pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +22 -7
  5. pulumi_vault/ad/secret_backend.py +14 -144
  6. pulumi_vault/ad/secret_library.py +14 -11
  7. pulumi_vault/ad/secret_role.py +12 -11
  8. pulumi_vault/alicloud/auth_backend_role.py +74 -192
  9. pulumi_vault/approle/auth_backend_login.py +12 -11
  10. pulumi_vault/approle/auth_backend_role.py +75 -193
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
  13. pulumi_vault/audit.py +24 -27
  14. pulumi_vault/audit_request_header.py +11 -6
  15. pulumi_vault/auth_backend.py +64 -12
  16. pulumi_vault/aws/auth_backend_cert.py +12 -7
  17. pulumi_vault/aws/auth_backend_client.py +265 -24
  18. pulumi_vault/aws/auth_backend_config_identity.py +12 -11
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +75 -193
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
  24. pulumi_vault/aws/auth_backend_sts_role.py +12 -11
  25. pulumi_vault/aws/get_access_credentials.py +34 -7
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +75 -7
  28. pulumi_vault/aws/secret_backend_role.py +183 -11
  29. pulumi_vault/aws/secret_backend_static_role.py +14 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +151 -17
  32. pulumi_vault/azure/auth_backend_role.py +75 -193
  33. pulumi_vault/azure/backend.py +223 -29
  34. pulumi_vault/azure/backend_role.py +42 -41
  35. pulumi_vault/azure/get_access_credentials.py +39 -11
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -271
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +22 -25
  44. pulumi_vault/consul/secret_backend_role.py +14 -80
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +117 -114
  48. pulumi_vault/database/secret_backend_role.py +29 -24
  49. pulumi_vault/database/secret_backend_static_role.py +85 -15
  50. pulumi_vault/database/secrets_mount.py +425 -138
  51. pulumi_vault/egp_policy.py +16 -15
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +248 -35
  54. pulumi_vault/gcp/auth_backend_role.py +75 -271
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -9
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -16
  58. pulumi_vault/gcp/secret_impersonated_account.py +74 -17
  59. pulumi_vault/gcp/secret_roleset.py +29 -26
  60. pulumi_vault/gcp/secret_static_account.py +37 -34
  61. pulumi_vault/generic/endpoint.py +22 -21
  62. pulumi_vault/generic/get_secret.py +68 -12
  63. pulumi_vault/generic/secret.py +19 -14
  64. pulumi_vault/get_auth_backend.py +24 -11
  65. pulumi_vault/get_auth_backends.py +33 -11
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -15
  69. pulumi_vault/get_policy_document.py +34 -23
  70. pulumi_vault/get_raft_autopilot_state.py +29 -14
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +17 -16
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +14 -13
  75. pulumi_vault/github/user.py +14 -13
  76. pulumi_vault/identity/entity.py +18 -15
  77. pulumi_vault/identity/entity_alias.py +18 -15
  78. pulumi_vault/identity/entity_policies.py +24 -19
  79. pulumi_vault/identity/get_entity.py +40 -14
  80. pulumi_vault/identity/get_group.py +45 -13
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -11
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -13
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -14
  84. pulumi_vault/identity/group.py +50 -49
  85. pulumi_vault/identity/group_alias.py +14 -11
  86. pulumi_vault/identity/group_member_entity_ids.py +24 -74
  87. pulumi_vault/identity/group_member_group_ids.py +36 -27
  88. pulumi_vault/identity/group_policies.py +16 -15
  89. pulumi_vault/identity/mfa_duo.py +9 -8
  90. pulumi_vault/identity/mfa_login_enforcement.py +13 -8
  91. pulumi_vault/identity/mfa_okta.py +9 -8
  92. pulumi_vault/identity/mfa_pingid.py +5 -4
  93. pulumi_vault/identity/mfa_totp.py +5 -4
  94. pulumi_vault/identity/oidc.py +12 -11
  95. pulumi_vault/identity/oidc_assignment.py +22 -13
  96. pulumi_vault/identity/oidc_client.py +34 -25
  97. pulumi_vault/identity/oidc_key.py +28 -19
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
  99. pulumi_vault/identity/oidc_provider.py +34 -23
  100. pulumi_vault/identity/oidc_role.py +40 -27
  101. pulumi_vault/identity/oidc_scope.py +18 -15
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +39 -46
  105. pulumi_vault/jwt/auth_backend_role.py +131 -260
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +22 -21
  108. pulumi_vault/kmip/secret_role.py +12 -11
  109. pulumi_vault/kmip/secret_scope.py +12 -11
  110. pulumi_vault/kubernetes/auth_backend_config.py +55 -7
  111. pulumi_vault/kubernetes/auth_backend_role.py +68 -179
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -15
  115. pulumi_vault/kubernetes/secret_backend.py +314 -29
  116. pulumi_vault/kubernetes/secret_backend_role.py +135 -56
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +23 -12
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
  120. pulumi_vault/kv/get_secret_v2.py +89 -9
  121. pulumi_vault/kv/get_secrets_list.py +22 -15
  122. pulumi_vault/kv/get_secrets_list_v2.py +35 -19
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +19 -18
  125. pulumi_vault/kv/secret_backend_v2.py +12 -11
  126. pulumi_vault/kv/secret_v2.py +55 -52
  127. pulumi_vault/ldap/auth_backend.py +125 -168
  128. pulumi_vault/ldap/auth_backend_group.py +12 -11
  129. pulumi_vault/ldap/auth_backend_user.py +12 -11
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +352 -84
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +14 -11
  135. pulumi_vault/ldap/secret_backend_static_role.py +67 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +27 -43
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +16 -13
  140. pulumi_vault/mfa_okta.py +16 -13
  141. pulumi_vault/mfa_pingid.py +16 -13
  142. pulumi_vault/mfa_totp.py +22 -19
  143. pulumi_vault/mongodbatlas/secret_backend.py +18 -17
  144. pulumi_vault/mongodbatlas/secret_role.py +41 -38
  145. pulumi_vault/mount.py +389 -65
  146. pulumi_vault/namespace.py +26 -21
  147. pulumi_vault/nomad_secret_backend.py +16 -15
  148. pulumi_vault/nomad_secret_role.py +12 -11
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +483 -41
  151. pulumi_vault/okta/auth_backend_group.py +12 -11
