pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +22 -7
  5. pulumi_vault/ad/secret_backend.py +14 -144
  6. pulumi_vault/ad/secret_library.py +14 -11
  7. pulumi_vault/ad/secret_role.py +12 -11
  8. pulumi_vault/alicloud/auth_backend_role.py +74 -192
  9. pulumi_vault/approle/auth_backend_login.py +12 -11
  10. pulumi_vault/approle/auth_backend_role.py +75 -193
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
  13. pulumi_vault/audit.py +24 -27
  14. pulumi_vault/audit_request_header.py +11 -6
  15. pulumi_vault/auth_backend.py +64 -12
  16. pulumi_vault/aws/auth_backend_cert.py +12 -7
  17. pulumi_vault/aws/auth_backend_client.py +265 -24
  18. pulumi_vault/aws/auth_backend_config_identity.py +12 -11
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +75 -193
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
  24. pulumi_vault/aws/auth_backend_sts_role.py +12 -11
  25. pulumi_vault/aws/get_access_credentials.py +34 -7
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +75 -7
  28. pulumi_vault/aws/secret_backend_role.py +183 -11
  29. pulumi_vault/aws/secret_backend_static_role.py +14 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +151 -17
  32. pulumi_vault/azure/auth_backend_role.py +75 -193
  33. pulumi_vault/azure/backend.py +223 -29
  34. pulumi_vault/azure/backend_role.py +42 -41
  35. pulumi_vault/azure/get_access_credentials.py +39 -11
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -271
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +22 -25
  44. pulumi_vault/consul/secret_backend_role.py +14 -80
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +117 -114
  48. pulumi_vault/database/secret_backend_role.py +29 -24
  49. pulumi_vault/database/secret_backend_static_role.py +85 -15
  50. pulumi_vault/database/secrets_mount.py +425 -138
  51. pulumi_vault/egp_policy.py +16 -15
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +248 -35
  54. pulumi_vault/gcp/auth_backend_role.py +75 -271
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -9
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -16
  58. pulumi_vault/gcp/secret_impersonated_account.py +74 -17
  59. pulumi_vault/gcp/secret_roleset.py +29 -26
  60. pulumi_vault/gcp/secret_static_account.py +37 -34
  61. pulumi_vault/generic/endpoint.py +22 -21
  62. pulumi_vault/generic/get_secret.py +68 -12
  63. pulumi_vault/generic/secret.py +19 -14
  64. pulumi_vault/get_auth_backend.py +24 -11
  65. pulumi_vault/get_auth_backends.py +33 -11
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -15
  69. pulumi_vault/get_policy_document.py +34 -23
  70. pulumi_vault/get_raft_autopilot_state.py +29 -14
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +17 -16
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +14 -13
  75. pulumi_vault/github/user.py +14 -13
  76. pulumi_vault/identity/entity.py +18 -15
  77. pulumi_vault/identity/entity_alias.py +18 -15
  78. pulumi_vault/identity/entity_policies.py +24 -19
  79. pulumi_vault/identity/get_entity.py +40 -14
  80. pulumi_vault/identity/get_group.py +45 -13
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -11
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -13
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -14
  84. pulumi_vault/identity/group.py +50 -49
  85. pulumi_vault/identity/group_alias.py +14 -11
  86. pulumi_vault/identity/group_member_entity_ids.py +24 -74
  87. pulumi_vault/identity/group_member_group_ids.py +36 -27
  88. pulumi_vault/identity/group_policies.py +16 -15
  89. pulumi_vault/identity/mfa_duo.py +9 -8
  90. pulumi_vault/identity/mfa_login_enforcement.py +13 -8
  91. pulumi_vault/identity/mfa_okta.py +9 -8
  92. pulumi_vault/identity/mfa_pingid.py +5 -4
  93. pulumi_vault/identity/mfa_totp.py +5 -4
  94. pulumi_vault/identity/oidc.py +12 -11
  95. pulumi_vault/identity/oidc_assignment.py +22 -13
  96. pulumi_vault/identity/oidc_client.py +34 -25
  97. pulumi_vault/identity/oidc_key.py +28 -19
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
  99. pulumi_vault/identity/oidc_provider.py +34 -23
  100. pulumi_vault/identity/oidc_role.py +40 -27
  101. pulumi_vault/identity/oidc_scope.py +18 -15
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +39 -46
  105. pulumi_vault/jwt/auth_backend_role.py +131 -260
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +22 -21
  108. pulumi_vault/kmip/secret_role.py +12 -11
  109. pulumi_vault/kmip/secret_scope.py +12 -11
  110. pulumi_vault/kubernetes/auth_backend_config.py +55 -7
  111. pulumi_vault/kubernetes/auth_backend_role.py +68 -179
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -15
  115. pulumi_vault/kubernetes/secret_backend.py +314 -29
  116. pulumi_vault/kubernetes/secret_backend_role.py +135 -56
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +23 -12
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
  120. pulumi_vault/kv/get_secret_v2.py +89 -9
  121. pulumi_vault/kv/get_secrets_list.py +22 -15
  122. pulumi_vault/kv/get_secrets_list_v2.py +35 -19
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +19 -18
  125. pulumi_vault/kv/secret_backend_v2.py +12 -11
  126. pulumi_vault/kv/secret_v2.py +55 -52
  127. pulumi_vault/ldap/auth_backend.py +125 -168
  128. pulumi_vault/ldap/auth_backend_group.py +12 -11
  129. pulumi_vault/ldap/auth_backend_user.py +12 -11
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +352 -84
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +14 -11
  135. pulumi_vault/ldap/secret_backend_static_role.py +67 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +27 -43
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +16 -13
  140. pulumi_vault/mfa_okta.py +16 -13
  141. pulumi_vault/mfa_pingid.py +16 -13
  142. pulumi_vault/mfa_totp.py +22 -19
  143. pulumi_vault/mongodbatlas/secret_backend.py +18 -17
  144. pulumi_vault/mongodbatlas/secret_role.py +41 -38
  145. pulumi_vault/mount.py +389 -65
  146. pulumi_vault/namespace.py +26 -21
  147. pulumi_vault/nomad_secret_backend.py +16 -15
  148. pulumi_vault/nomad_secret_role.py +12 -11
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +483 -41
  151. pulumi_vault/okta/auth_backend_group.py +12 -11
  152. pulumi_vault/okta/auth_backend_user.py +12 -11
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +18 -15
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -13
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -12
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
  174. pulumi_vault/pkisecret/secret_backend_key.py +12 -7
  175. pulumi_vault/pkisecret/secret_backend_role.py +19 -16
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +12 -7
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +58 -8
  185. pulumi_vault/quota_rate_limit.py +54 -4
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +16 -15
