pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +22 -7
  5. pulumi_vault/ad/secret_backend.py +14 -144
  6. pulumi_vault/ad/secret_library.py +14 -11
  7. pulumi_vault/ad/secret_role.py +12 -11
  8. pulumi_vault/alicloud/auth_backend_role.py +74 -192
  9. pulumi_vault/approle/auth_backend_login.py +12 -11
  10. pulumi_vault/approle/auth_backend_role.py +75 -193
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
  13. pulumi_vault/audit.py +24 -27
  14. pulumi_vault/audit_request_header.py +11 -6
  15. pulumi_vault/auth_backend.py +64 -12
  16. pulumi_vault/aws/auth_backend_cert.py +12 -7
  17. pulumi_vault/aws/auth_backend_client.py +265 -24
  18. pulumi_vault/aws/auth_backend_config_identity.py +12 -11
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +75 -193
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
  24. pulumi_vault/aws/auth_backend_sts_role.py +12 -11
  25. pulumi_vault/aws/get_access_credentials.py +34 -7
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +75 -7
  28. pulumi_vault/aws/secret_backend_role.py +183 -11
  29. pulumi_vault/aws/secret_backend_static_role.py +14 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +151 -17
  32. pulumi_vault/azure/auth_backend_role.py +75 -193
  33. pulumi_vault/azure/backend.py +223 -29
  34. pulumi_vault/azure/backend_role.py +42 -41
  35. pulumi_vault/azure/get_access_credentials.py +39 -11
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -271
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +22 -25
  44. pulumi_vault/consul/secret_backend_role.py +14 -80
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +117 -114
  48. pulumi_vault/database/secret_backend_role.py +29 -24
  49. pulumi_vault/database/secret_backend_static_role.py +85 -15
  50. pulumi_vault/database/secrets_mount.py +425 -138
  51. pulumi_vault/egp_policy.py +16 -15
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +248 -35
  54. pulumi_vault/gcp/auth_backend_role.py +75 -271
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -9
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -16
  58. pulumi_vault/gcp/secret_impersonated_account.py +74 -17
  59. pulumi_vault/gcp/secret_roleset.py +29 -26
  60. pulumi_vault/gcp/secret_static_account.py +37 -34
  61. pulumi_vault/generic/endpoint.py +22 -21
  62. pulumi_vault/generic/get_secret.py +68 -12
  63. pulumi_vault/generic/secret.py +19 -14
  64. pulumi_vault/get_auth_backend.py +24 -11
  65. pulumi_vault/get_auth_backends.py +33 -11
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -15
  69. pulumi_vault/get_policy_document.py +34 -23
  70. pulumi_vault/get_raft_autopilot_state.py +29 -14
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +17 -16
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +14 -13
  75. pulumi_vault/github/user.py +14 -13
  76. pulumi_vault/identity/entity.py +18 -15
  77. pulumi_vault/identity/entity_alias.py +18 -15
  78. pulumi_vault/identity/entity_policies.py +24 -19
  79. pulumi_vault/identity/get_entity.py +40 -14
  80. pulumi_vault/identity/get_group.py +45 -13
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -11
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -13
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -14
  84. pulumi_vault/identity/group.py +50 -49
  85. pulumi_vault/identity/group_alias.py +14 -11
  86. pulumi_vault/identity/group_member_entity_ids.py +24 -74
  87. pulumi_vault/identity/group_member_group_ids.py +36 -27
  88. pulumi_vault/identity/group_policies.py +16 -15
  89. pulumi_vault/identity/mfa_duo.py +9 -8
  90. pulumi_vault/identity/mfa_login_enforcement.py +13 -8
  91. pulumi_vault/identity/mfa_okta.py +9 -8
  92. pulumi_vault/identity/mfa_pingid.py +5 -4
  93. pulumi_vault/identity/mfa_totp.py +5 -4
  94. pulumi_vault/identity/oidc.py +12 -11
  95. pulumi_vault/identity/oidc_assignment.py +22 -13
  96. pulumi_vault/identity/oidc_client.py +34 -25
  97. pulumi_vault/identity/oidc_key.py +28 -19
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
  99. pulumi_vault/identity/oidc_provider.py +34 -23
  100. pulumi_vault/identity/oidc_role.py +40 -27
  101. pulumi_vault/identity/oidc_scope.py +18 -15
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +39 -46
  105. pulumi_vault/jwt/auth_backend_role.py +131 -260
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +22 -21
  108. pulumi_vault/kmip/secret_role.py +12 -11
  109. pulumi_vault/kmip/secret_scope.py +12 -11
  110. pulumi_vault/kubernetes/auth_backend_config.py +55 -7
  111. pulumi_vault/kubernetes/auth_backend_role.py +68 -179
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -15
  115. pulumi_vault/kubernetes/secret_backend.py +314 -29
  116. pulumi_vault/kubernetes/secret_backend_role.py +135 -56
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +23 -12
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
  120. pulumi_vault/kv/get_secret_v2.py +89 -9
  121. pulumi_vault/kv/get_secrets_list.py +22 -15
  122. pulumi_vault/kv/get_secrets_list_v2.py +35 -19
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +19 -18
  125. pulumi_vault/kv/secret_backend_v2.py +12 -11
  126. pulumi_vault/kv/secret_v2.py +55 -52
  127. pulumi_vault/ldap/auth_backend.py +125 -168
  128. pulumi_vault/ldap/auth_backend_group.py +12 -11
  129. pulumi_vault/ldap/auth_backend_user.py +12 -11
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +352 -84
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +14 -11
  135. pulumi_vault/ldap/secret_backend_static_role.py +67 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +27 -43
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +16 -13
  140. pulumi_vault/mfa_okta.py +16 -13
  141. pulumi_vault/mfa_pingid.py +16 -13
  142. pulumi_vault/mfa_totp.py +22 -19
  143. pulumi_vault/mongodbatlas/secret_backend.py +18 -17
  144. pulumi_vault/mongodbatlas/secret_role.py +41 -38
  145. pulumi_vault/mount.py +389 -65
  146. pulumi_vault/namespace.py +26 -21
  147. pulumi_vault/nomad_secret_backend.py +16 -15
  148. pulumi_vault/nomad_secret_role.py +12 -11
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +483 -41
  151. pulumi_vault/okta/auth_backend_group.py +12 -11
  152. pulumi_vault/okta/auth_backend_user.py +12 -11
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +18 -15
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -13
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -12
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
  174. pulumi_vault/pkisecret/secret_backend_key.py +12 -7
  175. pulumi_vault/pkisecret/secret_backend_role.py +19 -16
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +12 -7
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +58 -8
  185. pulumi_vault/quota_rate_limit.py +54 -4
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +16 -15
  189. pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
  190. pulumi_vault/raft_autopilot.py +12 -11
  191. pulumi_vault/raft_snapshot_agent_config.py +121 -311
  192. pulumi_vault/rgp_policy.py +14 -13
  193. pulumi_vault/saml/auth_backend.py +20 -19
  194. pulumi_vault/saml/auth_backend_role.py +90 -199
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -75
  199. pulumi_vault/secrets/sync_aws_destination.py +240 -29
  200. pulumi_vault/secrets/sync_azure_destination.py +90 -33
  201. pulumi_vault/secrets/sync_config.py +7 -6
  202. pulumi_vault/secrets/sync_gcp_destination.py +156 -27
  203. pulumi_vault/secrets/sync_gh_destination.py +187 -15
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +72 -15
  206. pulumi_vault/ssh/_inputs.py +28 -32
  207. pulumi_vault/ssh/outputs.py +11 -32
  208. pulumi_vault/ssh/secret_backend_ca.py +106 -11
  209. pulumi_vault/ssh/secret_backend_role.py +83 -120
  210. pulumi_vault/terraformcloud/secret_backend.py +5 -56
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -24
  212. pulumi_vault/terraformcloud/secret_role.py +14 -76
  213. pulumi_vault/token.py +26 -25
  214. pulumi_vault/tokenauth/auth_backend_role.py +76 -201
  215. pulumi_vault/transform/alphabet.py +16 -13
  216. pulumi_vault/transform/get_decode.py +45 -21
  217. pulumi_vault/transform/get_encode.py +45 -21
  218. pulumi_vault/transform/role.py +16 -13
  219. pulumi_vault/transform/template.py +30 -25
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -25
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +25 -97
  224. pulumi_vault/transit/secret_cache_config.py +12 -11
  225. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
pulumi_vault/mount.py CHANGED
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from . import _utilities
11
16
 
