pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +22 -7
  5. pulumi_vault/ad/secret_backend.py +14 -144
  6. pulumi_vault/ad/secret_library.py +14 -11
  7. pulumi_vault/ad/secret_role.py +12 -11
  8. pulumi_vault/alicloud/auth_backend_role.py +74 -192
  9. pulumi_vault/approle/auth_backend_login.py +12 -11
  10. pulumi_vault/approle/auth_backend_role.py +75 -193
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
  13. pulumi_vault/audit.py +24 -27
  14. pulumi_vault/audit_request_header.py +11 -6
  15. pulumi_vault/auth_backend.py +64 -12
  16. pulumi_vault/aws/auth_backend_cert.py +12 -7
  17. pulumi_vault/aws/auth_backend_client.py +265 -24
  18. pulumi_vault/aws/auth_backend_config_identity.py +12 -11
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +75 -193
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
  24. pulumi_vault/aws/auth_backend_sts_role.py +12 -11
  25. pulumi_vault/aws/get_access_credentials.py +34 -7
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +75 -7
  28. pulumi_vault/aws/secret_backend_role.py +183 -11
  29. pulumi_vault/aws/secret_backend_static_role.py +14 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +151 -17
  32. pulumi_vault/azure/auth_backend_role.py +75 -193
  33. pulumi_vault/azure/backend.py +223 -29
  34. pulumi_vault/azure/backend_role.py +42 -41
  35. pulumi_vault/azure/get_access_credentials.py +39 -11
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -271
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +22 -25
  44. pulumi_vault/consul/secret_backend_role.py +14 -80
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +117 -114
  48. pulumi_vault/database/secret_backend_role.py +29 -24
  49. pulumi_vault/database/secret_backend_static_role.py +85 -15
  50. pulumi_vault/database/secrets_mount.py +425 -138
  51. pulumi_vault/egp_policy.py +16 -15
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +248 -35
  54. pulumi_vault/gcp/auth_backend_role.py +75 -271
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -9
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -16
  58. pulumi_vault/gcp/secret_impersonated_account.py +74 -17
  59. pulumi_vault/gcp/secret_roleset.py +29 -26
  60. pulumi_vault/gcp/secret_static_account.py +37 -34
  61. pulumi_vault/generic/endpoint.py +22 -21
  62. pulumi_vault/generic/get_secret.py +68 -12
  63. pulumi_vault/generic/secret.py +19 -14
  64. pulumi_vault/get_auth_backend.py +24 -11
  65. pulumi_vault/get_auth_backends.py +33 -11
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -15
  69. pulumi_vault/get_policy_document.py +34 -23
  70. pulumi_vault/get_raft_autopilot_state.py +29 -14
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +17 -16
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +14 -13
  75. pulumi_vault/github/user.py +14 -13
  76. pulumi_vault/identity/entity.py +18 -15
  77. pulumi_vault/identity/entity_alias.py +18 -15
  78. pulumi_vault/identity/entity_policies.py +24 -19
  79. pulumi_vault/identity/get_entity.py +40 -14
  80. pulumi_vault/identity/get_group.py +45 -13
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -11
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -13
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -14
  84. pulumi_vault/identity/group.py +50 -49
  85. pulumi_vault/identity/group_alias.py +14 -11
  86. pulumi_vault/identity/group_member_entity_ids.py +24 -74
  87. pulumi_vault/identity/group_member_group_ids.py +36 -27
  88. pulumi_vault/identity/group_policies.py +16 -15
  89. pulumi_vault/identity/mfa_duo.py +9 -8
  90. pulumi_vault/identity/mfa_login_enforcement.py +13 -8
  91. pulumi_vault/identity/mfa_okta.py +9 -8
  92. pulumi_vault/identity/mfa_pingid.py +5 -4
  93. pulumi_vault/identity/mfa_totp.py +5 -4
  94. pulumi_vault/identity/oidc.py +12 -11
  95. pulumi_vault/identity/oidc_assignment.py +22 -13
  96. pulumi_vault/identity/oidc_client.py +34 -25
  97. pulumi_vault/identity/oidc_key.py +28 -19
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
  99. pulumi_vault/identity/oidc_provider.py +34 -23
  100. pulumi_vault/identity/oidc_role.py +40 -27
  101. pulumi_vault/identity/oidc_scope.py +18 -15
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +39 -46
  105. pulumi_vault/jwt/auth_backend_role.py +131 -260
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +22 -21
  108. pulumi_vault/kmip/secret_role.py +12 -11
  109. pulumi_vault/kmip/secret_scope.py +12 -11
  110. pulumi_vault/kubernetes/auth_backend_config.py +55 -7
  111. pulumi_vault/kubernetes/auth_backend_role.py +68 -179
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -15
  115. pulumi_vault/kubernetes/secret_backend.py +314 -29
  116. pulumi_vault/kubernetes/secret_backend_role.py +135 -56
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +23 -12
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
  120. pulumi_vault/kv/get_secret_v2.py +89 -9
  121. pulumi_vault/kv/get_secrets_list.py +22 -15
  122. pulumi_vault/kv/get_secrets_list_v2.py +35 -19
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +19 -18
  125. pulumi_vault/kv/secret_backend_v2.py +12 -11
  126. pulumi_vault/kv/secret_v2.py +55 -52
  127. pulumi_vault/ldap/auth_backend.py +125 -168
  128. pulumi_vault/ldap/auth_backend_group.py +12 -11
  129. pulumi_vault/ldap/auth_backend_user.py +12 -11
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +352 -84
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +14 -11
  135. pulumi_vault/ldap/secret_backend_static_role.py +67 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +27 -43
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +16 -13
  140. pulumi_vault/mfa_okta.py +16 -13
  141. pulumi_vault/mfa_pingid.py +16 -13
  142. pulumi_vault/mfa_totp.py +22 -19
  143. pulumi_vault/mongodbatlas/secret_backend.py +18 -17
  144. pulumi_vault/mongodbatlas/secret_role.py +41 -38
  145. pulumi_vault/mount.py +389 -65
  146. pulumi_vault/namespace.py +26 -21
  147. pulumi_vault/nomad_secret_backend.py +16 -15
  148. pulumi_vault/nomad_secret_role.py +12 -11
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +483 -41
