PyPI - pulumi-vault - Versions diffs - 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl - Mend

pulumi-vault 5.21.0a1710160723py3-none-any.whl → 6.5.0a1736850018py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (229) hide show

pulumi_vault/__init__.py +52 -0
pulumi_vault/_inputs.py +560 -0
pulumi_vault/_utilities.py +41 -5
pulumi_vault/ad/get_access_credentials.py +22 -7
pulumi_vault/ad/secret_backend.py +14 -144
pulumi_vault/ad/secret_library.py +14 -11
pulumi_vault/ad/secret_role.py +12 -11
pulumi_vault/alicloud/auth_backend_role.py +74 -192
pulumi_vault/approle/auth_backend_login.py +12 -11
pulumi_vault/approle/auth_backend_role.py +75 -193
pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
pulumi_vault/audit.py +24 -27
pulumi_vault/audit_request_header.py +11 -6
pulumi_vault/auth_backend.py +64 -12
pulumi_vault/aws/auth_backend_cert.py +12 -7
pulumi_vault/aws/auth_backend_client.py +265 -24
pulumi_vault/aws/auth_backend_config_identity.py +12 -11
pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
pulumi_vault/aws/auth_backend_login.py +19 -22
pulumi_vault/aws/auth_backend_role.py +75 -193
pulumi_vault/aws/auth_backend_role_tag.py +12 -7
pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
pulumi_vault/aws/auth_backend_sts_role.py +12 -11
pulumi_vault/aws/get_access_credentials.py +34 -7
pulumi_vault/aws/get_static_access_credentials.py +19 -5
pulumi_vault/aws/secret_backend.py +75 -7
pulumi_vault/aws/secret_backend_role.py +183 -11
pulumi_vault/aws/secret_backend_static_role.py +14 -11
pulumi_vault/azure/_inputs.py +24 -0
pulumi_vault/azure/auth_backend_config.py +151 -17
pulumi_vault/azure/auth_backend_role.py +75 -193
pulumi_vault/azure/backend.py +223 -29
pulumi_vault/azure/backend_role.py +42 -41
pulumi_vault/azure/get_access_credentials.py +39 -11
pulumi_vault/azure/outputs.py +5 -0
pulumi_vault/cert_auth_backend_role.py +87 -271
pulumi_vault/config/__init__.pyi +5 -0
pulumi_vault/config/_inputs.py +73 -0
pulumi_vault/config/outputs.py +35 -0
pulumi_vault/config/ui_custom_message.py +529 -0
pulumi_vault/config/vars.py +5 -0
pulumi_vault/consul/secret_backend.py +22 -25
pulumi_vault/consul/secret_backend_role.py +14 -80
pulumi_vault/database/_inputs.py +2770 -881
pulumi_vault/database/outputs.py +721 -838
pulumi_vault/database/secret_backend_connection.py +117 -114
pulumi_vault/database/secret_backend_role.py +29 -24
pulumi_vault/database/secret_backend_static_role.py +85 -15
pulumi_vault/database/secrets_mount.py +425 -138
pulumi_vault/egp_policy.py +16 -15
pulumi_vault/gcp/_inputs.py +111 -0
pulumi_vault/gcp/auth_backend.py +248 -35
pulumi_vault/gcp/auth_backend_role.py +75 -271
pulumi_vault/gcp/get_auth_backend_role.py +43 -9
pulumi_vault/gcp/outputs.py +5 -0
pulumi_vault/gcp/secret_backend.py +287 -16
pulumi_vault/gcp/secret_impersonated_account.py +74 -17
pulumi_vault/gcp/secret_roleset.py +29 -26
pulumi_vault/gcp/secret_static_account.py +37 -34
pulumi_vault/generic/endpoint.py +22 -21
pulumi_vault/generic/get_secret.py +68 -12
pulumi_vault/generic/secret.py +19 -14
pulumi_vault/get_auth_backend.py +24 -11
pulumi_vault/get_auth_backends.py +33 -11
pulumi_vault/get_namespace.py +226 -0
pulumi_vault/get_namespaces.py +153 -0
pulumi_vault/get_nomad_access_token.py +31 -15
pulumi_vault/get_policy_document.py +34 -23
pulumi_vault/get_raft_autopilot_state.py +29 -14
pulumi_vault/github/_inputs.py +55 -0
pulumi_vault/github/auth_backend.py +17 -16
pulumi_vault/github/outputs.py +5 -0
pulumi_vault/github/team.py +14 -13
pulumi_vault/github/user.py +14 -13
pulumi_vault/identity/entity.py +18 -15
pulumi_vault/identity/entity_alias.py +18 -15
pulumi_vault/identity/entity_policies.py +24 -19
pulumi_vault/identity/get_entity.py +40 -14
pulumi_vault/identity/get_group.py +45 -13
pulumi_vault/identity/get_oidc_client_creds.py +21 -11
pulumi_vault/identity/get_oidc_openid_config.py +39 -13
pulumi_vault/identity/get_oidc_public_keys.py +29 -14
pulumi_vault/identity/group.py +50 -49
pulumi_vault/identity/group_alias.py +14 -11
pulumi_vault/identity/group_member_entity_ids.py +24 -74
pulumi_vault/identity/group_member_group_ids.py +36 -27
pulumi_vault/identity/group_policies.py +16 -15
pulumi_vault/identity/mfa_duo.py +9 -8
pulumi_vault/identity/mfa_login_enforcement.py +13 -8
pulumi_vault/identity/mfa_okta.py +9 -8
pulumi_vault/identity/mfa_pingid.py +5 -4
pulumi_vault/identity/mfa_totp.py +5 -4
pulumi_vault/identity/oidc.py +12 -11
pulumi_vault/identity/oidc_assignment.py +22 -13
pulumi_vault/identity/oidc_client.py +34 -25
pulumi_vault/identity/oidc_key.py +28 -19
pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
pulumi_vault/identity/oidc_provider.py +34 -23
pulumi_vault/identity/oidc_role.py +40 -27
pulumi_vault/identity/oidc_scope.py +18 -15
pulumi_vault/identity/outputs.py +8 -3
pulumi_vault/jwt/_inputs.py +55 -0
pulumi_vault/jwt/auth_backend.py +39 -46
pulumi_vault/jwt/auth_backend_role.py +131 -260
pulumi_vault/jwt/outputs.py +5 -0
pulumi_vault/kmip/secret_backend.py +22 -21
pulumi_vault/kmip/secret_role.py +12 -11
pulumi_vault/kmip/secret_scope.py +12 -11
pulumi_vault/kubernetes/auth_backend_config.py +55 -7
pulumi_vault/kubernetes/auth_backend_role.py +68 -179
pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
pulumi_vault/kubernetes/get_service_account_token.py +39 -15
pulumi_vault/kubernetes/secret_backend.py +314 -29
pulumi_vault/kubernetes/secret_backend_role.py +135 -56
pulumi_vault/kv/_inputs.py +36 -4
pulumi_vault/kv/get_secret.py +23 -12
pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
pulumi_vault/kv/get_secret_v2.py +89 -9
pulumi_vault/kv/get_secrets_list.py +22 -15
pulumi_vault/kv/get_secrets_list_v2.py +35 -19
pulumi_vault/kv/outputs.py +8 -3
pulumi_vault/kv/secret.py +19 -18
pulumi_vault/kv/secret_backend_v2.py +12 -11
pulumi_vault/kv/secret_v2.py +55 -52
pulumi_vault/ldap/auth_backend.py +125 -168
pulumi_vault/ldap/auth_backend_group.py +12 -11
pulumi_vault/ldap/auth_backend_user.py +12 -11
pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
pulumi_vault/ldap/get_static_credentials.py +24 -5
pulumi_vault/ldap/secret_backend.py +352 -84
pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
pulumi_vault/ldap/secret_backend_library_set.py +14 -11
pulumi_vault/ldap/secret_backend_static_role.py +67 -12
pulumi_vault/managed/_inputs.py +289 -132
pulumi_vault/managed/keys.py +27 -43
pulumi_vault/managed/outputs.py +89 -132
pulumi_vault/mfa_duo.py +16 -13
pulumi_vault/mfa_okta.py +16 -13
pulumi_vault/mfa_pingid.py +16 -13
pulumi_vault/mfa_totp.py +22 -19
pulumi_vault/mongodbatlas/secret_backend.py +18 -17
pulumi_vault/mongodbatlas/secret_role.py +41 -38
pulumi_vault/mount.py +389 -65
pulumi_vault/namespace.py +26 -21
pulumi_vault/nomad_secret_backend.py +16 -15
pulumi_vault/nomad_secret_role.py +12 -11
pulumi_vault/okta/_inputs.py +47 -8
pulumi_vault/okta/auth_backend.py +483 -41
pulumi_vault/okta/auth_backend_group.py +12 -11
pulumi_vault/okta/auth_backend_user.py +12 -11
pulumi_vault/okta/outputs.py +13 -8
pulumi_vault/outputs.py +5 -0
pulumi_vault/password_policy.py +18 -15
pulumi_vault/pkisecret/__init__.py +3 -0
pulumi_vault/pkisecret/_inputs.py +81 -0
pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
pulumi_vault/pkisecret/backend_config_est.py +619 -0
pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
pulumi_vault/pkisecret/get_backend_key.py +24 -13
pulumi_vault/pkisecret/get_backend_keys.py +21 -12
pulumi_vault/pkisecret/outputs.py +69 -0
pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
pulumi_vault/pkisecret/secret_backend_key.py +12 -7
pulumi_vault/pkisecret/secret_backend_role.py +19 -16
pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
pulumi_vault/plugin.py +595 -0
pulumi_vault/plugin_pinned_version.py +298 -0
pulumi_vault/policy.py +12 -7
pulumi_vault/provider.py +48 -53
pulumi_vault/pulumi-plugin.json +2 -1
pulumi_vault/quota_lease_count.py +58 -8
pulumi_vault/quota_rate_limit.py +54 -4
pulumi_vault/rabbitmq/_inputs.py +61 -0
pulumi_vault/rabbitmq/outputs.py +5 -0
pulumi_vault/rabbitmq/secret_backend.py +16 -15
pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
pulumi_vault/raft_autopilot.py +12 -11
pulumi_vault/raft_snapshot_agent_config.py +121 -311
pulumi_vault/rgp_policy.py +14 -13
pulumi_vault/saml/auth_backend.py +20 -19
pulumi_vault/saml/auth_backend_role.py +90 -199
pulumi_vault/secrets/__init__.py +3 -0
pulumi_vault/secrets/_inputs.py +110 -0
pulumi_vault/secrets/outputs.py +94 -0
pulumi_vault/secrets/sync_association.py +56 -75
pulumi_vault/secrets/sync_aws_destination.py +240 -29
pulumi_vault/secrets/sync_azure_destination.py +90 -33
pulumi_vault/secrets/sync_config.py +7 -6
pulumi_vault/secrets/sync_gcp_destination.py +156 -27
pulumi_vault/secrets/sync_gh_destination.py +187 -15
pulumi_vault/secrets/sync_github_apps.py +375 -0
pulumi_vault/secrets/sync_vercel_destination.py +72 -15
pulumi_vault/ssh/_inputs.py +28 -32
pulumi_vault/ssh/outputs.py +11 -32
pulumi_vault/ssh/secret_backend_ca.py +106 -11
pulumi_vault/ssh/secret_backend_role.py +83 -120
pulumi_vault/terraformcloud/secret_backend.py +5 -56
pulumi_vault/terraformcloud/secret_creds.py +14 -24
pulumi_vault/terraformcloud/secret_role.py +14 -76
pulumi_vault/token.py +26 -25
pulumi_vault/tokenauth/auth_backend_role.py +76 -201
pulumi_vault/transform/alphabet.py +16 -13
pulumi_vault/transform/get_decode.py +45 -21
pulumi_vault/transform/get_encode.py +45 -21
pulumi_vault/transform/role.py +16 -13
pulumi_vault/transform/template.py +30 -25
pulumi_vault/transform/transformation.py +12 -7
pulumi_vault/transit/get_decrypt.py +26 -25
pulumi_vault/transit/get_encrypt.py +24 -19
pulumi_vault/transit/secret_backend_key.py +25 -97
pulumi_vault/transit/secret_cache_config.py +12 -11
{pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
{pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
{pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0

pulumi_vault/_inputs.py CHANGED Viewed

@@ -4,32 +4,104 @@
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from . import _utilities
 __all__ = [
     'AuthBackendTuneArgs',
+    'AuthBackendTuneArgsDict',
     'ProviderAuthLoginArgs',
+    'ProviderAuthLoginArgsDict',
     'ProviderAuthLoginAwsArgs',
+    'ProviderAuthLoginAwsArgsDict',
     'ProviderAuthLoginAzureArgs',
+    'ProviderAuthLoginAzureArgsDict',
     'ProviderAuthLoginCertArgs',
+    'ProviderAuthLoginCertArgsDict',
     'ProviderAuthLoginGcpArgs',
+    'ProviderAuthLoginGcpArgsDict',
     'ProviderAuthLoginJwtArgs',
+    'ProviderAuthLoginJwtArgsDict',
     'ProviderAuthLoginKerberosArgs',
+    'ProviderAuthLoginKerberosArgsDict',
     'ProviderAuthLoginOciArgs',
+    'ProviderAuthLoginOciArgsDict',
     'ProviderAuthLoginOidcArgs',
+    'ProviderAuthLoginOidcArgsDict',
     'ProviderAuthLoginRadiusArgs',
+    'ProviderAuthLoginRadiusArgsDict',
     'ProviderAuthLoginTokenFileArgs',
+    'ProviderAuthLoginTokenFileArgsDict',
     'ProviderAuthLoginUserpassArgs',
+    'ProviderAuthLoginUserpassArgsDict',
     'ProviderClientAuthArgs',
+    'ProviderClientAuthArgsDict',
     'ProviderHeaderArgs',
+    'ProviderHeaderArgsDict',
     'GetPolicyDocumentRuleArgs',
+    'GetPolicyDocumentRuleArgsDict',
     'GetPolicyDocumentRuleAllowedParameterArgs',
+    'GetPolicyDocumentRuleAllowedParameterArgsDict',
     'GetPolicyDocumentRuleDeniedParameterArgs',
+    'GetPolicyDocumentRuleDeniedParameterArgsDict',
 ]
+MYPY = False
+if not MYPY:
+    class AuthBackendTuneArgsDict(TypedDict):
+        allowed_response_headers: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        List of headers to whitelist and allowing
+        a plugin to include them in the response.
+        """
+        audit_non_hmac_request_keys: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        Specifies the list of keys that will
+        not be HMAC'd by audit devices in the request data object.
+        """
+        audit_non_hmac_response_keys: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        Specifies the list of keys that will
+        not be HMAC'd by audit devices in the response data object.
+        """
+        default_lease_ttl: NotRequired[pulumi.Input[str]]
+        """
+        Specifies the default time-to-live.
+        If set, this overrides the global default.
+        Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
+        """
+        listing_visibility: NotRequired[pulumi.Input[str]]
+        """
+        Specifies whether to show this mount in
+        the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
+        """
+        max_lease_ttl: NotRequired[pulumi.Input[str]]
+        """
+        Specifies the maximum time-to-live.
+        If set, this overrides the global default.
+        Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
+        """
+        passthrough_request_headers: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        List of headers to whitelist and
+        pass from the request to the backend.
+        """
+        token_type: NotRequired[pulumi.Input[str]]
+        """
+        Specifies the type of tokens that should be returned by
+        the mount. Valid values are "default-service", "default-batch", "service", "batch".
+        """
+elif False:
+    AuthBackendTuneArgsDict: TypeAlias = Mapping[str, Any]
 @pulumi.input_type
 class AuthBackendTuneArgs:
     def __init__(__self__, *,
@@ -185,6 +257,22 @@ class AuthBackendTuneArgs:
         pulumi.set(self, "token_type", value)
+if not MYPY:
+    class ProviderAuthLoginArgsDict(TypedDict):
+        path: pulumi.Input[str]
+        method: NotRequired[pulumi.Input[str]]
+        namespace: NotRequired[pulumi.Input[str]]
+        """
+        The authentication engine's namespace. Conflicts with use_root_namespace
+        """
+        parameters: NotRequired[pulumi.Input[Mapping[str, pulumi.Input[str]]]]
+        use_root_namespace: NotRequired[pulumi.Input[bool]]
+        """
+        Authenticate to the root Vault namespace. Conflicts with namespace
+        """
+elif False:
+    ProviderAuthLoginArgsDict: TypeAlias = Mapping[str, Any]
 @pulumi.input_type
 class ProviderAuthLoginArgs:
     def __init__(__self__, *,
@@ -259,6 +347,75 @@ class ProviderAuthLoginArgs:
         pulumi.set(self, "use_root_namespace", value)
+if not MYPY:
+    class ProviderAuthLoginAwsArgsDict(TypedDict):
+        role: pulumi.Input[str]
+        """
+        The Vault role to use when logging into Vault.
+        """
+        aws_access_key_id: NotRequired[pulumi.Input[str]]
+        """
+        The AWS access key ID.
+        """
+        aws_iam_endpoint: NotRequired[pulumi.Input[str]]
+        """
+        The IAM endpoint URL.
+        """
+        aws_profile: NotRequired[pulumi.Input[str]]
+        """
+        The name of the AWS profile.
+        """
+        aws_region: NotRequired[pulumi.Input[str]]
+        """
+        The AWS region.
+        """
+        aws_role_arn: NotRequired[pulumi.Input[str]]
+        """
+        The ARN of the AWS Role to assume.Used during STS AssumeRole
+        """
+        aws_role_session_name: NotRequired[pulumi.Input[str]]
+        """
+        Specifies the name to attach to the AWS role session. Used during STS AssumeRole
+        """
+        aws_secret_access_key: NotRequired[pulumi.Input[str]]
+        """
+        The AWS secret access key.
+        """
+        aws_session_token: NotRequired[pulumi.Input[str]]
+        """
+        The AWS session token.
+        """
+        aws_shared_credentials_file: NotRequired[pulumi.Input[str]]
+        """
+        Path to the AWS shared credentials file.
+        """
+        aws_sts_endpoint: NotRequired[pulumi.Input[str]]
+        """
+        The STS endpoint URL.
+        """
+        aws_web_identity_token_file: NotRequired[pulumi.Input[str]]
+        """
+        Path to the file containing an OAuth 2.0 access token or OpenID Connect ID token.
+        """
+        header_value: NotRequired[pulumi.Input[str]]
+        """
+        The Vault header value to include in the STS signing request.
+        """
+        mount: NotRequired[pulumi.Input[str]]
+        """
+        The path where the authentication engine is mounted.
+        """
+        namespace: NotRequired[pulumi.Input[str]]
+        """
+        The authentication engine's namespace. Conflicts with use_root_namespace
+        """
+        use_root_namespace: NotRequired[pulumi.Input[bool]]
+        """
+        Authenticate to the root Vault namespace. Conflicts with namespace
+        """
+elif False:
+    ProviderAuthLoginAwsArgsDict: TypeAlias = Mapping[str, Any]
 @pulumi.input_type
 class ProviderAuthLoginAwsArgs:
     def __init__(__self__, *,
@@ -521,6 +678,59 @@ class ProviderAuthLoginAwsArgs:
         pulumi.set(self, "use_root_namespace", value)
+if not MYPY:
+    class ProviderAuthLoginAzureArgsDict(TypedDict):
+        resource_group_name: pulumi.Input[str]
+        """
+        The resource group for the machine that generated the MSI token. This information can be obtained through instance metadata.
+        """
+        role: pulumi.Input[str]
+        """
+        Name of the login role.
+        """
+        subscription_id: pulumi.Input[str]
+        """
+        The subscription ID for the machine that generated the MSI token. This information can be obtained through instance metadata.
+        """
+        client_id: NotRequired[pulumi.Input[str]]
+        """
+        The identity's client ID.
+        """
+        jwt: NotRequired[pulumi.Input[str]]
+        """
+        A signed JSON Web Token. If not specified on will be created automatically
+        """
+        mount: NotRequired[pulumi.Input[str]]
+        """
+        The path where the authentication engine is mounted.
+        """
+        namespace: NotRequired[pulumi.Input[str]]
+        """
+        The authentication engine's namespace. Conflicts with use_root_namespace
+        """
+        scope: NotRequired[pulumi.Input[str]]
+        """
+        The scopes to include in the token request.
+        """
+        tenant_id: NotRequired[pulumi.Input[str]]
+        """
+        Provides the tenant ID to use in a multi-tenant authentication scenario.
+        """
+        use_root_namespace: NotRequired[pulumi.Input[bool]]
+        """
+        Authenticate to the root Vault namespace. Conflicts with namespace
+        """
+        vm_name: NotRequired[pulumi.Input[str]]
+        """
+        The virtual machine name for the machine that generated the MSI token. This information can be obtained through instance metadata.
+        """
+        vmss_name: NotRequired[pulumi.Input[str]]
+        """
+        The virtual machine scale set name for the machine that generated the MSI token. This information can be obtained through instance metadata.
+        """
+elif False:
+    ProviderAuthLoginAzureArgsDict: TypeAlias = Mapping[str, Any]
 @pulumi.input_type
 class ProviderAuthLoginAzureArgs:
     def __init__(__self__, *,
@@ -717,6 +927,35 @@ class ProviderAuthLoginAzureArgs:
         pulumi.set(self, "vmss_name", value)
+if not MYPY:
+    class ProviderAuthLoginCertArgsDict(TypedDict):
+        cert_file: pulumi.Input[str]
+        """
+        Path to a file containing the client certificate.
+        """
+        key_file: pulumi.Input[str]
+        """
+        Path to a file containing the private key that the certificate was issued for.
+        """
+        mount: NotRequired[pulumi.Input[str]]
+        """
+        The path where the authentication engine is mounted.
+        """
+        name: NotRequired[pulumi.Input[str]]
+        """
+        Name of the certificate's role
+        """
+        namespace: NotRequired[pulumi.Input[str]]
+        """
+        The authentication engine's namespace. Conflicts with use_root_namespace
+        """
+        use_root_namespace: NotRequired[pulumi.Input[bool]]
+        """
+        Authenticate to the root Vault namespace. Conflicts with namespace
+        """
+elif False:
+    ProviderAuthLoginCertArgsDict: TypeAlias = Mapping[str, Any]
 @pulumi.input_type
 class ProviderAuthLoginCertArgs:
     def __init__(__self__, *,
@@ -818,6 +1057,39 @@ class ProviderAuthLoginCertArgs:
         pulumi.set(self, "use_root_namespace", value)
+if not MYPY:
+    class ProviderAuthLoginGcpArgsDict(TypedDict):
+        role: pulumi.Input[str]
+        """
+        Name of the login role.
+        """
+        credentials: NotRequired[pulumi.Input[str]]
+        """
+        Path to the Google Cloud credentials file.
+        """
+        jwt: NotRequired[pulumi.Input[str]]
+        """
+        A signed JSON Web Token.
+        """
+        mount: NotRequired[pulumi.Input[str]]
+        """
+        The path where the authentication engine is mounted.
+        """
+        namespace: NotRequired[pulumi.Input[str]]
+        """
+        The authentication engine's namespace. Conflicts with use_root_namespace
+        """
+        service_account: NotRequired[pulumi.Input[str]]
+        """
+        IAM service account.
+        """
+        use_root_namespace: NotRequired[pulumi.Input[bool]]
+        """
+        Authenticate to the root Vault namespace. Conflicts with namespace
+        """
+elif False:
+    ProviderAuthLoginGcpArgsDict: TypeAlias = Mapping[str, Any]
 @pulumi.input_type
 class ProviderAuthLoginGcpArgs:
     def __init__(__self__, *,
@@ -936,6 +1208,31 @@ class ProviderAuthLoginGcpArgs:
         pulumi.set(self, "use_root_namespace", value)
+if not MYPY:
+    class ProviderAuthLoginJwtArgsDict(TypedDict):
+        jwt: pulumi.Input[str]
+        """
+        A signed JSON Web Token.
+        """
+        role: pulumi.Input[str]
+        """
+        Name of the login role.
+        """
+        mount: NotRequired[pulumi.Input[str]]
+        """
+        The path where the authentication engine is mounted.
+        """
+        namespace: NotRequired[pulumi.Input[str]]
+        """
+        The authentication engine's namespace. Conflicts with use_root_namespace
+        """
+        use_root_namespace: NotRequired[pulumi.Input[bool]]
+        """
+        Authenticate to the root Vault namespace. Conflicts with namespace
+        """
+elif False:
+    ProviderAuthLoginJwtArgsDict: TypeAlias = Mapping[str, Any]
 @pulumi.input_type
 class ProviderAuthLoginJwtArgs:
     def __init__(__self__, *,
@@ -1021,6 +1318,55 @@ class ProviderAuthLoginJwtArgs:
         pulumi.set(self, "use_root_namespace", value)
+if not MYPY:
+    class ProviderAuthLoginKerberosArgsDict(TypedDict):
+        disable_fast_negotiation: NotRequired[pulumi.Input[bool]]
+        """
+        Disable the Kerberos FAST negotiation.
+        """
+        keytab_path: NotRequired[pulumi.Input[str]]
+        """
+        The Kerberos keytab file containing the entry of the login entity.
+        """
+        krb5conf_path: NotRequired[pulumi.Input[str]]
+        """
+        A valid Kerberos configuration file e.g. /etc/krb5.conf.
+        """
+        mount: NotRequired[pulumi.Input[str]]
+        """
+        The path where the authentication engine is mounted.
+        """
+        namespace: NotRequired[pulumi.Input[str]]
+        """
+        The authentication engine's namespace. Conflicts with use_root_namespace
+        """
+        realm: NotRequired[pulumi.Input[str]]
+        """
+        The Kerberos server's authoritative authentication domain
+        """
+        remove_instance_name: NotRequired[pulumi.Input[bool]]
+        """
+        Strip the host from the username found in the keytab.
+        """
+        service: NotRequired[pulumi.Input[str]]
+        """
+        The service principle name.
+        """
+        token: NotRequired[pulumi.Input[str]]
+        """
+        Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) token
+        """
+        use_root_namespace: NotRequired[pulumi.Input[bool]]
+        """
+        Authenticate to the root Vault namespace. Conflicts with namespace
+        """
+        username: NotRequired[pulumi.Input[str]]
+        """
+        The username to login into Kerberos with.
+        """
+elif False:
+    ProviderAuthLoginKerberosArgsDict: TypeAlias = Mapping[str, Any]
 @pulumi.input_type
 class ProviderAuthLoginKerberosArgs:
     def __init__(__self__, *,
@@ -1204,6 +1550,31 @@ class ProviderAuthLoginKerberosArgs:
         pulumi.set(self, "username", value)
+if not MYPY:
+    class ProviderAuthLoginOciArgsDict(TypedDict):
+        auth_type: pulumi.Input[str]
+        """
+        Authentication type to use when getting OCI credentials.
+        """
+        role: pulumi.Input[str]
+        """
+        Name of the login role.
+        """
+        mount: NotRequired[pulumi.Input[str]]
+        """
+        The path where the authentication engine is mounted.
+        """
+        namespace: NotRequired[pulumi.Input[str]]
+        """
+        The authentication engine's namespace. Conflicts with use_root_namespace
+        """
+        use_root_namespace: NotRequired[pulumi.Input[bool]]
+        """
+        Authenticate to the root Vault namespace. Conflicts with namespace
+        """
+elif False:
+    ProviderAuthLoginOciArgsDict: TypeAlias = Mapping[str, Any]
 @pulumi.input_type
 class ProviderAuthLoginOciArgs:
     def __init__(__self__, *,
@@ -1289,6 +1660,35 @@ class ProviderAuthLoginOciArgs:
         pulumi.set(self, "use_root_namespace", value)
+if not MYPY:
+    class ProviderAuthLoginOidcArgsDict(TypedDict):
+        role: pulumi.Input[str]
+        """
+        Name of the login role.
+        """
+        callback_address: NotRequired[pulumi.Input[str]]
+        """
+        The callback address. Must be a valid URI without the path.
+        """
+        callback_listener_address: NotRequired[pulumi.Input[str]]
+        """
+        The callback listener's address. Must be a valid URI without the path.
+        """
+        mount: NotRequired[pulumi.Input[str]]
+        """
+        The path where the authentication engine is mounted.
+        """
+        namespace: NotRequired[pulumi.Input[str]]
+        """
+        The authentication engine's namespace. Conflicts with use_root_namespace
+        """
+        use_root_namespace: NotRequired[pulumi.Input[bool]]
+        """
+        Authenticate to the root Vault namespace. Conflicts with namespace
+        """
+elif False:
+    ProviderAuthLoginOidcArgsDict: TypeAlias = Mapping[str, Any]
 @pulumi.input_type
 class ProviderAuthLoginOidcArgs:
     def __init__(__self__, *,
@@ -1391,6 +1791,31 @@ class ProviderAuthLoginOidcArgs:
         pulumi.set(self, "use_root_namespace", value)
+if not MYPY:
+    class ProviderAuthLoginRadiusArgsDict(TypedDict):
+        password: pulumi.Input[str]
+        """
+        The Radius password for username.
+        """
+        username: pulumi.Input[str]
+        """
+        The Radius username.
+        """
+        mount: NotRequired[pulumi.Input[str]]
+        """
+        The path where the authentication engine is mounted.
+        """
+        namespace: NotRequired[pulumi.Input[str]]
+        """
+        The authentication engine's namespace. Conflicts with use_root_namespace
+        """
+        use_root_namespace: NotRequired[pulumi.Input[bool]]
+        """
+        Authenticate to the root Vault namespace. Conflicts with namespace
+        """
+elif False:
+    ProviderAuthLoginRadiusArgsDict: TypeAlias = Mapping[str, Any]
 @pulumi.input_type
 class ProviderAuthLoginRadiusArgs:
     def __init__(__self__, *,
@@ -1476,6 +1901,23 @@ class ProviderAuthLoginRadiusArgs:
         pulumi.set(self, "use_root_namespace", value)
+if not MYPY:
+    class ProviderAuthLoginTokenFileArgsDict(TypedDict):
+        filename: pulumi.Input[str]
+        """
+        The name of a file containing a single line that is a valid Vault token
+        """
+        namespace: NotRequired[pulumi.Input[str]]
+        """
+        The authentication engine's namespace. Conflicts with use_root_namespace
+        """
+        use_root_namespace: NotRequired[pulumi.Input[bool]]
+        """
+        Authenticate to the root Vault namespace. Conflicts with namespace
+        """
+elif False:
+    ProviderAuthLoginTokenFileArgsDict: TypeAlias = Mapping[str, Any]
 @pulumi.input_type
 class ProviderAuthLoginTokenFileArgs:
     def __init__(__self__, *,
@@ -1530,6 +1972,35 @@ class ProviderAuthLoginTokenFileArgs:
         pulumi.set(self, "use_root_namespace", value)
+if not MYPY:
+    class ProviderAuthLoginUserpassArgsDict(TypedDict):
+        username: pulumi.Input[str]
+        """
+        Login with username
+        """
+        mount: NotRequired[pulumi.Input[str]]
+        """
+        The path where the authentication engine is mounted.
+        """
+        namespace: NotRequired[pulumi.Input[str]]
+        """
+        The authentication engine's namespace. Conflicts with use_root_namespace
+        """
+        password: NotRequired[pulumi.Input[str]]
+        """
+        Login with password
+        """
+        password_file: NotRequired[pulumi.Input[str]]
+        """
+        Login with password from a file
+        """
+        use_root_namespace: NotRequired[pulumi.Input[bool]]
+        """
+        Authenticate to the root Vault namespace. Conflicts with namespace
+        """
+elif False:
+    ProviderAuthLoginUserpassArgsDict: TypeAlias = Mapping[str, Any]
 @pulumi.input_type
 class ProviderAuthLoginUserpassArgs:
     def __init__(__self__, *,
@@ -1632,6 +2103,19 @@ class ProviderAuthLoginUserpassArgs:
         pulumi.set(self, "use_root_namespace", value)
+if not MYPY:
+    class ProviderClientAuthArgsDict(TypedDict):
+        cert_file: pulumi.Input[str]
+        """
+        Path to a file containing the client certificate.
+        """
+        key_file: pulumi.Input[str]
+        """
+        Path to a file containing the private key that the certificate was issued for.
+        """
+elif False:
+    ProviderClientAuthArgsDict: TypeAlias = Mapping[str, Any]
 @pulumi.input_type
 class ProviderClientAuthArgs:
     def __init__(__self__, *,
@@ -1669,6 +2153,19 @@ class ProviderClientAuthArgs:
         pulumi.set(self, "key_file", value)
+if not MYPY:
+    class ProviderHeaderArgsDict(TypedDict):
+        name: pulumi.Input[str]
+        """
+        The header name
+        """
+        value: pulumi.Input[str]
+        """
+        The header value
+        """
+elif False:
+    ProviderHeaderArgsDict: TypeAlias = Mapping[str, Any]
 @pulumi.input_type
 class ProviderHeaderArgs:
     def __init__(__self__, *,
@@ -1706,6 +2203,43 @@ class ProviderHeaderArgs:
         pulumi.set(self, "value", value)
+if not MYPY:
+    class GetPolicyDocumentRuleArgsDict(TypedDict):
+        capabilities: Sequence[str]
+        """
+        A list of capabilities that this rule apply to `path`. For example, ["read", "write"].
+        """
+        path: str
+        """
+        A path in Vault that this rule applies to.
+        """
+        allowed_parameters: NotRequired[Sequence['GetPolicyDocumentRuleAllowedParameterArgsDict']]
+        """
+        Whitelists a list of keys and values that are permitted on the given path. See Parameters below.
+        """
+        denied_parameters: NotRequired[Sequence['GetPolicyDocumentRuleDeniedParameterArgsDict']]
+        """
+        Blacklists a list of parameter and values. Any values specified here take precedence over `allowed_parameter`. See Parameters below.
+        """
+        description: NotRequired[str]
+        """
+        Description of the rule. Will be added as a comment to rendered rule.
+        """
+        max_wrapping_ttl: NotRequired[str]
+        """
+        The maximum allowed TTL that clients can specify for a wrapped response.
+        """
+        min_wrapping_ttl: NotRequired[str]
+        """
+        The minimum allowed TTL that clients can specify for a wrapped response.
+        """
+        required_parameters: NotRequired[Sequence[str]]
+        """
+        A list of parameters that must be specified.
+        """
+elif False:
+    GetPolicyDocumentRuleArgsDict: TypeAlias = Mapping[str, Any]
 @pulumi.input_type
 class GetPolicyDocumentRuleArgs:
     def __init__(__self__, *,
@@ -1839,6 +2373,19 @@ class GetPolicyDocumentRuleArgs:
         pulumi.set(self, "required_parameters", value)
+if not MYPY:
+    class GetPolicyDocumentRuleAllowedParameterArgsDict(TypedDict):
+        key: str
+        """
+        name of permitted or denied parameter.
+        """
+        values: Sequence[str]
+        """
+        list of values what are permitted or denied by policy rule.
+        """
+elif False:
+    GetPolicyDocumentRuleAllowedParameterArgsDict: TypeAlias = Mapping[str, Any]
 @pulumi.input_type
 class GetPolicyDocumentRuleAllowedParameterArgs:
     def __init__(__self__, *,
@@ -1876,6 +2423,19 @@ class GetPolicyDocumentRuleAllowedParameterArgs:
         pulumi.set(self, "values", value)
+if not MYPY:
+    class GetPolicyDocumentRuleDeniedParameterArgsDict(TypedDict):
+        key: str
+        """
+        name of permitted or denied parameter.
+        """
+        values: Sequence[str]
+        """
+        list of values what are permitted or denied by policy rule.
+        """
+elif False:
+    GetPolicyDocumentRuleDeniedParameterArgsDict: TypeAlias = Mapping[str, Any]
 @pulumi.input_type
 class GetPolicyDocumentRuleDeniedParameterArgs:
     def __init__(__self__, *,

pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl

pulumi-vault 5.21.0a1710160723py3-none-any.whl → 6.5.0a1736850018py3-none-any.whl