12
17
  __all__ = ['MountArgs', 'Mount']
@@ -17,49 +22,76 @@ class MountArgs:
17
22
  path: pulumi.Input[str],
18
23
  type: pulumi.Input[str],
19
24
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
25
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
20
26
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
21
27
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
22
28
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
29
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
23
30
  description: Optional[pulumi.Input[str]] = None,
24
31
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
32
+ identity_token_key: Optional[pulumi.Input[str]] = None,
33
+ listing_visibility: Optional[pulumi.Input[str]] = None,
25
34
  local: Optional[pulumi.Input[bool]] = None,
26
35
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
27
36
  namespace: Optional[pulumi.Input[str]] = None,
28
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
37
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
38
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
39
+ plugin_version: Optional[pulumi.Input[str]] = None,
29
40
  seal_wrap: Optional[pulumi.Input[bool]] = None):
30
41
  """
31
42
  The set of arguments for constructing a Mount resource.
32
43
  :param pulumi.Input[str] path: Where the secret backend will be mounted
33
44
  :param pulumi.Input[str] type: Type of the backend, such as "aws"
34
45
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
46
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
47
+ them in the response.
35
48
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
36
49
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
37
50
  :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
51
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
52
+ backend can request delegated authentication for.
38
53
  :param pulumi.Input[str] description: Human-friendly description of the mount
39
54
  :param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
55
+ :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
56
+ not provided, this will default to Vault's OIDC default key.
57
+ :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
58
+ listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
40
59
  :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
41
60
  :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
42
61
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
43
62
  The value should not contain leading or trailing forward slashes.
44
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
63
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
45
64
  *Available only for Vault Enterprise*.
46
- :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
65
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
66
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
67
+ the plugin.
68
+ :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
69
+ If unspecified, the server will select any matching unversioned plugin that may have been
70
+ registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
47
71
  :param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
48
72
  """
49
73
  pulumi.set(__self__, "path", path)
50
74
  pulumi.set(__self__, "type", type)
51
75
  if allowed_managed_keys is not None:
52
76
  pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
77
+ if allowed_response_headers is not None:
78
+ pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
53
79
  if audit_non_hmac_request_keys is not None:
54
80
  pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
55
81
  if audit_non_hmac_response_keys is not None:
56
82
  pulumi.set(__self__, "audit_non_hmac_response_keys", audit_non_hmac_response_keys)
57
83
  if default_lease_ttl_seconds is not None:
58
84
  pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
85
+ if delegated_auth_accessors is not None:
86
+ pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
59
87
  if description is not None:
60
88
  pulumi.set(__self__, "description", description)
61
89
  if external_entropy_access is not None:
62
90
  pulumi.set(__self__, "external_entropy_access", external_entropy_access)
91
+ if identity_token_key is not None:
92
+ pulumi.set(__self__, "identity_token_key", identity_token_key)
93
+ if listing_visibility is not None:
94
+ pulumi.set(__self__, "listing_visibility", listing_visibility)
63
95
  if local is not None:
64
96
  pulumi.set(__self__, "local", local)
65
97
  if max_lease_ttl_seconds is not None:
@@ -68,6 +100,10 @@ class MountArgs:
68
100
  pulumi.set(__self__, "namespace", namespace)
69
101
  if options is not None:
70
102
  pulumi.set(__self__, "options", options)
103
+ if passthrough_request_headers is not None:
104
+ pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
105
+ if plugin_version is not None:
106
+ pulumi.set(__self__, "plugin_version", plugin_version)
71
107
  if seal_wrap is not None:
72
108
  pulumi.set(__self__, "seal_wrap", seal_wrap)
73
109
 
