pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +22 -7
  5. pulumi_vault/ad/secret_backend.py +14 -144
  6. pulumi_vault/ad/secret_library.py +14 -11
  7. pulumi_vault/ad/secret_role.py +12 -11
  8. pulumi_vault/alicloud/auth_backend_role.py +74 -192
  9. pulumi_vault/approle/auth_backend_login.py +12 -11
  10. pulumi_vault/approle/auth_backend_role.py +75 -193
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
  13. pulumi_vault/audit.py +24 -27
  14. pulumi_vault/audit_request_header.py +11 -6
  15. pulumi_vault/auth_backend.py +64 -12
  16. pulumi_vault/aws/auth_backend_cert.py +12 -7
  17. pulumi_vault/aws/auth_backend_client.py +265 -24
  18. pulumi_vault/aws/auth_backend_config_identity.py +12 -11
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +75 -193
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
  24. pulumi_vault/aws/auth_backend_sts_role.py +12 -11
  25. pulumi_vault/aws/get_access_credentials.py +34 -7
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +75 -7
  28. pulumi_vault/aws/secret_backend_role.py +183 -11
  29. pulumi_vault/aws/secret_backend_static_role.py +14 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +151 -17
  32. pulumi_vault/azure/auth_backend_role.py +75 -193
  33. pulumi_vault/azure/backend.py +223 -29
  34. pulumi_vault/azure/backend_role.py +42 -41
  35. pulumi_vault/azure/get_access_credentials.py +39 -11
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -271
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +22 -25
  44. pulumi_vault/consul/secret_backend_role.py +14 -80
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +117 -114
  48. pulumi_vault/database/secret_backend_role.py +29 -24
  49. pulumi_vault/database/secret_backend_static_role.py +85 -15
  50. pulumi_vault/database/secrets_mount.py +425 -138
  51. pulumi_vault/egp_policy.py +16 -15
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +248 -35
  54. pulumi_vault/gcp/auth_backend_role.py +75 -271
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -9
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -16
  58. pulumi_vault/gcp/secret_impersonated_account.py +74 -17
  59. pulumi_vault/gcp/secret_roleset.py +29 -26
  60. pulumi_vault/gcp/secret_static_account.py +37 -34
  61. pulumi_vault/generic/endpoint.py +22 -21
  62. pulumi_vault/generic/get_secret.py +68 -12
  63. pulumi_vault/generic/secret.py +19 -14
  64. pulumi_vault/get_auth_backend.py +24 -11
  65. pulumi_vault/get_auth_backends.py +33 -11
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -15
  69. pulumi_vault/get_policy_document.py +34 -23
  70. pulumi_vault/get_raft_autopilot_state.py +29 -14
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +17 -16
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +14 -13
  75. pulumi_vault/github/user.py +14 -13
  76. pulumi_vault/identity/entity.py +18 -15
  77. pulumi_vault/identity/entity_alias.py +18 -15
  78. pulumi_vault/identity/entity_policies.py +24 -19
  79. pulumi_vault/identity/get_entity.py +40 -14
  80. pulumi_vault/identity/get_group.py +45 -13
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -11
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -13
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -14
  84. pulumi_vault/identity/group.py +50 -49
  85. pulumi_vault/identity/group_alias.py +14 -11
  86. pulumi_vault/identity/group_member_entity_ids.py +24 -74
  87. pulumi_vault/identity/group_member_group_ids.py +36 -27
  88. pulumi_vault/identity/group_policies.py +16 -15
  89. pulumi_vault/identity/mfa_duo.py +9 -8
  90. pulumi_vault/identity/mfa_login_enforcement.py +13 -8
  91. pulumi_vault/identity/mfa_okta.py +9 -8
  92. pulumi_vault/identity/mfa_pingid.py +5 -4
  93. pulumi_vault/identity/mfa_totp.py +5 -4
  94. pulumi_vault/identity/oidc.py +12 -11
  95. pulumi_vault/identity/oidc_assignment.py +22 -13
  96. pulumi_vault/identity/oidc_client.py +34 -25
  97. pulumi_vault/identity/oidc_key.py +28 -19
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
  99. pulumi_vault/identity/oidc_provider.py +34 -23
  100. pulumi_vault/identity/oidc_role.py +40 -27
  101. pulumi_vault/identity/oidc_scope.py +18 -15
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +39 -46
  105. pulumi_vault/jwt/auth_backend_role.py +131 -260
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +22 -21
  108. pulumi_vault/kmip/secret_role.py +12 -11
  109. pulumi_vault/kmip/secret_scope.py +12 -11
  110. pulumi_vault/kubernetes/auth_backend_config.py +55 -7
  111. pulumi_vault/kubernetes/auth_backend_role.py +68 -179
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -15
  115. pulumi_vault/kubernetes/secret_backend.py +314 -29
  116. pulumi_vault/kubernetes/secret_backend_role.py +135 -56
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +23 -12
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
  120. pulumi_vault/kv/get_secret_v2.py +89 -9
  121. pulumi_vault/kv/get_secrets_list.py +22 -15
  122. pulumi_vault/kv/get_secrets_list_v2.py +35 -19
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +19 -18
  125. pulumi_vault/kv/secret_backend_v2.py +12 -11
  126. pulumi_vault/kv/secret_v2.py +55 -52
  127. pulumi_vault/ldap/auth_backend.py +125 -168
  128. pulumi_vault/ldap/auth_backend_group.py +12 -11
  129. pulumi_vault/ldap/auth_backend_user.py +12 -11
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +352 -84
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +14 -11
  135. pulumi_vault/ldap/secret_backend_static_role.py +67 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +27 -43
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +16 -13
  140. pulumi_vault/mfa_okta.py +16 -13
  141. pulumi_vault/mfa_pingid.py +16 -13
  142. pulumi_vault/mfa_totp.py +22 -19
  143. pulumi_vault/mongodbatlas/secret_backend.py +18 -17
  144. pulumi_vault/mongodbatlas/secret_role.py +41 -38
  145. pulumi_vault/mount.py +389 -65
  146. pulumi_vault/namespace.py +26 -21
  147. pulumi_vault/nomad_secret_backend.py +16 -15
  148. pulumi_vault/nomad_secret_role.py +12 -11
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +483 -41
  151. pulumi_vault/okta/auth_backend_group.py +12 -11
  152. pulumi_vault/okta/auth_backend_user.py +12 -11
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +18 -15
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -13
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -12
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
  174. pulumi_vault/pkisecret/secret_backend_key.py +12 -7
  175. pulumi_vault/pkisecret/secret_backend_role.py +19 -16
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +12 -7
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +58 -8
  185. pulumi_vault/quota_rate_limit.py +54 -4
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +16 -15
  189. pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
  190. pulumi_vault/raft_autopilot.py +12 -11
  191. pulumi_vault/raft_snapshot_agent_config.py +121 -311
  192. pulumi_vault/rgp_policy.py +14 -13
  193. pulumi_vault/saml/auth_backend.py +20 -19
  194. pulumi_vault/saml/auth_backend_role.py +90 -199
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -75
  199. pulumi_vault/secrets/sync_aws_destination.py +240 -29
  200. pulumi_vault/secrets/sync_azure_destination.py +90 -33
  201. pulumi_vault/secrets/sync_config.py +7 -6
  202. pulumi_vault/secrets/sync_gcp_destination.py +156 -27
  203. pulumi_vault/secrets/sync_gh_destination.py +187 -15
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +72 -15
  206. pulumi_vault/ssh/_inputs.py +28 -32
  207. pulumi_vault/ssh/outputs.py +11 -32
  208. pulumi_vault/ssh/secret_backend_ca.py +106 -11
  209. pulumi_vault/ssh/secret_backend_role.py +83 -120
  210. pulumi_vault/terraformcloud/secret_backend.py +5 -56
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -24
  212. pulumi_vault/terraformcloud/secret_role.py +14 -76
  213. pulumi_vault/token.py +26 -25
  214. pulumi_vault/tokenauth/auth_backend_role.py +76 -201
  215. pulumi_vault/transform/alphabet.py +16 -13
  216. pulumi_vault/transform/get_decode.py +45 -21
  217. pulumi_vault/transform/get_encode.py +45 -21
  218. pulumi_vault/transform/role.py +16 -13
  219. pulumi_vault/transform/template.py +30 -25
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -25
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +25 -97
  224. pulumi_vault/transit/secret_cache_config.py +12 -11
  225. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
@@ -17,7 +22,7 @@ class SecretBackendRoleArgs:
17
22
  backend: pulumi.Input[str],
18
23
  creation_statements: pulumi.Input[Sequence[pulumi.Input[str]]],
19
24
  db_name: pulumi.Input[str],
20
- credential_config: Optional[pulumi.Input[Mapping[str, Any]]] = None,
25
+ credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
21
26
  credential_type: Optional[pulumi.Input[str]] = None,
22
27
  default_ttl: Optional[pulumi.Input[int]] = None,
23
28
  max_ttl: Optional[pulumi.Input[int]] = None,
@@ -33,7 +38,7 @@ class SecretBackendRoleArgs:
33
38
  creating a user.
34
39
  :param pulumi.Input[str] db_name: The unique name of the database connection to use for
35
40
  the role.
36
- :param pulumi.Input[Mapping[str, Any]] credential_config: Specifies the configuration
41
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] credential_config: Specifies the configuration
37
42
  for the given `credential_type`.
38
43
 
39
44
  The following options are available for each `credential_type` value:
@@ -118,7 +123,7 @@ class SecretBackendRoleArgs:
118
123
 
119
124
  @property
120
125
  @pulumi.getter(name="credentialConfig")
121
- def credential_config(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
126
+ def credential_config(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
122
127
  """
123
128
  Specifies the configuration
124
129
  for the given `credential_type`.
@@ -128,7 +133,7 @@ class SecretBackendRoleArgs:
128
133
  return pulumi.get(self, "credential_config")
129
134
 
130
135
  @credential_config.setter
131
- def credential_config(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
136
+ def credential_config(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
132
137
  pulumi.set(self, "credential_config", value)
133
138
 
134
139
  @property
@@ -243,7 +248,7 @@ class _SecretBackendRoleState:
243
248
  def __init__(__self__, *,
244
249
  backend: Optional[pulumi.Input[str]] = None,
245
250
  creation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
246
- credential_config: Optional[pulumi.Input[Mapping[str, Any]]] = None,
251
+ credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
247
252
  credential_type: Optional[pulumi.Input[str]] = None,
248
253
  db_name: Optional[pulumi.Input[str]] = None,
249
254
  default_ttl: Optional[pulumi.Input[int]] = None,
@@ -258,7 +263,7 @@ class _SecretBackendRoleState:
258
263
  :param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
259
264
  :param pulumi.Input[Sequence[pulumi.Input[str]]] creation_statements: The database statements to execute when
260
265
  creating a user.
261
- :param pulumi.Input[Mapping[str, Any]] credential_config: Specifies the configuration
266
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] credential_config: Specifies the configuration
262
267
  for the given `credential_type`.
263
268
 
264
269
  The following options are available for each `credential_type` value:
@@ -335,7 +340,7 @@ class _SecretBackendRoleState:
335
340
 
336
341
  @property
337
342
  @pulumi.getter(name="credentialConfig")
338
- def credential_config(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
343
+ def credential_config(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
339
344
  """
340
345
  Specifies the configuration
341
346
  for the given `credential_type`.
@@ -345,7 +350,7 @@ class _SecretBackendRoleState:
345
350
  return pulumi.get(self, "credential_config")
346
351
 
347
352
  @credential_config.setter
348
- def credential_config(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
353
+ def credential_config(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
349
354
  pulumi.set(self, "credential_config", value)
350
355
 
351
356
  @property
@@ -475,7 +480,7 @@ class SecretBackendRole(pulumi.CustomResource):
475
480
  opts: Optional[pulumi.ResourceOptions] = None,
476
481
  backend: Optional[pulumi.Input[str]] = None,
477
482
  creation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
478
- credential_config: Optional[pulumi.Input[Mapping[str, Any]]] = None,
483
+ credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
479
484
  credential_type: Optional[pulumi.Input[str]] = None,
480
485
  db_name: Optional[pulumi.Input[str]] = None,
481
486
  default_ttl: Optional[pulumi.Input[int]] = None,
@@ -489,7 +494,6 @@ class SecretBackendRole(pulumi.CustomResource):
489
494
  """
490
495
  ## Example Usage
491
496
 
492
- <!--Start PulumiCodeChooser -->
493
497
  ```python
494
498
  import pulumi
495
499
  import pulumi_vault as vault
@@ -499,19 +503,20 @@ class SecretBackendRole(pulumi.CustomResource):
499
503
  type="database")
500
504
  postgres = vault.database.SecretBackendConnection("postgres",
501
505
  backend=db.path,
506
+ name="postgres",
502
507
  allowed_roles=[
503
508
  "dev",
504
509
  "prod",
505
510
  ],
506
- postgresql=vault.database.SecretBackendConnectionPostgresqlArgs(
507
- connection_url="postgres://username:password@host:port/database",
508
- ))
511
+ postgresql={
512
+ "connection_url": "postgres://username:password@host:port/database",
513
+ })
509
514
  role = vault.database.SecretBackendRole("role",
510
515
  backend=db.path,
516
+ name="dev",
511
517
  db_name=postgres.name,
512
518
  creation_statements=["CREATE ROLE \\"{{name}}\\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';"])
513
519
  ```
514
- <!--End PulumiCodeChooser -->
515
520
 
516
521
  ## Import
517
522
 
@@ -526,7 +531,7 @@ class SecretBackendRole(pulumi.CustomResource):
526
531
  :param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
527
532
  :param pulumi.Input[Sequence[pulumi.Input[str]]] creation_statements: The database statements to execute when
528
533
  creating a user.
529
- :param pulumi.Input[Mapping[str, Any]] credential_config: Specifies the configuration
534
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] credential_config: Specifies the configuration
530
535
  for the given `credential_type`.
531
536
 
532
537
  The following options are available for each `credential_type` value:
@@ -560,7 +565,6 @@ class SecretBackendRole(pulumi.CustomResource):
560
565
  """
561
566
  ## Example Usage
562
567
 
563
- <!--Start PulumiCodeChooser -->
564
568
  ```python
565
569
  import pulumi
566
570
  import pulumi_vault as vault
@@ -570,19 +574,20 @@ class SecretBackendRole(pulumi.CustomResource):
570
574
  type="database")
571
575
  postgres = vault.database.SecretBackendConnection("postgres",
572
576
  backend=db.path,
577
+ name="postgres",
573
578
  allowed_roles=[
574
579
  "dev",
575
580
  "prod",
576
581
  ],
577
- postgresql=vault.database.SecretBackendConnectionPostgresqlArgs(
578
- connection_url="postgres://username:password@host:port/database",
579
- ))
582
+ postgresql={
583
+ "connection_url": "postgres://username:password@host:port/database",
584
+ })
580
585
  role = vault.database.SecretBackendRole("role",
581
586
  backend=db.path,
587
+ name="dev",
582
588
  db_name=postgres.name,
583
589
  creation_statements=["CREATE ROLE \\"{{name}}\\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';"])
584
590
  ```
585
- <!--End PulumiCodeChooser -->
586
591
 
587
592
  ## Import
588
593
 
@@ -609,7 +614,7 @@ class SecretBackendRole(pulumi.CustomResource):
609
614
  opts: Optional[pulumi.ResourceOptions] = None,
610
615
  backend: Optional[pulumi.Input[str]] = None,
611
616
  creation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
612
- credential_config: Optional[pulumi.Input[Mapping[str, Any]]] = None,
617
+ credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
613
618
  credential_type: Optional[pulumi.Input[str]] = None,
614
619
  db_name: Optional[pulumi.Input[str]] = None,
615
620
  default_ttl: Optional[pulumi.Input[int]] = None,
@@ -658,7 +663,7 @@ class SecretBackendRole(pulumi.CustomResource):
658
663
  opts: Optional[pulumi.ResourceOptions] = None,
659
664
  backend: Optional[pulumi.Input[str]] = None,
660
665
  creation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
661
- credential_config: Optional[pulumi.Input[Mapping[str, Any]]] = None,
666
+ credential_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
662
667
  credential_type: Optional[pulumi.Input[str]] = None,
663
668
  db_name: Optional[pulumi.Input[str]] = None,
664
669
  default_ttl: Optional[pulumi.Input[int]] = None,
@@ -678,7 +683,7 @@ class SecretBackendRole(pulumi.CustomResource):
678
683
  :param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
679
684
  :param pulumi.Input[Sequence[pulumi.Input[str]]] creation_statements: The database statements to execute when
680
685
  creating a user.
681
- :param pulumi.Input[Mapping[str, Any]] credential_config: Specifies the configuration
686
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] credential_config: Specifies the configuration
682
687
  for the given `credential_type`.
683
688
 
684
689
  The following options are available for each `credential_type` value:
@@ -740,7 +745,7 @@ class SecretBackendRole(pulumi.CustomResource):
740
745
 
741
746
  @property
742
747
  @pulumi.getter(name="credentialConfig")
743
- def credential_config(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
748
+ def credential_config(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
744
749
  """
745
750
  Specifies the configuration
746
751
  for the given `credential_type`.
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretBackendStaticRoleArgs', 'SecretBackendStaticRole']
@@ -22,7 +27,8 @@ class SecretBackendStaticRoleArgs:
22
27
  rotation_period: Optional[pulumi.Input[int]] = None,
23
28
  rotation_schedule: Optional[pulumi.Input[str]] = None,
24
29
  rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
25
- rotation_window: Optional[pulumi.Input[int]] = None):
30
+ rotation_window: Optional[pulumi.Input[int]] = None,
31
+ self_managed_password: Optional[pulumi.Input[str]] = None):
26
32
  """
27
33
  The set of arguments for constructing a SecretBackendStaticRole resource.
28
34
  :param pulumi.Input[str] backend: The unique name of the Vault mount to configure.
@@ -43,6 +49,9 @@ class SecretBackendStaticRoleArgs:
43
49
  :param pulumi.Input[Sequence[pulumi.Input[str]]] rotation_statements: Database statements to execute to rotate the password for the configured database user.
44
50
  :param pulumi.Input[int] rotation_window: The amount of time, in seconds, in which rotations are allowed to occur starting
45
51
  from a given `rotation_schedule`.
52
+ :param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
53
+ Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
54
+ select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
46
55
  """
47
56
  pulumi.set(__self__, "backend", backend)
48
57
  pulumi.set(__self__, "db_name", db_name)
@@ -59,6 +68,8 @@ class SecretBackendStaticRoleArgs:
59
68
  pulumi.set(__self__, "rotation_statements", rotation_statements)
60
69
  if rotation_window is not None:
61
70
  pulumi.set(__self__, "rotation_window", rotation_window)
71
+ if self_managed_password is not None:
72
+ pulumi.set(__self__, "self_managed_password", self_managed_password)
62
73
 
63
74
  @property
64
75
  @pulumi.getter
@@ -177,6 +188,20 @@ class SecretBackendStaticRoleArgs:
177
188
  def rotation_window(self, value: Optional[pulumi.Input[int]]):
178
189
  pulumi.set(self, "rotation_window", value)
179
190
 
191
+ @property
192
+ @pulumi.getter(name="selfManagedPassword")
193
+ def self_managed_password(self) -> Optional[pulumi.Input[str]]:
194
+ """
195
+ The password corresponding to the username in the database.
196
+ Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
197
+ select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
198
+ """
199
+ return pulumi.get(self, "self_managed_password")
200
+
201
+ @self_managed_password.setter
202
+ def self_managed_password(self, value: Optional[pulumi.Input[str]]):
203
+ pulumi.set(self, "self_managed_password", value)
204
+
180
205
 
181
206
  @pulumi.input_type
182
207
  class _SecretBackendStaticRoleState:
@@ -189,6 +214,7 @@ class _SecretBackendStaticRoleState:
189
214
  rotation_schedule: Optional[pulumi.Input[str]] = None,
190
215
  rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
191
216
  rotation_window: Optional[pulumi.Input[int]] = None,
217
+ self_managed_password: Optional[pulumi.Input[str]] = None,
192
218
  username: Optional[pulumi.Input[str]] = None):
193
219
  """
194
220
  Input properties used for looking up and filtering SecretBackendStaticRole resources.
@@ -209,6 +235,9 @@ class _SecretBackendStaticRoleState:
209
235
  :param pulumi.Input[Sequence[pulumi.Input[str]]] rotation_statements: Database statements to execute to rotate the password for the configured database user.
210
236
  :param pulumi.Input[int] rotation_window: The amount of time, in seconds, in which rotations are allowed to occur starting
211
237
  from a given `rotation_schedule`.
238
+ :param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
239
+ Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
240
+ select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
212
241
  :param pulumi.Input[str] username: The database username that this static role corresponds to.
213
242
  """
214
243
  if backend is not None:
@@ -227,6 +256,8 @@ class _SecretBackendStaticRoleState:
227
256
  pulumi.set(__self__, "rotation_statements", rotation_statements)
228
257
  if rotation_window is not None:
229
258
  pulumi.set(__self__, "rotation_window", rotation_window)
259
+ if self_managed_password is not None:
260
+ pulumi.set(__self__, "self_managed_password", self_managed_password)
230
261
  if username is not None:
231
262
  pulumi.set(__self__, "username", username)
232
263
 
@@ -335,6 +366,20 @@ class _SecretBackendStaticRoleState:
335
366
  def rotation_window(self, value: Optional[pulumi.Input[int]]):
336
367
  pulumi.set(self, "rotation_window", value)
337
368
 
369
+ @property
370
+ @pulumi.getter(name="selfManagedPassword")
371
+ def self_managed_password(self) -> Optional[pulumi.Input[str]]:
372
+ """
373
+ The password corresponding to the username in the database.
374
+ Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
375
+ select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
376
+ """
377
+ return pulumi.get(self, "self_managed_password")
378
+
379
+ @self_managed_password.setter
380
+ def self_managed_password(self, value: Optional[pulumi.Input[str]]):
381
+ pulumi.set(self, "self_managed_password", value)
382
+
338
383
  @property
339
384
  @pulumi.getter
340
385
  def username(self) -> Optional[pulumi.Input[str]]:
@@ -361,6 +406,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
361
406
  rotation_schedule: Optional[pulumi.Input[str]] = None,
362
407
  rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
363
408
  rotation_window: Optional[pulumi.Input[int]] = None,
409
+ self_managed_password: Optional[pulumi.Input[str]] = None,
364
410
  username: Optional[pulumi.Input[str]] = None,
365
411
  __props__=None):
366
412
  """
@@ -370,7 +416,6 @@ class SecretBackendStaticRole(pulumi.CustomResource):
370
416
 
371
417
  ## Example Usage
372
418
 
373
- <!--Start PulumiCodeChooser -->
374
419
  ```python
375
420
  import pulumi
376
421
  import pulumi_vault as vault
@@ -380,27 +425,29 @@ class SecretBackendStaticRole(pulumi.CustomResource):
380
425
  type="database")
381
426
  postgres = vault.database.SecretBackendConnection("postgres",
382
427
  backend=db.path,
428
+ name="postgres",
383
429
  allowed_roles=["*"],
384
- postgresql=vault.database.SecretBackendConnectionPostgresqlArgs(
385
- connection_url="postgres://username:password@host:port/database",
386
- ))
430
+ postgresql={
431
+ "connection_url": "postgres://username:password@host:port/database",
432
+ })
387
433
  # configure a static role with period-based rotations
388
- period_role = vault.database.SecretBackendStaticRole("periodRole",
434
+ period_role = vault.database.SecretBackendStaticRole("period_role",
389
435
  backend=db.path,
436
+ name="my-period-role",
390
437
  db_name=postgres.name,
391
438
  username="example",
392
439
  rotation_period=3600,
393
440
  rotation_statements=["ALTER USER \\"{{name}}\\" WITH PASSWORD '{{password}}';"])
394
441
  # configure a static role with schedule-based rotations
395
- schedule_role = vault.database.SecretBackendStaticRole("scheduleRole",
442
+ schedule_role = vault.database.SecretBackendStaticRole("schedule_role",
396
443
  backend=db.path,
444
+ name="my-schedule-role",
397
445
  db_name=postgres.name,
398
446
  username="example",
399
447
  rotation_schedule="0 0 * * SAT",
400
448
  rotation_window=172800,
401
449
  rotation_statements=["ALTER USER \\"{{name}}\\" WITH PASSWORD '{{password}}';"])
402
450
  ```
403
- <!--End PulumiCodeChooser -->
404
451
 
405
452
  ## Import
406
453
 
@@ -429,6 +476,9 @@ class SecretBackendStaticRole(pulumi.CustomResource):
429
476
  :param pulumi.Input[Sequence[pulumi.Input[str]]] rotation_statements: Database statements to execute to rotate the password for the configured database user.
430
477
  :param pulumi.Input[int] rotation_window: The amount of time, in seconds, in which rotations are allowed to occur starting
431
478
  from a given `rotation_schedule`.
479
+ :param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
480
+ Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
481
+ select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
432
482
  :param pulumi.Input[str] username: The database username that this static role corresponds to.
433
483
  """
434
484
  ...
@@ -444,7 +494,6 @@ class SecretBackendStaticRole(pulumi.CustomResource):
444
494
 
445
495
  ## Example Usage
446
496
 
447
- <!--Start PulumiCodeChooser -->
448
497
  ```python
449
498
  import pulumi
450
499
  import pulumi_vault as vault
@@ -454,27 +503,29 @@ class SecretBackendStaticRole(pulumi.CustomResource):
454
503
  type="database")
455
504
  postgres = vault.database.SecretBackendConnection("postgres",
456
505
  backend=db.path,
506
+ name="postgres",
457
507
  allowed_roles=["*"],
458
- postgresql=vault.database.SecretBackendConnectionPostgresqlArgs(
459
- connection_url="postgres://username:password@host:port/database",
460
- ))
508
+ postgresql={
509
+ "connection_url": "postgres://username:password@host:port/database",
510
+ })
461
511
  # configure a static role with period-based rotations
462
- period_role = vault.database.SecretBackendStaticRole("periodRole",
512
+ period_role = vault.database.SecretBackendStaticRole("period_role",
463
513
  backend=db.path,
514
+ name="my-period-role",
464
515
  db_name=postgres.name,
465
516
  username="example",
466
517
  rotation_period=3600,
467
518
  rotation_statements=["ALTER USER \\"{{name}}\\" WITH PASSWORD '{{password}}';"])
468
519
  # configure a static role with schedule-based rotations
469
- schedule_role = vault.database.SecretBackendStaticRole("scheduleRole",
520
+ schedule_role = vault.database.SecretBackendStaticRole("schedule_role",
470
521
  backend=db.path,
522
+ name="my-schedule-role",
471
523
  db_name=postgres.name,
472
524
  username="example",
473
525
  rotation_schedule="0 0 * * SAT",
474
526
  rotation_window=172800,
475
527
  rotation_statements=["ALTER USER \\"{{name}}\\" WITH PASSWORD '{{password}}';"])
476
528
  ```
477
- <!--End PulumiCodeChooser -->
478
529
 
479
530
  ## Import
480
531
 
@@ -507,6 +558,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
507
558
  rotation_schedule: Optional[pulumi.Input[str]] = None,
508
559
  rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
509
560
  rotation_window: Optional[pulumi.Input[int]] = None,
561
+ self_managed_password: Optional[pulumi.Input[str]] = None,
510
562
  username: Optional[pulumi.Input[str]] = None,
511
563
  __props__=None):
512
564
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -529,9 +581,12 @@ class SecretBackendStaticRole(pulumi.CustomResource):
529
581
  __props__.__dict__["rotation_schedule"] = rotation_schedule
530
582
  __props__.__dict__["rotation_statements"] = rotation_statements
531
583
  __props__.__dict__["rotation_window"] = rotation_window
584
+ __props__.__dict__["self_managed_password"] = None if self_managed_password is None else pulumi.Output.secret(self_managed_password)
532
585
  if username is None and not opts.urn:
533
586
  raise TypeError("Missing required property 'username'")
534
587
  __props__.__dict__["username"] = username
588
+ secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["selfManagedPassword"])
589
+ opts = pulumi.ResourceOptions.merge(opts, secret_opts)
535
590
  super(SecretBackendStaticRole, __self__).__init__(
536
591
  'vault:database/secretBackendStaticRole:SecretBackendStaticRole',
537
592
  resource_name,
@@ -550,6 +605,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
550
605
  rotation_schedule: Optional[pulumi.Input[str]] = None,
551
606
  rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
552
607
  rotation_window: Optional[pulumi.Input[int]] = None,
608
+ self_managed_password: Optional[pulumi.Input[str]] = None,
553
609
  username: Optional[pulumi.Input[str]] = None) -> 'SecretBackendStaticRole':
554
610
  """
555
611
  Get an existing SecretBackendStaticRole resource's state with the given name, id, and optional extra
@@ -575,6 +631,9 @@ class SecretBackendStaticRole(pulumi.CustomResource):
575
631
  :param pulumi.Input[Sequence[pulumi.Input[str]]] rotation_statements: Database statements to execute to rotate the password for the configured database user.
576
632
  :param pulumi.Input[int] rotation_window: The amount of time, in seconds, in which rotations are allowed to occur starting
577
633
  from a given `rotation_schedule`.
634
+ :param pulumi.Input[str] self_managed_password: The password corresponding to the username in the database.
635
+ Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
636
+ select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
578
637
  :param pulumi.Input[str] username: The database username that this static role corresponds to.
579
638
  """
580
639
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -589,6 +648,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
589
648
  __props__.__dict__["rotation_schedule"] = rotation_schedule
590
649
  __props__.__dict__["rotation_statements"] = rotation_statements
591
650
  __props__.__dict__["rotation_window"] = rotation_window
651
+ __props__.__dict__["self_managed_password"] = self_managed_password
592
652
  __props__.__dict__["username"] = username
593
653
  return SecretBackendStaticRole(resource_name, opts=opts, __props__=__props__)
594
654
 
@@ -665,6 +725,16 @@ class SecretBackendStaticRole(pulumi.CustomResource):
665
725
  """
666
726
  return pulumi.get(self, "rotation_window")
667
727
 
728
+ @property
729
+ @pulumi.getter(name="selfManagedPassword")
730
+ def self_managed_password(self) -> pulumi.Output[Optional[str]]:
731
+ """
732
+ The password corresponding to the username in the database.
733
+ Required when using the Rootless Password Rotation workflow for static roles. Only enabled for
734
+ select DB engines (Postgres). Requires Vault 1.18+ Enterprise.
735
+ """
736
+ return pulumi.get(self, "self_managed_password")
737
+
668
738
  @property
669
739
  @pulumi.getter
670
740
  def username(self) -> pulumi.Output[str]: