pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +22 -7
  5. pulumi_vault/ad/secret_backend.py +14 -144
  6. pulumi_vault/ad/secret_library.py +14 -11
  7. pulumi_vault/ad/secret_role.py +12 -11
  8. pulumi_vault/alicloud/auth_backend_role.py +74 -192
  9. pulumi_vault/approle/auth_backend_login.py +12 -11
  10. pulumi_vault/approle/auth_backend_role.py +75 -193
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
  13. pulumi_vault/audit.py +24 -27
  14. pulumi_vault/audit_request_header.py +11 -6
  15. pulumi_vault/auth_backend.py +64 -12
  16. pulumi_vault/aws/auth_backend_cert.py +12 -7
  17. pulumi_vault/aws/auth_backend_client.py +265 -24
  18. pulumi_vault/aws/auth_backend_config_identity.py +12 -11
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +75 -193
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
  24. pulumi_vault/aws/auth_backend_sts_role.py +12 -11
  25. pulumi_vault/aws/get_access_credentials.py +34 -7
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +75 -7
  28. pulumi_vault/aws/secret_backend_role.py +183 -11
  29. pulumi_vault/aws/secret_backend_static_role.py +14 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +151 -17
  32. pulumi_vault/azure/auth_backend_role.py +75 -193
  33. pulumi_vault/azure/backend.py +223 -29
  34. pulumi_vault/azure/backend_role.py +42 -41
  35. pulumi_vault/azure/get_access_credentials.py +39 -11
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -271
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +22 -25
  44. pulumi_vault/consul/secret_backend_role.py +14 -80
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +117 -114
  48. pulumi_vault/database/secret_backend_role.py +29 -24
  49. pulumi_vault/database/secret_backend_static_role.py +85 -15
  50. pulumi_vault/database/secrets_mount.py +425 -138
  51. pulumi_vault/egp_policy.py +16 -15
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +248 -35
  54. pulumi_vault/gcp/auth_backend_role.py +75 -271
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -9
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -16
  58. pulumi_vault/gcp/secret_impersonated_account.py +74 -17
  59. pulumi_vault/gcp/secret_roleset.py +29 -26
  60. pulumi_vault/gcp/secret_static_account.py +37 -34
  61. pulumi_vault/generic/endpoint.py +22 -21
  62. pulumi_vault/generic/get_secret.py +68 -12
  63. pulumi_vault/generic/secret.py +19 -14
  64. pulumi_vault/get_auth_backend.py +24 -11
  65. pulumi_vault/get_auth_backends.py +33 -11
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -15
  69. pulumi_vault/get_policy_document.py +34 -23
  70. pulumi_vault/get_raft_autopilot_state.py +29 -14
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +17 -16
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +14 -13
  75. pulumi_vault/github/user.py +14 -13
  76. pulumi_vault/identity/entity.py +18 -15
  77. pulumi_vault/identity/entity_alias.py +18 -15
  78. pulumi_vault/identity/entity_policies.py +24 -19
  79. pulumi_vault/identity/get_entity.py +40 -14
  80. pulumi_vault/identity/get_group.py +45 -13
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -11
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -13
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -14
  84. pulumi_vault/identity/group.py +50 -49
  85. pulumi_vault/identity/group_alias.py +14 -11
  86. pulumi_vault/identity/group_member_entity_ids.py +24 -74
  87. pulumi_vault/identity/group_member_group_ids.py +36 -27
  88. pulumi_vault/identity/group_policies.py +16 -15
  89. pulumi_vault/identity/mfa_duo.py +9 -8
  90. pulumi_vault/identity/mfa_login_enforcement.py +13 -8
  91. pulumi_vault/identity/mfa_okta.py +9 -8
  92. pulumi_vault/identity/mfa_pingid.py +5 -4
  93. pulumi_vault/identity/mfa_totp.py +5 -4
  94. pulumi_vault/identity/oidc.py +12 -11
  95. pulumi_vault/identity/oidc_assignment.py +22 -13
  96. pulumi_vault/identity/oidc_client.py +34 -25
  97. pulumi_vault/identity/oidc_key.py +28 -19
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
  99. pulumi_vault/identity/oidc_provider.py +34 -23
  100. pulumi_vault/identity/oidc_role.py +40 -27
  101. pulumi_vault/identity/oidc_scope.py +18 -15
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +39 -46
  105. pulumi_vault/jwt/auth_backend_role.py +131 -260
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +22 -21
  108. pulumi_vault/kmip/secret_role.py +12 -11
  109. pulumi_vault/kmip/secret_scope.py +12 -11
  110. pulumi_vault/kubernetes/auth_backend_config.py +55 -7
  111. pulumi_vault/kubernetes/auth_backend_role.py +68 -179
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -15
  115. pulumi_vault/kubernetes/secret_backend.py +314 -29
  116. pulumi_vault/kubernetes/secret_backend_role.py +135 -56
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +23 -12
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
  120. pulumi_vault/kv/get_secret_v2.py +89 -9
  121. pulumi_vault/kv/get_secrets_list.py +22 -15
  122. pulumi_vault/kv/get_secrets_list_v2.py +35 -19
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +19 -18
  125. pulumi_vault/kv/secret_backend_v2.py +12 -11
  126. pulumi_vault/kv/secret_v2.py +55 -52
  127. pulumi_vault/ldap/auth_backend.py +125 -168
  128. pulumi_vault/ldap/auth_backend_group.py +12 -11
  129. pulumi_vault/ldap/auth_backend_user.py +12 -11
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +352 -84
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +14 -11
  135. pulumi_vault/ldap/secret_backend_static_role.py +67 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +27 -43
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +16 -13
  140. pulumi_vault/mfa_okta.py +16 -13
  141. pulumi_vault/mfa_pingid.py +16 -13
  142. pulumi_vault/mfa_totp.py +22 -19
  143. pulumi_vault/mongodbatlas/secret_backend.py +18 -17
  144. pulumi_vault/mongodbatlas/secret_role.py +41 -38
  145. pulumi_vault/mount.py +389 -65
  146. pulumi_vault/namespace.py +26 -21
  147. pulumi_vault/nomad_secret_backend.py +16 -15
  148. pulumi_vault/nomad_secret_role.py +12 -11
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +483 -41
  151. pulumi_vault/okta/auth_backend_group.py +12 -11
  152. pulumi_vault/okta/auth_backend_user.py +12 -11
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +18 -15
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -13
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -12
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
  174. pulumi_vault/pkisecret/secret_backend_key.py +12 -7
  175. pulumi_vault/pkisecret/secret_backend_role.py +19 -16
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +12 -7
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +58 -8
  185. pulumi_vault/quota_rate_limit.py +54 -4
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +16 -15
  189. pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
  190. pulumi_vault/raft_autopilot.py +12 -11
  191. pulumi_vault/raft_snapshot_agent_config.py +121 -311
  192. pulumi_vault/rgp_policy.py +14 -13
  193. pulumi_vault/saml/auth_backend.py +20 -19
  194. pulumi_vault/saml/auth_backend_role.py +90 -199
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -75
  199. pulumi_vault/secrets/sync_aws_destination.py +240 -29
  200. pulumi_vault/secrets/sync_azure_destination.py +90 -33
  201. pulumi_vault/secrets/sync_config.py +7 -6
  202. pulumi_vault/secrets/sync_gcp_destination.py +156 -27
  203. pulumi_vault/secrets/sync_gh_destination.py +187 -15
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +72 -15
  206. pulumi_vault/ssh/_inputs.py +28 -32
  207. pulumi_vault/ssh/outputs.py +11 -32
  208. pulumi_vault/ssh/secret_backend_ca.py +106 -11
  209. pulumi_vault/ssh/secret_backend_role.py +83 -120
  210. pulumi_vault/terraformcloud/secret_backend.py +5 -56
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -24
  212. pulumi_vault/terraformcloud/secret_role.py +14 -76
  213. pulumi_vault/token.py +26 -25
  214. pulumi_vault/tokenauth/auth_backend_role.py +76 -201
  215. pulumi_vault/transform/alphabet.py +16 -13
  216. pulumi_vault/transform/get_decode.py +45 -21
  217. pulumi_vault/transform/get_encode.py +45 -21
  218. pulumi_vault/transform/role.py +16 -13
  219. pulumi_vault/transform/template.py +30 -25
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -25
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +25 -97
  224. pulumi_vault/transit/secret_cache_config.py +12 -11
  225. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0
pulumi_vault/_inputs.py CHANGED
@@ -4,32 +4,104 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from . import _utilities
11
16
 
12
17
  __all__ = [
13
18
  'AuthBackendTuneArgs',
19
+ 'AuthBackendTuneArgsDict',
14
20
  'ProviderAuthLoginArgs',
21
+ 'ProviderAuthLoginArgsDict',
15
22
  'ProviderAuthLoginAwsArgs',
23
+ 'ProviderAuthLoginAwsArgsDict',
16
24
  'ProviderAuthLoginAzureArgs',
25
+ 'ProviderAuthLoginAzureArgsDict',
17
26
  'ProviderAuthLoginCertArgs',
27
+ 'ProviderAuthLoginCertArgsDict',
18
28
  'ProviderAuthLoginGcpArgs',
29
+ 'ProviderAuthLoginGcpArgsDict',
19
30
  'ProviderAuthLoginJwtArgs',
31
+ 'ProviderAuthLoginJwtArgsDict',
20
32
  'ProviderAuthLoginKerberosArgs',
33
+ 'ProviderAuthLoginKerberosArgsDict',
21
34
  'ProviderAuthLoginOciArgs',
35
+ 'ProviderAuthLoginOciArgsDict',
22
36
  'ProviderAuthLoginOidcArgs',
37
+ 'ProviderAuthLoginOidcArgsDict',
23
38
  'ProviderAuthLoginRadiusArgs',
39
+ 'ProviderAuthLoginRadiusArgsDict',
24
40
  'ProviderAuthLoginTokenFileArgs',
41
+ 'ProviderAuthLoginTokenFileArgsDict',
25
42
  'ProviderAuthLoginUserpassArgs',
43
+ 'ProviderAuthLoginUserpassArgsDict',
26
44
  'ProviderClientAuthArgs',
45
+ 'ProviderClientAuthArgsDict',
27
46
  'ProviderHeaderArgs',
47
+ 'ProviderHeaderArgsDict',
28
48
  'GetPolicyDocumentRuleArgs',
49
+ 'GetPolicyDocumentRuleArgsDict',
29
50
  'GetPolicyDocumentRuleAllowedParameterArgs',
51
+ 'GetPolicyDocumentRuleAllowedParameterArgsDict',
30
52
  'GetPolicyDocumentRuleDeniedParameterArgs',
53
+ 'GetPolicyDocumentRuleDeniedParameterArgsDict',
31
54
  ]
32
55
 
56
+ MYPY = False
57
+
58
+ if not MYPY:
59
+ class AuthBackendTuneArgsDict(TypedDict):
60
+ allowed_response_headers: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
61
+ """
62
+ List of headers to whitelist and allowing
63
+ a plugin to include them in the response.
64
+ """
65
+ audit_non_hmac_request_keys: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
66
+ """
67
+ Specifies the list of keys that will
68
+ not be HMAC'd by audit devices in the request data object.
69
+ """
70
+ audit_non_hmac_response_keys: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
71
+ """
72
+ Specifies the list of keys that will
73
+ not be HMAC'd by audit devices in the response data object.
74
+ """
75
+ default_lease_ttl: NotRequired[pulumi.Input[str]]
76
+ """
77
+ Specifies the default time-to-live.
78
+ If set, this overrides the global default.
79
+ Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
80
+ """
81
+ listing_visibility: NotRequired[pulumi.Input[str]]
82
+ """
83
+ Specifies whether to show this mount in
84
+ the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
85
+ """
86
+ max_lease_ttl: NotRequired[pulumi.Input[str]]
87
+ """
88
+ Specifies the maximum time-to-live.
89
+ If set, this overrides the global default.
90
+ Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
91
+ """
92
+ passthrough_request_headers: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
93
+ """
94
+ List of headers to whitelist and
95
+ pass from the request to the backend.
96
+ """
97
+ token_type: NotRequired[pulumi.Input[str]]
98
+ """
99
+ Specifies the type of tokens that should be returned by
100
+ the mount. Valid values are "default-service", "default-batch", "service", "batch".
101
+ """
102
+ elif False:
103
+ AuthBackendTuneArgsDict: TypeAlias = Mapping[str, Any]
104
+
33
105
  @pulumi.input_type
34
106
  class AuthBackendTuneArgs:
35
107
  def __init__(__self__, *,
@@ -185,6 +257,22 @@ class AuthBackendTuneArgs:
185
257
  pulumi.set(self, "token_type", value)
186
258
 
187
259
 
260
+ if not MYPY:
261
+ class ProviderAuthLoginArgsDict(TypedDict):
262
+ path: pulumi.Input[str]
263
+ method: NotRequired[pulumi.Input[str]]
264
+ namespace: NotRequired[pulumi.Input[str]]
265
+ """
266
+ The authentication engine's namespace. Conflicts with use_root_namespace
267
+ """
268
+ parameters: NotRequired[pulumi.Input[Mapping[str, pulumi.Input[str]]]]
269
+ use_root_namespace: NotRequired[pulumi.Input[bool]]
270
+ """
271
+ Authenticate to the root Vault namespace. Conflicts with namespace
272
+ """
273
+ elif False:
274
+ ProviderAuthLoginArgsDict: TypeAlias = Mapping[str, Any]
275
+
188
276
  @pulumi.input_type
189
277
  class ProviderAuthLoginArgs:
190
278
  def __init__(__self__, *,
@@ -259,6 +347,75 @@ class ProviderAuthLoginArgs:
259
347
  pulumi.set(self, "use_root_namespace", value)
260
348
 
261
349
 
350
+ if not MYPY:
351
+ class ProviderAuthLoginAwsArgsDict(TypedDict):
352
+ role: pulumi.Input[str]
353
+ """
354
+ The Vault role to use when logging into Vault.
355
+ """
356
+ aws_access_key_id: NotRequired[pulumi.Input[str]]
357
+ """
358
+ The AWS access key ID.
359
+ """
360
+ aws_iam_endpoint: NotRequired[pulumi.Input[str]]
361
+ """
362
+ The IAM endpoint URL.
363
+ """
364
+ aws_profile: NotRequired[pulumi.Input[str]]
365
+ """
366
+ The name of the AWS profile.
367
+ """
368
+ aws_region: NotRequired[pulumi.Input[str]]
369
+ """
370
+ The AWS region.
371
+ """
372
+ aws_role_arn: NotRequired[pulumi.Input[str]]
373
+ """
374
+ The ARN of the AWS Role to assume.Used during STS AssumeRole
375
+ """
376
+ aws_role_session_name: NotRequired[pulumi.Input[str]]
377
+ """
378
+ Specifies the name to attach to the AWS role session. Used during STS AssumeRole
379
+ """
380
+ aws_secret_access_key: NotRequired[pulumi.Input[str]]
381
+ """
382
+ The AWS secret access key.
383
+ """
384
+ aws_session_token: NotRequired[pulumi.Input[str]]
385
+ """
386
+ The AWS session token.
387
+ """
388
+ aws_shared_credentials_file: NotRequired[pulumi.Input[str]]
389
+ """
390
+ Path to the AWS shared credentials file.
391
+ """
392
+ aws_sts_endpoint: NotRequired[pulumi.Input[str]]
393
+ """
394
+ The STS endpoint URL.
395
+ """
396
+ aws_web_identity_token_file: NotRequired[pulumi.Input[str]]
397
+ """
398
+ Path to the file containing an OAuth 2.0 access token or OpenID Connect ID token.
399
+ """
400
+ header_value: NotRequired[pulumi.Input[str]]
401
+ """
402
+ The Vault header value to include in the STS signing request.
403
+ """
404
+ mount: NotRequired[pulumi.Input[str]]
405
+ """
406
+ The path where the authentication engine is mounted.
407
+ """
408
+ namespace: NotRequired[pulumi.Input[str]]
409
+ """
410
+ The authentication engine's namespace. Conflicts with use_root_namespace
411
+ """
412
+ use_root_namespace: NotRequired[pulumi.Input[bool]]
413
+ """
414
+ Authenticate to the root Vault namespace. Conflicts with namespace
415
+ """
416
+ elif False:
417
+ ProviderAuthLoginAwsArgsDict: TypeAlias = Mapping[str, Any]
418
+
262
419
  @pulumi.input_type
263
420
  class ProviderAuthLoginAwsArgs:
264
421
  def __init__(__self__, *,
@@ -521,6 +678,59 @@ class ProviderAuthLoginAwsArgs:
521
678
  pulumi.set(self, "use_root_namespace", value)
522
679
 
523
680
 
681
+ if not MYPY:
682
+ class ProviderAuthLoginAzureArgsDict(TypedDict):
683
+ resource_group_name: pulumi.Input[str]
684
+ """
685
+ The resource group for the machine that generated the MSI token. This information can be obtained through instance metadata.
686
+ """
687
+ role: pulumi.Input[str]
688
+ """
689
+ Name of the login role.
690
+ """
691
+ subscription_id: pulumi.Input[str]
692
+ """
693
+ The subscription ID for the machine that generated the MSI token. This information can be obtained through instance metadata.
694
+ """
695
+ client_id: NotRequired[pulumi.Input[str]]
696
+ """
697
+ The identity's client ID.
698
+ """
699
+ jwt: NotRequired[pulumi.Input[str]]
700
+ """
701
+ A signed JSON Web Token. If not specified on will be created automatically
702
+ """
703
+ mount: NotRequired[pulumi.Input[str]]
704
+ """
705
+ The path where the authentication engine is mounted.
706
+ """
707
+ namespace: NotRequired[pulumi.Input[str]]
708
+ """
709
+ The authentication engine's namespace. Conflicts with use_root_namespace
710
+ """
711
+ scope: NotRequired[pulumi.Input[str]]
712
+ """
713
+ The scopes to include in the token request.
714
+ """
715
+ tenant_id: NotRequired[pulumi.Input[str]]
716
+ """
717
+ Provides the tenant ID to use in a multi-tenant authentication scenario.
718
+ """
719
+ use_root_namespace: NotRequired[pulumi.Input[bool]]
720
+ """
721
+ Authenticate to the root Vault namespace. Conflicts with namespace
722
+ """
723
+ vm_name: NotRequired[pulumi.Input[str]]
724
+ """
725
+ The virtual machine name for the machine that generated the MSI token. This information can be obtained through instance metadata.
726
+ """
727
+ vmss_name: NotRequired[pulumi.Input[str]]
728
+ """
729
+ The virtual machine scale set name for the machine that generated the MSI token. This information can be obtained through instance metadata.
730
+ """
731
+ elif False:
732
+ ProviderAuthLoginAzureArgsDict: TypeAlias = Mapping[str, Any]
733
+
524
734
  @pulumi.input_type
525
735
  class ProviderAuthLoginAzureArgs:
526
736
  def __init__(__self__, *,
@@ -717,6 +927,35 @@ class ProviderAuthLoginAzureArgs:
717
927
  pulumi.set(self, "vmss_name", value)
718
928
 
719
929
 
930
+ if not MYPY:
931
+ class ProviderAuthLoginCertArgsDict(TypedDict):
932
+ cert_file: pulumi.Input[str]
933
+ """
934
+ Path to a file containing the client certificate.
935
+ """
936
+ key_file: pulumi.Input[str]
937
+ """
938
+ Path to a file containing the private key that the certificate was issued for.
939
+ """
940
+ mount: NotRequired[pulumi.Input[str]]
941
+ """
942
+ The path where the authentication engine is mounted.
943
+ """
944
+ name: NotRequired[pulumi.Input[str]]
945
+ """
946
+ Name of the certificate's role
947
+ """
948
+ namespace: NotRequired[pulumi.Input[str]]
949
+ """
950
+ The authentication engine's namespace. Conflicts with use_root_namespace
951
+ """
952
+ use_root_namespace: NotRequired[pulumi.Input[bool]]
953
+ """
954
+ Authenticate to the root Vault namespace. Conflicts with namespace
955
+ """
956
+ elif False:
957
+ ProviderAuthLoginCertArgsDict: TypeAlias = Mapping[str, Any]
958
+
720
959
  @pulumi.input_type
721
960
  class ProviderAuthLoginCertArgs:
722
961
  def __init__(__self__, *,
@@ -818,6 +1057,39 @@ class ProviderAuthLoginCertArgs:
818
1057
  pulumi.set(self, "use_root_namespace", value)
819
1058
 
820
1059
 
1060
+ if not MYPY:
1061
+ class ProviderAuthLoginGcpArgsDict(TypedDict):
1062
+ role: pulumi.Input[str]
1063
+ """
1064
+ Name of the login role.
1065
+ """
1066
+ credentials: NotRequired[pulumi.Input[str]]
1067
+ """
1068
+ Path to the Google Cloud credentials file.
1069
+ """
1070
+ jwt: NotRequired[pulumi.Input[str]]
1071
+ """
1072
+ A signed JSON Web Token.
1073
+ """
1074
+ mount: NotRequired[pulumi.Input[str]]
1075
+ """
1076
+ The path where the authentication engine is mounted.
1077
+ """
1078
+ namespace: NotRequired[pulumi.Input[str]]
1079
+ """
1080
+ The authentication engine's namespace. Conflicts with use_root_namespace
1081
+ """
1082
+ service_account: NotRequired[pulumi.Input[str]]
1083
+ """
1084
+ IAM service account.
1085
+ """
1086
+ use_root_namespace: NotRequired[pulumi.Input[bool]]
1087
+ """
1088
+ Authenticate to the root Vault namespace. Conflicts with namespace
1089
+ """
1090
+ elif False:
1091
+ ProviderAuthLoginGcpArgsDict: TypeAlias = Mapping[str, Any]
1092
+
821
1093
  @pulumi.input_type
822
1094
  class ProviderAuthLoginGcpArgs:
823
1095
  def __init__(__self__, *,
@@ -936,6 +1208,31 @@ class ProviderAuthLoginGcpArgs:
936
1208
  pulumi.set(self, "use_root_namespace", value)
937
1209
 
938
1210
 
1211
+ if not MYPY:
1212
+ class ProviderAuthLoginJwtArgsDict(TypedDict):
1213
+ jwt: pulumi.Input[str]
1214
+ """
1215
+ A signed JSON Web Token.
1216
+ """
1217
+ role: pulumi.Input[str]
1218
+ """
1219
+ Name of the login role.
1220
+ """
1221
+ mount: NotRequired[pulumi.Input[str]]
1222
+ """
1223
+ The path where the authentication engine is mounted.
1224
+ """
1225
+ namespace: NotRequired[pulumi.Input[str]]
1226
+ """
1227
+ The authentication engine's namespace. Conflicts with use_root_namespace
1228
+ """
1229
+ use_root_namespace: NotRequired[pulumi.Input[bool]]
1230
+ """
1231
+ Authenticate to the root Vault namespace. Conflicts with namespace
1232
+ """
1233
+ elif False:
1234
+ ProviderAuthLoginJwtArgsDict: TypeAlias = Mapping[str, Any]
1235
+
939
1236
  @pulumi.input_type
940
1237
  class ProviderAuthLoginJwtArgs:
941
1238
  def __init__(__self__, *,
@@ -1021,6 +1318,55 @@ class ProviderAuthLoginJwtArgs:
1021
1318
  pulumi.set(self, "use_root_namespace", value)
1022
1319
 
1023
1320
 
1321
+ if not MYPY:
1322
+ class ProviderAuthLoginKerberosArgsDict(TypedDict):
1323
+ disable_fast_negotiation: NotRequired[pulumi.Input[bool]]
1324
+ """
1325
+ Disable the Kerberos FAST negotiation.
1326
+ """
1327
+ keytab_path: NotRequired[pulumi.Input[str]]
1328
+ """
1329
+ The Kerberos keytab file containing the entry of the login entity.
1330
+ """
1331
+ krb5conf_path: NotRequired[pulumi.Input[str]]
1332
+ """
1333
+ A valid Kerberos configuration file e.g. /etc/krb5.conf.
1334
+ """
1335
+ mount: NotRequired[pulumi.Input[str]]
1336
+ """
1337
+ The path where the authentication engine is mounted.
1338
+ """
1339
+ namespace: NotRequired[pulumi.Input[str]]
1340
+ """
1341
+ The authentication engine's namespace. Conflicts with use_root_namespace
1342
+ """
1343
+ realm: NotRequired[pulumi.Input[str]]
1344
+ """
1345
+ The Kerberos server's authoritative authentication domain
1346
+ """
1347
+ remove_instance_name: NotRequired[pulumi.Input[bool]]
1348
+ """
1349
+ Strip the host from the username found in the keytab.
1350
+ """
1351
+ service: NotRequired[pulumi.Input[str]]
1352
+ """
1353
+ The service principle name.
1354
+ """
1355
+ token: NotRequired[pulumi.Input[str]]
1356
+ """
1357
+ Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) token
1358
+ """
1359
+ use_root_namespace: NotRequired[pulumi.Input[bool]]
1360
+ """
1361
+ Authenticate to the root Vault namespace. Conflicts with namespace
1362
+ """
1363
+ username: NotRequired[pulumi.Input[str]]
1364
+ """
1365
+ The username to login into Kerberos with.
1366
+ """
1367
+ elif False:
1368
+ ProviderAuthLoginKerberosArgsDict: TypeAlias = Mapping[str, Any]
1369
+
1024
1370
  @pulumi.input_type
1025
1371
  class ProviderAuthLoginKerberosArgs:
1026
1372
  def __init__(__self__, *,
@@ -1204,6 +1550,31 @@ class ProviderAuthLoginKerberosArgs:
1204
1550
  pulumi.set(self, "username", value)
1205
1551
 
1206
1552
 
1553
+ if not MYPY:
1554
+ class ProviderAuthLoginOciArgsDict(TypedDict):
1555
+ auth_type: pulumi.Input[str]
1556
+ """
1557
+ Authentication type to use when getting OCI credentials.
1558
+ """
1559
+ role: pulumi.Input[str]
1560
+ """
1561
+ Name of the login role.
1562
+ """
1563
+ mount: NotRequired[pulumi.Input[str]]
1564
+ """
1565
+ The path where the authentication engine is mounted.
1566
+ """
1567
+ namespace: NotRequired[pulumi.Input[str]]
1568
+ """
1569
+ The authentication engine's namespace. Conflicts with use_root_namespace
1570
+ """
1571
+ use_root_namespace: NotRequired[pulumi.Input[bool]]
1572
+ """
1573
+ Authenticate to the root Vault namespace. Conflicts with namespace
1574
+ """
1575
+ elif False:
1576
+ ProviderAuthLoginOciArgsDict: TypeAlias = Mapping[str, Any]
1577
+
1207
1578
  @pulumi.input_type
1208
1579
  class ProviderAuthLoginOciArgs:
1209
1580
  def __init__(__self__, *,
@@ -1289,6 +1660,35 @@ class ProviderAuthLoginOciArgs:
1289
1660
  pulumi.set(self, "use_root_namespace", value)
1290
1661
 
1291
1662
 
1663
+ if not MYPY:
1664
+ class ProviderAuthLoginOidcArgsDict(TypedDict):
1665
+ role: pulumi.Input[str]
1666
+ """
1667
+ Name of the login role.
1668
+ """
1669
+ callback_address: NotRequired[pulumi.Input[str]]
1670
+ """
1671
+ The callback address. Must be a valid URI without the path.
1672
+ """
1673
+ callback_listener_address: NotRequired[pulumi.Input[str]]
1674
+ """
1675
+ The callback listener's address. Must be a valid URI without the path.
1676
+ """
1677
+ mount: NotRequired[pulumi.Input[str]]
1678
+ """
1679
+ The path where the authentication engine is mounted.
1680
+ """
1681
+ namespace: NotRequired[pulumi.Input[str]]
1682
+ """
1683
+ The authentication engine's namespace. Conflicts with use_root_namespace
1684
+ """
1685
+ use_root_namespace: NotRequired[pulumi.Input[bool]]
1686
+ """
1687
+ Authenticate to the root Vault namespace. Conflicts with namespace
1688
+ """
1689
+ elif False:
1690
+ ProviderAuthLoginOidcArgsDict: TypeAlias = Mapping[str, Any]
1691
+
1292
1692
  @pulumi.input_type
1293
1693
  class ProviderAuthLoginOidcArgs:
1294
1694
  def __init__(__self__, *,
@@ -1391,6 +1791,31 @@ class ProviderAuthLoginOidcArgs:
1391
1791
  pulumi.set(self, "use_root_namespace", value)
1392
1792
 
1393
1793
 
1794
+ if not MYPY:
1795
+ class ProviderAuthLoginRadiusArgsDict(TypedDict):
1796
+ password: pulumi.Input[str]
1797
+ """
1798
+ The Radius password for username.
1799
+ """
1800
+ username: pulumi.Input[str]
1801
+ """
1802
+ The Radius username.
1803
+ """
1804
+ mount: NotRequired[pulumi.Input[str]]
1805
+ """
1806
+ The path where the authentication engine is mounted.
1807
+ """
1808
+ namespace: NotRequired[pulumi.Input[str]]
1809
+ """
1810
+ The authentication engine's namespace. Conflicts with use_root_namespace
1811
+ """
1812
+ use_root_namespace: NotRequired[pulumi.Input[bool]]
1813
+ """
1814
+ Authenticate to the root Vault namespace. Conflicts with namespace
1815
+ """
1816
+ elif False:
1817
+ ProviderAuthLoginRadiusArgsDict: TypeAlias = Mapping[str, Any]
1818
+
1394
1819
  @pulumi.input_type
1395
1820
  class ProviderAuthLoginRadiusArgs:
1396
1821
  def __init__(__self__, *,
@@ -1476,6 +1901,23 @@ class ProviderAuthLoginRadiusArgs:
1476
1901
  pulumi.set(self, "use_root_namespace", value)
1477
1902
 
1478
1903
 
1904
+ if not MYPY:
1905
+ class ProviderAuthLoginTokenFileArgsDict(TypedDict):
1906
+ filename: pulumi.Input[str]
1907
+ """
1908
+ The name of a file containing a single line that is a valid Vault token
1909
+ """
1910
+ namespace: NotRequired[pulumi.Input[str]]
1911
+ """
1912
+ The authentication engine's namespace. Conflicts with use_root_namespace
1913
+ """
1914
+ use_root_namespace: NotRequired[pulumi.Input[bool]]
1915
+ """
1916
+ Authenticate to the root Vault namespace. Conflicts with namespace
1917
+ """
1918
+ elif False:
1919
+ ProviderAuthLoginTokenFileArgsDict: TypeAlias = Mapping[str, Any]
1920
+
1479
1921
  @pulumi.input_type
1480
1922
  class ProviderAuthLoginTokenFileArgs:
1481
1923
  def __init__(__self__, *,
@@ -1530,6 +1972,35 @@ class ProviderAuthLoginTokenFileArgs:
1530
1972
  pulumi.set(self, "use_root_namespace", value)
1531
1973
 
1532
1974
 
1975
+ if not MYPY:
1976
+ class ProviderAuthLoginUserpassArgsDict(TypedDict):
1977
+ username: pulumi.Input[str]
1978
+ """
1979
+ Login with username
1980
+ """
1981
+ mount: NotRequired[pulumi.Input[str]]
1982
+ """
1983
+ The path where the authentication engine is mounted.
1984
+ """
1985
+ namespace: NotRequired[pulumi.Input[str]]
1986
+ """
1987
+ The authentication engine's namespace. Conflicts with use_root_namespace
1988
+ """
1989
+ password: NotRequired[pulumi.Input[str]]
1990
+ """
1991
+ Login with password
1992
+ """
1993
+ password_file: NotRequired[pulumi.Input[str]]
1994
+ """
1995
+ Login with password from a file
1996
+ """
1997
+ use_root_namespace: NotRequired[pulumi.Input[bool]]
1998
+ """
1999
+ Authenticate to the root Vault namespace. Conflicts with namespace
2000
+ """
2001
+ elif False:
2002
+ ProviderAuthLoginUserpassArgsDict: TypeAlias = Mapping[str, Any]
2003
+
1533
2004
  @pulumi.input_type
1534
2005
  class ProviderAuthLoginUserpassArgs:
1535
2006
  def __init__(__self__, *,
@@ -1632,6 +2103,19 @@ class ProviderAuthLoginUserpassArgs:
1632
2103
  pulumi.set(self, "use_root_namespace", value)
1633
2104
 
1634
2105
 
2106
+ if not MYPY:
2107
+ class ProviderClientAuthArgsDict(TypedDict):
2108
+ cert_file: pulumi.Input[str]
2109
+ """
2110
+ Path to a file containing the client certificate.
2111
+ """
2112
+ key_file: pulumi.Input[str]
2113
+ """
2114
+ Path to a file containing the private key that the certificate was issued for.
2115
+ """
2116
+ elif False:
2117
+ ProviderClientAuthArgsDict: TypeAlias = Mapping[str, Any]
2118
+
1635
2119
  @pulumi.input_type
1636
2120
  class ProviderClientAuthArgs:
1637
2121
  def __init__(__self__, *,
@@ -1669,6 +2153,19 @@ class ProviderClientAuthArgs:
1669
2153
  pulumi.set(self, "key_file", value)
1670
2154
 
1671
2155
 
2156
+ if not MYPY:
2157
+ class ProviderHeaderArgsDict(TypedDict):
2158
+ name: pulumi.Input[str]
2159
+ """
2160
+ The header name
2161
+ """
2162
+ value: pulumi.Input[str]
2163
+ """
2164
+ The header value
2165
+ """
2166
+ elif False:
2167
+ ProviderHeaderArgsDict: TypeAlias = Mapping[str, Any]
2168
+
1672
2169
  @pulumi.input_type
1673
2170
  class ProviderHeaderArgs:
1674
2171
  def __init__(__self__, *,
@@ -1706,6 +2203,43 @@ class ProviderHeaderArgs:
1706
2203
  pulumi.set(self, "value", value)
1707
2204
 
1708
2205
 
2206
+ if not MYPY:
2207
+ class GetPolicyDocumentRuleArgsDict(TypedDict):
2208
+ capabilities: Sequence[str]
2209
+ """
2210
+ A list of capabilities that this rule apply to `path`. For example, ["read", "write"].
2211
+ """
2212
+ path: str
2213
+ """
2214
+ A path in Vault that this rule applies to.
2215
+ """
2216
+ allowed_parameters: NotRequired[Sequence['GetPolicyDocumentRuleAllowedParameterArgsDict']]
2217
+ """
2218
+ Whitelists a list of keys and values that are permitted on the given path. See Parameters below.
2219
+ """
2220
+ denied_parameters: NotRequired[Sequence['GetPolicyDocumentRuleDeniedParameterArgsDict']]
2221
+ """
2222
+ Blacklists a list of parameter and values. Any values specified here take precedence over `allowed_parameter`. See Parameters below.
2223
+ """
2224
+ description: NotRequired[str]
2225
+ """
2226
+ Description of the rule. Will be added as a comment to rendered rule.
2227
+ """
2228
+ max_wrapping_ttl: NotRequired[str]
2229
+ """
2230
+ The maximum allowed TTL that clients can specify for a wrapped response.
2231
+ """
2232
+ min_wrapping_ttl: NotRequired[str]
2233
+ """
2234
+ The minimum allowed TTL that clients can specify for a wrapped response.
2235
+ """
2236
+ required_parameters: NotRequired[Sequence[str]]
2237
+ """
2238
+ A list of parameters that must be specified.
2239
+ """
2240
+ elif False:
2241
+ GetPolicyDocumentRuleArgsDict: TypeAlias = Mapping[str, Any]
2242
+
1709
2243
  @pulumi.input_type
1710
2244
  class GetPolicyDocumentRuleArgs:
1711
2245
  def __init__(__self__, *,
@@ -1839,6 +2373,19 @@ class GetPolicyDocumentRuleArgs:
1839
2373
  pulumi.set(self, "required_parameters", value)
1840
2374
 
1841
2375
 
2376
+ if not MYPY:
2377
+ class GetPolicyDocumentRuleAllowedParameterArgsDict(TypedDict):
2378
+ key: str
2379
+ """
2380
+ name of permitted or denied parameter.
2381
+ """
2382
+ values: Sequence[str]
2383
+ """
2384
+ list of values what are permitted or denied by policy rule.
2385
+ """
2386
+ elif False:
2387
+ GetPolicyDocumentRuleAllowedParameterArgsDict: TypeAlias = Mapping[str, Any]
2388
+
1842
2389
  @pulumi.input_type
1843
2390
  class GetPolicyDocumentRuleAllowedParameterArgs:
1844
2391
  def __init__(__self__, *,
@@ -1876,6 +2423,19 @@ class GetPolicyDocumentRuleAllowedParameterArgs:
1876
2423
  pulumi.set(self, "values", value)
1877
2424
 
1878
2425
 
2426
+ if not MYPY:
2427
+ class GetPolicyDocumentRuleDeniedParameterArgsDict(TypedDict):
2428
+ key: str
2429
+ """
2430
+ name of permitted or denied parameter.
2431
+ """
2432
+ values: Sequence[str]
2433
+ """
2434
+ list of values what are permitted or denied by policy rule.
2435
+ """
2436
+ elif False:
2437
+ GetPolicyDocumentRuleDeniedParameterArgsDict: TypeAlias = Mapping[str, Any]
2438
+
1879
2439
  @pulumi.input_type
1880
2440
  class GetPolicyDocumentRuleDeniedParameterArgs:
1881
2441
  def __init__(__self__, *,