@@ -107,6 +143,19 @@ class MountArgs:
107
143
  def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
108
144
  pulumi.set(self, "allowed_managed_keys", value)
109
145
 
146
+ @property
147
+ @pulumi.getter(name="allowedResponseHeaders")
148
+ def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
149
+ """
150
+ List of headers to allow, allowing a plugin to include
151
+ them in the response.
152
+ """
153
+ return pulumi.get(self, "allowed_response_headers")
154
+
155
+ @allowed_response_headers.setter
156
+ def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
157
+ pulumi.set(self, "allowed_response_headers", value)
158
+
110
159
  @property
111
160
  @pulumi.getter(name="auditNonHmacRequestKeys")
112
161
  def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -143,6 +192,19 @@ class MountArgs:
143
192
  def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
144
193
  pulumi.set(self, "default_lease_ttl_seconds", value)
145
194
 
195
+ @property
196
+ @pulumi.getter(name="delegatedAuthAccessors")
197
+ def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
198
+ """
199
+ List of allowed authentication mount accessors the
200
+ backend can request delegated authentication for.
201
+ """
202
+ return pulumi.get(self, "delegated_auth_accessors")
203
+
204
+ @delegated_auth_accessors.setter
205
+ def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
206
+ pulumi.set(self, "delegated_auth_accessors", value)
207
+
146
208
  @property
147
209
  @pulumi.getter
148
210
  def description(self) -> Optional[pulumi.Input[str]]:
@@ -167,6 +229,32 @@ class MountArgs:
167
229
  def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
168
230
  pulumi.set(self, "external_entropy_access", value)
169
231
 
232
+ @property
233
+ @pulumi.getter(name="identityTokenKey")
234
+ def identity_token_key(self) -> Optional[pulumi.Input[str]]:
235
+ """
236
+ The key to use for signing plugin workload identity tokens. If
237
+ not provided, this will default to Vault's OIDC default key.
238
+ """
239
+ return pulumi.get(self, "identity_token_key")
240
+
241
+ @identity_token_key.setter
242
+ def identity_token_key(self, value: Optional[pulumi.Input[str]]):
243
+ pulumi.set(self, "identity_token_key", value)
244
+
245
+ @property
246
+ @pulumi.getter(name="listingVisibility")
247
+ def listing_visibility(self) -> Optional[pulumi.Input[str]]:
248
+ """
249
+ Specifies whether to show this mount in the UI-specific
250
+ listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
251
+ """
252
+ return pulumi.get(self, "listing_visibility")
253
+
254
+ @listing_visibility.setter
255
+ def listing_visibility(self, value: Optional[pulumi.Input[str]]):
256
+ pulumi.set(self, "listing_visibility", value)
257
+
170
258
  @property
171
259
  @pulumi.getter
172
260
  def local(self) -> Optional[pulumi.Input[bool]]:
@@ -197,7 +285,7 @@ class MountArgs:
197
285
  """
198
286
  The namespace to provision the resource in.
199
287
  The value should not contain leading or trailing forward slashes.
200
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
288
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
201
289
  *Available only for Vault Enterprise*.
202
290
  """
203
291
  return pulumi.get(self, "namespace")
@@ -208,16 +296,43 @@ class MountArgs:
208
296
 
209
297
  @property
210
298
  @pulumi.getter
211
- def options(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
299
+ def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
212
300
  """
213
301
  Specifies mount type specific options that are passed to the backend
214
302
  """
215
303
  return pulumi.get(self, "options")
216
304
 
217
305
  @options.setter
218
- def options(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
306
+ def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
219
307
  pulumi.set(self, "options", value)
220
308
 
309
+ @property
310
+ @pulumi.getter(name="passthroughRequestHeaders")
311
+ def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
312
+ """
313
+ List of headers to allow and pass from the request to
314
+ the plugin.
315
+ """
316
+ return pulumi.get(self, "passthrough_request_headers")
317
+
318
+ @passthrough_request_headers.setter
319
+ def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
320
+ pulumi.set(self, "passthrough_request_headers", value)
321
+
322
+ @property
323
+ @pulumi.getter(name="pluginVersion")
324
+ def plugin_version(self) -> Optional[pulumi.Input[str]]:
325
+ """
326
+ Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
327
+ If unspecified, the server will select any matching unversioned plugin that may have been
328
+ registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
329
+ """
330
+ return pulumi.get(self, "plugin_version")
331
+
332
+ @plugin_version.setter
333
+ def plugin_version(self, value: Optional[pulumi.Input[str]]):
334
+ pulumi.set(self, "plugin_version", value)
335
+
221
336
  @property
222
337
  @pulumi.getter(name="sealWrap")
223
338
  def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
@@ -236,35 +351,54 @@ class _MountState:
236
351
  def __init__(__self__, *,
237
352
  accessor: Optional[pulumi.Input[str]] = None,
238
353
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
354
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
239
355
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
240
356
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
241
357
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
358
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
242
359
  description: Optional[pulumi.Input[str]] = None,
243
360
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
361
+ identity_token_key: Optional[pulumi.Input[str]] = None,
362
+ listing_visibility: Optional[pulumi.Input[str]] = None,
244
363
  local: Optional[pulumi.Input[bool]] = None,
245
364
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
246
365
  namespace: Optional[pulumi.Input[str]] = None,
247
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
366
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
367
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
248
368
  path: Optional[pulumi.Input[str]] = None,
369
+ plugin_version: Optional[pulumi.Input[str]] = None,
249
370
  seal_wrap: Optional[pulumi.Input[bool]] = None,
250
371
  type: Optional[pulumi.Input[str]] = None):
251
372
  """
252
373
  Input properties used for looking up and filtering Mount resources.
253
374
  :param pulumi.Input[str] accessor: The accessor for this mount.
254
375
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
376
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
377
+ them in the response.
255
378
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
256
379
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
257
380
  :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
381
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
382
+ backend can request delegated authentication for.
258
383
  :param pulumi.Input[str] description: Human-friendly description of the mount
259
384
  :param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
385
+ :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
386
+ not provided, this will default to Vault's OIDC default key.
387
+ :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
388
+ listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
260
389
  :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
261
390
  :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
262
391
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
263
392
  The value should not contain leading or trailing forward slashes.
264
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
393
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
265
394
  *Available only for Vault Enterprise*.
266
- :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
395
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
396
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
397
+ the plugin.
267
398
  :param pulumi.Input[str] path: Where the secret backend will be mounted
399
+ :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
400
+ If unspecified, the server will select any matching unversioned plugin that may have been
401
+ registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
268
402
  :param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
269
403
  :param pulumi.Input[str] type: Type of the backend, such as "aws"
270
404
  """
@@ -272,16 +406,24 @@ class _MountState:
272
406
  pulumi.set(__self__, "accessor", accessor)
273
407
  if allowed_managed_keys is not None:
274
408
  pulumi.set(__self__, "allowed_managed_keys", allowed_managed_keys)
409
+ if allowed_response_headers is not None:
410
+ pulumi.set(__self__, "allowed_response_headers", allowed_response_headers)
275
411
  if audit_non_hmac_request_keys is not None:
276
412
  pulumi.set(__self__, "audit_non_hmac_request_keys", audit_non_hmac_request_keys)
277
413
  if audit_non_hmac_response_keys is not None:
278
414
  pulumi.set(__self__, "audit_non_hmac_response_keys", audit_non_hmac_response_keys)
279
415
  if default_lease_ttl_seconds is not None:
280
416
  pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
417
+ if delegated_auth_accessors is not None:
418
+ pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
281
419
  if description is not None:
282
420
  pulumi.set(__self__, "description", description)
283
421
  if external_entropy_access is not None:
284
422
  pulumi.set(__self__, "external_entropy_access", external_entropy_access)
423
+ if identity_token_key is not None:
424
+ pulumi.set(__self__, "identity_token_key", identity_token_key)
425
+ if listing_visibility is not None:
426
+ pulumi.set(__self__, "listing_visibility", listing_visibility)
285
427
  if local is not None:
286
428
  pulumi.set(__self__, "local", local)
287
429
  if max_lease_ttl_seconds is not None:
@@ -290,8 +432,12 @@ class _MountState:
290
432
  pulumi.set(__self__, "namespace", namespace)
291
433
  if options is not None:
292
434
  pulumi.set(__self__, "options", options)
435
+ if passthrough_request_headers is not None:
436
+ pulumi.set(__self__, "passthrough_request_headers", passthrough_request_headers)
293
437
  if path is not None:
294
438
  pulumi.set(__self__, "path", path)
439
+ if plugin_version is not None:
440
+ pulumi.set(__self__, "plugin_version", plugin_version)
295
441
  if seal_wrap is not None:
296
442
  pulumi.set(__self__, "seal_wrap", seal_wrap)
297
443
  if type is not None:
@@ -321,6 +467,19 @@ class _MountState:
321
467
  def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
322
468
  pulumi.set(self, "allowed_managed_keys", value)
323
469
 
470
+ @property
471
+ @pulumi.getter(name="allowedResponseHeaders")
472
+ def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
473
+ """
474
+ List of headers to allow, allowing a plugin to include
475
+ them in the response.
476
+ """
477
+ return pulumi.get(self, "allowed_response_headers")
478
+
479
+ @allowed_response_headers.setter
480
+ def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
481
+ pulumi.set(self, "allowed_response_headers", value)
482
+
324
483
  @property
325
484
  @pulumi.getter(name="auditNonHmacRequestKeys")
326
485
  def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -357,6 +516,19 @@ class _MountState:
357
516
  def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
358
517
  pulumi.set(self, "default_lease_ttl_seconds", value)
359
518
 
519
+ @property
520
+ @pulumi.getter(name="delegatedAuthAccessors")
521
+ def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
522
+ """
523
+ List of allowed authentication mount accessors the
524
+ backend can request delegated authentication for.
525
+ """
526
+ return pulumi.get(self, "delegated_auth_accessors")
527
+
528
+ @delegated_auth_accessors.setter
529
+ def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
530
+ pulumi.set(self, "delegated_auth_accessors", value)
531
+
360
532
  @property
361
533
  @pulumi.getter
362
534
  def description(self) -> Optional[pulumi.Input[str]]:
@@ -381,6 +553,32 @@ class _MountState:
381
553
  def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
382
554
  pulumi.set(self, "external_entropy_access", value)
383
555
 
556
+ @property
557
+ @pulumi.getter(name="identityTokenKey")
558
+ def identity_token_key(self) -> Optional[pulumi.Input[str]]:
559
+ """
560
+ The key to use for signing plugin workload identity tokens. If
561
+ not provided, this will default to Vault's OIDC default key.
562
+ """
563
+ return pulumi.get(self, "identity_token_key")
564
+
565
+ @identity_token_key.setter
566
+ def identity_token_key(self, value: Optional[pulumi.Input[str]]):
567
+ pulumi.set(self, "identity_token_key", value)
568
+
569
+ @property
570
+ @pulumi.getter(name="listingVisibility")
571
+ def listing_visibility(self) -> Optional[pulumi.Input[str]]:
572
+ """
573
+ Specifies whether to show this mount in the UI-specific
574
+ listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
575
+ """
576
+ return pulumi.get(self, "listing_visibility")
577
+
578
+ @listing_visibility.setter
579
+ def listing_visibility(self, value: Optional[pulumi.Input[str]]):
580
+ pulumi.set(self, "listing_visibility", value)
581
+
384
582
  @property
385
583
  @pulumi.getter
386
584
  def local(self) -> Optional[pulumi.Input[bool]]:
@@ -411,7 +609,7 @@ class _MountState:
411
609
  """
412
610
  The namespace to provision the resource in.
413
611
  The value should not contain leading or trailing forward slashes.
414
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
612
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
415
613
  *Available only for Vault Enterprise*.
416
614
  """
417
615
  return pulumi.get(self, "namespace")
@@ -422,16 +620,29 @@ class _MountState:
422
620
 
423
621
  @property
424
622
  @pulumi.getter
425
- def options(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
623
+ def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
426
624
  """
427
625
  Specifies mount type specific options that are passed to the backend
428
626
  """
429
627
  return pulumi.get(self, "options")
430
628
 
431
629
  @options.setter
432
- def options(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
630
+ def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
433
631
  pulumi.set(self, "options", value)
434
632
 
633
+ @property
634
+ @pulumi.getter(name="passthroughRequestHeaders")
635
+ def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
636
+ """
637
+ List of headers to allow and pass from the request to
638
+ the plugin.
639
+ """
640
+ return pulumi.get(self, "passthrough_request_headers")
641
+
642
+ @passthrough_request_headers.setter
643
+ def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
644
+ pulumi.set(self, "passthrough_request_headers", value)
645
+
435
646
  @property
436
647
  @pulumi.getter
437
648
  def path(self) -> Optional[pulumi.Input[str]]:
@@ -444,6 +655,20 @@ class _MountState:
444
655
  def path(self, value: Optional[pulumi.Input[str]]):
445
656
  pulumi.set(self, "path", value)
446
657
 
658
+ @property
659
+ @pulumi.getter(name="pluginVersion")
660
+ def plugin_version(self) -> Optional[pulumi.Input[str]]:
661
+ """
662
+ Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
663
+ If unspecified, the server will select any matching unversioned plugin that may have been
664
+ registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
665
+ """
666
+ return pulumi.get(self, "plugin_version")
667
+
668
+ @plugin_version.setter
669
+ def plugin_version(self, value: Optional[pulumi.Input[str]]):
670
+ pulumi.set(self, "plugin_version", value)
671
+
447
672
  @property
448
673
  @pulumi.getter(name="sealWrap")
449
674
  def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
@@ -475,78 +700,78 @@ class Mount(pulumi.CustomResource):
475
700
  resource_name: str,
476
701
  opts: Optional[pulumi.ResourceOptions] = None,
477
702
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
703
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
478
704
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
479
705
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
480
706
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
707
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
481
708
  description: Optional[pulumi.Input[str]] = None,
482
709
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
710
+ identity_token_key: Optional[pulumi.Input[str]] = None,
711
+ listing_visibility: Optional[pulumi.Input[str]] = None,
483
712
  local: Optional[pulumi.Input[bool]] = None,
484
713
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
485
714
  namespace: Optional[pulumi.Input[str]] = None,
486
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
715
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
716
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
487
717
  path: Optional[pulumi.Input[str]] = None,
718
+ plugin_version: Optional[pulumi.Input[str]] = None,
488
719
  seal_wrap: Optional[pulumi.Input[bool]] = None,
489
720
  type: Optional[pulumi.Input[str]] = None,
490
721
  __props__=None):
491
722
  """
723
+ This resource enables a new secrets engine at the given path.
724
+
492
725
  ## Example Usage
493
726
 
494
- <!--Start PulumiCodeChooser -->
495
727
  ```python
496
728
  import pulumi
497
729
  import pulumi_vault as vault
498
730
 
499
731
  example = vault.Mount("example",
500
- description="This is an example mount",
501
732
  path="dummy",
502
- type="generic")
733
+ type="generic",
734
+ description="This is an example mount")
503
735
  ```
504
- <!--End PulumiCodeChooser -->
505
736
 
506
- <!--Start PulumiCodeChooser -->
507
737
  ```python
508
738
  import pulumi
509
739
  import pulumi_vault as vault
510
740
 
511
741
  kvv2_example = vault.Mount("kvv2-example",
512
- description="This is an example KV Version 2 secret engine mount",
742
+ path="version2-example",
743
+ type="kv-v2",
513
744
  options={
514
- "type": "kv-v2",
515
745
  "version": "2",
746
+ "type": "kv-v2",
516
747
  },
517
- path="version2-example",
518
- type="kv-v2")
748
+ description="This is an example KV Version 2 secret engine mount")
519
749
  ```
520
- <!--End PulumiCodeChooser -->
521
750
 
522
- <!--Start PulumiCodeChooser -->
523
751
  ```python
524
752
  import pulumi
525
753
  import pulumi_vault as vault
526
754
 
527
755
  transit_example = vault.Mount("transit-example",
756
+ path="transit-example",
757
+ type="transit",
528
758
  description="This is an example transit secret engine mount",
529
759
  options={
530
- "convergent_encryption": False,
531
- },
532
- path="transit-example",
533
- type="transit")
760
+ "convergent_encryption": "false",
761
+ })
534
762
  ```
535
- <!--End PulumiCodeChooser -->
536
763
 
537
- <!--Start PulumiCodeChooser -->
538
764
  ```python
539
765
  import pulumi
540
766
  import pulumi_vault as vault
541
767
 
542
768
  pki_example = vault.Mount("pki-example",
543
- default_lease_ttl_seconds=3600,
544
- description="This is an example PKI mount",
545
- max_lease_ttl_seconds=86400,
546
769
  path="pki-example",
547
- type="pki")
770
+ type="pki",
771
+ description="This is an example PKI mount",
772
+ default_lease_ttl_seconds=3600,
773
+ max_lease_ttl_seconds=86400)
548
774
  ```
549
- <!--End PulumiCodeChooser -->
550
775
 
551
776
  ## Import
552
777
 
@@ -559,19 +784,32 @@ class Mount(pulumi.CustomResource):
559
784
  :param str resource_name: The name of the resource.
560
785
  :param pulumi.ResourceOptions opts: Options for the resource.
561
786
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
787
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
788
+ them in the response.
562
789
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
563
790
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
564
791
  :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
792
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
793
+ backend can request delegated authentication for.
565
794
  :param pulumi.Input[str] description: Human-friendly description of the mount
566
795
  :param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
796
+ :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
797
+ not provided, this will default to Vault's OIDC default key.
798
+ :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
799
+ listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
567
800
  :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
568
801
  :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
569
802
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
570
803
  The value should not contain leading or trailing forward slashes.
571
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
804
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
572
805
  *Available only for Vault Enterprise*.
573
- :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
806
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
807
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
808
+ the plugin.
574
809
  :param pulumi.Input[str] path: Where the secret backend will be mounted
810
+ :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
811
+ If unspecified, the server will select any matching unversioned plugin that may have been
812
+ registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
575
813
  :param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
576
814
  :param pulumi.Input[str] type: Type of the backend, such as "aws"
577
815
  """
@@ -582,64 +820,58 @@ class Mount(pulumi.CustomResource):
582
820
  args: MountArgs,
583
821
  opts: Optional[pulumi.ResourceOptions] = None):
584
822
  """
823
+ This resource enables a new secrets engine at the given path.
824
+
585
825
  ## Example Usage
586
826
 
587
- <!--Start PulumiCodeChooser -->
588
827
  ```python
589
828
  import pulumi
590
829
  import pulumi_vault as vault
591
830
 
592
831
  example = vault.Mount("example",
593
- description="This is an example mount",
594
832
  path="dummy",
595
- type="generic")
833
+ type="generic",
834
+ description="This is an example mount")
596
835
  ```
597
- <!--End PulumiCodeChooser -->
598
836
 
599
- <!--Start PulumiCodeChooser -->
600
837
  ```python
601
838
  import pulumi
602
839
  import pulumi_vault as vault
603
840
 
604
841
  kvv2_example = vault.Mount("kvv2-example",
605
- description="This is an example KV Version 2 secret engine mount",
842
+ path="version2-example",
843
+ type="kv-v2",
606
844
  options={
607
- "type": "kv-v2",
608
845
  "version": "2",
846
+ "type": "kv-v2",
609
847
  },
610
- path="version2-example",
611
- type="kv-v2")
848
+ description="This is an example KV Version 2 secret engine mount")
612
849
  ```
613
- <!--End PulumiCodeChooser -->
614
850
 
615
- <!--Start PulumiCodeChooser -->
616
851
  ```python
617
852
  import pulumi
618
853
  import pulumi_vault as vault
619
854
 
620
855
  transit_example = vault.Mount("transit-example",
856
+ path="transit-example",
857
+ type="transit",
621
858
  description="This is an example transit secret engine mount",
622
859
  options={
623
- "convergent_encryption": False,
624
- },
625
- path="transit-example",
626
- type="transit")
860
+ "convergent_encryption": "false",
861
+ })
627
862
  ```
628
- <!--End PulumiCodeChooser -->
629
863
 
630
- <!--Start PulumiCodeChooser -->
631
864
  ```python
632
865
  import pulumi
633
866
  import pulumi_vault as vault
634
867
 
635
868
  pki_example = vault.Mount("pki-example",
636
- default_lease_ttl_seconds=3600,
637
- description="This is an example PKI mount",
638
- max_lease_ttl_seconds=86400,
639
869
  path="pki-example",
640
- type="pki")
870
+ type="pki",
871
+ description="This is an example PKI mount",
872
+ default_lease_ttl_seconds=3600,
873
+ max_lease_ttl_seconds=86400)
641
874
  ```
642
- <!--End PulumiCodeChooser -->
643
875
 
644
876
  ## Import
645
877
 
@@ -665,16 +897,22 @@ class Mount(pulumi.CustomResource):
665
897
  resource_name: str,
666
898
  opts: Optional[pulumi.ResourceOptions] = None,
667
899
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
900
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
668
901
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
669
902
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
670
903
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
904
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
671
905
  description: Optional[pulumi.Input[str]] = None,
672
906
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
907
+ identity_token_key: Optional[pulumi.Input[str]] = None,
908
+ listing_visibility: Optional[pulumi.Input[str]] = None,
673
909
  local: Optional[pulumi.Input[bool]] = None,
674
910
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
675
911
  namespace: Optional[pulumi.Input[str]] = None,
676
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
912
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
913
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
677
914
  path: Optional[pulumi.Input[str]] = None,
915
+ plugin_version: Optional[pulumi.Input[str]] = None,
678
916
  seal_wrap: Optional[pulumi.Input[bool]] = None,
679
917
  type: Optional[pulumi.Input[str]] = None,
680
918
  __props__=None):
@@ -687,18 +925,24 @@ class Mount(pulumi.CustomResource):
687
925
  __props__ = MountArgs.__new__(MountArgs)
688
926
 
689
927
  __props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
928
+ __props__.__dict__["allowed_response_headers"] = allowed_response_headers
690
929
  __props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
691
930
  __props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
692
931
  __props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
932
+ __props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
693
933
  __props__.__dict__["description"] = description
694
934
  __props__.__dict__["external_entropy_access"] = external_entropy_access
935
+ __props__.__dict__["identity_token_key"] = identity_token_key
936
+ __props__.__dict__["listing_visibility"] = listing_visibility
695
937
  __props__.__dict__["local"] = local
696
938
  __props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
697
939
  __props__.__dict__["namespace"] = namespace
698
940
  __props__.__dict__["options"] = options
941
+ __props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
699
942
  if path is None and not opts.urn:
700
943
  raise TypeError("Missing required property 'path'")
701
944
  __props__.__dict__["path"] = path
945
+ __props__.__dict__["plugin_version"] = plugin_version
702
946
  __props__.__dict__["seal_wrap"] = seal_wrap
703
947
  if type is None and not opts.urn:
704
948
  raise TypeError("Missing required property 'type'")
@@ -716,16 +960,22 @@ class Mount(pulumi.CustomResource):
716
960
  opts: Optional[pulumi.ResourceOptions] = None,
717
961
  accessor: Optional[pulumi.Input[str]] = None,
718
962
  allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
963
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
719
964
  audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
720
965
  audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
721
966
  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
967
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
722
968
  description: Optional[pulumi.Input[str]] = None,
723
969
  external_entropy_access: Optional[pulumi.Input[bool]] = None,
970
+ identity_token_key: Optional[pulumi.Input[str]] = None,
971
+ listing_visibility: Optional[pulumi.Input[str]] = None,
724
972
  local: Optional[pulumi.Input[bool]] = None,
725
973
  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
726
974
  namespace: Optional[pulumi.Input[str]] = None,
727
- options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
975
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
976
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
728
977
  path: Optional[pulumi.Input[str]] = None,
978
+ plugin_version: Optional[pulumi.Input[str]] = None,
729
979
  seal_wrap: Optional[pulumi.Input[bool]] = None,
730
980
  type: Optional[pulumi.Input[str]] = None) -> 'Mount':
731
981
  """
@@ -737,19 +987,32 @@ class Mount(pulumi.CustomResource):
737
987
  :param pulumi.ResourceOptions opts: Options for the resource.
738
988
  :param pulumi.Input[str] accessor: The accessor for this mount.
739
989
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: Set of managed key registry entry names that the mount in question is allowed to access
990
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow, allowing a plugin to include
991
+ them in the response.
740
992
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
741
993
  :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
742
994
  :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for tokens and secrets in seconds
995
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of allowed authentication mount accessors the
996
+ backend can request delegated authentication for.
743
997
  :param pulumi.Input[str] description: Human-friendly description of the mount
744
998
  :param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
999
+ :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
1000
+ not provided, this will default to Vault's OIDC default key.
1001
+ :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
1002
+ listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
745
1003
  :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
746
1004
  :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
747
1005
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
748
1006
  The value should not contain leading or trailing forward slashes.
749
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1007
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
750
1008
  *Available only for Vault Enterprise*.
751
- :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
1009
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
1010
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
1011
+ the plugin.
752
1012
  :param pulumi.Input[str] path: Where the secret backend will be mounted
1013
+ :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
1014
+ If unspecified, the server will select any matching unversioned plugin that may have been
1015
+ registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
753
1016
  :param pulumi.Input[bool] seal_wrap: Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
754
1017
  :param pulumi.Input[str] type: Type of the backend, such as "aws"
755
1018
  """
@@ -759,16 +1022,22 @@ class Mount(pulumi.CustomResource):
759
1022
 
760
1023
  __props__.__dict__["accessor"] = accessor
761
1024
  __props__.__dict__["allowed_managed_keys"] = allowed_managed_keys
1025
+ __props__.__dict__["allowed_response_headers"] = allowed_response_headers
762
1026
  __props__.__dict__["audit_non_hmac_request_keys"] = audit_non_hmac_request_keys
763
1027
  __props__.__dict__["audit_non_hmac_response_keys"] = audit_non_hmac_response_keys
764
1028
  __props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
1029
+ __props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
765
1030
  __props__.__dict__["description"] = description
766
1031
  __props__.__dict__["external_entropy_access"] = external_entropy_access
1032
+ __props__.__dict__["identity_token_key"] = identity_token_key
1033
+ __props__.__dict__["listing_visibility"] = listing_visibility
767
1034
  __props__.__dict__["local"] = local
768
1035
  __props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
769
1036
  __props__.__dict__["namespace"] = namespace
770
1037
  __props__.__dict__["options"] = options
1038
+ __props__.__dict__["passthrough_request_headers"] = passthrough_request_headers
771
1039
  __props__.__dict__["path"] = path
1040
+ __props__.__dict__["plugin_version"] = plugin_version
772
1041
  __props__.__dict__["seal_wrap"] = seal_wrap
773
1042
  __props__.__dict__["type"] = type
774
1043
  return Mount(resource_name, opts=opts, __props__=__props__)
@@ -789,6 +1058,15 @@ class Mount(pulumi.CustomResource):
789
1058
  """
790
1059
  return pulumi.get(self, "allowed_managed_keys")
791
1060
 
1061
+ @property
1062
+ @pulumi.getter(name="allowedResponseHeaders")
1063
+ def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
1064
+ """
1065
+ List of headers to allow, allowing a plugin to include
1066
+ them in the response.
1067
+ """
1068
+ return pulumi.get(self, "allowed_response_headers")
1069
+
792
1070
  @property
793
1071
  @pulumi.getter(name="auditNonHmacRequestKeys")
794
1072
  def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[str]]:
@@ -813,6 +1091,15 @@ class Mount(pulumi.CustomResource):
813
1091
  """
814
1092
  return pulumi.get(self, "default_lease_ttl_seconds")
815
1093
 
1094
+ @property
1095
+ @pulumi.getter(name="delegatedAuthAccessors")
1096
+ def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[str]]]:
1097
+ """
1098
+ List of allowed authentication mount accessors the
1099
+ backend can request delegated authentication for.
1100
+ """
1101
+ return pulumi.get(self, "delegated_auth_accessors")
1102
+
816
1103
  @property
817
1104
  @pulumi.getter
818
1105
  def description(self) -> pulumi.Output[Optional[str]]:
@@ -829,6 +1116,24 @@ class Mount(pulumi.CustomResource):
829
1116
  """
830
1117
  return pulumi.get(self, "external_entropy_access")
831
1118
 
1119
+ @property
1120
+ @pulumi.getter(name="identityTokenKey")
1121
+ def identity_token_key(self) -> pulumi.Output[Optional[str]]:
1122
+ """
1123
+ The key to use for signing plugin workload identity tokens. If
1124
+ not provided, this will default to Vault's OIDC default key.
1125
+ """
1126
+ return pulumi.get(self, "identity_token_key")
1127
+
1128
+ @property
1129
+ @pulumi.getter(name="listingVisibility")
1130
+ def listing_visibility(self) -> pulumi.Output[Optional[str]]:
1131
+ """
1132
+ Specifies whether to show this mount in the UI-specific
1133
+ listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
1134
+ """
1135
+ return pulumi.get(self, "listing_visibility")
1136
+
832
1137
  @property
833
1138
  @pulumi.getter
834
1139
  def local(self) -> pulumi.Output[Optional[bool]]:
@@ -851,19 +1156,28 @@ class Mount(pulumi.CustomResource):
851
1156
  """
852
1157
  The namespace to provision the resource in.
853
1158
  The value should not contain leading or trailing forward slashes.
854
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1159
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
855
1160
  *Available only for Vault Enterprise*.
856
1161
  """
857
1162
  return pulumi.get(self, "namespace")
858
1163
 
859
1164
  @property
860
1165
  @pulumi.getter
861
- def options(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
1166
+ def options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
862
1167
  """
863
1168
  Specifies mount type specific options that are passed to the backend
864
1169
  """
865
1170
  return pulumi.get(self, "options")
866
1171
 
1172
+ @property
1173
+ @pulumi.getter(name="passthroughRequestHeaders")
1174
+ def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
1175
+ """
1176
+ List of headers to allow and pass from the request to
1177
+ the plugin.
1178
+ """
1179
+ return pulumi.get(self, "passthrough_request_headers")
1180
+
867
1181
  @property
868
1182
  @pulumi.getter
869
1183
  def path(self) -> pulumi.Output[str]:
@@ -872,6 +1186,16 @@ class Mount(pulumi.CustomResource):
872
1186
  """
873
1187
  return pulumi.get(self, "path")
874
1188
 
1189
+ @property
1190
+ @pulumi.getter(name="pluginVersion")
1191
+ def plugin_version(self) -> pulumi.Output[Optional[str]]:
1192
+ """
1193
+ Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
1194
+ If unspecified, the server will select any matching unversioned plugin that may have been
1195
+ registered, the latest versioned plugin registered, or a built-in plugin in that order of precedence.
1196
+ """
1197
+ return pulumi.get(self, "plugin_version")
1198
+
875
1199
  @property
876
1200
  @pulumi.getter(name="sealWrap")
877
1201
  def seal_wrap(self) -> pulumi.Output[bool]: