pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +22 -7
  5. pulumi_vault/ad/secret_backend.py +14 -144
  6. pulumi_vault/ad/secret_library.py +14 -11
  7. pulumi_vault/ad/secret_role.py +12 -11
  8. pulumi_vault/alicloud/auth_backend_role.py +74 -192
  9. pulumi_vault/approle/auth_backend_login.py +12 -11
  10. pulumi_vault/approle/auth_backend_role.py +75 -193
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
  13. pulumi_vault/audit.py +24 -27
  14. pulumi_vault/audit_request_header.py +11 -6
  15. pulumi_vault/auth_backend.py +64 -12
  16. pulumi_vault/aws/auth_backend_cert.py +12 -7
  17. pulumi_vault/aws/auth_backend_client.py +265 -24
  18. pulumi_vault/aws/auth_backend_config_identity.py +12 -11
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +75 -193
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
  24. pulumi_vault/aws/auth_backend_sts_role.py +12 -11
  25. pulumi_vault/aws/get_access_credentials.py +34 -7
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +75 -7
  28. pulumi_vault/aws/secret_backend_role.py +183 -11
  29. pulumi_vault/aws/secret_backend_static_role.py +14 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +151 -17
  32. pulumi_vault/azure/auth_backend_role.py +75 -193
  33. pulumi_vault/azure/backend.py +223 -29
  34. pulumi_vault/azure/backend_role.py +42 -41
  35. pulumi_vault/azure/get_access_credentials.py +39 -11
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -271
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +22 -25
  44. pulumi_vault/consul/secret_backend_role.py +14 -80
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +117 -114
  48. pulumi_vault/database/secret_backend_role.py +29 -24
  49. pulumi_vault/database/secret_backend_static_role.py +85 -15
  50. pulumi_vault/database/secrets_mount.py +425 -138
  51. pulumi_vault/egp_policy.py +16 -15
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +248 -35
  54. pulumi_vault/gcp/auth_backend_role.py +75 -271
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -9
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -16
  58. pulumi_vault/gcp/secret_impersonated_account.py +74 -17
  59. pulumi_vault/gcp/secret_roleset.py +29 -26
  60. pulumi_vault/gcp/secret_static_account.py +37 -34
  61. pulumi_vault/generic/endpoint.py +22 -21
  62. pulumi_vault/generic/get_secret.py +68 -12
  63. pulumi_vault/generic/secret.py +19 -14
  64. pulumi_vault/get_auth_backend.py +24 -11
  65. pulumi_vault/get_auth_backends.py +33 -11
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -15
  69. pulumi_vault/get_policy_document.py +34 -23
  70. pulumi_vault/get_raft_autopilot_state.py +29 -14
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +17 -16
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +14 -13
  75. pulumi_vault/github/user.py +14 -13
  76. pulumi_vault/identity/entity.py +18 -15
  77. pulumi_vault/identity/entity_alias.py +18 -15
  78. pulumi_vault/identity/entity_policies.py +24 -19
  79. pulumi_vault/identity/get_entity.py +40 -14
  80. pulumi_vault/identity/get_group.py +45 -13
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -11
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -13
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -14
  84. pulumi_vault/identity/group.py +50 -49
  85. pulumi_vault/identity/group_alias.py +14 -11
  86. pulumi_vault/identity/group_member_entity_ids.py +24 -74
  87. pulumi_vault/identity/group_member_group_ids.py +36 -27
  88. pulumi_vault/identity/group_policies.py +16 -15
  89. pulumi_vault/identity/mfa_duo.py +9 -8
  90. pulumi_vault/identity/mfa_login_enforcement.py +13 -8
  91. pulumi_vault/identity/mfa_okta.py +9 -8
  92. pulumi_vault/identity/mfa_pingid.py +5 -4
  93. pulumi_vault/identity/mfa_totp.py +5 -4
  94. pulumi_vault/identity/oidc.py +12 -11
  95. pulumi_vault/identity/oidc_assignment.py +22 -13
  96. pulumi_vault/identity/oidc_client.py +34 -25
  97. pulumi_vault/identity/oidc_key.py +28 -19
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
  99. pulumi_vault/identity/oidc_provider.py +34 -23
  100. pulumi_vault/identity/oidc_role.py +40 -27
  101. pulumi_vault/identity/oidc_scope.py +18 -15
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +39 -46
  105. pulumi_vault/jwt/auth_backend_role.py +131 -260
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +22 -21
  108. pulumi_vault/kmip/secret_role.py +12 -11
  109. pulumi_vault/kmip/secret_scope.py +12 -11
  110. pulumi_vault/kubernetes/auth_backend_config.py +55 -7
  111. pulumi_vault/kubernetes/auth_backend_role.py +68 -179
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -15
  115. pulumi_vault/kubernetes/secret_backend.py +314 -29
  116. pulumi_vault/kubernetes/secret_backend_role.py +135 -56
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +23 -12
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
  120. pulumi_vault/kv/get_secret_v2.py +89 -9
  121. pulumi_vault/kv/get_secrets_list.py +22 -15
  122. pulumi_vault/kv/get_secrets_list_v2.py +35 -19
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +19 -18
  125. pulumi_vault/kv/secret_backend_v2.py +12 -11
  126. pulumi_vault/kv/secret_v2.py +55 -52
  127. pulumi_vault/ldap/auth_backend.py +125 -168
  128. pulumi_vault/ldap/auth_backend_group.py +12 -11
  129. pulumi_vault/ldap/auth_backend_user.py +12 -11
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +352 -84
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +14 -11
  135. pulumi_vault/ldap/secret_backend_static_role.py +67 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +27 -43
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +16 -13
  140. pulumi_vault/mfa_okta.py +16 -13
  141. pulumi_vault/mfa_pingid.py +16 -13
  142. pulumi_vault/mfa_totp.py +22 -19
  143. pulumi_vault/mongodbatlas/secret_backend.py +18 -17
  144. pulumi_vault/mongodbatlas/secret_role.py +41 -38
  145. pulumi_vault/mount.py +389 -65
  146. pulumi_vault/namespace.py +26 -21
  147. pulumi_vault/nomad_secret_backend.py +16 -15
  148. pulumi_vault/nomad_secret_role.py +12 -11
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +483 -41
  151. pulumi_vault/okta/auth_backend_group.py +12 -11
  152. pulumi_vault/okta/auth_backend_user.py +12 -11
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +18 -15
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -13
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -12
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
  174. pulumi_vault/pkisecret/secret_backend_key.py +12 -7
  175. pulumi_vault/pkisecret/secret_backend_role.py +19 -16
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +12 -7
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +58 -8
  185. pulumi_vault/quota_rate_limit.py +54 -4
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +16 -15
  189. pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
  190. pulumi_vault/raft_autopilot.py +12 -11
  191. pulumi_vault/raft_snapshot_agent_config.py +121 -311
  192. pulumi_vault/rgp_policy.py +14 -13
  193. pulumi_vault/saml/auth_backend.py +20 -19
  194. pulumi_vault/saml/auth_backend_role.py +90 -199
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -75
  199. pulumi_vault/secrets/sync_aws_destination.py +240 -29
  200. pulumi_vault/secrets/sync_azure_destination.py +90 -33
  201. pulumi_vault/secrets/sync_config.py +7 -6
  202. pulumi_vault/secrets/sync_gcp_destination.py +156 -27
  203. pulumi_vault/secrets/sync_gh_destination.py +187 -15
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +72 -15
  206. pulumi_vault/ssh/_inputs.py +28 -32
  207. pulumi_vault/ssh/outputs.py +11 -32
  208. pulumi_vault/ssh/secret_backend_ca.py +106 -11
  209. pulumi_vault/ssh/secret_backend_role.py +83 -120
  210. pulumi_vault/terraformcloud/secret_backend.py +5 -56
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -24
  212. pulumi_vault/terraformcloud/secret_role.py +14 -76
  213. pulumi_vault/token.py +26 -25
  214. pulumi_vault/tokenauth/auth_backend_role.py +76 -201
  215. pulumi_vault/transform/alphabet.py +16 -13
  216. pulumi_vault/transform/get_decode.py +45 -21
  217. pulumi_vault/transform/get_encode.py +45 -21
  218. pulumi_vault/transform/role.py +16 -13
  219. pulumi_vault/transform/template.py +30 -25
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -25
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +25 -97
  224. pulumi_vault/transit/secret_cache_config.py +12 -11
  225. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SecretImpersonatedAccountArgs', 'SecretImpersonatedAccount']
@@ -18,7 +23,8 @@ class SecretImpersonatedAccountArgs:
18
23
  impersonated_account: pulumi.Input[str],
19
24
  service_account_email: pulumi.Input[str],
20
25
  namespace: Optional[pulumi.Input[str]] = None,
21
- token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
26
+ token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
27
+ ttl: Optional[pulumi.Input[str]] = None):
22
28
  """
23
29
  The set of arguments for constructing a SecretImpersonatedAccount resource.
24
30
  :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
@@ -26,6 +32,8 @@ class SecretImpersonatedAccountArgs:
26
32
  :param pulumi.Input[str] service_account_email: Email of the GCP service account to impersonate.
27
33
  :param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
28
34
  :param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to access tokens generated under this impersonated account.
35
+ :param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
36
+ Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
29
37
  """
30
38
  pulumi.set(__self__, "backend", backend)
31
39
  pulumi.set(__self__, "impersonated_account", impersonated_account)
@@ -34,6 +42,8 @@ class SecretImpersonatedAccountArgs:
34
42
  pulumi.set(__self__, "namespace", namespace)
35
43
  if token_scopes is not None:
36
44
  pulumi.set(__self__, "token_scopes", token_scopes)
45
+ if ttl is not None:
46
+ pulumi.set(__self__, "ttl", ttl)
37
47
 
38
48
  @property
39
49
  @pulumi.getter
@@ -95,6 +105,19 @@ class SecretImpersonatedAccountArgs:
95
105
  def token_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
96
106
  pulumi.set(self, "token_scopes", value)
97
107
 
108
+ @property
109
+ @pulumi.getter
110
+ def ttl(self) -> Optional[pulumi.Input[str]]:
111
+ """
112
+ Specifies the default TTL for service principals generated using this role.
113
+ Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
114
+ """
115
+ return pulumi.get(self, "ttl")
116
+
117
+ @ttl.setter
118
+ def ttl(self, value: Optional[pulumi.Input[str]]):
119
+ pulumi.set(self, "ttl", value)
120
+
98
121
 
99
122
  @pulumi.input_type
100
123
  class _SecretImpersonatedAccountState:
@@ -104,7 +127,8 @@ class _SecretImpersonatedAccountState:
104
127
  namespace: Optional[pulumi.Input[str]] = None,
105
128
  service_account_email: Optional[pulumi.Input[str]] = None,
106
129
  service_account_project: Optional[pulumi.Input[str]] = None,
107
- token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
130
+ token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
131
+ ttl: Optional[pulumi.Input[str]] = None):
108
132
  """
109
133
  Input properties used for looking up and filtering SecretImpersonatedAccount resources.
110
134
  :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
@@ -113,6 +137,8 @@ class _SecretImpersonatedAccountState:
113
137
  :param pulumi.Input[str] service_account_email: Email of the GCP service account to impersonate.
114
138
  :param pulumi.Input[str] service_account_project: Project the service account belongs to.
115
139
  :param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to access tokens generated under this impersonated account.
140
+ :param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
141
+ Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
116
142
  """
117
143
  if backend is not None:
118
144
  pulumi.set(__self__, "backend", backend)
@@ -126,6 +152,8 @@ class _SecretImpersonatedAccountState:
126
152
  pulumi.set(__self__, "service_account_project", service_account_project)
127
153
  if token_scopes is not None:
128
154
  pulumi.set(__self__, "token_scopes", token_scopes)
155
+ if ttl is not None:
156
+ pulumi.set(__self__, "ttl", ttl)
129
157
 
130
158
  @property
131
159
  @pulumi.getter
@@ -199,6 +227,19 @@ class _SecretImpersonatedAccountState:
199
227
  def token_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
200
228
  pulumi.set(self, "token_scopes", value)
201
229
 
230
+ @property
231
+ @pulumi.getter
232
+ def ttl(self) -> Optional[pulumi.Input[str]]:
233
+ """
234
+ Specifies the default TTL for service principals generated using this role.
235
+ Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
236
+ """
237
+ return pulumi.get(self, "ttl")
238
+
239
+ @ttl.setter
240
+ def ttl(self, value: Optional[pulumi.Input[str]]):
241
+ pulumi.set(self, "ttl", value)
242
+
202
243
 
203
244
  class SecretImpersonatedAccount(pulumi.CustomResource):
204
245
  @overload
@@ -210,6 +251,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
210
251
  namespace: Optional[pulumi.Input[str]] = None,
211
252
  service_account_email: Optional[pulumi.Input[str]] = None,
212
253
  token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
254
+ ttl: Optional[pulumi.Input[str]] = None,
213
255
  __props__=None):
214
256
  """
215
257
  Creates a Impersonated Account in the [GCP Secrets Engine](https://www.vaultproject.io/docs/secrets/gcp/index.html) for Vault.
@@ -219,23 +261,22 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
219
261
 
220
262
  ## Example Usage
221
263
 
222
- <!--Start PulumiCodeChooser -->
223
264
  ```python
224
265
  import pulumi
225
- import pulumi_gcp as gcp
266
+ import pulumi_google as google
267
+ import pulumi_std as std
226
268
  import pulumi_vault as vault
227
269
 
228
- this = gcp.service_account.Account("this", account_id="my-awesome-account")
270
+ this = google.index.ServiceAccount("this", account_id=my-awesome-account)
229
271
  gcp = vault.gcp.SecretBackend("gcp",
230
272
  path="gcp",
231
- credentials=(lambda path: open(path).read())("credentials.json"))
232
- impersonated_account = vault.gcp.SecretImpersonatedAccount("impersonatedAccount",
273
+ credentials=std.file(input="credentials.json").result)
274
+ impersonated_account = vault.gcp.SecretImpersonatedAccount("impersonated_account",
233
275
  backend=gcp.path,
234
276
  impersonated_account="this",
235
- service_account_email=this.email,
277
+ service_account_email=this["email"],
236
278
  token_scopes=["https://www.googleapis.com/auth/cloud-platform"])
237
279
  ```
238
- <!--End PulumiCodeChooser -->
239
280
 
240
281
  ## Import
241
282
 
@@ -252,6 +293,8 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
252
293
  :param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
253
294
  :param pulumi.Input[str] service_account_email: Email of the GCP service account to impersonate.
254
295
  :param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to access tokens generated under this impersonated account.
296
+ :param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
297
+ Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
255
298
  """
256
299
  ...
257
300
  @overload
@@ -267,23 +310,22 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
267
310
 
268
311
  ## Example Usage
269
312
 
270
- <!--Start PulumiCodeChooser -->
271
313
  ```python
272
314
  import pulumi
273
- import pulumi_gcp as gcp
315
+ import pulumi_google as google
316
+ import pulumi_std as std
274
317
  import pulumi_vault as vault
275
318
 
276
- this = gcp.service_account.Account("this", account_id="my-awesome-account")
319
+ this = google.index.ServiceAccount("this", account_id=my-awesome-account)
277
320
  gcp = vault.gcp.SecretBackend("gcp",
278
321
  path="gcp",
279
- credentials=(lambda path: open(path).read())("credentials.json"))
280
- impersonated_account = vault.gcp.SecretImpersonatedAccount("impersonatedAccount",
322
+ credentials=std.file(input="credentials.json").result)
323
+ impersonated_account = vault.gcp.SecretImpersonatedAccount("impersonated_account",
281
324
  backend=gcp.path,
282
325
  impersonated_account="this",
283
- service_account_email=this.email,
326
+ service_account_email=this["email"],
284
327
  token_scopes=["https://www.googleapis.com/auth/cloud-platform"])
285
328
  ```
286
- <!--End PulumiCodeChooser -->
287
329
 
288
330
  ## Import
289
331
 
@@ -313,6 +355,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
313
355
  namespace: Optional[pulumi.Input[str]] = None,
314
356
  service_account_email: Optional[pulumi.Input[str]] = None,
315
357
  token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
358
+ ttl: Optional[pulumi.Input[str]] = None,
316
359
  __props__=None):
317
360
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
318
361
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -333,6 +376,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
333
376
  raise TypeError("Missing required property 'service_account_email'")
334
377
  __props__.__dict__["service_account_email"] = service_account_email
335
378
  __props__.__dict__["token_scopes"] = token_scopes
379
+ __props__.__dict__["ttl"] = ttl
336
380
  __props__.__dict__["service_account_project"] = None
337
381
  super(SecretImpersonatedAccount, __self__).__init__(
338
382
  'vault:gcp/secretImpersonatedAccount:SecretImpersonatedAccount',
@@ -349,7 +393,8 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
349
393
  namespace: Optional[pulumi.Input[str]] = None,
350
394
  service_account_email: Optional[pulumi.Input[str]] = None,
351
395
  service_account_project: Optional[pulumi.Input[str]] = None,
352
- token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None) -> 'SecretImpersonatedAccount':
396
+ token_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
397
+ ttl: Optional[pulumi.Input[str]] = None) -> 'SecretImpersonatedAccount':
353
398
  """
354
399
  Get an existing SecretImpersonatedAccount resource's state with the given name, id, and optional extra
355
400
  properties used to qualify the lookup.
@@ -363,6 +408,8 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
363
408
  :param pulumi.Input[str] service_account_email: Email of the GCP service account to impersonate.
364
409
  :param pulumi.Input[str] service_account_project: Project the service account belongs to.
365
410
  :param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to access tokens generated under this impersonated account.
411
+ :param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
412
+ Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
366
413
  """
367
414
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
368
415
 
@@ -374,6 +421,7 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
374
421
  __props__.__dict__["service_account_email"] = service_account_email
375
422
  __props__.__dict__["service_account_project"] = service_account_project
376
423
  __props__.__dict__["token_scopes"] = token_scopes
424
+ __props__.__dict__["ttl"] = ttl
377
425
  return SecretImpersonatedAccount(resource_name, opts=opts, __props__=__props__)
378
426
 
379
427
  @property
@@ -424,3 +472,12 @@ class SecretImpersonatedAccount(pulumi.CustomResource):
424
472
  """
425
473
  return pulumi.get(self, "token_scopes")
426
474
 
475
+ @property
476
+ @pulumi.getter
477
+ def ttl(self) -> pulumi.Output[str]:
478
+ """
479
+ Specifies the default TTL for service principals generated using this role.
480
+ Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
481
+ """
482
+ return pulumi.get(self, "ttl")
483
+
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
  from . import outputs
12
17
  from ._inputs import *
@@ -31,7 +36,7 @@ class SecretRolesetArgs:
31
36
  :param pulumi.Input[str] roleset: Name of the Roleset to create
32
37
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
33
38
  The value should not contain leading or trailing forward slashes.
34
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
39
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
35
40
  *Available only for Vault Enterprise*.
36
41
  :param pulumi.Input[str] secret_type: Type of secret generated for this role set. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
37
42
  :param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to `access_token` secrets generated under this role set (`access_token` role sets only).
@@ -101,7 +106,7 @@ class SecretRolesetArgs:
101
106
  """
102
107
  The namespace to provision the resource in.
103
108
  The value should not contain leading or trailing forward slashes.
104
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
109
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
105
110
  *Available only for Vault Enterprise*.
106
111
  """
107
112
  return pulumi.get(self, "namespace")
@@ -152,7 +157,7 @@ class _SecretRolesetState:
152
157
  :param pulumi.Input[Sequence[pulumi.Input['SecretRolesetBindingArgs']]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
153
158
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
154
159
  The value should not contain leading or trailing forward slashes.
155
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
160
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
156
161
  *Available only for Vault Enterprise*.
157
162
  :param pulumi.Input[str] project: Name of the GCP project that this roleset's service account will belong to.
158
163
  :param pulumi.Input[str] roleset: Name of the Roleset to create
@@ -207,7 +212,7 @@ class _SecretRolesetState:
207
212
  """
208
213
  The namespace to provision the resource in.
209
214
  The value should not contain leading or trailing forward slashes.
210
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
215
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
211
216
  *Available only for Vault Enterprise*.
212
217
  """
213
218
  return pulumi.get(self, "namespace")
@@ -283,7 +288,7 @@ class SecretRoleset(pulumi.CustomResource):
283
288
  resource_name: str,
284
289
  opts: Optional[pulumi.ResourceOptions] = None,
285
290
  backend: Optional[pulumi.Input[str]] = None,
286
- bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretRolesetBindingArgs']]]]] = None,
291
+ bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]]] = None,
287
292
  namespace: Optional[pulumi.Input[str]] = None,
288
293
  project: Optional[pulumi.Input[str]] = None,
289
294
  roleset: Optional[pulumi.Input[str]] = None,
@@ -297,27 +302,26 @@ class SecretRoleset(pulumi.CustomResource):
297
302
 
298
303
  ## Example Usage
299
304
 
300
- <!--Start PulumiCodeChooser -->
301
305
  ```python
302
306
  import pulumi
307
+ import pulumi_std as std
303
308
  import pulumi_vault as vault
304
309
 
305
310
  project = "my-awesome-project"
306
311
  gcp = vault.gcp.SecretBackend("gcp",
307
312
  path="gcp",
308
- credentials=(lambda path: open(path).read())("credentials.json"))
313
+ credentials=std.file(input="credentials.json").result)
309
314
  roleset = vault.gcp.SecretRoleset("roleset",
310
315
  backend=gcp.path,
311
316
  roleset="project_viewer",
312
317
  secret_type="access_token",
313
318
  project=project,
314
319
  token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
315
- bindings=[vault.gcp.SecretRolesetBindingArgs(
316
- resource=f"//cloudresourcemanager.googleapis.com/projects/{project}",
317
- roles=["roles/viewer"],
318
- )])
320
+ bindings=[{
321
+ "resource": f"//cloudresourcemanager.googleapis.com/projects/{project}",
322
+ "roles": ["roles/viewer"],
323
+ }])
319
324
  ```
320
- <!--End PulumiCodeChooser -->
321
325
 
322
326
  ## Import
323
327
 
@@ -330,10 +334,10 @@ class SecretRoleset(pulumi.CustomResource):
330
334
  :param str resource_name: The name of the resource.
331
335
  :param pulumi.ResourceOptions opts: Options for the resource.
332
336
  :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
333
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretRolesetBindingArgs']]]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
337
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
334
338
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
335
339
  The value should not contain leading or trailing forward slashes.
336
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
340
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
337
341
  *Available only for Vault Enterprise*.
338
342
  :param pulumi.Input[str] project: Name of the GCP project that this roleset's service account will belong to.
339
343
  :param pulumi.Input[str] roleset: Name of the Roleset to create
@@ -353,27 +357,26 @@ class SecretRoleset(pulumi.CustomResource):
353
357
 
354
358
  ## Example Usage
355
359
 
356
- <!--Start PulumiCodeChooser -->
357
360
  ```python
358
361
  import pulumi
362
+ import pulumi_std as std
359
363
  import pulumi_vault as vault
360
364
 
361
365
  project = "my-awesome-project"
362
366
  gcp = vault.gcp.SecretBackend("gcp",
363
367
  path="gcp",
364
- credentials=(lambda path: open(path).read())("credentials.json"))
368
+ credentials=std.file(input="credentials.json").result)
365
369
  roleset = vault.gcp.SecretRoleset("roleset",
366
370
  backend=gcp.path,
367
371
  roleset="project_viewer",
368
372
  secret_type="access_token",
369
373
  project=project,
370
374
  token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
371
- bindings=[vault.gcp.SecretRolesetBindingArgs(
372
- resource=f"//cloudresourcemanager.googleapis.com/projects/{project}",
373
- roles=["roles/viewer"],
374
- )])
375
+ bindings=[{
376
+ "resource": f"//cloudresourcemanager.googleapis.com/projects/{project}",
377
+ "roles": ["roles/viewer"],
378
+ }])
375
379
  ```
376
- <!--End PulumiCodeChooser -->
377
380
 
378
381
  ## Import
379
382
 
@@ -399,7 +402,7 @@ class SecretRoleset(pulumi.CustomResource):
399
402
  resource_name: str,
400
403
  opts: Optional[pulumi.ResourceOptions] = None,
401
404
  backend: Optional[pulumi.Input[str]] = None,
402
- bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretRolesetBindingArgs']]]]] = None,
405
+ bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]]] = None,
403
406
  namespace: Optional[pulumi.Input[str]] = None,
404
407
  project: Optional[pulumi.Input[str]] = None,
405
408
  roleset: Optional[pulumi.Input[str]] = None,
@@ -441,7 +444,7 @@ class SecretRoleset(pulumi.CustomResource):
441
444
  id: pulumi.Input[str],
442
445
  opts: Optional[pulumi.ResourceOptions] = None,
443
446
  backend: Optional[pulumi.Input[str]] = None,
444
- bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretRolesetBindingArgs']]]]] = None,
447
+ bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]]] = None,
445
448
  namespace: Optional[pulumi.Input[str]] = None,
446
449
  project: Optional[pulumi.Input[str]] = None,
447
450
  roleset: Optional[pulumi.Input[str]] = None,
@@ -456,10 +459,10 @@ class SecretRoleset(pulumi.CustomResource):
456
459
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
457
460
  :param pulumi.ResourceOptions opts: Options for the resource.
458
461
  :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
459
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretRolesetBindingArgs']]]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
462
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
460
463
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
461
464
  The value should not contain leading or trailing forward slashes.
462
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
465
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
463
466
  *Available only for Vault Enterprise*.
464
467
  :param pulumi.Input[str] project: Name of the GCP project that this roleset's service account will belong to.
465
468
  :param pulumi.Input[str] roleset: Name of the Roleset to create
@@ -503,7 +506,7 @@ class SecretRoleset(pulumi.CustomResource):
503
506
  """
504
507
  The namespace to provision the resource in.
505
508
  The value should not contain leading or trailing forward slashes.
506
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
509
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
507
510
  *Available only for Vault Enterprise*.
508
511
  """
509
512
  return pulumi.get(self, "namespace")
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
  from . import outputs
12
17
  from ._inputs import *
@@ -31,7 +36,7 @@ class SecretStaticAccountArgs:
31
36
  :param pulumi.Input[Sequence[pulumi.Input['SecretStaticAccountBindingArgs']]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
32
37
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
33
38
  The value should not contain leading or trailing forward slashes.
34
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
39
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
35
40
  *Available only for Vault Enterprise*.
36
41
  :param pulumi.Input[str] secret_type: Type of secret generated for this static account. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
37
42
  :param pulumi.Input[Sequence[pulumi.Input[str]]] token_scopes: List of OAuth scopes to assign to `access_token` secrets generated under this static account (`access_token` static accounts only).
@@ -102,7 +107,7 @@ class SecretStaticAccountArgs:
102
107
  """
103
108
  The namespace to provision the resource in.
104
109
  The value should not contain leading or trailing forward slashes.
105
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
110
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
106
111
  *Available only for Vault Enterprise*.
107
112
  """
108
113
  return pulumi.get(self, "namespace")
@@ -153,7 +158,7 @@ class _SecretStaticAccountState:
153
158
  :param pulumi.Input[Sequence[pulumi.Input['SecretStaticAccountBindingArgs']]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
154
159
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
155
160
  The value should not contain leading or trailing forward slashes.
156
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
161
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
157
162
  *Available only for Vault Enterprise*.
158
163
  :param pulumi.Input[str] secret_type: Type of secret generated for this static account. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
159
164
  :param pulumi.Input[str] service_account_email: Email of the GCP service account to manage.
@@ -208,7 +213,7 @@ class _SecretStaticAccountState:
208
213
  """
209
214
  The namespace to provision the resource in.
210
215
  The value should not contain leading or trailing forward slashes.
211
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
216
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
212
217
  *Available only for Vault Enterprise*.
213
218
  """
214
219
  return pulumi.get(self, "namespace")
@@ -284,7 +289,7 @@ class SecretStaticAccount(pulumi.CustomResource):
284
289
  resource_name: str,
285
290
  opts: Optional[pulumi.ResourceOptions] = None,
286
291
  backend: Optional[pulumi.Input[str]] = None,
287
- bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretStaticAccountBindingArgs']]]]] = None,
292
+ bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]]] = None,
288
293
  namespace: Optional[pulumi.Input[str]] = None,
289
294
  secret_type: Optional[pulumi.Input[str]] = None,
290
295
  service_account_email: Optional[pulumi.Input[str]] = None,
@@ -299,28 +304,27 @@ class SecretStaticAccount(pulumi.CustomResource):
299
304
 
300
305
  ## Example Usage
301
306
 
302
- <!--Start PulumiCodeChooser -->
303
307
  ```python
304
308
  import pulumi
305
- import pulumi_gcp as gcp
309
+ import pulumi_google as google
310
+ import pulumi_std as std
306
311
  import pulumi_vault as vault
307
312
 
308
- this = gcp.service_account.Account("this", account_id="my-awesome-account")
313
+ this = google.index.ServiceAccount("this", account_id=my-awesome-account)
309
314
  gcp = vault.gcp.SecretBackend("gcp",
310
315
  path="gcp",
311
- credentials=(lambda path: open(path).read())("credentials.json"))
312
- static_account = vault.gcp.SecretStaticAccount("staticAccount",
316
+ credentials=std.file(input="credentials.json").result)
317
+ static_account = vault.gcp.SecretStaticAccount("static_account",
313
318
  backend=gcp.path,
314
319
  static_account="project_viewer",
315
320
  secret_type="access_token",
316
321
  token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
317
- service_account_email=this.email,
318
- bindings=[vault.gcp.SecretStaticAccountBindingArgs(
319
- resource=this.project.apply(lambda project: f"//cloudresourcemanager.googleapis.com/projects/{project}"),
320
- roles=["roles/viewer"],
321
- )])
322
+ service_account_email=this["email"],
323
+ bindings=[{
324
+ "resource": f"//cloudresourcemanager.googleapis.com/projects/{this['project']}",
325
+ "roles": ["roles/viewer"],
326
+ }])
322
327
  ```
323
- <!--End PulumiCodeChooser -->
324
328
 
325
329
  ## Import
326
330
 
@@ -333,10 +337,10 @@ class SecretStaticAccount(pulumi.CustomResource):
333
337
  :param str resource_name: The name of the resource.
334
338
  :param pulumi.ResourceOptions opts: Options for the resource.
335
339
  :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
336
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretStaticAccountBindingArgs']]]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
340
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
337
341
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
338
342
  The value should not contain leading or trailing forward slashes.
339
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
343
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
340
344
  *Available only for Vault Enterprise*.
341
345
  :param pulumi.Input[str] secret_type: Type of secret generated for this static account. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
342
346
  :param pulumi.Input[str] service_account_email: Email of the GCP service account to manage.
@@ -357,28 +361,27 @@ class SecretStaticAccount(pulumi.CustomResource):
357
361
 
358
362
  ## Example Usage
359
363
 
360
- <!--Start PulumiCodeChooser -->
361
364
  ```python
362
365
  import pulumi
363
- import pulumi_gcp as gcp
366
+ import pulumi_google as google
367
+ import pulumi_std as std
364
368
  import pulumi_vault as vault
365
369
 
366
- this = gcp.service_account.Account("this", account_id="my-awesome-account")
370
+ this = google.index.ServiceAccount("this", account_id=my-awesome-account)
367
371
  gcp = vault.gcp.SecretBackend("gcp",
368
372
  path="gcp",
369
- credentials=(lambda path: open(path).read())("credentials.json"))
370
- static_account = vault.gcp.SecretStaticAccount("staticAccount",
373
+ credentials=std.file(input="credentials.json").result)
374
+ static_account = vault.gcp.SecretStaticAccount("static_account",
371
375
  backend=gcp.path,
372
376
  static_account="project_viewer",
373
377
  secret_type="access_token",
374
378
  token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
375
- service_account_email=this.email,
376
- bindings=[vault.gcp.SecretStaticAccountBindingArgs(
377
- resource=this.project.apply(lambda project: f"//cloudresourcemanager.googleapis.com/projects/{project}"),
378
- roles=["roles/viewer"],
379
- )])
379
+ service_account_email=this["email"],
380
+ bindings=[{
381
+ "resource": f"//cloudresourcemanager.googleapis.com/projects/{this['project']}",
382
+ "roles": ["roles/viewer"],
383
+ }])
380
384
  ```
381
- <!--End PulumiCodeChooser -->
382
385
 
383
386
  ## Import
384
387
 
@@ -404,7 +407,7 @@ class SecretStaticAccount(pulumi.CustomResource):
404
407
  resource_name: str,
405
408
  opts: Optional[pulumi.ResourceOptions] = None,
406
409
  backend: Optional[pulumi.Input[str]] = None,
407
- bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretStaticAccountBindingArgs']]]]] = None,
410
+ bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]]] = None,
408
411
  namespace: Optional[pulumi.Input[str]] = None,
409
412
  secret_type: Optional[pulumi.Input[str]] = None,
410
413
  service_account_email: Optional[pulumi.Input[str]] = None,
@@ -444,7 +447,7 @@ class SecretStaticAccount(pulumi.CustomResource):
444
447
  id: pulumi.Input[str],
445
448
  opts: Optional[pulumi.ResourceOptions] = None,
446
449
  backend: Optional[pulumi.Input[str]] = None,
447
- bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretStaticAccountBindingArgs']]]]] = None,
450
+ bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]]] = None,
448
451
  namespace: Optional[pulumi.Input[str]] = None,
449
452
  secret_type: Optional[pulumi.Input[str]] = None,
450
453
  service_account_email: Optional[pulumi.Input[str]] = None,
@@ -459,10 +462,10 @@ class SecretStaticAccount(pulumi.CustomResource):
459
462
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
460
463
  :param pulumi.ResourceOptions opts: Options for the resource.
461
464
  :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
462
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretStaticAccountBindingArgs']]]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
465
+ :param pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
463
466
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
464
467
  The value should not contain leading or trailing forward slashes.
465
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
468
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
466
469
  *Available only for Vault Enterprise*.
467
470
  :param pulumi.Input[str] secret_type: Type of secret generated for this static account. Accepted values: `access_token`, `service_account_key`. Defaults to `access_token`.
468
471
  :param pulumi.Input[str] service_account_email: Email of the GCP service account to manage.
@@ -506,7 +509,7 @@ class SecretStaticAccount(pulumi.CustomResource):
506
509
  """
507
510
  The namespace to provision the resource in.
508
511
  The value should not contain leading or trailing forward slashes.
509
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
512
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
510
513
  *Available only for Vault Enterprise*.
511
514
  """
512
515
  return pulumi.get(self, "namespace")