with
403
+ `allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
350
404
  """
351
405
  return pulumi.get(self, "allowed_kubernetes_namespaces")
352
406
 
@@ -469,7 +523,7 @@ class _SecretBackendRoleState:
469
523
  """
470
524
  The namespace to provision the resource in.
471
525
  The value should not contain leading or trailing forward slashes.
472
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
526
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
473
527
  *Available only for Vault Enterprise*.
474
528
  """
475
529
  return pulumi.get(self, "namespace")
@@ -522,6 +576,7 @@ class SecretBackendRole(pulumi.CustomResource):
522
576
  def __init__(__self__,
523
577
  resource_name: str,
524
578
  opts: Optional[pulumi.ResourceOptions] = None,
579
+ allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
525
580
  allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
526
581
  backend: Optional[pulumi.Input[str]] = None,
527
582
  extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
@@ -541,20 +596,21 @@ class SecretBackendRole(pulumi.CustomResource):
541
596
 
542
597
  Example using `service_account_name` mode:
543
598
 
544
- <!--Start PulumiCodeChooser -->
545
599
  ```python
546
600
  import pulumi
601
+ import pulumi_std as std
547
602
  import pulumi_vault as vault
548
603
 
549
604
  config = vault.kubernetes.SecretBackend("config",
550
605
  path="kubernetes",
551
606
  description="kubernetes secrets engine description",
552
607
  kubernetes_host="https://127.0.0.1:61233",
553
- kubernetes_ca_cert=(lambda path: open(path).read())("/path/to/cert"),
554
- service_account_jwt=(lambda path: open(path).read())("/path/to/token"),
608
+ kubernetes_ca_cert=std.file(input="/path/to/cert").result,
609
+ service_account_jwt=std.file(input="/path/to/token").result,
555
610
  disable_local_ca_jwt=False)
556
611
  sa_example = vault.kubernetes.SecretBackendRole("sa-example",
557
612
  backend=config.path,
613
+ name="service-account-name-role",
558
614
  allowed_kubernetes_namespaces=["*"],
559
615
  token_max_ttl=43200,
560
616
  token_default_ttl=21600,
@@ -568,24 +624,24 @@ class SecretBackendRole(pulumi.CustomResource):
568
624
  "location": "earth",
569
625
  })
570
626
  ```
571
- <!--End PulumiCodeChooser -->
572
627
 
573
628
  Example using `kubernetes_role_name` mode:
574
629
 
575
- <!--Start PulumiCodeChooser -->
576
630
  ```python
577
631
  import pulumi
632
+ import pulumi_std as std
578
633
  import pulumi_vault as vault
579
634
 
580
635
  config = vault.kubernetes.SecretBackend("config",
581
636
  path="kubernetes",
582
637
  description="kubernetes secrets engine description",
583
638
  kubernetes_host="https://127.0.0.1:61233",
584
- kubernetes_ca_cert=(lambda path: open(path).read())("/path/to/cert"),
585
- service_account_jwt=(lambda path: open(path).read())("/path/to/token"),
639
+ kubernetes_ca_cert=std.file(input="/path/to/cert").result,
640
+ service_account_jwt=std.file(input="/path/to/token").result,
586
641
  disable_local_ca_jwt=False)
587
642
  name_example = vault.kubernetes.SecretBackendRole("name-example",
588
643
  backend=config.path,
644
+ name="service-account-name-role",
589
645
  allowed_kubernetes_namespaces=["*"],
590
646
  token_max_ttl=43200,
591
647
  token_default_ttl=21600,
@@ -599,24 +655,24 @@ class SecretBackendRole(pulumi.CustomResource):
599
655
  "location": "earth",
600
656
  })
601
657
  ```
602
- <!--End PulumiCodeChooser -->
603
658
 
604
659
  Example using `generated_role_rules` mode:
605
660
 
606
- <!--Start PulumiCodeChooser -->
607
661
  ```python
608
662
  import pulumi
663
+ import pulumi_std as std
609
664
  import pulumi_vault as vault
610
665
 
611
666
  config = vault.kubernetes.SecretBackend("config",
612
667
  path="kubernetes",
613
668
  description="kubernetes secrets engine description",
614
669
  kubernetes_host="https://127.0.0.1:61233",
615
- kubernetes_ca_cert=(lambda path: open(path).read())("/path/to/cert"),
616
- service_account_jwt=(lambda path: open(path).read())("/path/to/token"),
670
+ kubernetes_ca_cert=std.file(input="/path/to/cert").result,
671
+ service_account_jwt=std.file(input="/path/to/token").result,
617
672
  disable_local_ca_jwt=False)
618
673
  rules_example = vault.kubernetes.SecretBackendRole("rules-example",
619
674
  backend=config.path,
675
+ name="service-account-name-role",
620
676
  allowed_kubernetes_namespaces=["*"],
621
677
  token_max_ttl=43200,
622
678
  token_default_ttl=21600,
@@ -635,7 +691,6 @@ class SecretBackendRole(pulumi.CustomResource):
635
691
  "location": "earth",
636
692
  })
637
693
  ```
638
- <!--End PulumiCodeChooser -->
639
694
 
640
695
  ## Import
641
696
 
@@ -649,8 +704,13 @@ class SecretBackendRole(pulumi.CustomResource):
649
704
 
650
705
  :param str resource_name: The name of the resource.
651
706
  :param pulumi.ResourceOptions opts: Options for the resource.
707
+ :param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
708
+ in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
709
+ of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
710
+ If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
652
711
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
653
- can generate credentials for. If set to `*` all namespaces are allowed.
712
+ can generate credentials for. If set to `*` all namespaces are allowed. If set with
713
+ `allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
654
714
  :param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
655
715
  the role in.
656
716
  :param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated
@@ -674,7 +734,7 @@ class SecretBackendRole(pulumi.CustomResource):
674
734
  roles and role bindings. If unset, a default template is used.
675
735
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
676
736
  The value should not contain leading or trailing forward slashes.
677
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
737
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
678
738
  *Available only for Vault Enterprise*.
679
739
  :param pulumi.Input[str] service_account_name: The pre-existing service account to generate tokens for.
680
740
  Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
@@ -693,20 +753,21 @@ class SecretBackendRole(pulumi.CustomResource):
693
753
 
694
754
  Example using `service_account_name` mode:
695
755
 
696
- <!--Start PulumiCodeChooser -->
697
756
  ```python
698
757
  import pulumi
758
+ import pulumi_std as std
699
759
  import pulumi_vault as vault
700
760
 
701
761
  config = vault.kubernetes.SecretBackend("config",
702
762
  path="kubernetes",
703
763
  description="kubernetes secrets engine description",
704
764
  kubernetes_host="https://127.0.0.1:61233",
705
- kubernetes_ca_cert=(lambda path: open(path).read())("/path/to/cert"),
706
- service_account_jwt=(lambda path: open(path).read())("/path/to/token"),
765
+ kubernetes_ca_cert=std.file(input="/path/to/cert").result,
766
+ service_account_jwt=std.file(input="/path/to/token").result,
707
767
  disable_local_ca_jwt=False)
708
768
  sa_example = vault.kubernetes.SecretBackendRole("sa-example",
709
769
  backend=config.path,
770
+ name="service-account-name-role",
710
771
  allowed_kubernetes_namespaces=["*"],
711
772
  token_max_ttl=43200,
712
773
  token_default_ttl=21600,
@@ -720,24 +781,24 @@ class SecretBackendRole(pulumi.CustomResource):
720
781
  "location": "earth",
721
782
  })
722
783
  ```
723
- <!--End PulumiCodeChooser -->
724
784
 
725
785
  Example using `kubernetes_role_name` mode:
726
786
 
727
- <!--Start PulumiCodeChooser -->
728
787
  ```python
729
788
  import pulumi
789
+ import pulumi_std as std
730
790
  import pulumi_vault as vault
731
791
 
732
792
  config = vault.kubernetes.SecretBackend("config",
733
793
  path="kubernetes",
734
794
  description="kubernetes secrets engine description",
735
795
  kubernetes_host="https://127.0.0.1:61233",
736
- kubernetes_ca_cert=(lambda path: open(path).read())("/path/to/cert"),
737
- service_account_jwt=(lambda path: open(path).read())("/path/to/token"),
796
+ kubernetes_ca_cert=std.file(input="/path/to/cert").result,
797
+ service_account_jwt=std.file(input="/path/to/token").result,
738
798
  disable_local_ca_jwt=False)
739
799
  name_example = vault.kubernetes.SecretBackendRole("name-example",
740
800
  backend=config.path,
801
+ name="service-account-name-role",
741
802
  allowed_kubernetes_namespaces=["*"],
742
803
  token_max_ttl=43200,
743
804
  token_default_ttl=21600,
@@ -751,24 +812,24 @@ class SecretBackendRole(pulumi.CustomResource):
751
812
  "location": "earth",
752
813
  })
753
814
  ```
754
- <!--End PulumiCodeChooser -->
755
815
 
756
816
  Example using `generated_role_rules` mode:
757
817
 
758
- <!--Start PulumiCodeChooser -->
759
818
  ```python
760
819
  import pulumi
820
+ import pulumi_std as std
761
821
  import pulumi_vault as vault
762
822
 
763
823
  config = vault.kubernetes.SecretBackend("config",
764
824
  path="kubernetes",
765
825
  description="kubernetes secrets engine description",
766
826
  kubernetes_host="https://127.0.0.1:61233",
767
- kubernetes_ca_cert=(lambda path: open(path).read())("/path/to/cert"),
768
- service_account_jwt=(lambda path: open(path).read())("/path/to/token"),
827
+ kubernetes_ca_cert=std.file(input="/path/to/cert").result,
828
+ service_account_jwt=std.file(input="/path/to/token").result,
769
829
  disable_local_ca_jwt=False)
770
830
  rules_example = vault.kubernetes.SecretBackendRole("rules-example",
771
831
  backend=config.path,
832
+ name="service-account-name-role",
772
833
  allowed_kubernetes_namespaces=["*"],
773
834
  token_max_ttl=43200,
774
835
  token_default_ttl=21600,
@@ -787,7 +848,6 @@ class SecretBackendRole(pulumi.CustomResource):
787
848
  "location": "earth",
788
849
  })
789
850
  ```
790
- <!--End PulumiCodeChooser -->
791
851
 
792
852
  ## Import
793
853
 
@@ -814,6 +874,7 @@ class SecretBackendRole(pulumi.CustomResource):
814
874
  def _internal_init(__self__,
815
875
  resource_name: str,
816
876
  opts: Optional[pulumi.ResourceOptions] = None,
877
+ allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
817
878
  allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
818
879
  backend: Optional[pulumi.Input[str]] = None,
819
880
  extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
@@ -836,8 +897,7 @@ class SecretBackendRole(pulumi.CustomResource):
836
897
  raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
837
898
  __props__ = SecretBackendRoleArgs.__new__(SecretBackendRoleArgs)
838
899
 
839
- if allowed_kubernetes_namespaces is None and not opts.urn:
840
- raise TypeError("Missing required property 'allowed_kubernetes_namespaces'")
900
+ __props__.__dict__["allowed_kubernetes_namespace_selector"] = allowed_kubernetes_namespace_selector
841
901
  __props__.__dict__["allowed_kubernetes_namespaces"] = allowed_kubernetes_namespaces
842
902
  if backend is None and not opts.urn:
843
903
  raise TypeError("Missing required property 'backend'")
@@ -863,6 +923,7 @@ class SecretBackendRole(pulumi.CustomResource):
863
923
  def get(resource_name: str,
864
924
  id: pulumi.Input[str],
865
925
  opts: Optional[pulumi.ResourceOptions] = None,
926
+ allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
866
927
  allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
867
928
  backend: Optional[pulumi.Input[str]] = None,
868
929
  extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
@@ -883,8 +944,13 @@ class SecretBackendRole(pulumi.CustomResource):
883
944
  :param str resource_name: The unique name of the resulting resource.
884
945
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
885
946
  :param pulumi.ResourceOptions opts: Options for the resource.
947
+ :param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces
948
+ in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
949
+ of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
950
+ If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
886
951
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role
887
- can generate credentials for. If set to `*` all namespaces are allowed.
952
+ can generate credentials for. If set to `*` all namespaces are allowed. If set with
953
+ `allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
888
954
  :param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
889
955
  the role in.
890
956
  :param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated
@@ -908,7 +974,7 @@ class SecretBackendRole(pulumi.CustomResource):
908
974
  roles and role bindings. If unset, a default template is used.
909
975
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
910
976
  The value should not contain leading or trailing forward slashes.
911
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
977
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
912
978
  *Available only for Vault Enterprise*.
913
979
  :param pulumi.Input[str] service_account_name: The pre-existing service account to generate tokens for.
914
980
  Mutually exclusive with `kubernetes_role_name` and `generated_role_rules`. If set, only a
@@ -920,6 +986,7 @@ class SecretBackendRole(pulumi.CustomResource):
920
986
 
921
987
  __props__ = _SecretBackendRoleState.__new__(_SecretBackendRoleState)
922
988
 
989
+ __props__.__dict__["allowed_kubernetes_namespace_selector"] = allowed_kubernetes_namespace_selector
923
990
  __props__.__dict__["allowed_kubernetes_namespaces"] = allowed_kubernetes_namespaces
924
991
  __props__.__dict__["backend"] = backend
925
992
  __props__.__dict__["extra_annotations"] = extra_annotations
@@ -935,12 +1002,24 @@ class SecretBackendRole(pulumi.CustomResource):
935
1002
  __props__.__dict__["token_max_ttl"] = token_max_ttl
936
1003
  return SecretBackendRole(resource_name, opts=opts, __props__=__props__)
937
1004
 
1005
+ @property
1006
+ @pulumi.getter(name="allowedKubernetesNamespaceSelector")
1007
+ def allowed_kubernetes_namespace_selector(self) -> pulumi.Output[Optional[str]]:
1008
+ """
1009
+ A label selector for Kubernetes namespaces
1010
+ in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
1011
+ of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
1012
+ If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
1013
+ """
1014
+ return pulumi.get(self, "allowed_kubernetes_namespace_selector")
1015
+
938
1016
  @property
939
1017
  @pulumi.getter(name="allowedKubernetesNamespaces")
940
- def allowed_kubernetes_namespaces(self) -> pulumi.Output[Sequence[str]]:
1018
+ def allowed_kubernetes_namespaces(self) -> pulumi.Output[Optional[Sequence[str]]]:
941
1019
  """
942
1020
  The list of Kubernetes namespaces this role
943
- can generate credentials for. If set to `*` all namespaces are allowed.
1021
+ can generate credentials for. If set to `*` all namespaces are allowed. If set with
1022
+ `allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
944
1023
  """
945
1024
  return pulumi.get(self, "allowed_kubernetes_namespaces")
946
1025
 
@@ -1027,7 +1106,7 @@ class SecretBackendRole(pulumi.CustomResource):
1027
1106
  """
1028
1107
  The namespace to provision the resource in.
1029
1108
  The value should not contain leading or trailing forward slashes.
1030
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1109
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1031
1110
  *Available only for Vault Enterprise*.
1032
1111
  """
1033
1112
  return pulumi.get(self, "namespace")
@@ -4,25 +4,57 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = [
13
18
  'SecretV2CustomMetadataArgs',
19
+ 'SecretV2CustomMetadataArgsDict',
14
20
  ]
15
21
 
22
+ MYPY = False
23
+
24
+ if not MYPY:
25
+ class SecretV2CustomMetadataArgsDict(TypedDict):
26
+ cas_required: NotRequired[pulumi.Input[bool]]
27
+ """
28
+ If true, all keys will require the cas parameter to be set on all write requests.
29
+ """
30
+ data: NotRequired[pulumi.Input[Mapping[str, pulumi.Input[str]]]]
31
+ """
32
+ A mapping whose keys are the top-level data keys returned from
33
+ Vault and whose values are the corresponding values. This map can only
34
+ represent string data, so any non-string values returned from Vault are
35
+ serialized as JSON.
36
+ """
37
+ delete_version_after: NotRequired[pulumi.Input[int]]
38
+ """
39
+ If set, specifies the length of time before a version is deleted.
40
+ """
41
+ max_versions: NotRequired[pulumi.Input[int]]
42
+ """
43
+ The number of versions to keep per key.
44
+ """
45
+ elif False:
46
+ SecretV2CustomMetadataArgsDict: TypeAlias = Mapping[str, Any]
47
+
16
48
  @pulumi.input_type
17
49
  class SecretV2CustomMetadataArgs:
18
50
  def __init__(__self__, *,
19
51
  cas_required: Optional[pulumi.Input[bool]] = None,
20
- data: Optional[pulumi.Input[Mapping[str, Any]]] = None,
52
+ data: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
21
53
  delete_version_after: Optional[pulumi.Input[int]] = None,
22
54
  max_versions: Optional[pulumi.Input[int]] = None):
23
55
  """
24
56
  :param pulumi.Input[bool] cas_required: If true, all keys will require the cas parameter to be set on all write requests.
25
- :param pulumi.Input[Mapping[str, Any]] data: A mapping whose keys are the top-level data keys returned from
57
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] data: A mapping whose keys are the top-level data keys returned from
26
58
  Vault and whose values are the corresponding values. This map can only
27
59
  represent string data, so any non-string values returned from Vault are
28
60
  serialized as JSON.
@@ -52,7 +84,7 @@ class SecretV2CustomMetadataArgs:
52
84
 
53
85
  @property
54
86
  @pulumi.getter
55
- def data(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
87
+ def data(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
56
88
  """
57
89
  A mapping whose keys are the top-level data keys returned from
58
90
  Vault and whose values are the corresponding values. This map can only
@@ -62,7 +94,7 @@ class SecretV2CustomMetadataArgs:
62
94
  return pulumi.get(self, "data")
63
95
 
64
96
  @data.setter
65
- def data(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
97
+ def data(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
66
98
  pulumi.set(self, "data", value)
67
99
 
68
100
  @property