pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +22 -7
  5. pulumi_vault/ad/secret_backend.py +14 -144
  6. pulumi_vault/ad/secret_library.py +14 -11
  7. pulumi_vault/ad/secret_role.py +12 -11
  8. pulumi_vault/alicloud/auth_backend_role.py +74 -192
  9. pulumi_vault/approle/auth_backend_login.py +12 -11
  10. pulumi_vault/approle/auth_backend_role.py +75 -193
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
  13. pulumi_vault/audit.py +24 -27
  14. pulumi_vault/audit_request_header.py +11 -6
  15. pulumi_vault/auth_backend.py +64 -12
  16. pulumi_vault/aws/auth_backend_cert.py +12 -7
  17. pulumi_vault/aws/auth_backend_client.py +265 -24
  18. pulumi_vault/aws/auth_backend_config_identity.py +12 -11
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +75 -193
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
  24. pulumi_vault/aws/auth_backend_sts_role.py +12 -11
  25. pulumi_vault/aws/get_access_credentials.py +34 -7
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +75 -7
  28. pulumi_vault/aws/secret_backend_role.py +183 -11
  29. pulumi_vault/aws/secret_backend_static_role.py +14 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +151 -17
  32. pulumi_vault/azure/auth_backend_role.py +75 -193
  33. pulumi_vault/azure/backend.py +223 -29
  34. pulumi_vault/azure/backend_role.py +42 -41
  35. pulumi_vault/azure/get_access_credentials.py +39 -11
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -271
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +22 -25
  44. pulumi_vault/consul/secret_backend_role.py +14 -80
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +117 -114
  48. pulumi_vault/database/secret_backend_role.py +29 -24
  49. pulumi_vault/database/secret_backend_static_role.py +85 -15
  50. pulumi_vault/database/secrets_mount.py +425 -138
  51. pulumi_vault/egp_policy.py +16 -15
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +248 -35
  54. pulumi_vault/gcp/auth_backend_role.py +75 -271
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -9
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -16
  58. pulumi_vault/gcp/secret_impersonated_account.py +74 -17
  59. pulumi_vault/gcp/secret_roleset.py +29 -26
  60. pulumi_vault/gcp/secret_static_account.py +37 -34
  61. pulumi_vault/generic/endpoint.py +22 -21
  62. pulumi_vault/generic/get_secret.py +68 -12
  63. pulumi_vault/generic/secret.py +19 -14
  64. pulumi_vault/get_auth_backend.py +24 -11
  65. pulumi_vault/get_auth_backends.py +33 -11
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -15
  69. pulumi_vault/get_policy_document.py +34 -23
  70. pulumi_vault/get_raft_autopilot_state.py +29 -14
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +17 -16
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +14 -13
  75. pulumi_vault/github/user.py +14 -13
  76. pulumi_vault/identity/entity.py +18 -15
  77. pulumi_vault/identity/entity_alias.py +18 -15
  78. pulumi_vault/identity/entity_policies.py +24 -19
  79. pulumi_vault/identity/get_entity.py +40 -14
  80. pulumi_vault/identity/get_group.py +45 -13
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -11
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -13
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -14
  84. pulumi_vault/identity/group.py +50 -49
  85. pulumi_vault/identity/group_alias.py +14 -11
  86. pulumi_vault/identity/group_member_entity_ids.py +24 -74
  87. pulumi_vault/identity/group_member_group_ids.py +36 -27
  88. pulumi_vault/identity/group_policies.py +16 -15
  89. pulumi_vault/identity/mfa_duo.py +9 -8
  90. pulumi_vault/identity/mfa_login_enforcement.py +13 -8
  91. pulumi_vault/identity/mfa_okta.py +9 -8
  92. pulumi_vault/identity/mfa_pingid.py +5 -4
  93. pulumi_vault/identity/mfa_totp.py +5 -4
  94. pulumi_vault/identity/oidc.py +12 -11
  95. pulumi_vault/identity/oidc_assignment.py +22 -13
  96. pulumi_vault/identity/oidc_client.py +34 -25
  97. pulumi_vault/identity/oidc_key.py +28 -19
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
  99. pulumi_vault/identity/oidc_provider.py +34 -23
  100. pulumi_vault/identity/oidc_role.py +40 -27
  101. pulumi_vault/identity/oidc_scope.py +18 -15
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +39 -46
  105. pulumi_vault/jwt/auth_backend_role.py +131 -260
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +22 -21
  108. pulumi_vault/kmip/secret_role.py +12 -11
  109. pulumi_vault/kmip/secret_scope.py +12 -11
  110. pulumi_vault/kubernetes/auth_backend_config.py +55 -7
  111. pulumi_vault/kubernetes/auth_backend_role.py +68 -179
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -15
  115. pulumi_vault/kubernetes/secret_backend.py +314 -29
  116. pulumi_vault/kubernetes/secret_backend_role.py +135 -56
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +23 -12
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
  120. pulumi_vault/kv/get_secret_v2.py +89 -9
  121. pulumi_vault/kv/get_secrets_list.py +22 -15
  122. pulumi_vault/kv/get_secrets_list_v2.py +35 -19
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +19 -18
  125. pulumi_vault/kv/secret_backend_v2.py +12 -11
  126. pulumi_vault/kv/secret_v2.py +55 -52
  127. pulumi_vault/ldap/auth_backend.py +125 -168
  128. pulumi_vault/ldap/auth_backend_group.py +12 -11
  129. pulumi_vault/ldap/auth_backend_user.py +12 -11
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +352 -84
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +14 -11
  135. pulumi_vault/ldap/secret_backend_static_role.py +67 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +27 -43
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +16 -13
  140. pulumi_vault/mfa_okta.py +16 -13
  141. pulumi_vault/mfa_pingid.py +16 -13
  142. pulumi_vault/mfa_totp.py +22 -19
  143. pulumi_vault/mongodbatlas/secret_backend.py +18 -17
  144. pulumi_vault/mongodbatlas/secret_role.py +41 -38
  145. pulumi_vault/mount.py +389 -65
  146. pulumi_vault/namespace.py +26 -21
  147. pulumi_vault/nomad_secret_backend.py +16 -15
  148. pulumi_vault/nomad_secret_role.py +12 -11
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +483 -41
  151. pulumi_vault/okta/auth_backend_group.py +12 -11
  152. pulumi_vault/okta/auth_backend_user.py +12 -11
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +18 -15
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -13
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -12
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
  174. pulumi_vault/pkisecret/secret_backend_key.py +12 -7
  175. pulumi_vault/pkisecret/secret_backend_role.py +19 -16
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +12 -7
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +58 -8
  185. pulumi_vault/quota_rate_limit.py +54 -4
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +16 -15
  189. pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
  190. pulumi_vault/raft_autopilot.py +12 -11
  191. pulumi_vault/raft_snapshot_agent_config.py +121 -311
  192. pulumi_vault/rgp_policy.py +14 -13
  193. pulumi_vault/saml/auth_backend.py +20 -19
  194. pulumi_vault/saml/auth_backend_role.py +90 -199
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -75
  199. pulumi_vault/secrets/sync_aws_destination.py +240 -29
  200. pulumi_vault/secrets/sync_azure_destination.py +90 -33
  201. pulumi_vault/secrets/sync_config.py +7 -6
  202. pulumi_vault/secrets/sync_gcp_destination.py +156 -27
  203. pulumi_vault/secrets/sync_gh_destination.py +187 -15
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +72 -15
  206. pulumi_vault/ssh/_inputs.py +28 -32
  207. pulumi_vault/ssh/outputs.py +11 -32
  208. pulumi_vault/ssh/secret_backend_ca.py +106 -11
  209. pulumi_vault/ssh/secret_backend_role.py +83 -120
  210. pulumi_vault/terraformcloud/secret_backend.py +5 -56
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -24
  212. pulumi_vault/terraformcloud/secret_role.py +14 -76
  213. pulumi_vault/token.py +26 -25
  214. pulumi_vault/tokenauth/auth_backend_role.py +76 -201
  215. pulumi_vault/transform/alphabet.py +16 -13
  216. pulumi_vault/transform/get_decode.py +45 -21
  217. pulumi_vault/transform/get_encode.py +45 -21
  218. pulumi_vault/transform/role.py +16 -13
  219. pulumi_vault/transform/template.py +30 -25
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -25
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +25 -97
  224. pulumi_vault/transit/secret_cache_config.py +12 -11
  225. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['AuthBackendRoleTagArgs', 'AuthBackendRoleTag']
@@ -34,7 +39,7 @@ class AuthBackendRoleTagArgs:
34
39
  :param pulumi.Input[str] max_ttl: The maximum TTL of the tokens issued using this role.
35
40
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
36
41
  The value should not contain leading or trailing forward slashes.
37
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
42
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
38
43
  *Available only for Vault Enterprise*.
39
44
  :param pulumi.Input[Sequence[pulumi.Input[str]]] policies: The policies to be associated with the tag. Must be a subset of the policies associated with the role.
40
45
  """
@@ -134,7 +139,7 @@ class AuthBackendRoleTagArgs:
134
139
  """
135
140
  The namespace to provision the resource in.
136
141
  The value should not contain leading or trailing forward slashes.
137
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
142
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
138
143
  *Available only for Vault Enterprise*.
139
144
  """
140
145
  return pulumi.get(self, "namespace")
@@ -179,7 +184,7 @@ class _AuthBackendRoleTagState:
179
184
  :param pulumi.Input[str] max_ttl: The maximum TTL of the tokens issued using this role.
180
185
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
181
186
  The value should not contain leading or trailing forward slashes.
182
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
187
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
183
188
  *Available only for Vault Enterprise*.
184
189
  :param pulumi.Input[Sequence[pulumi.Input[str]]] policies: The policies to be associated with the tag. Must be a subset of the policies associated with the role.
185
190
  :param pulumi.Input[str] role: The name of the AWS auth backend role to read
@@ -275,7 +280,7 @@ class _AuthBackendRoleTagState:
275
280
  """
276
281
  The namespace to provision the resource in.
277
282
  The value should not contain leading or trailing forward slashes.
278
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
283
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
279
284
  *Available only for Vault Enterprise*.
280
285
  """
281
286
  return pulumi.get(self, "namespace")
@@ -361,7 +366,7 @@ class AuthBackendRoleTag(pulumi.CustomResource):
361
366
  :param pulumi.Input[str] max_ttl: The maximum TTL of the tokens issued using this role.
362
367
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
363
368
  The value should not contain leading or trailing forward slashes.
364
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
369
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
365
370
  *Available only for Vault Enterprise*.
366
371
  :param pulumi.Input[Sequence[pulumi.Input[str]]] policies: The policies to be associated with the tag. Must be a subset of the policies associated with the role.
367
372
  :param pulumi.Input[str] role: The name of the AWS auth backend role to read
@@ -455,7 +460,7 @@ class AuthBackendRoleTag(pulumi.CustomResource):
455
460
  :param pulumi.Input[str] max_ttl: The maximum TTL of the tokens issued using this role.
456
461
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
457
462
  The value should not contain leading or trailing forward slashes.
458
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
463
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
459
464
  *Available only for Vault Enterprise*.
460
465
  :param pulumi.Input[Sequence[pulumi.Input[str]]] policies: The policies to be associated with the tag. Must be a subset of the policies associated with the role.
461
466
  :param pulumi.Input[str] role: The name of the AWS auth backend role to read
@@ -526,7 +531,7 @@ class AuthBackendRoleTag(pulumi.CustomResource):
526
531
  """
527
532
  The namespace to provision the resource in.
528
533
  The value should not contain leading or trailing forward slashes.
529
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
534
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
530
535
  *Available only for Vault Enterprise*.
531
536
  """
532
537
  return pulumi.get(self, "namespace")
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['AuthBackendRoletagBlacklistArgs', 'AuthBackendRoletagBlacklist']
@@ -26,7 +31,7 @@ class AuthBackendRoletagBlacklistArgs:
26
31
  tidying of the roletag blacklist entries. Defaults to false.
27
32
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
28
33
  The value should not contain leading or trailing forward slashes.
29
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
34
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
30
35
  *Available only for Vault Enterprise*.
31
36
  :param pulumi.Input[int] safety_buffer: The amount of extra time that must have passed
32
37
  beyond the roletag expiration, before it is removed from the backend storage.
@@ -72,7 +77,7 @@ class AuthBackendRoletagBlacklistArgs:
72
77
  """
73
78
  The namespace to provision the resource in.
74
79
  The value should not contain leading or trailing forward slashes.
75
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
80
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
76
81
  *Available only for Vault Enterprise*.
77
82
  """
78
83
  return pulumi.get(self, "namespace")
@@ -111,7 +116,7 @@ class _AuthBackendRoletagBlacklistState:
111
116
  tidying of the roletag blacklist entries. Defaults to false.
112
117
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
113
118
  The value should not contain leading or trailing forward slashes.
114
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
119
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
115
120
  *Available only for Vault Enterprise*.
116
121
  :param pulumi.Input[int] safety_buffer: The amount of extra time that must have passed
117
122
  beyond the roletag expiration, before it is removed from the backend storage.
@@ -158,7 +163,7 @@ class _AuthBackendRoletagBlacklistState:
158
163
  """
159
164
  The namespace to provision the resource in.
160
165
  The value should not contain leading or trailing forward slashes.
161
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
166
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
162
167
  *Available only for Vault Enterprise*.
163
168
  """
164
169
  return pulumi.get(self, "namespace")
@@ -197,17 +202,15 @@ class AuthBackendRoletagBlacklist(pulumi.CustomResource):
197
202
 
198
203
  ## Example Usage
199
204
 
200
- <!--Start PulumiCodeChooser -->
201
205
  ```python
202
206
  import pulumi
203
207
  import pulumi_vault as vault
204
208
 
205
- example_auth_backend = vault.AuthBackend("exampleAuthBackend", type="aws")
206
- example_auth_backend_roletag_blacklist = vault.aws.AuthBackendRoletagBlacklist("exampleAuthBackendRoletagBlacklist",
207
- backend=example_auth_backend.path,
209
+ example = vault.AuthBackend("example", type="aws")
210
+ example_auth_backend_roletag_blacklist = vault.aws.AuthBackendRoletagBlacklist("example",
211
+ backend=example.path,
208
212
  safety_buffer=360)
209
213
  ```
210
- <!--End PulumiCodeChooser -->
211
214
 
212
215
  :param str resource_name: The name of the resource.
213
216
  :param pulumi.ResourceOptions opts: Options for the resource.
@@ -217,7 +220,7 @@ class AuthBackendRoletagBlacklist(pulumi.CustomResource):
217
220
  tidying of the roletag blacklist entries. Defaults to false.
218
221
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
219
222
  The value should not contain leading or trailing forward slashes.
220
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
223
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
221
224
  *Available only for Vault Enterprise*.
222
225
  :param pulumi.Input[int] safety_buffer: The amount of extra time that must have passed
223
226
  beyond the roletag expiration, before it is removed from the backend storage.
@@ -234,17 +237,15 @@ class AuthBackendRoletagBlacklist(pulumi.CustomResource):
234
237
 
235
238
  ## Example Usage
236
239
 
237
- <!--Start PulumiCodeChooser -->
238
240
  ```python
239
241
  import pulumi
240
242
  import pulumi_vault as vault
241
243
 
242
- example_auth_backend = vault.AuthBackend("exampleAuthBackend", type="aws")
243
- example_auth_backend_roletag_blacklist = vault.aws.AuthBackendRoletagBlacklist("exampleAuthBackendRoletagBlacklist",
244
- backend=example_auth_backend.path,
244
+ example = vault.AuthBackend("example", type="aws")
245
+ example_auth_backend_roletag_blacklist = vault.aws.AuthBackendRoletagBlacklist("example",
246
+ backend=example.path,
245
247
  safety_buffer=360)
246
248
  ```
247
- <!--End PulumiCodeChooser -->
248
249
 
249
250
  :param str resource_name: The name of the resource.
250
251
  :param AuthBackendRoletagBlacklistArgs args: The arguments to use to populate this resource's properties.
@@ -307,7 +308,7 @@ class AuthBackendRoletagBlacklist(pulumi.CustomResource):
307
308
  tidying of the roletag blacklist entries. Defaults to false.
308
309
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
309
310
  The value should not contain leading or trailing forward slashes.
310
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
311
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
311
312
  *Available only for Vault Enterprise*.
312
313
  :param pulumi.Input[int] safety_buffer: The amount of extra time that must have passed
313
314
  beyond the roletag expiration, before it is removed from the backend storage.
@@ -347,7 +348,7 @@ class AuthBackendRoletagBlacklist(pulumi.CustomResource):
347
348
  """
348
349
  The namespace to provision the resource in.
349
350
  The value should not contain leading or trailing forward slashes.
350
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
351
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
351
352
  *Available only for Vault Enterprise*.
352
353
  """
353
354
  return pulumi.get(self, "namespace")
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['AuthBackendStsRoleArgs', 'AuthBackendStsRole']
@@ -27,7 +32,7 @@ class AuthBackendStsRoleArgs:
27
32
  mounted at. Defaults to `aws`.
28
33
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
29
34
  The value should not contain leading or trailing forward slashes.
30
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
35
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
31
36
  *Available only for Vault Enterprise*.
32
37
  """
33
38
  pulumi.set(__self__, "account_id", account_id)
@@ -81,7 +86,7 @@ class AuthBackendStsRoleArgs:
81
86
  """
82
87
  The namespace to provision the resource in.
83
88
  The value should not contain leading or trailing forward slashes.
84
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
89
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
85
90
  *Available only for Vault Enterprise*.
86
91
  """
87
92
  return pulumi.get(self, "namespace")
@@ -105,7 +110,7 @@ class _AuthBackendStsRoleState:
105
110
  mounted at. Defaults to `aws`.
106
111
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
107
112
  The value should not contain leading or trailing forward slashes.
108
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
113
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
109
114
  *Available only for Vault Enterprise*.
110
115
  :param pulumi.Input[str] sts_role: The STS role to assume when verifying requests made
111
116
  by EC2 instances in the account specified by `account_id`.
@@ -150,7 +155,7 @@ class _AuthBackendStsRoleState:
150
155
  """
151
156
  The namespace to provision the resource in.
152
157
  The value should not contain leading or trailing forward slashes.
153
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
158
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
154
159
  *Available only for Vault Enterprise*.
155
160
  """
156
161
  return pulumi.get(self, "namespace")
@@ -186,7 +191,6 @@ class AuthBackendStsRole(pulumi.CustomResource):
186
191
  """
187
192
  ## Example Usage
188
193
 
189
- <!--Start PulumiCodeChooser -->
190
194
  ```python
191
195
  import pulumi
192
196
  import pulumi_vault as vault
@@ -197,7 +201,6 @@ class AuthBackendStsRole(pulumi.CustomResource):
197
201
  account_id="1234567890",
198
202
  sts_role="arn:aws:iam::1234567890:role/my-role")
199
203
  ```
200
- <!--End PulumiCodeChooser -->
201
204
 
202
205
  ## Import
203
206
 
@@ -214,7 +217,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
214
217
  mounted at. Defaults to `aws`.
215
218
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
216
219
  The value should not contain leading or trailing forward slashes.
217
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
220
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
218
221
  *Available only for Vault Enterprise*.
219
222
  :param pulumi.Input[str] sts_role: The STS role to assume when verifying requests made
220
223
  by EC2 instances in the account specified by `account_id`.
@@ -228,7 +231,6 @@ class AuthBackendStsRole(pulumi.CustomResource):
228
231
  """
229
232
  ## Example Usage
230
233
 
231
- <!--Start PulumiCodeChooser -->
232
234
  ```python
233
235
  import pulumi
234
236
  import pulumi_vault as vault
@@ -239,7 +241,6 @@ class AuthBackendStsRole(pulumi.CustomResource):
239
241
  account_id="1234567890",
240
242
  sts_role="arn:aws:iam::1234567890:role/my-role")
241
243
  ```
242
- <!--End PulumiCodeChooser -->
243
244
 
244
245
  ## Import
245
246
 
@@ -311,7 +312,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
311
312
  mounted at. Defaults to `aws`.
312
313
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
313
314
  The value should not contain leading or trailing forward slashes.
314
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
315
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
315
316
  *Available only for Vault Enterprise*.
316
317
  :param pulumi.Input[str] sts_role: The STS role to assume when verifying requests made
317
318
  by EC2 instances in the account specified by `account_id`.
@@ -349,7 +350,7 @@ class AuthBackendStsRole(pulumi.CustomResource):
349
350
  """
350
351
  The namespace to provision the resource in.
351
352
  The value should not contain leading or trailing forward slashes.
352
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
353
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
353
354
  *Available only for Vault Enterprise*.
354
355
  """
355
356
  return pulumi.get(self, "namespace")
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = [
@@ -203,7 +208,7 @@ def get_access_credentials(backend: Optional[str] = None,
203
208
  read credentials from, with no leading or trailing `/`s.
204
209
  :param str namespace: The namespace of the target resource.
205
210
  The value should not contain leading or trailing forward slashes.
206
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
211
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
207
212
  *Available only for Vault Enterprise*.
208
213
  :param str region: The region the read credentials belong to.
209
214
  :param str role: The name of the AWS secret backend role to read
@@ -246,9 +251,6 @@ def get_access_credentials(backend: Optional[str] = None,
246
251
  security_token=pulumi.get(__ret__, 'security_token'),
247
252
  ttl=pulumi.get(__ret__, 'ttl'),
248
253
  type=pulumi.get(__ret__, 'type'))
249
-
250
-
251
- @_utilities.lift_output_func(get_access_credentials)
252
254
  def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
253
255
  namespace: Optional[pulumi.Input[Optional[str]]] = None,
254
256
  region: Optional[pulumi.Input[Optional[str]]] = None,
@@ -256,7 +258,7 @@ def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
256
258
  role_arn: Optional[pulumi.Input[Optional[str]]] = None,
257
259
  ttl: Optional[pulumi.Input[Optional[str]]] = None,
258
260
  type: Optional[pulumi.Input[Optional[str]]] = None,
259
- opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAccessCredentialsResult]:
261
+ opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAccessCredentialsResult]:
260
262
  """
261
263
  ## Example Usage
262
264
 
@@ -265,7 +267,7 @@ def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
265
267
  read credentials from, with no leading or trailing `/`s.
266
268
  :param str namespace: The namespace of the target resource.
267
269
  The value should not contain leading or trailing forward slashes.
268
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
270
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
269
271
  *Available only for Vault Enterprise*.
270
272
  :param str region: The region the read credentials belong to.
271
273
  :param str role: The name of the AWS secret backend role to read
@@ -281,4 +283,29 @@ def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
281
283
  Key. Can also be set to `"sts"`, which will return a security token
282
284
  in addition to the keys.
283
285
  """
284
- ...
286
+ __args__ = dict()
287
+ __args__['backend'] = backend
288
+ __args__['namespace'] = namespace
289
+ __args__['region'] = region
290
+ __args__['role'] = role
291
+ __args__['roleArn'] = role_arn
292
+ __args__['ttl'] = ttl
293
+ __args__['type'] = type
294
+ opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
295
+ __ret__ = pulumi.runtime.invoke_output('vault:aws/getAccessCredentials:getAccessCredentials', __args__, opts=opts, typ=GetAccessCredentialsResult)
296
+ return __ret__.apply(lambda __response__: GetAccessCredentialsResult(
297
+ access_key=pulumi.get(__response__, 'access_key'),
298
+ backend=pulumi.get(__response__, 'backend'),
299
+ id=pulumi.get(__response__, 'id'),
300
+ lease_duration=pulumi.get(__response__, 'lease_duration'),
301
+ lease_id=pulumi.get(__response__, 'lease_id'),
302
+ lease_renewable=pulumi.get(__response__, 'lease_renewable'),
303
+ lease_start_time=pulumi.get(__response__, 'lease_start_time'),
304
+ namespace=pulumi.get(__response__, 'namespace'),
305
+ region=pulumi.get(__response__, 'region'),
306
+ role=pulumi.get(__response__, 'role'),
307
+ role_arn=pulumi.get(__response__, 'role_arn'),
308
+ secret_key=pulumi.get(__response__, 'secret_key'),
309
+ security_token=pulumi.get(__response__, 'security_token'),
310
+ ttl=pulumi.get(__response__, 'ttl'),
311
+ type=pulumi.get(__response__, 'type')))
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = [
@@ -110,14 +115,23 @@ def get_static_access_credentials(backend: Optional[str] = None,
110
115
  name=pulumi.get(__ret__, 'name'),
111
116
  namespace=pulumi.get(__ret__, 'namespace'),
112
117
  secret_key=pulumi.get(__ret__, 'secret_key'))
113
-
114
-
115
- @_utilities.lift_output_func(get_static_access_credentials)
116
118
  def get_static_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
117
119
  name: Optional[pulumi.Input[str]] = None,
118
120
  namespace: Optional[pulumi.Input[Optional[str]]] = None,
119
- opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetStaticAccessCredentialsResult]:
121
+ opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetStaticAccessCredentialsResult]:
120
122
  """
121
123
  Use this data source to access information about an existing resource.
122
124
  """
123
- ...
125
+ __args__ = dict()
126
+ __args__['backend'] = backend
127
+ __args__['name'] = name
128
+ __args__['namespace'] = namespace
129
+ opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
130
+ __ret__ = pulumi.runtime.invoke_output('vault:aws/getStaticAccessCredentials:getStaticAccessCredentials', __args__, opts=opts, typ=GetStaticAccessCredentialsResult)
131
+ return __ret__.apply(lambda __response__: GetStaticAccessCredentialsResult(
132
+ access_key=pulumi.get(__response__, 'access_key'),
133
+ backend=pulumi.get(__response__, 'backend'),
134
+ id=pulumi.get(__response__, 'id'),
135
+ name=pulumi.get(__response__, 'name'),
136
+ namespace=pulumi.get(__response__, 'namespace'),
137
+ secret_key=pulumi.get(__response__, 'secret_key')))
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretBackendArgs', 'SecretBackend']
@@ -49,12 +54,21 @@ class SecretBackendArgs:
49
54
  for credentials issued by this backend.
50
55
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
51
56
  The value should not contain leading or trailing forward slashes.
52
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
57
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
53
58
  *Available only for Vault Enterprise*.
54
59
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
55
60
  not begin or end with a `/`. Defaults to `aws`.
56
61
  :param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
57
62
  :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
63
+
64
+ ```
65
+ {{ if (eq .Type "STS") }}
66
+ {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
67
+ {{ else }}
68
+ {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
69
+ {{ end }}
70
+
71
+ ```
58
72
  :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
59
73
  :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
60
74
  :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
@@ -224,7 +238,7 @@ class SecretBackendArgs:
224
238
  """
225
239
  The namespace to provision the resource in.
226
240
  The value should not contain leading or trailing forward slashes.
227
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
241
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
228
242
  *Available only for Vault Enterprise*.
229
243
  """
230
244
  return pulumi.get(self, "namespace")
@@ -263,6 +277,15 @@ class SecretBackendArgs:
263
277
  def role_arn(self) -> Optional[pulumi.Input[str]]:
264
278
  """
265
279
  Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
280
+
281
+ ```
282
+ {{ if (eq .Type "STS") }}
283
+ {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
284
+ {{ else }}
285
+ {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
286
+ {{ end }}
287
+
288
+ ```
266
289
  """
267
290
  return pulumi.get(self, "role_arn")
268
291
 
@@ -345,12 +368,21 @@ class _SecretBackendState:
345
368
  for credentials issued by this backend.
346
369
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
347
370
  The value should not contain leading or trailing forward slashes.
348
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
371
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
349
372
  *Available only for Vault Enterprise*.
350
373
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
351
374
  not begin or end with a `/`. Defaults to `aws`.
352
375
  :param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
353
376
  :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
377
+
378
+ ```
379
+ {{ if (eq .Type "STS") }}
380
+ {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
381
+ {{ else }}
382
+ {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
383
+ {{ end }}
384
+
385
+ ```
354
386
  :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
355
387
  :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
356
388
  :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
@@ -520,7 +552,7 @@ class _SecretBackendState:
520
552
  """
521
553
  The namespace to provision the resource in.
522
554
  The value should not contain leading or trailing forward slashes.
523
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
555
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
524
556
  *Available only for Vault Enterprise*.
525
557
  """
526
558
  return pulumi.get(self, "namespace")
@@ -559,6 +591,15 @@ class _SecretBackendState:
559
591
  def role_arn(self) -> Optional[pulumi.Input[str]]:
560
592
  """
561
593
  Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
594
+
595
+ ```
596
+ {{ if (eq .Type "STS") }}
597
+ {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
598
+ {{ else }}
599
+ {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
600
+ {{ end }}
601
+
602
+ ```
562
603
  """
563
604
  return pulumi.get(self, "role_arn")
564
605
 
@@ -653,12 +694,21 @@ class SecretBackend(pulumi.CustomResource):
653
694
  for credentials issued by this backend.
654
695
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
655
696
  The value should not contain leading or trailing forward slashes.
656
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
697
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
657
698
  *Available only for Vault Enterprise*.
658
699
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
659
700
  not begin or end with a `/`. Defaults to `aws`.
660
701
  :param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
661
702
  :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
703
+
704
+ ```
705
+ {{ if (eq .Type "STS") }}
706
+ {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
707
+ {{ else }}
708
+ {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
709
+ {{ end }}
710
+
711
+ ```
662
712
  :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
663
713
  :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
664
714
  :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
@@ -788,12 +838,21 @@ class SecretBackend(pulumi.CustomResource):
788
838
  for credentials issued by this backend.
789
839
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
790
840
  The value should not contain leading or trailing forward slashes.
791
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
841
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
792
842
  *Available only for Vault Enterprise*.
793
843
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
794
844
  not begin or end with a `/`. Defaults to `aws`.
795
845
  :param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
796
846
  :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
847
+
848
+ ```
849
+ {{ if (eq .Type "STS") }}
850
+ {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
851
+ {{ else }}
852
+ {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
853
+ {{ end }}
854
+
855
+ ```
797
856
  :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
798
857
  :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
799
858
  :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
@@ -911,7 +970,7 @@ class SecretBackend(pulumi.CustomResource):
911
970
  """
912
971
  The namespace to provision the resource in.
913
972
  The value should not contain leading or trailing forward slashes.
914
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
973
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
915
974
  *Available only for Vault Enterprise*.
916
975
  """
917
976
  return pulumi.get(self, "namespace")
@@ -938,6 +997,15 @@ class SecretBackend(pulumi.CustomResource):
938
997
  def role_arn(self) -> pulumi.Output[Optional[str]]:
939
998
  """
940
999
  Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
1000
+
1001
+ ```
1002
+ {{ if (eq .Type "STS") }}
1003
+ {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
1004
+ {{ else }}
1005
+ {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
1006
+ {{ end }}
1007
+
1008
+ ```
941
1009
  """
942
1010
  return pulumi.get(self, "role_arn")
943
1011