  151. pulumi_vault/okta/auth_backend_group.py +12 -11
  152. pulumi_vault/okta/auth_backend_user.py +12 -11
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +18 -15
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -13
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -12
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
  174. pulumi_vault/pkisecret/secret_backend_key.py +12 -7
  175. pulumi_vault/pkisecret/secret_backend_role.py +19 -16
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +12 -7
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +58 -8
  185. pulumi_vault/quota_rate_limit.py +54 -4
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +16 -15
  189. pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
  190. pulumi_vault/raft_autopilot.py +12 -11
  191. pulumi_vault/raft_snapshot_agent_config.py +121 -311
  192. pulumi_vault/rgp_policy.py +14 -13
  193. pulumi_vault/saml/auth_backend.py +20 -19
  194. pulumi_vault/saml/auth_backend_role.py +90 -199
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -75
  199. pulumi_vault/secrets/sync_aws_destination.py +240 -29
  200. pulumi_vault/secrets/sync_azure_destination.py +90 -33
  201. pulumi_vault/secrets/sync_config.py +7 -6
  202. pulumi_vault/secrets/sync_gcp_destination.py +156 -27
  203. pulumi_vault/secrets/sync_gh_destination.py +187 -15
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +72 -15
  206. pulumi_vault/ssh/_inputs.py +28 -32
  207. pulumi_vault/ssh/outputs.py +11 -32
  208. pulumi_vault/ssh/secret_backend_ca.py +106 -11
  209. pulumi_vault/ssh/secret_backend_role.py +83 -120
  210. pulumi_vault/terraformcloud/secret_backend.py +5 -56
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -24
  212. pulumi_vault/terraformcloud/secret_role.py +14 -76
  213. pulumi_vault/token.py +26 -25
  214. pulumi_vault/tokenauth/auth_backend_role.py +76 -201
  215. pulumi_vault/transform/alphabet.py +16 -13
  216. pulumi_vault/transform/get_decode.py +45 -21
  217. pulumi_vault/transform/get_encode.py +45 -21
  218. pulumi_vault/transform/role.py +16 -13
  219. pulumi_vault/transform/template.py +30 -25
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -25
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +25 -97
  224. pulumi_vault/transit/secret_cache_config.py +12 -11
  225. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['AuthBackendClientArgs', 'AuthBackendClient']
@@ -19,7 +24,11 @@ class AuthBackendClientArgs:
19
24
  ec2_endpoint: Optional[pulumi.Input[str]] = None,
20
25
  iam_endpoint: Optional[pulumi.Input[str]] = None,
21
26
  iam_server_id_header_value: Optional[pulumi.Input[str]] = None,
27
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
28
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
29
+ max_retries: Optional[pulumi.Input[int]] = None,
22
30
  namespace: Optional[pulumi.Input[str]] = None,
31
+ role_arn: Optional[pulumi.Input[str]] = None,
23
32
  secret_key: Optional[pulumi.Input[str]] = None,
24
33
  sts_endpoint: Optional[pulumi.Input[str]] = None,
25
34
  sts_region: Optional[pulumi.Input[str]] = None,
@@ -27,7 +36,7 @@ class AuthBackendClientArgs:
27
36
  """
28
37
  The set of arguments for constructing a AuthBackendClient resource.
29
38
  :param pulumi.Input[str] access_key: The AWS access key that Vault should use for the
30
- auth backend.
39
+ auth backend. Mutually exclusive with `identity_token_audience`.
31
40
  :param pulumi.Input[str] backend: The path the AWS auth backend being configured was
32
41
  mounted at. Defaults to `aws`.
33
42
  :param pulumi.Input[str] ec2_endpoint: Override the URL Vault uses when making EC2 API
@@ -37,10 +46,18 @@ class AuthBackendClientArgs:
37
46
  :param pulumi.Input[str] iam_server_id_header_value: The value to require in the
38
47
  `X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
39
48
  that are used in the IAM auth method.
49
+ :param pulumi.Input[str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
50
+ Requires Vault 1.17+. *Available only for Vault Enterprise*
51
+ :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
52
+ *Available only for Vault Enterprise*
53
+ :param pulumi.Input[int] max_retries: Number of max retries the client should use for recoverable errors.
54
+ The default `-1` falls back to the AWS SDK's default behavior.
40
55
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
41
56
  The value should not contain leading or trailing forward slashes.
42
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
57
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
43
58
  *Available only for Vault Enterprise*.
59
+ :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
60
+ *Available only for Vault Enterprise*
44
61
  :param pulumi.Input[str] secret_key: The AWS secret key that Vault should use for the
45
62
  auth backend.
46
63
  :param pulumi.Input[str] sts_endpoint: Override the URL Vault uses when making STS API
@@ -63,8 +80,16 @@ class AuthBackendClientArgs:
63
80
  pulumi.set(__self__, "iam_endpoint", iam_endpoint)
64
81
  if iam_server_id_header_value is not None:
65
82
  pulumi.set(__self__, "iam_server_id_header_value", iam_server_id_header_value)
83
+ if identity_token_audience is not None:
84
+ pulumi.set(__self__, "identity_token_audience", identity_token_audience)
85
+ if identity_token_ttl is not None:
86
+ pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
87
+ if max_retries is not None:
88
+ pulumi.set(__self__, "max_retries", max_retries)
66
89
  if namespace is not None:
67
90
  pulumi.set(__self__, "namespace", namespace)
91
+ if role_arn is not None:
92
+ pulumi.set(__self__, "role_arn", role_arn)
68
93
  if secret_key is not None:
69
94
  pulumi.set(__self__, "secret_key", secret_key)
70
95
  if sts_endpoint is not None:
@@ -79,7 +104,7 @@ class AuthBackendClientArgs:
79
104
  def access_key(self) -> Optional[pulumi.Input[str]]:
80
105
  """
81
106
  The AWS access key that Vault should use for the
82
- auth backend.
107
+ auth backend. Mutually exclusive with `identity_token_audience`.
83
108
  """
84
109
  return pulumi.get(self, "access_key")
85
110
 
@@ -140,13 +165,52 @@ class AuthBackendClientArgs:
140
165
  def iam_server_id_header_value(self, value: Optional[pulumi.Input[str]]):
141
166
  pulumi.set(self, "iam_server_id_header_value", value)
142
167
 
168
+ @property
169
+ @pulumi.getter(name="identityTokenAudience")
170
+ def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
171
+ """
172
+ The audience claim value. Mutually exclusive with `access_key`.
173
+ Requires Vault 1.17+. *Available only for Vault Enterprise*
174
+ """
175
+ return pulumi.get(self, "identity_token_audience")
176
+
177
+ @identity_token_audience.setter
178
+ def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
179
+ pulumi.set(self, "identity_token_audience", value)
180
+
181
+ @property
182
+ @pulumi.getter(name="identityTokenTtl")
183
+ def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
184
+ """
185
+ The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
186
+ *Available only for Vault Enterprise*
187
+ """
188
+ return pulumi.get(self, "identity_token_ttl")
189
+
190
+ @identity_token_ttl.setter
191
+ def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
192
+ pulumi.set(self, "identity_token_ttl", value)
193
+
194
+ @property
195
+ @pulumi.getter(name="maxRetries")
196
+ def max_retries(self) -> Optional[pulumi.Input[int]]:
197
+ """
198
+ Number of max retries the client should use for recoverable errors.
199
+ The default `-1` falls back to the AWS SDK's default behavior.
200
+ """
201
+ return pulumi.get(self, "max_retries")
202
+
203
+ @max_retries.setter
204
+ def max_retries(self, value: Optional[pulumi.Input[int]]):
205
+ pulumi.set(self, "max_retries", value)
206
+
143
207
  @property
144
208
  @pulumi.getter
145
209
  def namespace(self) -> Optional[pulumi.Input[str]]:
146
210
  """
147
211
  The namespace to provision the resource in.
148
212
  The value should not contain leading or trailing forward slashes.
149
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
213
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
150
214
  *Available only for Vault Enterprise*.
151
215
  """
152
216
  return pulumi.get(self, "namespace")
@@ -155,6 +219,19 @@ class AuthBackendClientArgs:
155
219
  def namespace(self, value: Optional[pulumi.Input[str]]):
156
220
  pulumi.set(self, "namespace", value)
157
221
 
222
+ @property
223
+ @pulumi.getter(name="roleArn")
224
+ def role_arn(self) -> Optional[pulumi.Input[str]]:
225
+ """
226
+ Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
227
+ *Available only for Vault Enterprise*
228
+ """
229
+ return pulumi.get(self, "role_arn")
230
+
231
+ @role_arn.setter
232
+ def role_arn(self, value: Optional[pulumi.Input[str]]):
233
+ pulumi.set(self, "role_arn", value)
234
+
158
235
  @property
159
236
  @pulumi.getter(name="secretKey")
160
237
  def secret_key(self) -> Optional[pulumi.Input[str]]:
@@ -219,7 +296,11 @@ class _AuthBackendClientState:
219
296
  ec2_endpoint: Optional[pulumi.Input[str]] = None,
220
297
  iam_endpoint: Optional[pulumi.Input[str]] = None,
221
298
  iam_server_id_header_value: Optional[pulumi.Input[str]] = None,
299
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
300
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
301
+ max_retries: Optional[pulumi.Input[int]] = None,
222
302
  namespace: Optional[pulumi.Input[str]] = None,
303
+ role_arn: Optional[pulumi.Input[str]] = None,
223
304
  secret_key: Optional[pulumi.Input[str]] = None,
224
305
  sts_endpoint: Optional[pulumi.Input[str]] = None,
225
306
  sts_region: Optional[pulumi.Input[str]] = None,
@@ -227,7 +308,7 @@ class _AuthBackendClientState:
227
308
  """
228
309
  Input properties used for looking up and filtering AuthBackendClient resources.
229
310
  :param pulumi.Input[str] access_key: The AWS access key that Vault should use for the
230
- auth backend.
311
+ auth backend. Mutually exclusive with `identity_token_audience`.
231
312
  :param pulumi.Input[str] backend: The path the AWS auth backend being configured was
232
313
  mounted at. Defaults to `aws`.
233
314
  :param pulumi.Input[str] ec2_endpoint: Override the URL Vault uses when making EC2 API
@@ -237,10 +318,18 @@ class _AuthBackendClientState:
237
318
  :param pulumi.Input[str] iam_server_id_header_value: The value to require in the
238
319
  `X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
239
320
  that are used in the IAM auth method.
321
+ :param pulumi.Input[str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
322
+ Requires Vault 1.17+. *Available only for Vault Enterprise*
323
+ :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
324
+ *Available only for Vault Enterprise*
325
+ :param pulumi.Input[int] max_retries: Number of max retries the client should use for recoverable errors.
326
+ The default `-1` falls back to the AWS SDK's default behavior.
240
327
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
241
328
  The value should not contain leading or trailing forward slashes.
242
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
329
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
243
330
  *Available only for Vault Enterprise*.
331
+ :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
332
+ *Available only for Vault Enterprise*
244
333
  :param pulumi.Input[str] secret_key: The AWS secret key that Vault should use for the
245
334
  auth backend.
246
335
  :param pulumi.Input[str] sts_endpoint: Override the URL Vault uses when making STS API
@@ -263,8 +352,16 @@ class _AuthBackendClientState:
263
352
  pulumi.set(__self__, "iam_endpoint", iam_endpoint)
264
353
  if iam_server_id_header_value is not None:
265
354
  pulumi.set(__self__, "iam_server_id_header_value", iam_server_id_header_value)
355
+ if identity_token_audience is not None:
356
+ pulumi.set(__self__, "identity_token_audience", identity_token_audience)
357
+ if identity_token_ttl is not None:
358
+ pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
359
+ if max_retries is not None:
360
+ pulumi.set(__self__, "max_retries", max_retries)
266
361
  if namespace is not None:
267
362
  pulumi.set(__self__, "namespace", namespace)
363
+ if role_arn is not None:
364
+ pulumi.set(__self__, "role_arn", role_arn)
268
365
  if secret_key is not None:
269
366
  pulumi.set(__self__, "secret_key", secret_key)
270
367
  if sts_endpoint is not None:
@@ -279,7 +376,7 @@ class _AuthBackendClientState:
279
376
  def access_key(self) -> Optional[pulumi.Input[str]]:
280
377
  """
281
378
  The AWS access key that Vault should use for the
282
- auth backend.
379
+ auth backend. Mutually exclusive with `identity_token_audience`.
283
380
  """
284
381
  return pulumi.get(self, "access_key")
285
382
 
@@ -340,13 +437,52 @@ class _AuthBackendClientState:
340
437
  def iam_server_id_header_value(self, value: Optional[pulumi.Input[str]]):
341
438
  pulumi.set(self, "iam_server_id_header_value", value)
342
439
 
440
+ @property
441
+ @pulumi.getter(name="identityTokenAudience")
442
+ def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
443
+ """
444
+ The audience claim value. Mutually exclusive with `access_key`.
445
+ Requires Vault 1.17+. *Available only for Vault Enterprise*
446
+ """
447
+ return pulumi.get(self, "identity_token_audience")
448
+
449
+ @identity_token_audience.setter
450
+ def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
451
+ pulumi.set(self, "identity_token_audience", value)
452
+
453
+ @property
454
+ @pulumi.getter(name="identityTokenTtl")
455
+ def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
456
+ """
457
+ The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
458
+ *Available only for Vault Enterprise*
459
+ """
460
+ return pulumi.get(self, "identity_token_ttl")
461
+
462
+ @identity_token_ttl.setter
463
+ def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
464
+ pulumi.set(self, "identity_token_ttl", value)
465
+
466
+ @property
467
+ @pulumi.getter(name="maxRetries")
468
+ def max_retries(self) -> Optional[pulumi.Input[int]]:
469
+ """
470
+ Number of max retries the client should use for recoverable errors.
471
+ The default `-1` falls back to the AWS SDK's default behavior.
472
+ """
473
+ return pulumi.get(self, "max_retries")
474
+
475
+ @max_retries.setter
476
+ def max_retries(self, value: Optional[pulumi.Input[int]]):
477
+ pulumi.set(self, "max_retries", value)
478
+
343
479
  @property
344
480
  @pulumi.getter
345
481
  def namespace(self) -> Optional[pulumi.Input[str]]:
346
482
  """
347
483
  The namespace to provision the resource in.
348
484
  The value should not contain leading or trailing forward slashes.
349
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
485
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
350
486
  *Available only for Vault Enterprise*.
351
487
  """
352
488
  return pulumi.get(self, "namespace")
@@ -355,6 +491,19 @@ class _AuthBackendClientState:
355
491
  def namespace(self, value: Optional[pulumi.Input[str]]):
356
492
  pulumi.set(self, "namespace", value)
357
493
 
494
+ @property
495
+ @pulumi.getter(name="roleArn")
496
+ def role_arn(self) -> Optional[pulumi.Input[str]]:
497
+ """
498
+ Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
499
+ *Available only for Vault Enterprise*
500
+ """
501
+ return pulumi.get(self, "role_arn")
502
+
503
+ @role_arn.setter
504
+ def role_arn(self, value: Optional[pulumi.Input[str]]):
505
+ pulumi.set(self, "role_arn", value)
506
+
358
507
  @property
359
508
  @pulumi.getter(name="secretKey")
360
509
  def secret_key(self) -> Optional[pulumi.Input[str]]:
@@ -421,7 +570,11 @@ class AuthBackendClient(pulumi.CustomResource):
421
570
  ec2_endpoint: Optional[pulumi.Input[str]] = None,
422
571
  iam_endpoint: Optional[pulumi.Input[str]] = None,
423
572
  iam_server_id_header_value: Optional[pulumi.Input[str]] = None,
573
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
574
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
575
+ max_retries: Optional[pulumi.Input[int]] = None,
424
576
  namespace: Optional[pulumi.Input[str]] = None,
577
+ role_arn: Optional[pulumi.Input[str]] = None,
425
578
  secret_key: Optional[pulumi.Input[str]] = None,
426
579
  sts_endpoint: Optional[pulumi.Input[str]] = None,
427
580
  sts_region: Optional[pulumi.Input[str]] = None,
@@ -430,18 +583,28 @@ class AuthBackendClient(pulumi.CustomResource):
430
583
  """
431
584
  ## Example Usage
432
585
 
433
- <!--Start PulumiCodeChooser -->
586
+ You can setup the AWS auth engine with Workload Identity Federation (WIF) for a secret-less configuration:
434
587
  ```python
435
588
  import pulumi
436
589
  import pulumi_vault as vault
437
590
 
438
- example_auth_backend = vault.AuthBackend("exampleAuthBackend", type="aws")
439
- example_auth_backend_client = vault.aws.AuthBackendClient("exampleAuthBackendClient",
440
- backend=example_auth_backend.path,
591
+ example = vault.AuthBackend("example", type="aws")
592
+ example_auth_backend_client = vault.aws.AuthBackendClient("example",
593
+ identity_token_audience="<TOKEN_AUDIENCE>",
594
+ identity_token_ttl="<TOKEN_TTL>",
595
+ role_arn="<AWS_ROLE_ARN>")
596
+ ```
597
+
598
+ ```python
599
+ import pulumi
600
+ import pulumi_vault as vault
601
+
602
+ example = vault.AuthBackend("example", type="aws")
603
+ example_auth_backend_client = vault.aws.AuthBackendClient("example",
604
+ backend=example.path,
441
605
  access_key="INSERT_AWS_ACCESS_KEY",
442
606
  secret_key="INSERT_AWS_SECRET_KEY")
443
607
  ```
444
- <!--End PulumiCodeChooser -->
445
608
 
446
609
  ## Import
447
610
 
@@ -454,7 +617,7 @@ class AuthBackendClient(pulumi.CustomResource):
454
617
  :param str resource_name: The name of the resource.
455
618
  :param pulumi.ResourceOptions opts: Options for the resource.
456
619
  :param pulumi.Input[str] access_key: The AWS access key that Vault should use for the
457
- auth backend.
620
+ auth backend. Mutually exclusive with `identity_token_audience`.
458
621
  :param pulumi.Input[str] backend: The path the AWS auth backend being configured was
459
622
  mounted at. Defaults to `aws`.
460
623
  :param pulumi.Input[str] ec2_endpoint: Override the URL Vault uses when making EC2 API
@@ -464,10 +627,18 @@ class AuthBackendClient(pulumi.CustomResource):
464
627
  :param pulumi.Input[str] iam_server_id_header_value: The value to require in the
465
628
  `X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
466
629
  that are used in the IAM auth method.
630
+ :param pulumi.Input[str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
631
+ Requires Vault 1.17+. *Available only for Vault Enterprise*
632
+ :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
633
+ *Available only for Vault Enterprise*
634
+ :param pulumi.Input[int] max_retries: Number of max retries the client should use for recoverable errors.
635
+ The default `-1` falls back to the AWS SDK's default behavior.
467
636
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
468
637
  The value should not contain leading or trailing forward slashes.
469
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
638
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
470
639
  *Available only for Vault Enterprise*.
640
+ :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
641
+ *Available only for Vault Enterprise*
471
642
  :param pulumi.Input[str] secret_key: The AWS secret key that Vault should use for the
472
643
  auth backend.
473
644
  :param pulumi.Input[str] sts_endpoint: Override the URL Vault uses when making STS API
@@ -489,18 +660,28 @@ class AuthBackendClient(pulumi.CustomResource):
489
660
  """
490
661
  ## Example Usage
491
662
 
492
- <!--Start PulumiCodeChooser -->
663
+ You can setup the AWS auth engine with Workload Identity Federation (WIF) for a secret-less configuration:
664
+ ```python
665
+ import pulumi
666
+ import pulumi_vault as vault
667
+
668
+ example = vault.AuthBackend("example", type="aws")
669
+ example_auth_backend_client = vault.aws.AuthBackendClient("example",
670
+ identity_token_audience="<TOKEN_AUDIENCE>",
671
+ identity_token_ttl="<TOKEN_TTL>",
672
+ role_arn="<AWS_ROLE_ARN>")
673
+ ```
674
+
493
675
  ```python
494
676
  import pulumi
495
677
  import pulumi_vault as vault
496
678
 
497
- example_auth_backend = vault.AuthBackend("exampleAuthBackend", type="aws")
498
- example_auth_backend_client = vault.aws.AuthBackendClient("exampleAuthBackendClient",
499
- backend=example_auth_backend.path,
679
+ example = vault.AuthBackend("example", type="aws")
680
+ example_auth_backend_client = vault.aws.AuthBackendClient("example",
681
+ backend=example.path,
500
682
  access_key="INSERT_AWS_ACCESS_KEY",
501
683
  secret_key="INSERT_AWS_SECRET_KEY")
502
684
  ```
503
- <!--End PulumiCodeChooser -->
504
685
 
505
686
  ## Import
506
687
 
@@ -530,7 +711,11 @@ class AuthBackendClient(pulumi.CustomResource):
530
711
  ec2_endpoint: Optional[pulumi.Input[str]] = None,
531
712
  iam_endpoint: Optional[pulumi.Input[str]] = None,
532
713
  iam_server_id_header_value: Optional[pulumi.Input[str]] = None,
714
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
715
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
716
+ max_retries: Optional[pulumi.Input[int]] = None,
533
717
  namespace: Optional[pulumi.Input[str]] = None,
718
+ role_arn: Optional[pulumi.Input[str]] = None,
534
719
  secret_key: Optional[pulumi.Input[str]] = None,
535
720
  sts_endpoint: Optional[pulumi.Input[str]] = None,
536
721
  sts_region: Optional[pulumi.Input[str]] = None,
@@ -549,7 +734,11 @@ class AuthBackendClient(pulumi.CustomResource):
549
734
  __props__.__dict__["ec2_endpoint"] = ec2_endpoint
550
735
  __props__.__dict__["iam_endpoint"] = iam_endpoint
551
736
  __props__.__dict__["iam_server_id_header_value"] = iam_server_id_header_value
737
+ __props__.__dict__["identity_token_audience"] = identity_token_audience
738
+ __props__.__dict__["identity_token_ttl"] = identity_token_ttl
739
+ __props__.__dict__["max_retries"] = max_retries
552
740
  __props__.__dict__["namespace"] = namespace
741
+ __props__.__dict__["role_arn"] = role_arn
553
742
  __props__.__dict__["secret_key"] = None if secret_key is None else pulumi.Output.secret(secret_key)
554
743
  __props__.__dict__["sts_endpoint"] = sts_endpoint
555
744
  __props__.__dict__["sts_region"] = sts_region
@@ -571,7 +760,11 @@ class AuthBackendClient(pulumi.CustomResource):
571
760
  ec2_endpoint: Optional[pulumi.Input[str]] = None,
572
761
  iam_endpoint: Optional[pulumi.Input[str]] = None,
573
762
  iam_server_id_header_value: Optional[pulumi.Input[str]] = None,
763
+ identity_token_audience: Optional[pulumi.Input[str]] = None,
764
+ identity_token_ttl: Optional[pulumi.Input[int]] = None,
765
+ max_retries: Optional[pulumi.Input[int]] = None,
574
766
  namespace: Optional[pulumi.Input[str]] = None,
767
+ role_arn: Optional[pulumi.Input[str]] = None,
575
768
  secret_key: Optional[pulumi.Input[str]] = None,
576
769
  sts_endpoint: Optional[pulumi.Input[str]] = None,
577
770
  sts_region: Optional[pulumi.Input[str]] = None,
@@ -584,7 +777,7 @@ class AuthBackendClient(pulumi.CustomResource):
584
777
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
585
778
  :param pulumi.ResourceOptions opts: Options for the resource.
586
779
  :param pulumi.Input[str] access_key: The AWS access key that Vault should use for the
587
- auth backend.
780
+ auth backend. Mutually exclusive with `identity_token_audience`.
588
781
  :param pulumi.Input[str] backend: The path the AWS auth backend being configured was
589
782
  mounted at. Defaults to `aws`.
590
783
  :param pulumi.Input[str] ec2_endpoint: Override the URL Vault uses when making EC2 API
@@ -594,10 +787,18 @@ class AuthBackendClient(pulumi.CustomResource):
594
787
  :param pulumi.Input[str] iam_server_id_header_value: The value to require in the
595
788
  `X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
596
789
  that are used in the IAM auth method.
790
+ :param pulumi.Input[str] identity_token_audience: The audience claim value. Mutually exclusive with `access_key`.
791
+ Requires Vault 1.17+. *Available only for Vault Enterprise*
792
+ :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
793
+ *Available only for Vault Enterprise*
794
+ :param pulumi.Input[int] max_retries: Number of max retries the client should use for recoverable errors.
795
+ The default `-1` falls back to the AWS SDK's default behavior.
597
796
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
598
797
  The value should not contain leading or trailing forward slashes.
599
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
798
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
600
799
  *Available only for Vault Enterprise*.
800
+ :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
801
+ *Available only for Vault Enterprise*
601
802
  :param pulumi.Input[str] secret_key: The AWS secret key that Vault should use for the
602
803
  auth backend.
603
804
  :param pulumi.Input[str] sts_endpoint: Override the URL Vault uses when making STS API
@@ -619,7 +820,11 @@ class AuthBackendClient(pulumi.CustomResource):
619
820
  __props__.__dict__["ec2_endpoint"] = ec2_endpoint
620
821
  __props__.__dict__["iam_endpoint"] = iam_endpoint
621
822
  __props__.__dict__["iam_server_id_header_value"] = iam_server_id_header_value
823
+ __props__.__dict__["identity_token_audience"] = identity_token_audience
824
+ __props__.__dict__["identity_token_ttl"] = identity_token_ttl
825
+ __props__.__dict__["max_retries"] = max_retries
622
826
  __props__.__dict__["namespace"] = namespace
827
+ __props__.__dict__["role_arn"] = role_arn
623
828
  __props__.__dict__["secret_key"] = secret_key
624
829
  __props__.__dict__["sts_endpoint"] = sts_endpoint
625
830
  __props__.__dict__["sts_region"] = sts_region
@@ -631,7 +836,7 @@ class AuthBackendClient(pulumi.CustomResource):
631
836
  def access_key(self) -> pulumi.Output[Optional[str]]:
632
837
  """
633
838
  The AWS access key that Vault should use for the
634
- auth backend.
839
+ auth backend. Mutually exclusive with `identity_token_audience`.
635
840
  """
636
841
  return pulumi.get(self, "access_key")
637
842
 
@@ -672,17 +877,53 @@ class AuthBackendClient(pulumi.CustomResource):
672
877
  """
673
878
  return pulumi.get(self, "iam_server_id_header_value")
674
879
 
880
+ @property
881
+ @pulumi.getter(name="identityTokenAudience")
882
+ def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
883
+ """
884
+ The audience claim value. Mutually exclusive with `access_key`.
885
+ Requires Vault 1.17+. *Available only for Vault Enterprise*
886
+ """
887
+ return pulumi.get(self, "identity_token_audience")
888
+
889
+ @property
890
+ @pulumi.getter(name="identityTokenTtl")
891
+ def identity_token_ttl(self) -> pulumi.Output[int]:
892
+ """
893
+ The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
894
+ *Available only for Vault Enterprise*
895
+ """
896
+ return pulumi.get(self, "identity_token_ttl")
897
+
898
+ @property
899
+ @pulumi.getter(name="maxRetries")
900
+ def max_retries(self) -> pulumi.Output[Optional[int]]:
901
+ """
902
+ Number of max retries the client should use for recoverable errors.
903
+ The default `-1` falls back to the AWS SDK's default behavior.
904
+ """
905
+ return pulumi.get(self, "max_retries")
906
+
675
907
  @property
676
908
  @pulumi.getter
677
909
  def namespace(self) -> pulumi.Output[Optional[str]]:
678
910
  """
679
911
  The namespace to provision the resource in.
680
912
  The value should not contain leading or trailing forward slashes.
681
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
913
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
682
914
  *Available only for Vault Enterprise*.
683
915
  """
684
916
  return pulumi.get(self, "namespace")
685
917
 
918
+ @property
919
+ @pulumi.getter(name="roleArn")
920
+ def role_arn(self) -> pulumi.Output[Optional[str]]:
921
+ """
922
+ Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
923
+ *Available only for Vault Enterprise*
924
+ """
925
+ return pulumi.get(self, "role_arn")
926
+
686
927
  @property
687
928
  @pulumi.getter(name="secretKey")
688
929
  def secret_key(self) -> pulumi.Output[Optional[str]]:
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['AuthBackendConfigIdentityArgs', 'AuthBackendConfigIdentity']
@@ -33,7 +38,7 @@ class AuthBackendConfigIdentityArgs:
33
38
  added to both audit logs, and on the `iam_alias`
34
39
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
35
40
  The value should not contain leading or trailing forward slashes.
36
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
41
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
37
42
  *Available only for Vault Enterprise*.
38
43
  """
39
44
  if backend is not None:
@@ -119,7 +124,7 @@ class AuthBackendConfigIdentityArgs:
119
124
  """
120
125
  The namespace to provision the resource in.
121
126
  The value should not contain leading or trailing forward slashes.
122
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
127
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
123
128
  *Available only for Vault Enterprise*.
124
129
  """
125
130
  return pulumi.get(self, "namespace")
@@ -151,7 +156,7 @@ class _AuthBackendConfigIdentityState:
151
156
  added to both audit logs, and on the `iam_alias`
152
157
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
153
158
  The value should not contain leading or trailing forward slashes.
154
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
159
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
155
160
  *Available only for Vault Enterprise*.
156
161
  """
157
162
  if backend is not None:
@@ -237,7 +242,7 @@ class _AuthBackendConfigIdentityState:
237
242
  """
238
243
  The namespace to provision the resource in.
239
244
  The value should not contain leading or trailing forward slashes.
240
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
245
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
241
246
  *Available only for Vault Enterprise*.
242
247
  """
243
248
  return pulumi.get(self, "namespace")
@@ -266,7 +271,6 @@ class AuthBackendConfigIdentity(pulumi.CustomResource):
266
271
 
267
272
  ## Example Usage
268
273
 
269
- <!--Start PulumiCodeChooser -->
270
274
  ```python
271
275
  import pulumi
272
276
  import pulumi_vault as vault
@@ -280,7 +284,6 @@ class AuthBackendConfigIdentity(pulumi.CustomResource):
280
284
  "account_id",
281
285
  ])
282
286
  ```
283
- <!--End PulumiCodeChooser -->
284
287
 
285
288
  ## Import
286
289
 
@@ -303,7 +306,7 @@ class AuthBackendConfigIdentity(pulumi.CustomResource):
303
306
  added to both audit logs, and on the `iam_alias`
304
307
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
305
308
  The value should not contain leading or trailing forward slashes.
306
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
309
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
307
310
  *Available only for Vault Enterprise*.
308
311
  """
309
312
  ...
@@ -319,7 +322,6 @@ class AuthBackendConfigIdentity(pulumi.CustomResource):
319
322
 
320
323
  ## Example Usage
321
324
 
322
- <!--Start PulumiCodeChooser -->
323
325
  ```python
324
326
  import pulumi
325
327
  import pulumi_vault as vault
@@ -333,7 +335,6 @@ class AuthBackendConfigIdentity(pulumi.CustomResource):
333
335
  "account_id",
334
336
  ])
335
337
  ```
336
- <!--End PulumiCodeChooser -->
337
338
 
338
339
  ## Import
339
340
 
@@ -413,7 +414,7 @@ class AuthBackendConfigIdentity(pulumi.CustomResource):
413
414
  added to both audit logs, and on the `iam_alias`
414
415
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
415
416
  The value should not contain leading or trailing forward slashes.
416
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
417
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
417
418
  *Available only for Vault Enterprise*.
418
419
  """
419
420
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -478,7 +479,7 @@ class AuthBackendConfigIdentity(pulumi.CustomResource):
478
479
  """
479
480
  The namespace to provision the resource in.
480
481
  The value should not contain leading or trailing forward slashes.
481
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
482
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
482
483
  *Available only for Vault Enterprise*.
483
484
  """
484
485
  return pulumi.get(self, "namespace")