pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +22 -7
  5. pulumi_vault/ad/secret_backend.py +14 -144
  6. pulumi_vault/ad/secret_library.py +14 -11
  7. pulumi_vault/ad/secret_role.py +12 -11
  8. pulumi_vault/alicloud/auth_backend_role.py +74 -192
  9. pulumi_vault/approle/auth_backend_login.py +12 -11
  10. pulumi_vault/approle/auth_backend_role.py +75 -193
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
  13. pulumi_vault/audit.py +24 -27
  14. pulumi_vault/audit_request_header.py +11 -6
  15. pulumi_vault/auth_backend.py +64 -12
  16. pulumi_vault/aws/auth_backend_cert.py +12 -7
  17. pulumi_vault/aws/auth_backend_client.py +265 -24
  18. pulumi_vault/aws/auth_backend_config_identity.py +12 -11
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +75 -193
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
  24. pulumi_vault/aws/auth_backend_sts_role.py +12 -11
  25. pulumi_vault/aws/get_access_credentials.py +34 -7
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +75 -7
  28. pulumi_vault/aws/secret_backend_role.py +183 -11
  29. pulumi_vault/aws/secret_backend_static_role.py +14 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +151 -17
  32. pulumi_vault/azure/auth_backend_role.py +75 -193
  33. pulumi_vault/azure/backend.py +223 -29
  34. pulumi_vault/azure/backend_role.py +42 -41
  35. pulumi_vault/azure/get_access_credentials.py +39 -11
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -271
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +22 -25
  44. pulumi_vault/consul/secret_backend_role.py +14 -80
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +117 -114
  48. pulumi_vault/database/secret_backend_role.py +29 -24
  49. pulumi_vault/database/secret_backend_static_role.py +85 -15
  50. pulumi_vault/database/secrets_mount.py +425 -138
  51. pulumi_vault/egp_policy.py +16 -15
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +248 -35
  54. pulumi_vault/gcp/auth_backend_role.py +75 -271
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -9
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -16
  58. pulumi_vault/gcp/secret_impersonated_account.py +74 -17
  59. pulumi_vault/gcp/secret_roleset.py +29 -26
  60. pulumi_vault/gcp/secret_static_account.py +37 -34
  61. pulumi_vault/generic/endpoint.py +22 -21
  62. pulumi_vault/generic/get_secret.py +68 -12
  63. pulumi_vault/generic/secret.py +19 -14
  64. pulumi_vault/get_auth_backend.py +24 -11
  65. pulumi_vault/get_auth_backends.py +33 -11
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -15
  69. pulumi_vault/get_policy_document.py +34 -23
  70. pulumi_vault/get_raft_autopilot_state.py +29 -14
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +17 -16
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +14 -13
  75. pulumi_vault/github/user.py +14 -13
  76. pulumi_vault/identity/entity.py +18 -15
  77. pulumi_vault/identity/entity_alias.py +18 -15
  78. pulumi_vault/identity/entity_policies.py +24 -19
  79. pulumi_vault/identity/get_entity.py +40 -14
  80. pulumi_vault/identity/get_group.py +45 -13
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -11
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -13
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -14
  84. pulumi_vault/identity/group.py +50 -49
  85. pulumi_vault/identity/group_alias.py +14 -11
  86. pulumi_vault/identity/group_member_entity_ids.py +24 -74
  87. pulumi_vault/identity/group_member_group_ids.py +36 -27
  88. pulumi_vault/identity/group_policies.py +16 -15
  89. pulumi_vault/identity/mfa_duo.py +9 -8
  90. pulumi_vault/identity/mfa_login_enforcement.py +13 -8
  91. pulumi_vault/identity/mfa_okta.py +9 -8
  92. pulumi_vault/identity/mfa_pingid.py +5 -4
  93. pulumi_vault/identity/mfa_totp.py +5 -4
  94. pulumi_vault/identity/oidc.py +12 -11
  95. pulumi_vault/identity/oidc_assignment.py +22 -13
  96. pulumi_vault/identity/oidc_client.py +34 -25
  97. pulumi_vault/identity/oidc_key.py +28 -19
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
  99. pulumi_vault/identity/oidc_provider.py +34 -23
  100. pulumi_vault/identity/oidc_role.py +40 -27
  101. pulumi_vault/identity/oidc_scope.py +18 -15
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +39 -46
  105. pulumi_vault/jwt/auth_backend_role.py +131 -260
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +22 -21
  108. pulumi_vault/kmip/secret_role.py +12 -11
  109. pulumi_vault/kmip/secret_scope.py +12 -11
  110. pulumi_vault/kubernetes/auth_backend_config.py +55 -7
  111. pulumi_vault/kubernetes/auth_backend_role.py +68 -179
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -15
  115. pulumi_vault/kubernetes/secret_backend.py +314 -29
  116. pulumi_vault/kubernetes/secret_backend_role.py +135 -56
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +23 -12
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
  120. pulumi_vault/kv/get_secret_v2.py +89 -9
  121. pulumi_vault/kv/get_secrets_list.py +22 -15
  122. pulumi_vault/kv/get_secrets_list_v2.py +35 -19
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +19 -18
  125. pulumi_vault/kv/secret_backend_v2.py +12 -11
  126. pulumi_vault/kv/secret_v2.py +55 -52
  127. pulumi_vault/ldap/auth_backend.py +125 -168
  128. pulumi_vault/ldap/auth_backend_group.py +12 -11
  129. pulumi_vault/ldap/auth_backend_user.py +12 -11
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +352 -84
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +14 -11
  135. pulumi_vault/ldap/secret_backend_static_role.py +67 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +27 -43
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +16 -13
  140. pulumi_vault/mfa_okta.py +16 -13
  141. pulumi_vault/mfa_pingid.py +16 -13
  142. pulumi_vault/mfa_totp.py +22 -19
  143. pulumi_vault/mongodbatlas/secret_backend.py +18 -17
  144. pulumi_vault/mongodbatlas/secret_role.py +41 -38
  145. pulumi_vault/mount.py +389 -65
  146. pulumi_vault/namespace.py +26 -21
  147. pulumi_vault/nomad_secret_backend.py +16 -15
  148. pulumi_vault/nomad_secret_role.py +12 -11
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +483 -41
  151. pulumi_vault/okta/auth_backend_group.py +12 -11
  152. pulumi_vault/okta/auth_backend_user.py +12 -11
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +18 -15
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -13
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -12
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
  174. pulumi_vault/pkisecret/secret_backend_key.py +12 -7
  175. pulumi_vault/pkisecret/secret_backend_role.py +19 -16
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +12 -7
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +58 -8
  185. pulumi_vault/quota_rate_limit.py +54 -4
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +16 -15
  189. pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
  190. pulumi_vault/raft_autopilot.py +12 -11
  191. pulumi_vault/raft_snapshot_agent_config.py +121 -311
  192. pulumi_vault/rgp_policy.py +14 -13
  193. pulumi_vault/saml/auth_backend.py +20 -19
  194. pulumi_vault/saml/auth_backend_role.py +90 -199
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -75
  199. pulumi_vault/secrets/sync_aws_destination.py +240 -29
  200. pulumi_vault/secrets/sync_azure_destination.py +90 -33
  201. pulumi_vault/secrets/sync_config.py +7 -6
  202. pulumi_vault/secrets/sync_gcp_destination.py +156 -27
  203. pulumi_vault/secrets/sync_gh_destination.py +187 -15
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +72 -15
  206. pulumi_vault/ssh/_inputs.py +28 -32
  207. pulumi_vault/ssh/outputs.py +11 -32
  208. pulumi_vault/ssh/secret_backend_ca.py +106 -11
  209. pulumi_vault/ssh/secret_backend_role.py +83 -120
  210. pulumi_vault/terraformcloud/secret_backend.py +5 -56
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -24
  212. pulumi_vault/terraformcloud/secret_role.py +14 -76
  213. pulumi_vault/token.py +26 -25
  214. pulumi_vault/tokenauth/auth_backend_role.py +76 -201
  215. pulumi_vault/transform/alphabet.py +16 -13
  216. pulumi_vault/transform/get_decode.py +45 -21
  217. pulumi_vault/transform/get_encode.py +45 -21
  218. pulumi_vault/transform/role.py +16 -13
  219. pulumi_vault/transform/template.py +30 -25
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -25
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +25 -97
  224. pulumi_vault/transit/secret_cache_config.py +12 -11
  225. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
@@ -17,7 +22,9 @@ class SecretBackendRoleArgs:
17
22
  backend: pulumi.Input[str],
18
23
  credential_type: pulumi.Input[str],
19
24
  default_sts_ttl: Optional[pulumi.Input[int]] = None,
25
+ external_id: Optional[pulumi.Input[str]] = None,
20
26
  iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
27
+ iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
21
28
  max_sts_ttl: Optional[pulumi.Input[int]] = None,
22
29
  name: Optional[pulumi.Input[str]] = None,
23
30
  namespace: Optional[pulumi.Input[str]] = None,
@@ -25,6 +32,7 @@ class SecretBackendRoleArgs:
25
32
  policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
26
33
  policy_document: Optional[pulumi.Input[str]] = None,
27
34
  role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
35
+ session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
28
36
  user_path: Optional[pulumi.Input[str]] = None):
29
37
  """
30
38
  The set of arguments for constructing a SecretBackendRole resource.
@@ -38,12 +46,16 @@ class SecretBackendRoleArgs:
38
46
  and a default TTL is specified on the role,
39
47
  then this default TTL will be used. Valid only when `credential_type` is one of
40
48
  `assumed_role` or `federation_token`.
49
+ :param pulumi.Input[str] external_id: External ID to set for assume role creds.
50
+ Valid only when `credential_type` is set to `assumed_role`.
41
51
  :param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
42
52
  against this vault role will be added to these IAM Groups. For a credential
43
53
  type of `assumed_role` or `federation_token`, the policies sent to the
44
54
  corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
45
55
  policies from each group in `iam_groups` combined with the `policy_document`
46
56
  and `policy_arns` parameters.
57
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
58
+ to be used as tags for any IAM user that is created by this role.
47
59
  :param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
48
60
  (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
49
61
  one of `assumed_role` or `federation_token`.
@@ -51,7 +63,7 @@ class SecretBackendRoleArgs:
51
63
  Must be unique within the backend.
52
64
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
53
65
  The value should not contain leading or trailing forward slashes.
54
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
66
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
55
67
  *Available only for Vault Enterprise*.
56
68
  :param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
57
69
  Boundary to attach to IAM users created in the role. Valid only when
@@ -72,6 +84,9 @@ class SecretBackendRoleArgs:
72
84
  :param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
73
85
  is allowed to assume. Required when `credential_type` is `assumed_role` and
74
86
  prohibited otherwise.
87
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
88
+ during assume role creds creation. Valid only when `credential_type` is set to
89
+ `assumed_role`.
75
90
  :param pulumi.Input[str] user_path: The path for the user name. Valid only when
76
91
  `credential_type` is `iam_user`. Default is `/`.
77
92
  """
@@ -79,8 +94,12 @@ class SecretBackendRoleArgs:
79
94
  pulumi.set(__self__, "credential_type", credential_type)
80
95
  if default_sts_ttl is not None:
81
96
  pulumi.set(__self__, "default_sts_ttl", default_sts_ttl)
97
+ if external_id is not None:
98
+ pulumi.set(__self__, "external_id", external_id)
82
99
  if iam_groups is not None:
83
100
  pulumi.set(__self__, "iam_groups", iam_groups)
101
+ if iam_tags is not None:
102
+ pulumi.set(__self__, "iam_tags", iam_tags)
84
103
  if max_sts_ttl is not None:
85
104
  pulumi.set(__self__, "max_sts_ttl", max_sts_ttl)
86
105
  if name is not None:
@@ -95,6 +114,8 @@ class SecretBackendRoleArgs:
95
114
  pulumi.set(__self__, "policy_document", policy_document)
96
115
  if role_arns is not None:
97
116
  pulumi.set(__self__, "role_arns", role_arns)
117
+ if session_tags is not None:
118
+ pulumi.set(__self__, "session_tags", session_tags)
98
119
  if user_path is not None:
99
120
  pulumi.set(__self__, "user_path", user_path)
100
121
 
@@ -141,6 +162,19 @@ class SecretBackendRoleArgs:
141
162
  def default_sts_ttl(self, value: Optional[pulumi.Input[int]]):
142
163
  pulumi.set(self, "default_sts_ttl", value)
143
164
 
165
+ @property
166
+ @pulumi.getter(name="externalId")
167
+ def external_id(self) -> Optional[pulumi.Input[str]]:
168
+ """
169
+ External ID to set for assume role creds.
170
+ Valid only when `credential_type` is set to `assumed_role`.
171
+ """
172
+ return pulumi.get(self, "external_id")
173
+
174
+ @external_id.setter
175
+ def external_id(self, value: Optional[pulumi.Input[str]]):
176
+ pulumi.set(self, "external_id", value)
177
+
144
178
  @property
145
179
  @pulumi.getter(name="iamGroups")
146
180
  def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -158,6 +192,19 @@ class SecretBackendRoleArgs:
158
192
  def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
159
193
  pulumi.set(self, "iam_groups", value)
160
194
 
195
+ @property
196
+ @pulumi.getter(name="iamTags")
197
+ def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
198
+ """
199
+ A map of strings representing key/value pairs
200
+ to be used as tags for any IAM user that is created by this role.
201
+ """
202
+ return pulumi.get(self, "iam_tags")
203
+
204
+ @iam_tags.setter
205
+ def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
206
+ pulumi.set(self, "iam_tags", value)
207
+
161
208
  @property
162
209
  @pulumi.getter(name="maxStsTtl")
163
210
  def max_sts_ttl(self) -> Optional[pulumi.Input[int]]:
@@ -191,7 +238,7 @@ class SecretBackendRoleArgs:
191
238
  """
192
239
  The namespace to provision the resource in.
193
240
  The value should not contain leading or trailing forward slashes.
194
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
241
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
195
242
  *Available only for Vault Enterprise*.
196
243
  """
197
244
  return pulumi.get(self, "namespace")
@@ -263,6 +310,20 @@ class SecretBackendRoleArgs:
263
310
  def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
264
311
  pulumi.set(self, "role_arns", value)
265
312
 
313
+ @property
314
+ @pulumi.getter(name="sessionTags")
315
+ def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
316
+ """
317
+ A map of strings representing key/value pairs to be set
318
+ during assume role creds creation. Valid only when `credential_type` is set to
319
+ `assumed_role`.
320
+ """
321
+ return pulumi.get(self, "session_tags")
322
+
323
+ @session_tags.setter
324
+ def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
325
+ pulumi.set(self, "session_tags", value)
326
+
266
327
  @property
267
328
  @pulumi.getter(name="userPath")
268
329
  def user_path(self) -> Optional[pulumi.Input[str]]:
@@ -283,7 +344,9 @@ class _SecretBackendRoleState:
283
344
  backend: Optional[pulumi.Input[str]] = None,
284
345
  credential_type: Optional[pulumi.Input[str]] = None,
285
346
  default_sts_ttl: Optional[pulumi.Input[int]] = None,
347
+ external_id: Optional[pulumi.Input[str]] = None,
286
348
  iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
349
+ iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
287
350
  max_sts_ttl: Optional[pulumi.Input[int]] = None,
288
351
  name: Optional[pulumi.Input[str]] = None,
289
352
  namespace: Optional[pulumi.Input[str]] = None,
@@ -291,6 +354,7 @@ class _SecretBackendRoleState:
291
354
  policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
292
355
  policy_document: Optional[pulumi.Input[str]] = None,
293
356
  role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
357
+ session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
294
358
  user_path: Optional[pulumi.Input[str]] = None):
295
359
  """
296
360
  Input properties used for looking up and filtering SecretBackendRole resources.
@@ -304,12 +368,16 @@ class _SecretBackendRoleState:
304
368
  and a default TTL is specified on the role,
305
369
  then this default TTL will be used. Valid only when `credential_type` is one of
306
370
  `assumed_role` or `federation_token`.
371
+ :param pulumi.Input[str] external_id: External ID to set for assume role creds.
372
+ Valid only when `credential_type` is set to `assumed_role`.
307
373
  :param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
308
374
  against this vault role will be added to these IAM Groups. For a credential
309
375
  type of `assumed_role` or `federation_token`, the policies sent to the
310
376
  corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
311
377
  policies from each group in `iam_groups` combined with the `policy_document`
312
378
  and `policy_arns` parameters.
379
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
380
+ to be used as tags for any IAM user that is created by this role.
313
381
  :param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
314
382
  (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
315
383
  one of `assumed_role` or `federation_token`.
@@ -317,7 +385,7 @@ class _SecretBackendRoleState:
317
385
  Must be unique within the backend.
318
386
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
319
387
  The value should not contain leading or trailing forward slashes.
320
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
388
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
321
389
  *Available only for Vault Enterprise*.
322
390
  :param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
323
391
  Boundary to attach to IAM users created in the role. Valid only when
@@ -338,6 +406,9 @@ class _SecretBackendRoleState:
338
406
  :param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
339
407
  is allowed to assume. Required when `credential_type` is `assumed_role` and
340
408
  prohibited otherwise.
409
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
410
+ during assume role creds creation. Valid only when `credential_type` is set to
411
+ `assumed_role`.
341
412
  :param pulumi.Input[str] user_path: The path for the user name. Valid only when
342
413
  `credential_type` is `iam_user`. Default is `/`.
343
414
  """
@@ -347,8 +418,12 @@ class _SecretBackendRoleState:
347
418
  pulumi.set(__self__, "credential_type", credential_type)
348
419
  if default_sts_ttl is not None:
349
420
  pulumi.set(__self__, "default_sts_ttl", default_sts_ttl)
421
+ if external_id is not None:
422
+ pulumi.set(__self__, "external_id", external_id)
350
423
  if iam_groups is not None:
351
424
  pulumi.set(__self__, "iam_groups", iam_groups)
425
+ if iam_tags is not None:
426
+ pulumi.set(__self__, "iam_tags", iam_tags)
352
427
  if max_sts_ttl is not None:
353
428
  pulumi.set(__self__, "max_sts_ttl", max_sts_ttl)
354
429
  if name is not None:
@@ -363,6 +438,8 @@ class _SecretBackendRoleState:
363
438
  pulumi.set(__self__, "policy_document", policy_document)
364
439
  if role_arns is not None:
365
440
  pulumi.set(__self__, "role_arns", role_arns)
441
+ if session_tags is not None:
442
+ pulumi.set(__self__, "session_tags", session_tags)
366
443
  if user_path is not None:
367
444
  pulumi.set(__self__, "user_path", user_path)
368
445
 
@@ -409,6 +486,19 @@ class _SecretBackendRoleState:
409
486
  def default_sts_ttl(self, value: Optional[pulumi.Input[int]]):
410
487
  pulumi.set(self, "default_sts_ttl", value)
411
488
 
489
+ @property
490
+ @pulumi.getter(name="externalId")
491
+ def external_id(self) -> Optional[pulumi.Input[str]]:
492
+ """
493
+ External ID to set for assume role creds.
494
+ Valid only when `credential_type` is set to `assumed_role`.
495
+ """
496
+ return pulumi.get(self, "external_id")
497
+
498
+ @external_id.setter
499
+ def external_id(self, value: Optional[pulumi.Input[str]]):
500
+ pulumi.set(self, "external_id", value)
501
+
412
502
  @property
413
503
  @pulumi.getter(name="iamGroups")
414
504
  def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -426,6 +516,19 @@ class _SecretBackendRoleState:
426
516
  def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
427
517
  pulumi.set(self, "iam_groups", value)
428
518
 
519
+ @property
520
+ @pulumi.getter(name="iamTags")
521
+ def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
522
+ """
523
+ A map of strings representing key/value pairs
524
+ to be used as tags for any IAM user that is created by this role.
525
+ """
526
+ return pulumi.get(self, "iam_tags")
527
+
528
+ @iam_tags.setter
529
+ def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
530
+ pulumi.set(self, "iam_tags", value)
531
+
429
532
  @property
430
533
  @pulumi.getter(name="maxStsTtl")
431
534
  def max_sts_ttl(self) -> Optional[pulumi.Input[int]]:
@@ -459,7 +562,7 @@ class _SecretBackendRoleState:
459
562
  """
460
563
  The namespace to provision the resource in.
461
564
  The value should not contain leading or trailing forward slashes.
462
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
565
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
463
566
  *Available only for Vault Enterprise*.
464
567
  """
465
568
  return pulumi.get(self, "namespace")
@@ -531,6 +634,20 @@ class _SecretBackendRoleState:
531
634
  def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
532
635
  pulumi.set(self, "role_arns", value)
533
636
 
637
+ @property
638
+ @pulumi.getter(name="sessionTags")
639
+ def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
640
+ """
641
+ A map of strings representing key/value pairs to be set
642
+ during assume role creds creation. Valid only when `credential_type` is set to
643
+ `assumed_role`.
644
+ """
645
+ return pulumi.get(self, "session_tags")
646
+
647
+ @session_tags.setter
648
+ def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
649
+ pulumi.set(self, "session_tags", value)
650
+
534
651
  @property
535
652
  @pulumi.getter(name="userPath")
536
653
  def user_path(self) -> Optional[pulumi.Input[str]]:
@@ -553,7 +670,9 @@ class SecretBackendRole(pulumi.CustomResource):
553
670
  backend: Optional[pulumi.Input[str]] = None,
554
671
  credential_type: Optional[pulumi.Input[str]] = None,
555
672
  default_sts_ttl: Optional[pulumi.Input[int]] = None,
673
+ external_id: Optional[pulumi.Input[str]] = None,
556
674
  iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
675
+ iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
557
676
  max_sts_ttl: Optional[pulumi.Input[int]] = None,
558
677
  name: Optional[pulumi.Input[str]] = None,
559
678
  namespace: Optional[pulumi.Input[str]] = None,
@@ -561,12 +680,12 @@ class SecretBackendRole(pulumi.CustomResource):
561
680
  policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
562
681
  policy_document: Optional[pulumi.Input[str]] = None,
563
682
  role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
683
+ session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
564
684
  user_path: Optional[pulumi.Input[str]] = None,
565
685
  __props__=None):
566
686
  """
567
687
  ## Example Usage
568
688
 
569
- <!--Start PulumiCodeChooser -->
570
689
  ```python
571
690
  import pulumi
572
691
  import pulumi_vault as vault
@@ -576,6 +695,7 @@ class SecretBackendRole(pulumi.CustomResource):
576
695
  secret_key="AWS secret key")
577
696
  role = vault.aws.SecretBackendRole("role",
578
697
  backend=aws.path,
698
+ name="deploy",
579
699
  credential_type="iam_user",
580
700
  policy_document=\"\"\"{
581
701
  "Version": "2012-10-17",
@@ -589,7 +709,6 @@ class SecretBackendRole(pulumi.CustomResource):
589
709
  }
590
710
  \"\"\")
591
711
  ```
592
- <!--End PulumiCodeChooser -->
593
712
 
594
713
  ## Import
595
714
 
@@ -611,12 +730,16 @@ class SecretBackendRole(pulumi.CustomResource):
611
730
  and a default TTL is specified on the role,
612
731
  then this default TTL will be used. Valid only when `credential_type` is one of
613
732
  `assumed_role` or `federation_token`.
733
+ :param pulumi.Input[str] external_id: External ID to set for assume role creds.
734
+ Valid only when `credential_type` is set to `assumed_role`.
614
735
  :param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
615
736
  against this vault role will be added to these IAM Groups. For a credential
616
737
  type of `assumed_role` or `federation_token`, the policies sent to the
617
738
  corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
618
739
  policies from each group in `iam_groups` combined with the `policy_document`
619
740
  and `policy_arns` parameters.
741
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
742
+ to be used as tags for any IAM user that is created by this role.
620
743
  :param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
621
744
  (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
622
745
  one of `assumed_role` or `federation_token`.
@@ -624,7 +747,7 @@ class SecretBackendRole(pulumi.CustomResource):
624
747
  Must be unique within the backend.
625
748
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
626
749
  The value should not contain leading or trailing forward slashes.
627
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
750
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
628
751
  *Available only for Vault Enterprise*.
629
752
  :param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
630
753
  Boundary to attach to IAM users created in the role. Valid only when
@@ -645,6 +768,9 @@ class SecretBackendRole(pulumi.CustomResource):
645
768
  :param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
646
769
  is allowed to assume. Required when `credential_type` is `assumed_role` and
647
770
  prohibited otherwise.
771
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
772
+ during assume role creds creation. Valid only when `credential_type` is set to
773
+ `assumed_role`.
648
774
  :param pulumi.Input[str] user_path: The path for the user name. Valid only when
649
775
  `credential_type` is `iam_user`. Default is `/`.
650
776
  """
@@ -657,7 +783,6 @@ class SecretBackendRole(pulumi.CustomResource):
657
783
  """
658
784
  ## Example Usage
659
785
 
660
- <!--Start PulumiCodeChooser -->
661
786
  ```python
662
787
  import pulumi
663
788
  import pulumi_vault as vault
@@ -667,6 +792,7 @@ class SecretBackendRole(pulumi.CustomResource):
667
792
  secret_key="AWS secret key")
668
793
  role = vault.aws.SecretBackendRole("role",
669
794
  backend=aws.path,
795
+ name="deploy",
670
796
  credential_type="iam_user",
671
797
  policy_document=\"\"\"{
672
798
  "Version": "2012-10-17",
@@ -680,7 +806,6 @@ class SecretBackendRole(pulumi.CustomResource):
680
806
  }
681
807
  \"\"\")
682
808
  ```
683
- <!--End PulumiCodeChooser -->
684
809
 
685
810
  ## Import
686
811
 
@@ -708,7 +833,9 @@ class SecretBackendRole(pulumi.CustomResource):
708
833
  backend: Optional[pulumi.Input[str]] = None,
709
834
  credential_type: Optional[pulumi.Input[str]] = None,
710
835
  default_sts_ttl: Optional[pulumi.Input[int]] = None,
836
+ external_id: Optional[pulumi.Input[str]] = None,
711
837
  iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
838
+ iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
712
839
  max_sts_ttl: Optional[pulumi.Input[int]] = None,
713
840
  name: Optional[pulumi.Input[str]] = None,
714
841
  namespace: Optional[pulumi.Input[str]] = None,
@@ -716,6 +843,7 @@ class SecretBackendRole(pulumi.CustomResource):
716
843
  policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
717
844
  policy_document: Optional[pulumi.Input[str]] = None,
718
845
  role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
846
+ session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
719
847
  user_path: Optional[pulumi.Input[str]] = None,
720
848
  __props__=None):
721
849
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -733,7 +861,9 @@ class SecretBackendRole(pulumi.CustomResource):
733
861
  raise TypeError("Missing required property 'credential_type'")
734
862
  __props__.__dict__["credential_type"] = credential_type
735
863
  __props__.__dict__["default_sts_ttl"] = default_sts_ttl
864
+ __props__.__dict__["external_id"] = external_id
736
865
  __props__.__dict__["iam_groups"] = iam_groups
866
+ __props__.__dict__["iam_tags"] = iam_tags
737
867
  __props__.__dict__["max_sts_ttl"] = max_sts_ttl
738
868
  __props__.__dict__["name"] = name
739
869
  __props__.__dict__["namespace"] = namespace
@@ -741,6 +871,7 @@ class SecretBackendRole(pulumi.CustomResource):
741
871
  __props__.__dict__["policy_arns"] = policy_arns
742
872
  __props__.__dict__["policy_document"] = policy_document
743
873
  __props__.__dict__["role_arns"] = role_arns
874
+ __props__.__dict__["session_tags"] = session_tags
744
875
  __props__.__dict__["user_path"] = user_path
745
876
  super(SecretBackendRole, __self__).__init__(
746
877
  'vault:aws/secretBackendRole:SecretBackendRole',
@@ -755,7 +886,9 @@ class SecretBackendRole(pulumi.CustomResource):
755
886
  backend: Optional[pulumi.Input[str]] = None,
756
887
  credential_type: Optional[pulumi.Input[str]] = None,
757
888
  default_sts_ttl: Optional[pulumi.Input[int]] = None,
889
+ external_id: Optional[pulumi.Input[str]] = None,
758
890
  iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
891
+ iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
759
892
  max_sts_ttl: Optional[pulumi.Input[int]] = None,
760
893
  name: Optional[pulumi.Input[str]] = None,
761
894
  namespace: Optional[pulumi.Input[str]] = None,
@@ -763,6 +896,7 @@ class SecretBackendRole(pulumi.CustomResource):
763
896
  policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
764
897
  policy_document: Optional[pulumi.Input[str]] = None,
765
898
  role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
899
+ session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
766
900
  user_path: Optional[pulumi.Input[str]] = None) -> 'SecretBackendRole':
767
901
  """
768
902
  Get an existing SecretBackendRole resource's state with the given name, id, and optional extra
@@ -781,12 +915,16 @@ class SecretBackendRole(pulumi.CustomResource):
781
915
  and a default TTL is specified on the role,
782
916
  then this default TTL will be used. Valid only when `credential_type` is one of
783
917
  `assumed_role` or `federation_token`.
918
+ :param pulumi.Input[str] external_id: External ID to set for assume role creds.
919
+ Valid only when `credential_type` is set to `assumed_role`.
784
920
  :param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
785
921
  against this vault role will be added to these IAM Groups. For a credential
786
922
  type of `assumed_role` or `federation_token`, the policies sent to the
787
923
  corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
788
924
  policies from each group in `iam_groups` combined with the `policy_document`
789
925
  and `policy_arns` parameters.
926
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
927
+ to be used as tags for any IAM user that is created by this role.
790
928
  :param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
791
929
  (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
792
930
  one of `assumed_role` or `federation_token`.
@@ -794,7 +932,7 @@ class SecretBackendRole(pulumi.CustomResource):
794
932
  Must be unique within the backend.
795
933
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
796
934
  The value should not contain leading or trailing forward slashes.
797
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
935
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
798
936
  *Available only for Vault Enterprise*.
799
937
  :param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
800
938
  Boundary to attach to IAM users created in the role. Valid only when
@@ -815,6 +953,9 @@ class SecretBackendRole(pulumi.CustomResource):
815
953
  :param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
816
954
  is allowed to assume. Required when `credential_type` is `assumed_role` and
817
955
  prohibited otherwise.
956
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
957
+ during assume role creds creation. Valid only when `credential_type` is set to
958
+ `assumed_role`.
818
959
  :param pulumi.Input[str] user_path: The path for the user name. Valid only when
819
960
  `credential_type` is `iam_user`. Default is `/`.
820
961
  """
@@ -825,7 +966,9 @@ class SecretBackendRole(pulumi.CustomResource):
825
966
  __props__.__dict__["backend"] = backend
826
967
  __props__.__dict__["credential_type"] = credential_type
827
968
  __props__.__dict__["default_sts_ttl"] = default_sts_ttl
969
+ __props__.__dict__["external_id"] = external_id
828
970
  __props__.__dict__["iam_groups"] = iam_groups
971
+ __props__.__dict__["iam_tags"] = iam_tags
829
972
  __props__.__dict__["max_sts_ttl"] = max_sts_ttl
830
973
  __props__.__dict__["name"] = name
831
974
  __props__.__dict__["namespace"] = namespace
@@ -833,6 +976,7 @@ class SecretBackendRole(pulumi.CustomResource):
833
976
  __props__.__dict__["policy_arns"] = policy_arns
834
977
  __props__.__dict__["policy_document"] = policy_document
835
978
  __props__.__dict__["role_arns"] = role_arns
979
+ __props__.__dict__["session_tags"] = session_tags
836
980
  __props__.__dict__["user_path"] = user_path
837
981
  return SecretBackendRole(resource_name, opts=opts, __props__=__props__)
838
982
 
@@ -867,6 +1011,15 @@ class SecretBackendRole(pulumi.CustomResource):
867
1011
  """
868
1012
  return pulumi.get(self, "default_sts_ttl")
869
1013
 
1014
+ @property
1015
+ @pulumi.getter(name="externalId")
1016
+ def external_id(self) -> pulumi.Output[Optional[str]]:
1017
+ """
1018
+ External ID to set for assume role creds.
1019
+ Valid only when `credential_type` is set to `assumed_role`.
1020
+ """
1021
+ return pulumi.get(self, "external_id")
1022
+
870
1023
  @property
871
1024
  @pulumi.getter(name="iamGroups")
872
1025
  def iam_groups(self) -> pulumi.Output[Optional[Sequence[str]]]:
@@ -880,6 +1033,15 @@ class SecretBackendRole(pulumi.CustomResource):
880
1033
  """
881
1034
  return pulumi.get(self, "iam_groups")
882
1035
 
1036
+ @property
1037
+ @pulumi.getter(name="iamTags")
1038
+ def iam_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
1039
+ """
1040
+ A map of strings representing key/value pairs
1041
+ to be used as tags for any IAM user that is created by this role.
1042
+ """
1043
+ return pulumi.get(self, "iam_tags")
1044
+
883
1045
  @property
884
1046
  @pulumi.getter(name="maxStsTtl")
885
1047
  def max_sts_ttl(self) -> pulumi.Output[int]:
@@ -905,7 +1067,7 @@ class SecretBackendRole(pulumi.CustomResource):
905
1067
  """
906
1068
  The namespace to provision the resource in.
907
1069
  The value should not contain leading or trailing forward slashes.
908
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1070
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
909
1071
  *Available only for Vault Enterprise*.
910
1072
  """
911
1073
  return pulumi.get(self, "namespace")
@@ -957,6 +1119,16 @@ class SecretBackendRole(pulumi.CustomResource):
957
1119
  """
958
1120
  return pulumi.get(self, "role_arns")
959
1121
 
1122
+ @property
1123
+ @pulumi.getter(name="sessionTags")
1124
+ def session_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
1125
+ """
1126
+ A map of strings representing key/value pairs to be set
1127
+ during assume role creds creation. Valid only when `credential_type` is set to
1128
+ `assumed_role`.
1129
+ """
1130
+ return pulumi.get(self, "session_tags")
1131
+
960
1132
  @property
961
1133
  @pulumi.getter(name="userPath")
962
1134
  def user_path(self) -> pulumi.Output[Optional[str]]: