pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl

pulumi_vault/identity/oidc_role.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['OidcRoleArgs', 'OidcRole']
@@ -29,7 +34,7 @@ class OidcRoleArgs:
         :param pulumi.Input[str] name: Name of the OIDC Role to create.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] template: The template string to use for generating tokens. This may be in
                string-ified JSON or base64 format. See the
@@ -93,7 +98,7 @@ class OidcRoleArgs:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -148,7 +153,7 @@ class _OidcRoleState:
         :param pulumi.Input[str] name: Name of the OIDC Role to create.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] template: The template string to use for generating tokens. This may be in
                string-ified JSON or base64 format. See the
@@ -213,7 +218,7 @@ class _OidcRoleState:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -270,38 +275,42 @@ class OidcRole(pulumi.CustomResource):
         exist before the role can be used to issue tokens. You must also configure the key with the
         role's Client ID to allow the role to use the key.
 
-        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
         config = pulumi.Config()
+        # Name of the OIDC Key
         key = config.get("key")
         if key is None:
             key = "key"
-        role = vault.identity.OidcRole("role", key=key)
-        key_oidc_key = vault.identity.OidcKey("keyOidcKey",
+        role = vault.identity.OidcRole("role",
+            name="role",
+            key=key)
+        key_oidc_key = vault.identity.OidcKey("key",
+            name=key,
             algorithm="RS256",
             allowed_client_ids=[role.client_id])
         ```
-        <!--End PulumiCodeChooser -->
 
         If you want to create the key first before creating the role, you can use a separate
         resource to configure the allowed Client ID on
         the key.
 
-        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
-        key = vault.identity.OidcKey("key", algorithm="RS256")
-        role_oidc_role = vault.identity.OidcRole("roleOidcRole", key=key.name)
-        role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("roleOidcKeyAllowedClientID",
+        key = vault.identity.OidcKey("key",
+            name="key",
+            algorithm="RS256")
+        role = vault.identity.OidcRole("role",
+            name="role",
+            key=key.name)
+        role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
             key_name=key.name,
-            allowed_client_id=role_oidc_role.client_id)
+            allowed_client_id=role.client_id)
         ```
-        <!--End PulumiCodeChooser -->
 
         ## Import
 
@@ -320,7 +329,7 @@ class OidcRole(pulumi.CustomResource):
         :param pulumi.Input[str] name: Name of the OIDC Role to create.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] template: The template string to use for generating tokens. This may be in
                string-ified JSON or base64 format. See the
@@ -342,38 +351,42 @@ class OidcRole(pulumi.CustomResource):
         exist before the role can be used to issue tokens. You must also configure the key with the
         role's Client ID to allow the role to use the key.
 
-        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
         config = pulumi.Config()
+        # Name of the OIDC Key
         key = config.get("key")
         if key is None:
             key = "key"
-        role = vault.identity.OidcRole("role", key=key)
-        key_oidc_key = vault.identity.OidcKey("keyOidcKey",
+        role = vault.identity.OidcRole("role",
+            name="role",
+            key=key)
+        key_oidc_key = vault.identity.OidcKey("key",
+            name=key,
             algorithm="RS256",
             allowed_client_ids=[role.client_id])
         ```
-        <!--End PulumiCodeChooser -->
 
         If you want to create the key first before creating the role, you can use a separate
         resource to configure the allowed Client ID on
         the key.
 
-        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
-        key = vault.identity.OidcKey("key", algorithm="RS256")
-        role_oidc_role = vault.identity.OidcRole("roleOidcRole", key=key.name)
-        role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("roleOidcKeyAllowedClientID",
+        key = vault.identity.OidcKey("key",
+            name="key",
+            algorithm="RS256")
+        role = vault.identity.OidcRole("role",
+            name="role",
+            key=key.name)
+        role_oidc_key_allowed_client_id = vault.identity.OidcKeyAllowedClientID("role",
             key_name=key.name,
-            allowed_client_id=role_oidc_role.client_id)
+            allowed_client_id=role.client_id)
         ```
-        <!--End PulumiCodeChooser -->
 
         ## Import
 
@@ -451,7 +464,7 @@ class OidcRole(pulumi.CustomResource):
         :param pulumi.Input[str] name: Name of the OIDC Role to create.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] template: The template string to use for generating tokens. This may be in
                string-ified JSON or base64 format. See the
@@ -503,7 +516,7 @@ class OidcRole(pulumi.CustomResource):
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")

pulumi_vault/identity/oidc_scope.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['OidcScopeArgs', 'OidcScope']
@@ -24,7 +29,7 @@ class OidcScopeArgs:
         :param pulumi.Input[str] name: The name of the scope. The `openid` scope name is reserved.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] template: The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.
         """
@@ -67,7 +72,7 @@ class OidcScopeArgs:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -102,7 +107,7 @@ class _OidcScopeState:
         :param pulumi.Input[str] name: The name of the scope. The `openid` scope name is reserved.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] template: The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.
         """
@@ -145,7 +150,7 @@ class _OidcScopeState:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -183,16 +188,15 @@ class OidcScope(pulumi.CustomResource):
 
         ## Example Usage
 
-        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
         groups = vault.identity.OidcScope("groups",
-            description="Vault OIDC Groups Scope",
-            template="{\\"groups\\":{{identity.entity.groups.names}}}")
+            name="groups",
+            template="{\\"groups\\":{{identity.entity.groups.names}}}",
+            description="Vault OIDC Groups Scope")
         ```
-        <!--End PulumiCodeChooser -->
 
         ## Import
 
@@ -208,7 +212,7 @@ class OidcScope(pulumi.CustomResource):
         :param pulumi.Input[str] name: The name of the scope. The `openid` scope name is reserved.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] template: The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.
         """
@@ -224,16 +228,15 @@ class OidcScope(pulumi.CustomResource):
 
         ## Example Usage
 
-        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
         groups = vault.identity.OidcScope("groups",
-            description="Vault OIDC Groups Scope",
-            template="{\\"groups\\":{{identity.entity.groups.names}}}")
+            name="groups",
+            template="{\\"groups\\":{{identity.entity.groups.names}}}",
+            description="Vault OIDC Groups Scope")
         ```
-        <!--End PulumiCodeChooser -->
 
         ## Import
 
@@ -300,7 +303,7 @@ class OidcScope(pulumi.CustomResource):
         :param pulumi.Input[str] name: The name of the scope. The `openid` scope name is reserved.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] template: The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.
         """
@@ -336,7 +339,7 @@ class OidcScope(pulumi.CustomResource):
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")

pulumi_vault/identity/outputs.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [
@@ -21,7 +26,7 @@ class GetEntityAliasResult(dict):
                  id: str,
                  last_update_time: str,
                  merged_from_canonical_ids: Sequence[str],
-                 metadata: Mapping[str, Any],
+                 metadata: Mapping[str, str],
                  mount_accessor: str,
                  mount_path: str,
                  mount_type: str,
@@ -32,7 +37,7 @@ class GetEntityAliasResult(dict):
         :param str id: ID of the alias
         :param str last_update_time: Last update time of the alias
         :param Sequence[str] merged_from_canonical_ids: List of canonical IDs merged with this alias
-        :param Mapping[str, Any] metadata: Arbitrary metadata
+        :param Mapping[str, str] metadata: Arbitrary metadata
         :param str mount_accessor: Authentication mount acccessor which this alias belongs to
         :param str mount_path: Authentication mount path which this alias belongs to
         :param str mount_type: Authentication mount type which this alias belongs to
@@ -91,7 +96,7 @@ class GetEntityAliasResult(dict):
 
     @property
     @pulumi.getter
-    def metadata(self) -> Mapping[str, Any]:
+    def metadata(self) -> Mapping[str, str]:
         """
         Arbitrary metadata
         """

pulumi_vault/jwt/_inputs.py

@@ -4,15 +4,70 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [
     'AuthBackendTuneArgs',
+    'AuthBackendTuneArgsDict',
 ]
 
+MYPY = False
+
+if not MYPY:
+    class AuthBackendTuneArgsDict(TypedDict):
+        allowed_response_headers: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        List of headers to whitelist and allowing
+        a plugin to include them in the response.
+        """
+        audit_non_hmac_request_keys: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        Specifies the list of keys that will
+        not be HMAC'd by audit devices in the request data object.
+        """
+        audit_non_hmac_response_keys: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        Specifies the list of keys that will
+        not be HMAC'd by audit devices in the response data object.
+        """
+        default_lease_ttl: NotRequired[pulumi.Input[str]]
+        """
+        Specifies the default time-to-live.
+        If set, this overrides the global default.
+        Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
+        """
+        listing_visibility: NotRequired[pulumi.Input[str]]
+        """
+        Specifies whether to show this mount in
+        the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
+        """
+        max_lease_ttl: NotRequired[pulumi.Input[str]]
+        """
+        Specifies the maximum time-to-live.
+        If set, this overrides the global default.
+        Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
+        """
+        passthrough_request_headers: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        List of headers to whitelist and
+        pass from the request to the backend.
+        """
+        token_type: NotRequired[pulumi.Input[str]]
+        """
+        Specifies the type of tokens that should be returned by
+        the mount. Valid values are "default-service", "default-batch", "service", "batch".
+        """
+elif False:
+    AuthBackendTuneArgsDict: TypeAlias = Mapping[str, Any]
+
 @pulumi.input_type
 class AuthBackendTuneArgs:
     def __init__(__self__, *,

pulumi_vault/jwt/auth_backend.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 from . import outputs
 from ._inputs import *
@@ -51,7 +56,7 @@ class AuthBackendArgs:
         :param pulumi.Input[bool] local: Specifies if the auth method is local only.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
                
@@ -226,7 +231,7 @@ class AuthBackendArgs:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -409,7 +414,7 @@ class _AuthBackendState:
         :param pulumi.Input[bool] local: Specifies if the auth method is local only.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
                
@@ -598,7 +603,7 @@ class _AuthBackendState:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -765,7 +770,7 @@ class AuthBackend(pulumi.CustomResource):
                  oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  path: Optional[pulumi.Input[str]] = None,
                  provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
-                 tune: Optional[pulumi.Input[pulumi.InputType['AuthBackendTuneArgs']]] = None,
+                 tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
                  type: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
@@ -776,43 +781,38 @@ class AuthBackend(pulumi.CustomResource):
 
         Manage JWT auth backend:
 
-        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
         example = vault.jwt.AuthBackend("example",
-            bound_issuer="https://myco.auth0.com/",
             description="Demonstration of the Terraform JWT auth backend",
+            path="jwt",
             oidc_discovery_url="https://myco.auth0.com/",
-            path="jwt")
+            bound_issuer="https://myco.auth0.com/")
         ```
-        <!--End PulumiCodeChooser -->
 
         Manage OIDC auth backend:
 
-        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
         example = vault.jwt.AuthBackend("example",
-            bound_issuer="https://myco.auth0.com/",
             description="Demonstration of the Terraform JWT auth backend",
+            path="oidc",
+            type="oidc",
+            oidc_discovery_url="https://myco.auth0.com/",
             oidc_client_id="1234567890",
             oidc_client_secret="secret123456",
-            oidc_discovery_url="https://myco.auth0.com/",
-            path="oidc",
-            tune=vault.jwt.AuthBackendTuneArgs(
-                listing_visibility="unauth",
-            ),
-            type="oidc")
+            bound_issuer="https://myco.auth0.com/",
+            tune={
+                "listing_visibility": "unauth",
+            })
         ```
-        <!--End PulumiCodeChooser -->
 
         Configuring the auth backend with a `provider_config:
 
-        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
@@ -821,15 +821,14 @@ class AuthBackend(pulumi.CustomResource):
             description="OIDC backend",
             oidc_discovery_url="https://accounts.google.com",
             path="oidc",
+            type="oidc",
             provider_config={
+                "provider": "gsuite",
                 "fetch_groups": "true",
                 "fetch_user_info": "true",
                 "groups_recurse_max_depth": "1",
-                "provider": "gsuite",
-            },
-            type="oidc")
+            })
         ```
-        <!--End PulumiCodeChooser -->
 
         ## Import
 
@@ -858,7 +857,7 @@ class AuthBackend(pulumi.CustomResource):
         :param pulumi.Input[bool] local: Specifies if the auth method is local only.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
                
@@ -889,43 +888,38 @@ class AuthBackend(pulumi.CustomResource):
 
         Manage JWT auth backend:
 
-        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
         example = vault.jwt.AuthBackend("example",
-            bound_issuer="https://myco.auth0.com/",
             description="Demonstration of the Terraform JWT auth backend",
+            path="jwt",
             oidc_discovery_url="https://myco.auth0.com/",
-            path="jwt")
+            bound_issuer="https://myco.auth0.com/")
         ```
-        <!--End PulumiCodeChooser -->
 
         Manage OIDC auth backend:
 
-        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
         example = vault.jwt.AuthBackend("example",
-            bound_issuer="https://myco.auth0.com/",
             description="Demonstration of the Terraform JWT auth backend",
+            path="oidc",
+            type="oidc",
+            oidc_discovery_url="https://myco.auth0.com/",
             oidc_client_id="1234567890",
             oidc_client_secret="secret123456",
-            oidc_discovery_url="https://myco.auth0.com/",
-            path="oidc",
-            tune=vault.jwt.AuthBackendTuneArgs(
-                listing_visibility="unauth",
-            ),
-            type="oidc")
+            bound_issuer="https://myco.auth0.com/",
+            tune={
+                "listing_visibility": "unauth",
+            })
         ```
-        <!--End PulumiCodeChooser -->
 
         Configuring the auth backend with a `provider_config:
 
-        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
@@ -934,15 +928,14 @@ class AuthBackend(pulumi.CustomResource):
             description="OIDC backend",
             oidc_discovery_url="https://accounts.google.com",
             path="oidc",
+            type="oidc",
             provider_config={
+                "provider": "gsuite",
                 "fetch_groups": "true",
                 "fetch_user_info": "true",
                 "groups_recurse_max_depth": "1",
-                "provider": "gsuite",
-            },
-            type="oidc")
+            })
         ```
-        <!--End PulumiCodeChooser -->
 
         ## Import
 
@@ -991,7 +984,7 @@ class AuthBackend(pulumi.CustomResource):
                  oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  path: Optional[pulumi.Input[str]] = None,
                  provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
-                 tune: Optional[pulumi.Input[pulumi.InputType['AuthBackendTuneArgs']]] = None,
+                 tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
                  type: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -1056,7 +1049,7 @@ class AuthBackend(pulumi.CustomResource):
             oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             path: Optional[pulumi.Input[str]] = None,
             provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
-            tune: Optional[pulumi.Input[pulumi.InputType['AuthBackendTuneArgs']]] = None,
+            tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
             type: Optional[pulumi.Input[str]] = None) -> 'AuthBackend':
         """
         Get an existing AuthBackend resource's state with the given name, id, and optional extra
@@ -1078,7 +1071,7 @@ class AuthBackend(pulumi.CustomResource):
         :param pulumi.Input[bool] local: Specifies if the auth method is local only.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
                
@@ -1210,7 +1203,7 @@ class AuthBackend(pulumi.CustomResource):
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")