  152. pulumi_vault/okta/auth_backend_user.py +12 -11
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +18 -15
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -13
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -12
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
  174. pulumi_vault/pkisecret/secret_backend_key.py +12 -7
  175. pulumi_vault/pkisecret/secret_backend_role.py +19 -16
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +12 -7
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +58 -8
  185. pulumi_vault/quota_rate_limit.py +54 -4
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +16 -15
  189. pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
  190. pulumi_vault/raft_autopilot.py +12 -11
  191. pulumi_vault/raft_snapshot_agent_config.py +121 -311
  192. pulumi_vault/rgp_policy.py +14 -13
  193. pulumi_vault/saml/auth_backend.py +20 -19
  194. pulumi_vault/saml/auth_backend_role.py +90 -199
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -75
  199. pulumi_vault/secrets/sync_aws_destination.py +240 -29
  200. pulumi_vault/secrets/sync_azure_destination.py +90 -33
  201. pulumi_vault/secrets/sync_config.py +7 -6
  202. pulumi_vault/secrets/sync_gcp_destination.py +156 -27
  203. pulumi_vault/secrets/sync_gh_destination.py +187 -15
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +72 -15
  206. pulumi_vault/ssh/_inputs.py +28 -32
  207. pulumi_vault/ssh/outputs.py +11 -32
  208. pulumi_vault/ssh/secret_backend_ca.py +106 -11
  209. pulumi_vault/ssh/secret_backend_role.py +83 -120
  210. pulumi_vault/terraformcloud/secret_backend.py +5 -56
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -24
  212. pulumi_vault/terraformcloud/secret_role.py +14 -76
  213. pulumi_vault/token.py +26 -25
  214. pulumi_vault/tokenauth/auth_backend_role.py +76 -201
  215. pulumi_vault/transform/alphabet.py +16 -13
  216. pulumi_vault/transform/get_decode.py +45 -21
  217. pulumi_vault/transform/get_encode.py +45 -21
  218. pulumi_vault/transform/role.py +16 -13
  219. pulumi_vault/transform/template.py +30 -25
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -25
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +25 -97
  224. pulumi_vault/transit/secret_cache_config.py +12 -11
  225. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
@@ -15,7 +20,7 @@ __all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
15
20
  class AuthBackendRoleArgs:
16
21
  def __init__(__self__, *,
17
22
  path: pulumi.Input[str],
18
- bound_attributes: Optional[pulumi.Input[Mapping[str, Any]]] = None,
23
+ bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
19
24
  bound_attributes_type: Optional[pulumi.Input[str]] = None,
20
25
  bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
21
26
  bound_subjects_type: Optional[pulumi.Input[str]] = None,
@@ -34,7 +39,7 @@ class AuthBackendRoleArgs:
34
39
  """
35
40
  The set of arguments for constructing a AuthBackendRole resource.
36
41
  :param pulumi.Input[str] path: Path where the auth backend is mounted.
37
- :param pulumi.Input[Mapping[str, Any]] bound_attributes: Mapping of attribute names to values that are expected to
42
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_attributes: Mapping of attribute names to values that are expected to
38
43
  exist in the SAML assertion.
39
44
  :param pulumi.Input[str] bound_attributes_type: The type of matching assertion to perform on
40
45
  `bound_attributes_type`.
@@ -45,33 +50,17 @@ class AuthBackendRoleArgs:
45
50
  :param pulumi.Input[str] name: Unique name of the role.
46
51
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
47
52
  The value should not contain leading or trailing forward slashes.
48
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
53
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
49
54
  *Available only for Vault Enterprise*.
50
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
51
- addresses which can authenticate successfully, and ties the resulting token to these blocks
52
- as well.
53
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
54
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
55
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
56
- `token_max_ttl` would otherwise allow a renewal.
57
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
58
- Its current value will be referenced at renewal time.
59
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
60
- generated tokens; otherwise it will be added to the policies set in token_policies.
55
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
56
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
57
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
58
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
61
59
  :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
62
- :param pulumi.Input[int] token_period: If set, indicates that the
63
- token generated using this role should never expire. The token should be renewed within the
64
- duration specified by this value. At each renewal, the token's TTL will be set to the
65
- value of this field. Specified in seconds.
66
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
67
- on the auth method, this list may be supplemented by user/group/other values.
68
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
69
- Its current value will be referenced at renewal time.
70
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
71
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
72
- `service` tokens). For token store roles, there are two additional possibilities:
73
- `default-service` and `default-batch` which specify the type to return unless the client
74
- requests a different type at generation time.
60
+ :param pulumi.Input[int] token_period: Generated Token's Period
61
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
62
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
63
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
75
64
  """
76
65
  pulumi.set(__self__, "path", path)
77
66
  if bound_attributes is not None:
@@ -121,7 +110,7 @@ class AuthBackendRoleArgs:
121
110
 
122
111
  @property
123
112
  @pulumi.getter(name="boundAttributes")
124
- def bound_attributes(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
113
+ def bound_attributes(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
125
114
  """
126
115
  Mapping of attribute names to values that are expected to
127
116
  exist in the SAML assertion.
@@ -129,7 +118,7 @@ class AuthBackendRoleArgs:
129
118
  return pulumi.get(self, "bound_attributes")
130
119
 
131
120
  @bound_attributes.setter
132
- def bound_attributes(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
121
+ def bound_attributes(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
133
122
  pulumi.set(self, "bound_attributes", value)
134
123
 
135
124
  @property
@@ -200,7 +189,7 @@ class AuthBackendRoleArgs:
200
189
  """
201
190
  The namespace to provision the resource in.
202
191
  The value should not contain leading or trailing forward slashes.
203
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
192
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
204
193
  *Available only for Vault Enterprise*.
205
194
  """
206
195
  return pulumi.get(self, "namespace")
@@ -213,9 +202,7 @@ class AuthBackendRoleArgs:
213
202
  @pulumi.getter(name="tokenBoundCidrs")
214
203
  def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
215
204
  """
216
- List of CIDR blocks; if set, specifies blocks of IP
217
- addresses which can authenticate successfully, and ties the resulting token to these blocks
218
- as well.
205
+ Specifies the blocks of IP addresses which are allowed to use the generated token
219
206
  """
220
207
  return pulumi.get(self, "token_bound_cidrs")
221
208
 
@@ -227,10 +214,7 @@ class AuthBackendRoleArgs:
227
214
  @pulumi.getter(name="tokenExplicitMaxTtl")
228
215
  def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
229
216
  """
230
- If set, will encode an
231
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
232
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
233
- `token_max_ttl` would otherwise allow a renewal.
217
+ Generated Token's Explicit Maximum TTL in seconds
234
218
  """
235
219
  return pulumi.get(self, "token_explicit_max_ttl")
236
220
 
@@ -242,8 +226,7 @@ class AuthBackendRoleArgs:
242
226
  @pulumi.getter(name="tokenMaxTtl")
243
227
  def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
244
228
  """
245
- The maximum lifetime for generated tokens in number of seconds.
246
- Its current value will be referenced at renewal time.
229
+ The maximum lifetime of the generated token
247
230
  """
248
231
  return pulumi.get(self, "token_max_ttl")
249
232
 
@@ -255,8 +238,7 @@ class AuthBackendRoleArgs:
255
238
  @pulumi.getter(name="tokenNoDefaultPolicy")
256
239
  def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
257
240
  """
258
- If set, the default policy will not be set on
259
- generated tokens; otherwise it will be added to the policies set in token_policies.
241
+ If true, the 'default' policy will not automatically be added to generated tokens
260
242
  """
261
243
  return pulumi.get(self, "token_no_default_policy")
262
244
 
@@ -280,10 +262,7 @@ class AuthBackendRoleArgs:
280
262
  @pulumi.getter(name="tokenPeriod")
281
263
  def token_period(self) -> Optional[pulumi.Input[int]]:
282
264
  """
283
- If set, indicates that the
284
- token generated using this role should never expire. The token should be renewed within the
285
- duration specified by this value. At each renewal, the token's TTL will be set to the
286
- value of this field. Specified in seconds.
265
+ Generated Token's Period
287
266
  """
288
267
  return pulumi.get(self, "token_period")
289
268
 
@@ -295,8 +274,7 @@ class AuthBackendRoleArgs:
295
274
  @pulumi.getter(name="tokenPolicies")
296
275
  def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
297
276
  """
298
- List of policies to encode onto generated tokens. Depending
299
- on the auth method, this list may be supplemented by user/group/other values.
277
+ Generated Token's Policies
300
278
  """
301
279
  return pulumi.get(self, "token_policies")
302
280
 
@@ -308,8 +286,7 @@ class AuthBackendRoleArgs:
308
286
  @pulumi.getter(name="tokenTtl")
309
287
  def token_ttl(self) -> Optional[pulumi.Input[int]]:
310
288
  """
311
- The incremental lifetime for generated tokens in number of seconds.
312
- Its current value will be referenced at renewal time.
289
+ The initial ttl of the token to generate in seconds
313
290
  """
314
291
  return pulumi.get(self, "token_ttl")
315
292
 
@@ -321,11 +298,7 @@ class AuthBackendRoleArgs:
321
298
  @pulumi.getter(name="tokenType")
322
299
  def token_type(self) -> Optional[pulumi.Input[str]]:
323
300
  """
324
- The type of token that should be generated. Can be `service`,
325
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
326
- `service` tokens). For token store roles, there are two additional possibilities:
327
- `default-service` and `default-batch` which specify the type to return unless the client
328
- requests a different type at generation time.
301
+ The type of token to generate, service or batch
329
302
  """
330
303
  return pulumi.get(self, "token_type")
331
304
 
@@ -337,7 +310,7 @@ class AuthBackendRoleArgs:
337
310
  @pulumi.input_type
338
311
  class _AuthBackendRoleState:
339
312
  def __init__(__self__, *,
340
- bound_attributes: Optional[pulumi.Input[Mapping[str, Any]]] = None,
313
+ bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
341
314
  bound_attributes_type: Optional[pulumi.Input[str]] = None,
342
315
  bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
343
316
  bound_subjects_type: Optional[pulumi.Input[str]] = None,
@@ -356,7 +329,7 @@ class _AuthBackendRoleState:
356
329
  token_type: Optional[pulumi.Input[str]] = None):
357
330
  """
358
331
  Input properties used for looking up and filtering AuthBackendRole resources.
359
- :param pulumi.Input[Mapping[str, Any]] bound_attributes: Mapping of attribute names to values that are expected to
332
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_attributes: Mapping of attribute names to values that are expected to
360
333
  exist in the SAML assertion.
361
334
  :param pulumi.Input[str] bound_attributes_type: The type of matching assertion to perform on
362
335
  `bound_attributes_type`.
@@ -367,34 +340,18 @@ class _AuthBackendRoleState:
367
340
  :param pulumi.Input[str] name: Unique name of the role.
368
341
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
369
342
  The value should not contain leading or trailing forward slashes.
370
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
343
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
371
344
  *Available only for Vault Enterprise*.
372
345
  :param pulumi.Input[str] path: Path where the auth backend is mounted.
373
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
374
- addresses which can authenticate successfully, and ties the resulting token to these blocks
375
- as well.
376
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
377
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
378
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
379
- `token_max_ttl` would otherwise allow a renewal.
380
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
381
- Its current value will be referenced at renewal time.
382
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
383
- generated tokens; otherwise it will be added to the policies set in token_policies.
346
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
347
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
348
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
349
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
384
350
  :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
385
- :param pulumi.Input[int] token_period: If set, indicates that the
386
- token generated using this role should never expire. The token should be renewed within the
387
- duration specified by this value. At each renewal, the token's TTL will be set to the
388
- value of this field. Specified in seconds.
389
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
390
- on the auth method, this list may be supplemented by user/group/other values.
391
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
392
- Its current value will be referenced at renewal time.
393
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
394
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
395
- `service` tokens). For token store roles, there are two additional possibilities:
396
- `default-service` and `default-batch` which specify the type to return unless the client
397
- requests a different type at generation time.
351
+ :param pulumi.Input[int] token_period: Generated Token's Period
352
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
353
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
354
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
398
355
  """
399
356
  if bound_attributes is not None:
400
357
  pulumi.set(__self__, "bound_attributes", bound_attributes)
@@ -433,7 +390,7 @@ class _AuthBackendRoleState:
433
390
 
434
391
  @property
435
392
  @pulumi.getter(name="boundAttributes")
436
- def bound_attributes(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
393
+ def bound_attributes(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
437
394
  """
438
395
  Mapping of attribute names to values that are expected to
439
396
  exist in the SAML assertion.
@@ -441,7 +398,7 @@ class _AuthBackendRoleState:
441
398
  return pulumi.get(self, "bound_attributes")
442
399
 
443
400
  @bound_attributes.setter
444
- def bound_attributes(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
401
+ def bound_attributes(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
445
402
  pulumi.set(self, "bound_attributes", value)
446
403
 
447
404
  @property
@@ -512,7 +469,7 @@ class _AuthBackendRoleState:
512
469
  """
513
470
  The namespace to provision the resource in.
514
471
  The value should not contain leading or trailing forward slashes.
515
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
472
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
516
473
  *Available only for Vault Enterprise*.
517
474
  """
518
475
  return pulumi.get(self, "namespace")
@@ -537,9 +494,7 @@ class _AuthBackendRoleState:
537
494
  @pulumi.getter(name="tokenBoundCidrs")
538
495
  def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
539
496
  """
540
- List of CIDR blocks; if set, specifies blocks of IP
541
- addresses which can authenticate successfully, and ties the resulting token to these blocks
542
- as well.
497
+ Specifies the blocks of IP addresses which are allowed to use the generated token
543
498
  """
544
499
  return pulumi.get(self, "token_bound_cidrs")
545
500
 
@@ -551,10 +506,7 @@ class _AuthBackendRoleState:
551
506
  @pulumi.getter(name="tokenExplicitMaxTtl")
552
507
  def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
553
508
  """
554
- If set, will encode an
555
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
556
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
557
- `token_max_ttl` would otherwise allow a renewal.
509
+ Generated Token's Explicit Maximum TTL in seconds
558
510
  """
559
511
  return pulumi.get(self, "token_explicit_max_ttl")
560
512
 
@@ -566,8 +518,7 @@ class _AuthBackendRoleState:
566
518
  @pulumi.getter(name="tokenMaxTtl")
567
519
  def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
568
520
  """
569
- The maximum lifetime for generated tokens in number of seconds.
570
- Its current value will be referenced at renewal time.
521
+ The maximum lifetime of the generated token
571
522
  """
572
523
  return pulumi.get(self, "token_max_ttl")
573
524
 
@@ -579,8 +530,7 @@ class _AuthBackendRoleState:
579
530
  @pulumi.getter(name="tokenNoDefaultPolicy")
580
531
  def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
581
532
  """
582
- If set, the default policy will not be set on
583
- generated tokens; otherwise it will be added to the policies set in token_policies.
533
+ If true, the 'default' policy will not automatically be added to generated tokens
584
534
  """
585
535
  return pulumi.get(self, "token_no_default_policy")
586
536
 
@@ -604,10 +554,7 @@ class _AuthBackendRoleState:
604
554
  @pulumi.getter(name="tokenPeriod")
605
555
  def token_period(self) -> Optional[pulumi.Input[int]]:
606
556
  """
607
- If set, indicates that the
608
- token generated using this role should never expire. The token should be renewed within the
609
- duration specified by this value. At each renewal, the token's TTL will be set to the
610
- value of this field. Specified in seconds.
557
+ Generated Token's Period
611
558
  """
612
559
  return pulumi.get(self, "token_period")
613
560
 
@@ -619,8 +566,7 @@ class _AuthBackendRoleState:
619
566
  @pulumi.getter(name="tokenPolicies")
620
567
  def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
621
568
  """
622
- List of policies to encode onto generated tokens. Depending
623
- on the auth method, this list may be supplemented by user/group/other values.
569
+ Generated Token's Policies
624
570
  """
625
571
  return pulumi.get(self, "token_policies")
626
572
 
@@ -632,8 +578,7 @@ class _AuthBackendRoleState:
632
578
  @pulumi.getter(name="tokenTtl")
633
579
  def token_ttl(self) -> Optional[pulumi.Input[int]]:
634
580
  """
635
- The incremental lifetime for generated tokens in number of seconds.
636
- Its current value will be referenced at renewal time.
581
+ The initial ttl of the token to generate in seconds
637
582
  """
638
583
  return pulumi.get(self, "token_ttl")
639
584
 
@@ -645,11 +590,7 @@ class _AuthBackendRoleState:
645
590
  @pulumi.getter(name="tokenType")
646
591
  def token_type(self) -> Optional[pulumi.Input[str]]:
647
592
  """
648
- The type of token that should be generated. Can be `service`,
649
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
650
- `service` tokens). For token store roles, there are two additional possibilities:
651
- `default-service` and `default-batch` which specify the type to return unless the client
652
- requests a different type at generation time.
593
+ The type of token to generate, service or batch
653
594
  """
654
595
  return pulumi.get(self, "token_type")
655
596
 
@@ -663,7 +604,7 @@ class AuthBackendRole(pulumi.CustomResource):
663
604
  def __init__(__self__,
664
605
  resource_name: str,
665
606
  opts: Optional[pulumi.ResourceOptions] = None,
666
- bound_attributes: Optional[pulumi.Input[Mapping[str, Any]]] = None,
607
+ bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
667
608
  bound_attributes_type: Optional[pulumi.Input[str]] = None,
668
609
  bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
669
610
  bound_subjects_type: Optional[pulumi.Input[str]] = None,
@@ -688,19 +629,19 @@ class AuthBackendRole(pulumi.CustomResource):
688
629
 
689
630
  ## Example Usage
690
631
 
691
- <!--Start PulumiCodeChooser -->
692
632
  ```python
693
633
  import pulumi
694
634
  import pulumi_vault as vault
695
635
 
696
- example_auth_backend = vault.saml.AuthBackend("exampleAuthBackend",
636
+ example = vault.saml.AuthBackend("example",
697
637
  path="saml",
698
638
  idp_metadata_url="https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
699
639
  entity_id="https://my.vault/v1/auth/saml",
700
640
  acs_urls=["https://my.vault.primary/v1/auth/saml/callback"],
701
641
  default_role="default-role")
702
- example_auth_backend_role = vault.saml.AuthBackendRole("exampleAuthBackendRole",
703
- path=example_auth_backend.path,
642
+ example_auth_backend_role = vault.saml.AuthBackendRole("example",
643
+ path=example.path,
644
+ name="my-role",
704
645
  groups_attribute="groups",
705
646
  bound_attributes={
706
647
  "group": "admin",
@@ -709,7 +650,6 @@ class AuthBackendRole(pulumi.CustomResource):
709
650
  token_policies=["writer"],
710
651
  token_ttl=86400)
711
652
  ```
712
- <!--End PulumiCodeChooser -->
713
653
 
714
654
  ## Import
715
655
 
@@ -721,7 +661,7 @@ class AuthBackendRole(pulumi.CustomResource):
721
661
 
722
662
  :param str resource_name: The name of the resource.
723
663
  :param pulumi.ResourceOptions opts: Options for the resource.
724
- :param pulumi.Input[Mapping[str, Any]] bound_attributes: Mapping of attribute names to values that are expected to
664
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_attributes: Mapping of attribute names to values that are expected to
725
665
  exist in the SAML assertion.
726
666
  :param pulumi.Input[str] bound_attributes_type: The type of matching assertion to perform on
727
667
  `bound_attributes_type`.
@@ -732,34 +672,18 @@ class AuthBackendRole(pulumi.CustomResource):
732
672
  :param pulumi.Input[str] name: Unique name of the role.
733
673
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
734
674
  The value should not contain leading or trailing forward slashes.
735
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
675
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
736
676
  *Available only for Vault Enterprise*.
737
677
  :param pulumi.Input[str] path: Path where the auth backend is mounted.
738
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
739
- addresses which can authenticate successfully, and ties the resulting token to these blocks
740
- as well.
741
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
742
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
743
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
744
- `token_max_ttl` would otherwise allow a renewal.
745
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
746
- Its current value will be referenced at renewal time.
747
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
748
- generated tokens; otherwise it will be added to the policies set in token_policies.
678
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
679
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
680
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
681
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
749
682
  :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
750
- :param pulumi.Input[int] token_period: If set, indicates that the
751
- token generated using this role should never expire. The token should be renewed within the
752
- duration specified by this value. At each renewal, the token's TTL will be set to the
753
- value of this field. Specified in seconds.
754
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
755
- on the auth method, this list may be supplemented by user/group/other values.
756
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
757
- Its current value will be referenced at renewal time.
758
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
759
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
760
- `service` tokens). For token store roles, there are two additional possibilities:
761
- `default-service` and `default-batch` which specify the type to return unless the client
762
- requests a different type at generation time.
683
+ :param pulumi.Input[int] token_period: Generated Token's Period
684
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
685
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
686
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
763
687
  """
764
688
  ...
765
689
  @overload
@@ -774,19 +698,19 @@ class AuthBackendRole(pulumi.CustomResource):
774
698
 
775
699
  ## Example Usage
776
700
 
777
- <!--Start PulumiCodeChooser -->
778
701
  ```python
779
702
  import pulumi
780
703
  import pulumi_vault as vault
781
704
 
782
- example_auth_backend = vault.saml.AuthBackend("exampleAuthBackend",
705
+ example = vault.saml.AuthBackend("example",
783
706
  path="saml",
784
707
  idp_metadata_url="https://company.okta.com/app/abc123eb9xnIfzlaf697/sso/saml/metadata",
785
708
  entity_id="https://my.vault/v1/auth/saml",
786
709
  acs_urls=["https://my.vault.primary/v1/auth/saml/callback"],
787
710
  default_role="default-role")
788
- example_auth_backend_role = vault.saml.AuthBackendRole("exampleAuthBackendRole",
789
- path=example_auth_backend.path,
711
+ example_auth_backend_role = vault.saml.AuthBackendRole("example",
712
+ path=example.path,
713
+ name="my-role",
790
714
  groups_attribute="groups",
791
715
  bound_attributes={
792
716
  "group": "admin",
@@ -795,7 +719,6 @@ class AuthBackendRole(pulumi.CustomResource):
795
719
  token_policies=["writer"],
796
720
  token_ttl=86400)
797
721
  ```
798
- <!--End PulumiCodeChooser -->
799
722
 
800
723
  ## Import
801
724
 
@@ -820,7 +743,7 @@ class AuthBackendRole(pulumi.CustomResource):
820
743
  def _internal_init(__self__,
821
744
  resource_name: str,
822
745
  opts: Optional[pulumi.ResourceOptions] = None,
823
- bound_attributes: Optional[pulumi.Input[Mapping[str, Any]]] = None,
746
+ bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
824
747
  bound_attributes_type: Optional[pulumi.Input[str]] = None,
825
748
  bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
826
749
  bound_subjects_type: Optional[pulumi.Input[str]] = None,
@@ -875,7 +798,7 @@ class AuthBackendRole(pulumi.CustomResource):
875
798
  def get(resource_name: str,
876
799
  id: pulumi.Input[str],
877
800
  opts: Optional[pulumi.ResourceOptions] = None,
878
- bound_attributes: Optional[pulumi.Input[Mapping[str, Any]]] = None,
801
+ bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
879
802
  bound_attributes_type: Optional[pulumi.Input[str]] = None,
880
803
  bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
881
804
  bound_subjects_type: Optional[pulumi.Input[str]] = None,
@@ -899,7 +822,7 @@ class AuthBackendRole(pulumi.CustomResource):
899
822
  :param str resource_name: The unique name of the resulting resource.
900
823
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
901
824
  :param pulumi.ResourceOptions opts: Options for the resource.
902
- :param pulumi.Input[Mapping[str, Any]] bound_attributes: Mapping of attribute names to values that are expected to
825
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_attributes: Mapping of attribute names to values that are expected to
903
826
  exist in the SAML assertion.
904
827
  :param pulumi.Input[str] bound_attributes_type: The type of matching assertion to perform on
905
828
  `bound_attributes_type`.
@@ -910,34 +833,18 @@ class AuthBackendRole(pulumi.CustomResource):
910
833
  :param pulumi.Input[str] name: Unique name of the role.
911
834
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
912
835
  The value should not contain leading or trailing forward slashes.
913
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
836
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
914
837
  *Available only for Vault Enterprise*.
915
838
  :param pulumi.Input[str] path: Path where the auth backend is mounted.
916
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
917
- addresses which can authenticate successfully, and ties the resulting token to these blocks
918
- as well.
919
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
920
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
921
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
922
- `token_max_ttl` would otherwise allow a renewal.
923
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
924
- Its current value will be referenced at renewal time.
925
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
926
- generated tokens; otherwise it will be added to the policies set in token_policies.
839
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
840
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
841
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
842
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
927
843
  :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
928
- :param pulumi.Input[int] token_period: If set, indicates that the
929
- token generated using this role should never expire. The token should be renewed within the
930
- duration specified by this value. At each renewal, the token's TTL will be set to the
931
- value of this field. Specified in seconds.
932
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
933
- on the auth method, this list may be supplemented by user/group/other values.
934
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
935
- Its current value will be referenced at renewal time.
936
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
937
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
938
- `service` tokens). For token store roles, there are two additional possibilities:
939
- `default-service` and `default-batch` which specify the type to return unless the client
940
- requests a different type at generation time.
844
+ :param pulumi.Input[int] token_period: Generated Token's Period
845
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
846
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
847
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
941
848
  """
942
849
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
943
850
 
@@ -964,7 +871,7 @@ class AuthBackendRole(pulumi.CustomResource):
964
871
 
965
872
  @property
966
873
  @pulumi.getter(name="boundAttributes")
967
- def bound_attributes(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
874
+ def bound_attributes(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
968
875
  """
969
876
  Mapping of attribute names to values that are expected to
970
877
  exist in the SAML assertion.
@@ -1019,7 +926,7 @@ class AuthBackendRole(pulumi.CustomResource):
1019
926
  """
1020
927
  The namespace to provision the resource in.
1021
928
  The value should not contain leading or trailing forward slashes.
1022
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
929
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1023
930
  *Available only for Vault Enterprise*.
1024
931
  """
1025
932
  return pulumi.get(self, "namespace")
@@ -1036,9 +943,7 @@ class AuthBackendRole(pulumi.CustomResource):
1036
943
  @pulumi.getter(name="tokenBoundCidrs")
1037
944
  def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
1038
945
  """
1039
- List of CIDR blocks; if set, specifies blocks of IP
1040
- addresses which can authenticate successfully, and ties the resulting token to these blocks
1041
- as well.
946
+ Specifies the blocks of IP addresses which are allowed to use the generated token
1042
947
  """
1043
948
  return pulumi.get(self, "token_bound_cidrs")
1044
949
 
@@ -1046,10 +951,7 @@ class AuthBackendRole(pulumi.CustomResource):
1046
951
  @pulumi.getter(name="tokenExplicitMaxTtl")
1047
952
  def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
1048
953
  """
1049
- If set, will encode an
1050
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
1051
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
1052
- `token_max_ttl` would otherwise allow a renewal.
954
+ Generated Token's Explicit Maximum TTL in seconds
1053
955
  """
1054
956
  return pulumi.get(self, "token_explicit_max_ttl")
1055
957
 
@@ -1057,8 +959,7 @@ class AuthBackendRole(pulumi.CustomResource):
1057
959
  @pulumi.getter(name="tokenMaxTtl")
1058
960
  def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
1059
961
  """
1060
- The maximum lifetime for generated tokens in number of seconds.
1061
- Its current value will be referenced at renewal time.
962
+ The maximum lifetime of the generated token
1062
963
  """
1063
964
  return pulumi.get(self, "token_max_ttl")
1064
965
 
@@ -1066,8 +967,7 @@ class AuthBackendRole(pulumi.CustomResource):
1066
967
  @pulumi.getter(name="tokenNoDefaultPolicy")
1067
968
  def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
1068
969
  """
1069
- If set, the default policy will not be set on
1070
- generated tokens; otherwise it will be added to the policies set in token_policies.
970
+ If true, the 'default' policy will not automatically be added to generated tokens
1071
971
  """
1072
972
  return pulumi.get(self, "token_no_default_policy")
1073
973
 
@@ -1083,10 +983,7 @@ class AuthBackendRole(pulumi.CustomResource):
1083
983
  @pulumi.getter(name="tokenPeriod")
1084
984
  def token_period(self) -> pulumi.Output[Optional[int]]:
1085
985
  """
1086
- If set, indicates that the
1087
- token generated using this role should never expire. The token should be renewed within the
1088
- duration specified by this value. At each renewal, the token's TTL will be set to the
1089
- value of this field. Specified in seconds.
986
+ Generated Token's Period
1090
987
  """
1091
988
  return pulumi.get(self, "token_period")
1092
989
 
@@ -1094,8 +991,7 @@ class AuthBackendRole(pulumi.CustomResource):
1094
991
  @pulumi.getter(name="tokenPolicies")
1095
992
  def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
1096
993
  """
1097
- List of policies to encode onto generated tokens. Depending
1098
- on the auth method, this list may be supplemented by user/group/other values.
994
+ Generated Token's Policies
1099
995
  """
1100
996
  return pulumi.get(self, "token_policies")
1101
997
 
@@ -1103,8 +999,7 @@ class AuthBackendRole(pulumi.CustomResource):
1103
999
  @pulumi.getter(name="tokenTtl")
1104
1000
  def token_ttl(self) -> pulumi.Output[Optional[int]]:
1105
1001
  """
1106
- The incremental lifetime for generated tokens in number of seconds.
1107
- Its current value will be referenced at renewal time.
1002
+ The initial ttl of the token to generate in seconds
1108
1003
  """
1109
1004
  return pulumi.get(self, "token_ttl")
1110
1005
 
@@ -1112,11 +1007,7 @@ class AuthBackendRole(pulumi.CustomResource):
1112
1007
  @pulumi.getter(name="tokenType")
1113
1008
  def token_type(self) -> pulumi.Output[Optional[str]]:
1114
1009
  """
1115
- The type of token that should be generated. Can be `service`,
1116
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
1117
- `service` tokens). For token store roles, there are two additional possibilities:
1118
- `default-service` and `default-batch` which specify the type to return unless the client
1119
- requests a different type at generation time.
1010
+ The type of token to generate, service or batch
1120
1011
  """
1121
1012
  return pulumi.get(self, "token_type")
1122
1013