  189. pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
  190. pulumi_vault/raft_autopilot.py +12 -11
  191. pulumi_vault/raft_snapshot_agent_config.py +121 -311
  192. pulumi_vault/rgp_policy.py +14 -13
  193. pulumi_vault/saml/auth_backend.py +20 -19
  194. pulumi_vault/saml/auth_backend_role.py +90 -199
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -75
  199. pulumi_vault/secrets/sync_aws_destination.py +240 -29
  200. pulumi_vault/secrets/sync_azure_destination.py +90 -33
  201. pulumi_vault/secrets/sync_config.py +7 -6
  202. pulumi_vault/secrets/sync_gcp_destination.py +156 -27
  203. pulumi_vault/secrets/sync_gh_destination.py +187 -15
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +72 -15
  206. pulumi_vault/ssh/_inputs.py +28 -32
  207. pulumi_vault/ssh/outputs.py +11 -32
  208. pulumi_vault/ssh/secret_backend_ca.py +106 -11
  209. pulumi_vault/ssh/secret_backend_role.py +83 -120
  210. pulumi_vault/terraformcloud/secret_backend.py +5 -56
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -24
  212. pulumi_vault/terraformcloud/secret_role.py +14 -76
  213. pulumi_vault/token.py +26 -25
  214. pulumi_vault/tokenauth/auth_backend_role.py +76 -201
  215. pulumi_vault/transform/alphabet.py +16 -13
  216. pulumi_vault/transform/get_decode.py +45 -21
  217. pulumi_vault/transform/get_encode.py +45 -21
  218. pulumi_vault/transform/role.py +16 -13
  219. pulumi_vault/transform/template.py +30 -25
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -25
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +25 -97
  224. pulumi_vault/transit/secret_cache_config.py +12 -11
  225. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
  from . import outputs
12
17
  from ._inputs import *
@@ -20,6 +25,7 @@ class SecretBackendRoleArgs:
20
25
  key_type: pulumi.Input[str],
21
26
  algorithm_signer: Optional[pulumi.Input[str]] = None,
22
27
  allow_bare_domains: Optional[pulumi.Input[bool]] = None,
28
+ allow_empty_principals: Optional[pulumi.Input[bool]] = None,
23
29
  allow_host_certificates: Optional[pulumi.Input[bool]] = None,
24
30
  allow_subdomains: Optional[pulumi.Input[bool]] = None,
25
31
  allow_user_certificates: Optional[pulumi.Input[bool]] = None,
@@ -29,12 +35,11 @@ class SecretBackendRoleArgs:
29
35
  allowed_domains_template: Optional[pulumi.Input[bool]] = None,
30
36
  allowed_extensions: Optional[pulumi.Input[str]] = None,
31
37
  allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]] = None,
32
- allowed_user_key_lengths: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]] = None,
33
38
  allowed_users: Optional[pulumi.Input[str]] = None,
34
39
  allowed_users_template: Optional[pulumi.Input[bool]] = None,
35
40
  cidr_list: Optional[pulumi.Input[str]] = None,
36
- default_critical_options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
37
- default_extensions: Optional[pulumi.Input[Mapping[str, Any]]] = None,
41
+ default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
42
+ default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
38
43
  default_user: Optional[pulumi.Input[str]] = None,
39
44
  default_user_template: Optional[pulumi.Input[bool]] = None,
40
45
  key_id_format: Optional[pulumi.Input[str]] = None,
@@ -61,14 +66,11 @@ class SecretBackendRoleArgs:
61
66
  :param pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]] allowed_user_key_configs: Set of configuration blocks to define allowed
62
67
  user key configuration, like key type and their lengths. Can be specified multiple times.
63
68
  *See Configuration-Options for more info*
64
- :param pulumi.Input[Mapping[str, pulumi.Input[int]]] allowed_user_key_lengths: Specifies a map of ssh key types and their expected sizes which
65
- are allowed to be signed by the CA type.
66
- *Deprecated: use* allowed_user_key_config *instead*
67
69
  :param pulumi.Input[str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
68
70
  :param pulumi.Input[bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
69
71
  :param pulumi.Input[str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
70
- :param pulumi.Input[Mapping[str, Any]] default_critical_options: Specifies a map of critical options that certificates have when signed.
71
- :param pulumi.Input[Mapping[str, Any]] default_extensions: Specifies a map of extensions that certificates have when signed.
72
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
73
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
72
74
  :param pulumi.Input[str] default_user: Specifies the default username for which a credential will be generated.
73
75
  :param pulumi.Input[bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
74
76
  :param pulumi.Input[str] key_id_format: Specifies a custom format for the key id of a signed certificate.
@@ -76,7 +78,7 @@ class SecretBackendRoleArgs:
76
78
  :param pulumi.Input[str] name: Specifies the name of the role to create.
77
79
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
78
80
  The value should not contain leading or trailing forward slashes.
79
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
81
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
80
82
  *Available only for Vault Enterprise*.
81
83
  :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
82
84
  :param pulumi.Input[str] ttl: Specifies the Time To Live value.
@@ -87,6 +89,8 @@ class SecretBackendRoleArgs:
87
89
  pulumi.set(__self__, "algorithm_signer", algorithm_signer)
88
90
  if allow_bare_domains is not None:
89
91
  pulumi.set(__self__, "allow_bare_domains", allow_bare_domains)
92
+ if allow_empty_principals is not None:
93
+ pulumi.set(__self__, "allow_empty_principals", allow_empty_principals)
90
94
  if allow_host_certificates is not None:
91
95
  pulumi.set(__self__, "allow_host_certificates", allow_host_certificates)
92
96
  if allow_subdomains is not None:
@@ -105,11 +109,6 @@ class SecretBackendRoleArgs:
105
109
  pulumi.set(__self__, "allowed_extensions", allowed_extensions)
106
110
  if allowed_user_key_configs is not None:
107
111
  pulumi.set(__self__, "allowed_user_key_configs", allowed_user_key_configs)
108
- if allowed_user_key_lengths is not None:
109
- warnings.warn("""Set in allowed_user_key_config""", DeprecationWarning)
110
- pulumi.log.warn("""allowed_user_key_lengths is deprecated: Set in allowed_user_key_config""")
111
- if allowed_user_key_lengths is not None:
112
- pulumi.set(__self__, "allowed_user_key_lengths", allowed_user_key_lengths)
113
112
  if allowed_users is not None:
114
113
  pulumi.set(__self__, "allowed_users", allowed_users)
115
114
  if allowed_users_template is not None:
@@ -185,6 +184,15 @@ class SecretBackendRoleArgs:
185
184
  def allow_bare_domains(self, value: Optional[pulumi.Input[bool]]):
186
185
  pulumi.set(self, "allow_bare_domains", value)
187
186
 
187
+ @property
188
+ @pulumi.getter(name="allowEmptyPrincipals")
189
+ def allow_empty_principals(self) -> Optional[pulumi.Input[bool]]:
190
+ return pulumi.get(self, "allow_empty_principals")
191
+
192
+ @allow_empty_principals.setter
193
+ def allow_empty_principals(self, value: Optional[pulumi.Input[bool]]):
194
+ pulumi.set(self, "allow_empty_principals", value)
195
+
188
196
  @property
189
197
  @pulumi.getter(name="allowHostCertificates")
190
198
  def allow_host_certificates(self) -> Optional[pulumi.Input[bool]]:
@@ -296,23 +304,6 @@ class SecretBackendRoleArgs:
296
304
  def allowed_user_key_configs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]]):
297
305
  pulumi.set(self, "allowed_user_key_configs", value)
298
306
 
299
- @property
300
- @pulumi.getter(name="allowedUserKeyLengths")
301
- def allowed_user_key_lengths(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]]:
302
- """
303
- Specifies a map of ssh key types and their expected sizes which
304
- are allowed to be signed by the CA type.
305
- *Deprecated: use* allowed_user_key_config *instead*
306
- """
307
- warnings.warn("""Set in allowed_user_key_config""", DeprecationWarning)
308
- pulumi.log.warn("""allowed_user_key_lengths is deprecated: Set in allowed_user_key_config""")
309
-
310
- return pulumi.get(self, "allowed_user_key_lengths")
311
-
312
- @allowed_user_key_lengths.setter
313
- def allowed_user_key_lengths(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]]):
314
- pulumi.set(self, "allowed_user_key_lengths", value)
315
-
316
307
  @property
317
308
  @pulumi.getter(name="allowedUsers")
318
309
  def allowed_users(self) -> Optional[pulumi.Input[str]]:
@@ -351,26 +342,26 @@ class SecretBackendRoleArgs:
351
342
 
352
343
  @property
353
344
  @pulumi.getter(name="defaultCriticalOptions")
354
- def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
345
+ def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
355
346
  """
356
347
  Specifies a map of critical options that certificates have when signed.
357
348
  """
358
349
  return pulumi.get(self, "default_critical_options")
359
350
 
360
351
  @default_critical_options.setter
361
- def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
352
+ def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
362
353
  pulumi.set(self, "default_critical_options", value)
363
354
 
364
355
  @property
365
356
  @pulumi.getter(name="defaultExtensions")
366
- def default_extensions(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
357
+ def default_extensions(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
367
358
  """
368
359
  Specifies a map of extensions that certificates have when signed.
369
360
  """
370
361
  return pulumi.get(self, "default_extensions")
371
362
 
372
363
  @default_extensions.setter
373
- def default_extensions(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
364
+ def default_extensions(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
374
365
  pulumi.set(self, "default_extensions", value)
375
366
 
376
367
  @property
@@ -439,7 +430,7 @@ class SecretBackendRoleArgs:
439
430
  """
440
431
  The namespace to provision the resource in.
441
432
  The value should not contain leading or trailing forward slashes.
442
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
433
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
443
434
  *Available only for Vault Enterprise*.
444
435
  """
445
436
  return pulumi.get(self, "namespace")
@@ -478,6 +469,7 @@ class _SecretBackendRoleState:
478
469
  def __init__(__self__, *,
479
470
  algorithm_signer: Optional[pulumi.Input[str]] = None,
480
471
  allow_bare_domains: Optional[pulumi.Input[bool]] = None,
472
+ allow_empty_principals: Optional[pulumi.Input[bool]] = None,
481
473
  allow_host_certificates: Optional[pulumi.Input[bool]] = None,
482
474
  allow_subdomains: Optional[pulumi.Input[bool]] = None,
483
475
  allow_user_certificates: Optional[pulumi.Input[bool]] = None,
@@ -487,13 +479,12 @@ class _SecretBackendRoleState:
487
479
  allowed_domains_template: Optional[pulumi.Input[bool]] = None,
488
480
  allowed_extensions: Optional[pulumi.Input[str]] = None,
489
481
  allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]] = None,
490
- allowed_user_key_lengths: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]] = None,
491
482
  allowed_users: Optional[pulumi.Input[str]] = None,
492
483
  allowed_users_template: Optional[pulumi.Input[bool]] = None,
493
484
  backend: Optional[pulumi.Input[str]] = None,
494
485
  cidr_list: Optional[pulumi.Input[str]] = None,
495
- default_critical_options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
496
- default_extensions: Optional[pulumi.Input[Mapping[str, Any]]] = None,
486
+ default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
487
+ default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
497
488
  default_user: Optional[pulumi.Input[str]] = None,
498
489
  default_user_template: Optional[pulumi.Input[bool]] = None,
499
490
  key_id_format: Optional[pulumi.Input[str]] = None,
@@ -519,15 +510,12 @@ class _SecretBackendRoleState:
519
510
  :param pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]] allowed_user_key_configs: Set of configuration blocks to define allowed
520
511
  user key configuration, like key type and their lengths. Can be specified multiple times.
521
512
  *See Configuration-Options for more info*
522
- :param pulumi.Input[Mapping[str, pulumi.Input[int]]] allowed_user_key_lengths: Specifies a map of ssh key types and their expected sizes which
523
- are allowed to be signed by the CA type.
524
- *Deprecated: use* allowed_user_key_config *instead*
525
513
  :param pulumi.Input[str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
526
514
  :param pulumi.Input[bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
527
515
  :param pulumi.Input[str] backend: The path where the SSH secret backend is mounted.
528
516
  :param pulumi.Input[str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
529
- :param pulumi.Input[Mapping[str, Any]] default_critical_options: Specifies a map of critical options that certificates have when signed.
530
- :param pulumi.Input[Mapping[str, Any]] default_extensions: Specifies a map of extensions that certificates have when signed.
517
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
518
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
531
519
  :param pulumi.Input[str] default_user: Specifies the default username for which a credential will be generated.
532
520
  :param pulumi.Input[bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
533
521
  :param pulumi.Input[str] key_id_format: Specifies a custom format for the key id of a signed certificate.
@@ -536,7 +524,7 @@ class _SecretBackendRoleState:
536
524
  :param pulumi.Input[str] name: Specifies the name of the role to create.
537
525
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
538
526
  The value should not contain leading or trailing forward slashes.
539
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
527
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
540
528
  *Available only for Vault Enterprise*.
541
529
  :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
542
530
  :param pulumi.Input[str] ttl: Specifies the Time To Live value.
@@ -545,6 +533,8 @@ class _SecretBackendRoleState:
545
533
  pulumi.set(__self__, "algorithm_signer", algorithm_signer)
546
534
  if allow_bare_domains is not None:
547
535
  pulumi.set(__self__, "allow_bare_domains", allow_bare_domains)
536
+ if allow_empty_principals is not None:
537
+ pulumi.set(__self__, "allow_empty_principals", allow_empty_principals)
548
538
  if allow_host_certificates is not None:
549
539
  pulumi.set(__self__, "allow_host_certificates", allow_host_certificates)
550
540
  if allow_subdomains is not None:
@@ -563,11 +553,6 @@ class _SecretBackendRoleState:
563
553
  pulumi.set(__self__, "allowed_extensions", allowed_extensions)
564
554
  if allowed_user_key_configs is not None:
565
555
  pulumi.set(__self__, "allowed_user_key_configs", allowed_user_key_configs)
566
- if allowed_user_key_lengths is not None:
567
- warnings.warn("""Set in allowed_user_key_config""", DeprecationWarning)
568
- pulumi.log.warn("""allowed_user_key_lengths is deprecated: Set in allowed_user_key_config""")
569
- if allowed_user_key_lengths is not None:
570
- pulumi.set(__self__, "allowed_user_key_lengths", allowed_user_key_lengths)
571
556
  if allowed_users is not None:
572
557
  pulumi.set(__self__, "allowed_users", allowed_users)
573
558
  if allowed_users_template is not None:
@@ -623,6 +608,15 @@ class _SecretBackendRoleState:
623
608
  def allow_bare_domains(self, value: Optional[pulumi.Input[bool]]):
624
609
  pulumi.set(self, "allow_bare_domains", value)
625
610
 
611
+ @property
612
+ @pulumi.getter(name="allowEmptyPrincipals")
613
+ def allow_empty_principals(self) -> Optional[pulumi.Input[bool]]:
614
+ return pulumi.get(self, "allow_empty_principals")
615
+
616
+ @allow_empty_principals.setter
617
+ def allow_empty_principals(self, value: Optional[pulumi.Input[bool]]):
618
+ pulumi.set(self, "allow_empty_principals", value)
619
+
626
620
  @property
627
621
  @pulumi.getter(name="allowHostCertificates")
628
622
  def allow_host_certificates(self) -> Optional[pulumi.Input[bool]]:
@@ -734,23 +728,6 @@ class _SecretBackendRoleState:
734
728
  def allowed_user_key_configs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]]):
735
729
  pulumi.set(self, "allowed_user_key_configs", value)
736
730
 
737
- @property
738
- @pulumi.getter(name="allowedUserKeyLengths")
739
- def allowed_user_key_lengths(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]]:
740
- """
741
- Specifies a map of ssh key types and their expected sizes which
742
- are allowed to be signed by the CA type.
743
- *Deprecated: use* allowed_user_key_config *instead*
744
- """
745
- warnings.warn("""Set in allowed_user_key_config""", DeprecationWarning)
746
- pulumi.log.warn("""allowed_user_key_lengths is deprecated: Set in allowed_user_key_config""")
747
-
748
- return pulumi.get(self, "allowed_user_key_lengths")
749
-
750
- @allowed_user_key_lengths.setter
751
- def allowed_user_key_lengths(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]]):
752
- pulumi.set(self, "allowed_user_key_lengths", value)
753
-
754
731
  @property
755
732
  @pulumi.getter(name="allowedUsers")
756
733
  def allowed_users(self) -> Optional[pulumi.Input[str]]:
@@ -801,26 +778,26 @@ class _SecretBackendRoleState:
801
778
 
802
779
  @property
803
780
  @pulumi.getter(name="defaultCriticalOptions")
804
- def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
781
+ def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
805
782
  """
806
783
  Specifies a map of critical options that certificates have when signed.
807
784
  """
808
785
  return pulumi.get(self, "default_critical_options")
809
786
 
810
787
  @default_critical_options.setter
811
- def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
788
+ def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
812
789
  pulumi.set(self, "default_critical_options", value)
813
790
 
814
791
  @property
815
792
  @pulumi.getter(name="defaultExtensions")
816
- def default_extensions(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
793
+ def default_extensions(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
817
794
  """
818
795
  Specifies a map of extensions that certificates have when signed.
819
796
  """
820
797
  return pulumi.get(self, "default_extensions")
821
798
 
822
799
  @default_extensions.setter
823
- def default_extensions(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
800
+ def default_extensions(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
824
801
  pulumi.set(self, "default_extensions", value)
825
802
 
826
803
  @property
@@ -901,7 +878,7 @@ class _SecretBackendRoleState:
901
878
  """
902
879
  The namespace to provision the resource in.
903
880
  The value should not contain leading or trailing forward slashes.
904
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
881
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
905
882
  *Available only for Vault Enterprise*.
906
883
  """
907
884
  return pulumi.get(self, "namespace")
@@ -942,6 +919,7 @@ class SecretBackendRole(pulumi.CustomResource):
942
919
  opts: Optional[pulumi.ResourceOptions] = None,
943
920
  algorithm_signer: Optional[pulumi.Input[str]] = None,
944
921
  allow_bare_domains: Optional[pulumi.Input[bool]] = None,
922
+ allow_empty_principals: Optional[pulumi.Input[bool]] = None,
945
923
  allow_host_certificates: Optional[pulumi.Input[bool]] = None,
946
924
  allow_subdomains: Optional[pulumi.Input[bool]] = None,
947
925
  allow_user_certificates: Optional[pulumi.Input[bool]] = None,
@@ -950,14 +928,13 @@ class SecretBackendRole(pulumi.CustomResource):
950
928
  allowed_domains: Optional[pulumi.Input[str]] = None,
951
929
  allowed_domains_template: Optional[pulumi.Input[bool]] = None,
952
930
  allowed_extensions: Optional[pulumi.Input[str]] = None,
953
- allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretBackendRoleAllowedUserKeyConfigArgs']]]]] = None,
954
- allowed_user_key_lengths: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]] = None,
931
+ allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]]] = None,
955
932
  allowed_users: Optional[pulumi.Input[str]] = None,
956
933
  allowed_users_template: Optional[pulumi.Input[bool]] = None,
957
934
  backend: Optional[pulumi.Input[str]] = None,
958
935
  cidr_list: Optional[pulumi.Input[str]] = None,
959
- default_critical_options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
960
- default_extensions: Optional[pulumi.Input[Mapping[str, Any]]] = None,
936
+ default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
937
+ default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
961
938
  default_user: Optional[pulumi.Input[str]] = None,
962
939
  default_user_template: Optional[pulumi.Input[bool]] = None,
963
940
  key_id_format: Optional[pulumi.Input[str]] = None,
@@ -974,24 +951,24 @@ class SecretBackendRole(pulumi.CustomResource):
974
951
 
975
952
  ## Example Usage
976
953
 
977
- <!--Start PulumiCodeChooser -->
978
954
  ```python
979
955
  import pulumi
980
956
  import pulumi_vault as vault
981
957
 
982
958
  example = vault.Mount("example", type="ssh")
983
959
  foo = vault.ssh.SecretBackendRole("foo",
960
+ name="my-role",
984
961
  backend=example.path,
985
962
  key_type="ca",
986
963
  allow_user_certificates=True)
987
964
  bar = vault.ssh.SecretBackendRole("bar",
965
+ name="otp-role",
988
966
  backend=example.path,
989
967
  key_type="otp",
990
968
  default_user="default",
991
969
  allowed_users="default,baz",
992
970
  cidr_list="0.0.0.0/0")
993
971
  ```
994
- <!--End PulumiCodeChooser -->
995
972
 
996
973
  ## Import
997
974
 
@@ -1014,18 +991,15 @@ class SecretBackendRole(pulumi.CustomResource):
1014
991
  :param pulumi.Input[bool] allowed_domains_template: Specifies if `allowed_domains` can be declared using
1015
992
  identity template policies. Non-templated domains are also permitted.
1016
993
  :param pulumi.Input[str] allowed_extensions: Specifies a comma-separated list of extensions that certificates can have when signed.
1017
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretBackendRoleAllowedUserKeyConfigArgs']]]] allowed_user_key_configs: Set of configuration blocks to define allowed
994
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]] allowed_user_key_configs: Set of configuration blocks to define allowed
1018
995
  user key configuration, like key type and their lengths. Can be specified multiple times.
1019
996
  *See Configuration-Options for more info*
1020
- :param pulumi.Input[Mapping[str, pulumi.Input[int]]] allowed_user_key_lengths: Specifies a map of ssh key types and their expected sizes which
1021
- are allowed to be signed by the CA type.
1022
- *Deprecated: use* allowed_user_key_config *instead*
1023
997
  :param pulumi.Input[str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
1024
998
  :param pulumi.Input[bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
1025
999
  :param pulumi.Input[str] backend: The path where the SSH secret backend is mounted.
1026
1000
  :param pulumi.Input[str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
1027
- :param pulumi.Input[Mapping[str, Any]] default_critical_options: Specifies a map of critical options that certificates have when signed.
1028
- :param pulumi.Input[Mapping[str, Any]] default_extensions: Specifies a map of extensions that certificates have when signed.
1001
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
1002
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
1029
1003
  :param pulumi.Input[str] default_user: Specifies the default username for which a credential will be generated.
1030
1004
  :param pulumi.Input[bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
1031
1005
  :param pulumi.Input[str] key_id_format: Specifies a custom format for the key id of a signed certificate.
@@ -1034,7 +1008,7 @@ class SecretBackendRole(pulumi.CustomResource):
1034
1008
  :param pulumi.Input[str] name: Specifies the name of the role to create.
1035
1009
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1036
1010
  The value should not contain leading or trailing forward slashes.
1037
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1011
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1038
1012
  *Available only for Vault Enterprise*.
1039
1013
  :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
1040
1014
  :param pulumi.Input[str] ttl: Specifies the Time To Live value.
@@ -1051,24 +1025,24 @@ class SecretBackendRole(pulumi.CustomResource):
1051
1025
 
1052
1026
  ## Example Usage
1053
1027
 
1054
- <!--Start PulumiCodeChooser -->
1055
1028
  ```python
1056
1029
  import pulumi
1057
1030
  import pulumi_vault as vault
1058
1031
 
1059
1032
  example = vault.Mount("example", type="ssh")
1060
1033
  foo = vault.ssh.SecretBackendRole("foo",
1034
+ name="my-role",
1061
1035
  backend=example.path,
1062
1036
  key_type="ca",
1063
1037
  allow_user_certificates=True)
1064
1038
  bar = vault.ssh.SecretBackendRole("bar",
1039
+ name="otp-role",
1065
1040
  backend=example.path,
1066
1041
  key_type="otp",
1067
1042
  default_user="default",
1068
1043
  allowed_users="default,baz",
1069
1044
  cidr_list="0.0.0.0/0")
1070
1045
  ```
1071
- <!--End PulumiCodeChooser -->
1072
1046
 
1073
1047
  ## Import
1074
1048
 
@@ -1095,6 +1069,7 @@ class SecretBackendRole(pulumi.CustomResource):
1095
1069
  opts: Optional[pulumi.ResourceOptions] = None,
1096
1070
  algorithm_signer: Optional[pulumi.Input[str]] = None,
1097
1071
  allow_bare_domains: Optional[pulumi.Input[bool]] = None,
1072
+ allow_empty_principals: Optional[pulumi.Input[bool]] = None,
1098
1073
  allow_host_certificates: Optional[pulumi.Input[bool]] = None,
1099
1074
  allow_subdomains: Optional[pulumi.Input[bool]] = None,
1100
1075
  allow_user_certificates: Optional[pulumi.Input[bool]] = None,
@@ -1103,14 +1078,13 @@ class SecretBackendRole(pulumi.CustomResource):
1103
1078
  allowed_domains: Optional[pulumi.Input[str]] = None,
1104
1079
  allowed_domains_template: Optional[pulumi.Input[bool]] = None,
1105
1080
  allowed_extensions: Optional[pulumi.Input[str]] = None,
1106
- allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretBackendRoleAllowedUserKeyConfigArgs']]]]] = None,
1107
- allowed_user_key_lengths: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]] = None,
1081
+ allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]]] = None,
1108
1082
  allowed_users: Optional[pulumi.Input[str]] = None,
1109
1083
  allowed_users_template: Optional[pulumi.Input[bool]] = None,
1110
1084
  backend: Optional[pulumi.Input[str]] = None,
1111
1085
  cidr_list: Optional[pulumi.Input[str]] = None,
1112
- default_critical_options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
1113
- default_extensions: Optional[pulumi.Input[Mapping[str, Any]]] = None,
1086
+ default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1087
+ default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1114
1088
  default_user: Optional[pulumi.Input[str]] = None,
1115
1089
  default_user_template: Optional[pulumi.Input[bool]] = None,
1116
1090
  key_id_format: Optional[pulumi.Input[str]] = None,
@@ -1131,6 +1105,7 @@ class SecretBackendRole(pulumi.CustomResource):
1131
1105
 
1132
1106
  __props__.__dict__["algorithm_signer"] = algorithm_signer
1133
1107
  __props__.__dict__["allow_bare_domains"] = allow_bare_domains
1108
+ __props__.__dict__["allow_empty_principals"] = allow_empty_principals
1134
1109
  __props__.__dict__["allow_host_certificates"] = allow_host_certificates
1135
1110
  __props__.__dict__["allow_subdomains"] = allow_subdomains
1136
1111
  __props__.__dict__["allow_user_certificates"] = allow_user_certificates
@@ -1140,7 +1115,6 @@ class SecretBackendRole(pulumi.CustomResource):
1140
1115
  __props__.__dict__["allowed_domains_template"] = allowed_domains_template
1141
1116
  __props__.__dict__["allowed_extensions"] = allowed_extensions
1142
1117
  __props__.__dict__["allowed_user_key_configs"] = allowed_user_key_configs
1143
- __props__.__dict__["allowed_user_key_lengths"] = allowed_user_key_lengths
1144
1118
  __props__.__dict__["allowed_users"] = allowed_users
1145
1119
  __props__.__dict__["allowed_users_template"] = allowed_users_template
1146
1120
  if backend is None and not opts.urn:
@@ -1172,6 +1146,7 @@ class SecretBackendRole(pulumi.CustomResource):
1172
1146
  opts: Optional[pulumi.ResourceOptions] = None,
1173
1147
  algorithm_signer: Optional[pulumi.Input[str]] = None,
1174
1148
  allow_bare_domains: Optional[pulumi.Input[bool]] = None,
1149
+ allow_empty_principals: Optional[pulumi.Input[bool]] = None,
1175
1150
  allow_host_certificates: Optional[pulumi.Input[bool]] = None,
1176
1151
  allow_subdomains: Optional[pulumi.Input[bool]] = None,
1177
1152
  allow_user_certificates: Optional[pulumi.Input[bool]] = None,
@@ -1180,14 +1155,13 @@ class SecretBackendRole(pulumi.CustomResource):
1180
1155
  allowed_domains: Optional[pulumi.Input[str]] = None,
1181
1156
  allowed_domains_template: Optional[pulumi.Input[bool]] = None,
1182
1157
  allowed_extensions: Optional[pulumi.Input[str]] = None,
1183
- allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretBackendRoleAllowedUserKeyConfigArgs']]]]] = None,
1184
- allowed_user_key_lengths: Optional[pulumi.Input[Mapping[str, pulumi.Input[int]]]] = None,
1158
+ allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]]] = None,
1185
1159
  allowed_users: Optional[pulumi.Input[str]] = None,
1186
1160
  allowed_users_template: Optional[pulumi.Input[bool]] = None,
1187
1161
  backend: Optional[pulumi.Input[str]] = None,
1188
1162
  cidr_list: Optional[pulumi.Input[str]] = None,
1189
- default_critical_options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
1190
- default_extensions: Optional[pulumi.Input[Mapping[str, Any]]] = None,
1163
+ default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1164
+ default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1191
1165
  default_user: Optional[pulumi.Input[str]] = None,
1192
1166
  default_user_template: Optional[pulumi.Input[bool]] = None,
1193
1167
  key_id_format: Optional[pulumi.Input[str]] = None,
@@ -1215,18 +1189,15 @@ class SecretBackendRole(pulumi.CustomResource):
1215
1189
  :param pulumi.Input[bool] allowed_domains_template: Specifies if `allowed_domains` can be declared using
1216
1190
  identity template policies. Non-templated domains are also permitted.
1217
1191
  :param pulumi.Input[str] allowed_extensions: Specifies a comma-separated list of extensions that certificates can have when signed.
1218
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretBackendRoleAllowedUserKeyConfigArgs']]]] allowed_user_key_configs: Set of configuration blocks to define allowed
1192
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]] allowed_user_key_configs: Set of configuration blocks to define allowed
1219
1193
  user key configuration, like key type and their lengths. Can be specified multiple times.
1220
1194
  *See Configuration-Options for more info*
1221
- :param pulumi.Input[Mapping[str, pulumi.Input[int]]] allowed_user_key_lengths: Specifies a map of ssh key types and their expected sizes which
1222
- are allowed to be signed by the CA type.
1223
- *Deprecated: use* allowed_user_key_config *instead*
1224
1195
  :param pulumi.Input[str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
1225
1196
  :param pulumi.Input[bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
1226
1197
  :param pulumi.Input[str] backend: The path where the SSH secret backend is mounted.
1227
1198
  :param pulumi.Input[str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
1228
- :param pulumi.Input[Mapping[str, Any]] default_critical_options: Specifies a map of critical options that certificates have when signed.
1229
- :param pulumi.Input[Mapping[str, Any]] default_extensions: Specifies a map of extensions that certificates have when signed.
1199
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
1200
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
1230
1201
  :param pulumi.Input[str] default_user: Specifies the default username for which a credential will be generated.
1231
1202
  :param pulumi.Input[bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
1232
1203
  :param pulumi.Input[str] key_id_format: Specifies a custom format for the key id of a signed certificate.
@@ -1235,7 +1206,7 @@ class SecretBackendRole(pulumi.CustomResource):
1235
1206
  :param pulumi.Input[str] name: Specifies the name of the role to create.
1236
1207
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1237
1208
  The value should not contain leading or trailing forward slashes.
1238
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1209
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1239
1210
  *Available only for Vault Enterprise*.
1240
1211
  :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
1241
1212
  :param pulumi.Input[str] ttl: Specifies the Time To Live value.
@@ -1246,6 +1217,7 @@ class SecretBackendRole(pulumi.CustomResource):
1246
1217
 
1247
1218
  __props__.__dict__["algorithm_signer"] = algorithm_signer
1248
1219
  __props__.__dict__["allow_bare_domains"] = allow_bare_domains
1220
+ __props__.__dict__["allow_empty_principals"] = allow_empty_principals
1249
1221
  __props__.__dict__["allow_host_certificates"] = allow_host_certificates
1250
1222
  __props__.__dict__["allow_subdomains"] = allow_subdomains
1251
1223
  __props__.__dict__["allow_user_certificates"] = allow_user_certificates
@@ -1255,7 +1227,6 @@ class SecretBackendRole(pulumi.CustomResource):
1255
1227
  __props__.__dict__["allowed_domains_template"] = allowed_domains_template
1256
1228
  __props__.__dict__["allowed_extensions"] = allowed_extensions
1257
1229
  __props__.__dict__["allowed_user_key_configs"] = allowed_user_key_configs
1258
- __props__.__dict__["allowed_user_key_lengths"] = allowed_user_key_lengths
1259
1230
  __props__.__dict__["allowed_users"] = allowed_users
1260
1231
  __props__.__dict__["allowed_users_template"] = allowed_users_template
1261
1232
  __props__.__dict__["backend"] = backend
@@ -1289,6 +1260,11 @@ class SecretBackendRole(pulumi.CustomResource):
1289
1260
  """
1290
1261
  return pulumi.get(self, "allow_bare_domains")
1291
1262
 
1263
+ @property
1264
+ @pulumi.getter(name="allowEmptyPrincipals")
1265
+ def allow_empty_principals(self) -> pulumi.Output[Optional[bool]]:
1266
+ return pulumi.get(self, "allow_empty_principals")
1267
+
1292
1268
  @property
1293
1269
  @pulumi.getter(name="allowHostCertificates")
1294
1270
  def allow_host_certificates(self) -> pulumi.Output[Optional[bool]]:
@@ -1364,19 +1340,6 @@ class SecretBackendRole(pulumi.CustomResource):
1364
1340
  """
1365
1341
  return pulumi.get(self, "allowed_user_key_configs")
1366
1342
 
1367
- @property
1368
- @pulumi.getter(name="allowedUserKeyLengths")
1369
- def allowed_user_key_lengths(self) -> pulumi.Output[Optional[Mapping[str, int]]]:
1370
- """
1371
- Specifies a map of ssh key types and their expected sizes which
1372
- are allowed to be signed by the CA type.
1373
- *Deprecated: use* allowed_user_key_config *instead*
1374
- """
1375
- warnings.warn("""Set in allowed_user_key_config""", DeprecationWarning)
1376
- pulumi.log.warn("""allowed_user_key_lengths is deprecated: Set in allowed_user_key_config""")
1377
-
1378
- return pulumi.get(self, "allowed_user_key_lengths")
1379
-
1380
1343
  @property
1381
1344
  @pulumi.getter(name="allowedUsers")
1382
1345
  def allowed_users(self) -> pulumi.Output[Optional[str]]:
@@ -1411,7 +1374,7 @@ class SecretBackendRole(pulumi.CustomResource):
1411
1374
 
1412
1375
  @property
1413
1376
  @pulumi.getter(name="defaultCriticalOptions")
1414
- def default_critical_options(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
1377
+ def default_critical_options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
1415
1378
  """
1416
1379
  Specifies a map of critical options that certificates have when signed.
1417
1380
  """
@@ -1419,7 +1382,7 @@ class SecretBackendRole(pulumi.CustomResource):
1419
1382
 
1420
1383
  @property
1421
1384
  @pulumi.getter(name="defaultExtensions")
1422
- def default_extensions(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
1385
+ def default_extensions(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
1423
1386
  """
1424
1387
  Specifies a map of extensions that certificates have when signed.
1425
1388
  """
@@ -1479,7 +1442,7 @@ class SecretBackendRole(pulumi.CustomResource):
1479
1442
  """
1480
1443
  The namespace to provision the resource in.
1481
1444
  The value should not contain leading or trailing forward slashes.
1482
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1445
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1483
1446
  *Available only for Vault Enterprise*.
1484
1447
  """
1485
1448
  return pulumi.get(self, "namespace")