pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +22 -7
  5. pulumi_vault/ad/secret_backend.py +14 -144
  6. pulumi_vault/ad/secret_library.py +14 -11
  7. pulumi_vault/ad/secret_role.py +12 -11
  8. pulumi_vault/alicloud/auth_backend_role.py +74 -192
  9. pulumi_vault/approle/auth_backend_login.py +12 -11
  10. pulumi_vault/approle/auth_backend_role.py +75 -193
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
  13. pulumi_vault/audit.py +24 -27
  14. pulumi_vault/audit_request_header.py +11 -6
  15. pulumi_vault/auth_backend.py +64 -12
  16. pulumi_vault/aws/auth_backend_cert.py +12 -7
  17. pulumi_vault/aws/auth_backend_client.py +265 -24
  18. pulumi_vault/aws/auth_backend_config_identity.py +12 -11
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +75 -193
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
  24. pulumi_vault/aws/auth_backend_sts_role.py +12 -11
  25. pulumi_vault/aws/get_access_credentials.py +34 -7
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +75 -7
  28. pulumi_vault/aws/secret_backend_role.py +183 -11
  29. pulumi_vault/aws/secret_backend_static_role.py +14 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +151 -17
  32. pulumi_vault/azure/auth_backend_role.py +75 -193
  33. pulumi_vault/azure/backend.py +223 -29
  34. pulumi_vault/azure/backend_role.py +42 -41
  35. pulumi_vault/azure/get_access_credentials.py +39 -11
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -271
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +22 -25
  44. pulumi_vault/consul/secret_backend_role.py +14 -80
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +117 -114
  48. pulumi_vault/database/secret_backend_role.py +29 -24
  49. pulumi_vault/database/secret_backend_static_role.py +85 -15
  50. pulumi_vault/database/secrets_mount.py +425 -138
  51. pulumi_vault/egp_policy.py +16 -15
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +248 -35
  54. pulumi_vault/gcp/auth_backend_role.py +75 -271
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -9
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -16
  58. pulumi_vault/gcp/secret_impersonated_account.py +74 -17
  59. pulumi_vault/gcp/secret_roleset.py +29 -26
  60. pulumi_vault/gcp/secret_static_account.py +37 -34
  61. pulumi_vault/generic/endpoint.py +22 -21
  62. pulumi_vault/generic/get_secret.py +68 -12
  63. pulumi_vault/generic/secret.py +19 -14
  64. pulumi_vault/get_auth_backend.py +24 -11
  65. pulumi_vault/get_auth_backends.py +33 -11
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -15
  69. pulumi_vault/get_policy_document.py +34 -23
  70. pulumi_vault/get_raft_autopilot_state.py +29 -14
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +17 -16
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +14 -13
  75. pulumi_vault/github/user.py +14 -13
  76. pulumi_vault/identity/entity.py +18 -15
  77. pulumi_vault/identity/entity_alias.py +18 -15
  78. pulumi_vault/identity/entity_policies.py +24 -19
  79. pulumi_vault/identity/get_entity.py +40 -14
  80. pulumi_vault/identity/get_group.py +45 -13
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -11
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -13
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -14
  84. pulumi_vault/identity/group.py +50 -49
  85. pulumi_vault/identity/group_alias.py +14 -11
  86. pulumi_vault/identity/group_member_entity_ids.py +24 -74
  87. pulumi_vault/identity/group_member_group_ids.py +36 -27
  88. pulumi_vault/identity/group_policies.py +16 -15
  89. pulumi_vault/identity/mfa_duo.py +9 -8
  90. pulumi_vault/identity/mfa_login_enforcement.py +13 -8
  91. pulumi_vault/identity/mfa_okta.py +9 -8
  92. pulumi_vault/identity/mfa_pingid.py +5 -4
  93. pulumi_vault/identity/mfa_totp.py +5 -4
  94. pulumi_vault/identity/oidc.py +12 -11
  95. pulumi_vault/identity/oidc_assignment.py +22 -13
  96. pulumi_vault/identity/oidc_client.py +34 -25
  97. pulumi_vault/identity/oidc_key.py +28 -19
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
  99. pulumi_vault/identity/oidc_provider.py +34 -23
  100. pulumi_vault/identity/oidc_role.py +40 -27
  101. pulumi_vault/identity/oidc_scope.py +18 -15
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +39 -46
  105. pulumi_vault/jwt/auth_backend_role.py +131 -260
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +22 -21
  108. pulumi_vault/kmip/secret_role.py +12 -11
  109. pulumi_vault/kmip/secret_scope.py +12 -11
  110. pulumi_vault/kubernetes/auth_backend_config.py +55 -7
  111. pulumi_vault/kubernetes/auth_backend_role.py +68 -179
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -15
  115. pulumi_vault/kubernetes/secret_backend.py +314 -29
  116. pulumi_vault/kubernetes/secret_backend_role.py +135 -56
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +23 -12
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
  120. pulumi_vault/kv/get_secret_v2.py +89 -9
  121. pulumi_vault/kv/get_secrets_list.py +22 -15
  122. pulumi_vault/kv/get_secrets_list_v2.py +35 -19
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +19 -18
  125. pulumi_vault/kv/secret_backend_v2.py +12 -11
  126. pulumi_vault/kv/secret_v2.py +55 -52
  127. pulumi_vault/ldap/auth_backend.py +125 -168
  128. pulumi_vault/ldap/auth_backend_group.py +12 -11
  129. pulumi_vault/ldap/auth_backend_user.py +12 -11
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +352 -84
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +14 -11
  135. pulumi_vault/ldap/secret_backend_static_role.py +67 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +27 -43
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +16 -13
  140. pulumi_vault/mfa_okta.py +16 -13
  141. pulumi_vault/mfa_pingid.py +16 -13
  142. pulumi_vault/mfa_totp.py +22 -19
  143. pulumi_vault/mongodbatlas/secret_backend.py +18 -17
  144. pulumi_vault/mongodbatlas/secret_role.py +41 -38
  145. pulumi_vault/mount.py +389 -65
  146. pulumi_vault/namespace.py +26 -21
  147. pulumi_vault/nomad_secret_backend.py +16 -15
  148. pulumi_vault/nomad_secret_role.py +12 -11
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +483 -41
  151. pulumi_vault/okta/auth_backend_group.py +12 -11
  152. pulumi_vault/okta/auth_backend_user.py +12 -11
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +18 -15
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -13
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -12
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
  174. pulumi_vault/pkisecret/secret_backend_key.py +12 -7
  175. pulumi_vault/pkisecret/secret_backend_role.py +19 -16
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +12 -7
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +58 -8
  185. pulumi_vault/quota_rate_limit.py +54 -4
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +16 -15
  189. pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
  190. pulumi_vault/raft_autopilot.py +12 -11
  191. pulumi_vault/raft_snapshot_agent_config.py +121 -311
  192. pulumi_vault/rgp_policy.py +14 -13
  193. pulumi_vault/saml/auth_backend.py +20 -19
  194. pulumi_vault/saml/auth_backend_role.py +90 -199
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -75
  199. pulumi_vault/secrets/sync_aws_destination.py +240 -29
  200. pulumi_vault/secrets/sync_azure_destination.py +90 -33
  201. pulumi_vault/secrets/sync_config.py +7 -6
  202. pulumi_vault/secrets/sync_gcp_destination.py +156 -27
  203. pulumi_vault/secrets/sync_gh_destination.py +187 -15
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +72 -15
  206. pulumi_vault/ssh/_inputs.py +28 -32
  207. pulumi_vault/ssh/outputs.py +11 -32
  208. pulumi_vault/ssh/secret_backend_ca.py +106 -11
  209. pulumi_vault/ssh/secret_backend_role.py +83 -120
  210. pulumi_vault/terraformcloud/secret_backend.py +5 -56
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -24
  212. pulumi_vault/terraformcloud/secret_role.py +14 -76
  213. pulumi_vault/token.py +26 -25
  214. pulumi_vault/tokenauth/auth_backend_role.py +76 -201
  215. pulumi_vault/transform/alphabet.py +16 -13
  216. pulumi_vault/transform/get_decode.py +45 -21
  217. pulumi_vault/transform/get_encode.py +45 -21
  218. pulumi_vault/transform/role.py +16 -13
  219. pulumi_vault/transform/template.py +30 -25
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -25
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +25 -97
  224. pulumi_vault/transit/secret_cache_config.py +12 -11
  225. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
  from . import outputs
12
17
  from ._inputs import *
@@ -26,6 +31,15 @@ class AuthBackendArgs:
26
31
  namespace: Optional[pulumi.Input[str]] = None,
27
32
  path: Optional[pulumi.Input[str]] = None,
28
33
  token: Optional[pulumi.Input[str]] = None,
34
+ token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
35
+ token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
36
+ token_max_ttl: Optional[pulumi.Input[int]] = None,
37
+ token_no_default_policy: Optional[pulumi.Input[bool]] = None,
38
+ token_num_uses: Optional[pulumi.Input[int]] = None,
39
+ token_period: Optional[pulumi.Input[int]] = None,
40
+ token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
41
+ token_ttl: Optional[pulumi.Input[int]] = None,
42
+ token_type: Optional[pulumi.Input[str]] = None,
29
43
  ttl: Optional[pulumi.Input[str]] = None,
30
44
  users: Optional[pulumi.Input[Sequence[pulumi.Input['AuthBackendUserArgs']]]] = None):
31
45
  """
@@ -42,11 +56,20 @@ class AuthBackendArgs:
42
56
  [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
43
57
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
44
58
  The value should not contain leading or trailing forward slashes.
45
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
59
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
46
60
  *Available only for Vault Enterprise*.
47
61
  :param pulumi.Input[str] path: Path to mount the Okta auth backend. Default to path `okta`.
48
62
  :param pulumi.Input[str] token: The Okta API token. This is required to query Okta for user group membership.
49
63
  If this is not supplied only locally configured groups will be enabled.
64
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
65
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
66
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
67
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
68
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
69
+ :param pulumi.Input[int] token_period: Generated Token's Period
70
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
71
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
72
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
50
73
  :param pulumi.Input[str] ttl: Duration after which authentication will be expired.
51
74
  [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
52
75
  :param pulumi.Input[Sequence[pulumi.Input['AuthBackendUserArgs']]] users: Associate Okta users with groups or policies within Vault.
@@ -63,6 +86,9 @@ class AuthBackendArgs:
63
86
  pulumi.set(__self__, "disable_remount", disable_remount)
64
87
  if groups is not None:
65
88
  pulumi.set(__self__, "groups", groups)
89
+ if max_ttl is not None:
90
+ warnings.warn("""Deprecated. Please use `token_max_ttl` instead.""", DeprecationWarning)
91
+ pulumi.log.warn("""max_ttl is deprecated: Deprecated. Please use `token_max_ttl` instead.""")
66
92
  if max_ttl is not None:
67
93
  pulumi.set(__self__, "max_ttl", max_ttl)
68
94
  if namespace is not None:
@@ -71,6 +97,27 @@ class AuthBackendArgs:
71
97
  pulumi.set(__self__, "path", path)
72
98
  if token is not None:
73
99
  pulumi.set(__self__, "token", token)
100
+ if token_bound_cidrs is not None:
101
+ pulumi.set(__self__, "token_bound_cidrs", token_bound_cidrs)
102
+ if token_explicit_max_ttl is not None:
103
+ pulumi.set(__self__, "token_explicit_max_ttl", token_explicit_max_ttl)
104
+ if token_max_ttl is not None:
105
+ pulumi.set(__self__, "token_max_ttl", token_max_ttl)
106
+ if token_no_default_policy is not None:
107
+ pulumi.set(__self__, "token_no_default_policy", token_no_default_policy)
108
+ if token_num_uses is not None:
109
+ pulumi.set(__self__, "token_num_uses", token_num_uses)
110
+ if token_period is not None:
111
+ pulumi.set(__self__, "token_period", token_period)
112
+ if token_policies is not None:
113
+ pulumi.set(__self__, "token_policies", token_policies)
114
+ if token_ttl is not None:
115
+ pulumi.set(__self__, "token_ttl", token_ttl)
116
+ if token_type is not None:
117
+ pulumi.set(__self__, "token_type", token_type)
118
+ if ttl is not None:
119
+ warnings.warn("""Deprecated. Please use `token_ttl` instead.""", DeprecationWarning)
120
+ pulumi.log.warn("""ttl is deprecated: Deprecated. Please use `token_ttl` instead.""")
74
121
  if ttl is not None:
75
122
  pulumi.set(__self__, "ttl", ttl)
76
123
  if users is not None:
@@ -152,6 +199,7 @@ class AuthBackendArgs:
152
199
 
153
200
  @property
154
201
  @pulumi.getter(name="maxTtl")
202
+ @_utilities.deprecated("""Deprecated. Please use `token_max_ttl` instead.""")
155
203
  def max_ttl(self) -> Optional[pulumi.Input[str]]:
156
204
  """
157
205
  Maximum duration after which authentication will be expired
@@ -169,7 +217,7 @@ class AuthBackendArgs:
169
217
  """
170
218
  The namespace to provision the resource in.
171
219
  The value should not contain leading or trailing forward slashes.
172
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
220
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
173
221
  *Available only for Vault Enterprise*.
174
222
  """
175
223
  return pulumi.get(self, "namespace")
@@ -203,8 +251,117 @@ class AuthBackendArgs:
203
251
  def token(self, value: Optional[pulumi.Input[str]]):
204
252
  pulumi.set(self, "token", value)
205
253
 
254
+ @property
255
+ @pulumi.getter(name="tokenBoundCidrs")
256
+ def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
257
+ """
258
+ Specifies the blocks of IP addresses which are allowed to use the generated token
259
+ """
260
+ return pulumi.get(self, "token_bound_cidrs")
261
+
262
+ @token_bound_cidrs.setter
263
+ def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
264
+ pulumi.set(self, "token_bound_cidrs", value)
265
+
266
+ @property
267
+ @pulumi.getter(name="tokenExplicitMaxTtl")
268
+ def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
269
+ """
270
+ Generated Token's Explicit Maximum TTL in seconds
271
+ """
272
+ return pulumi.get(self, "token_explicit_max_ttl")
273
+
274
+ @token_explicit_max_ttl.setter
275
+ def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
276
+ pulumi.set(self, "token_explicit_max_ttl", value)
277
+
278
+ @property
279
+ @pulumi.getter(name="tokenMaxTtl")
280
+ def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
281
+ """
282
+ The maximum lifetime of the generated token
283
+ """
284
+ return pulumi.get(self, "token_max_ttl")
285
+
286
+ @token_max_ttl.setter
287
+ def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
288
+ pulumi.set(self, "token_max_ttl", value)
289
+
290
+ @property
291
+ @pulumi.getter(name="tokenNoDefaultPolicy")
292
+ def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
293
+ """
294
+ If true, the 'default' policy will not automatically be added to generated tokens
295
+ """
296
+ return pulumi.get(self, "token_no_default_policy")
297
+
298
+ @token_no_default_policy.setter
299
+ def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
300
+ pulumi.set(self, "token_no_default_policy", value)
301
+
302
+ @property
303
+ @pulumi.getter(name="tokenNumUses")
304
+ def token_num_uses(self) -> Optional[pulumi.Input[int]]:
305
+ """
306
+ The maximum number of times a token may be used, a value of zero means unlimited
307
+ """
308
+ return pulumi.get(self, "token_num_uses")
309
+
310
+ @token_num_uses.setter
311
+ def token_num_uses(self, value: Optional[pulumi.Input[int]]):
312
+ pulumi.set(self, "token_num_uses", value)
313
+
314
+ @property
315
+ @pulumi.getter(name="tokenPeriod")
316
+ def token_period(self) -> Optional[pulumi.Input[int]]:
317
+ """
318
+ Generated Token's Period
319
+ """
320
+ return pulumi.get(self, "token_period")
321
+
322
+ @token_period.setter
323
+ def token_period(self, value: Optional[pulumi.Input[int]]):
324
+ pulumi.set(self, "token_period", value)
325
+
326
+ @property
327
+ @pulumi.getter(name="tokenPolicies")
328
+ def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
329
+ """
330
+ Generated Token's Policies
331
+ """
332
+ return pulumi.get(self, "token_policies")
333
+
334
+ @token_policies.setter
335
+ def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
336
+ pulumi.set(self, "token_policies", value)
337
+
338
+ @property
339
+ @pulumi.getter(name="tokenTtl")
340
+ def token_ttl(self) -> Optional[pulumi.Input[int]]:
341
+ """
342
+ The initial ttl of the token to generate in seconds
343
+ """
344
+ return pulumi.get(self, "token_ttl")
345
+
346
+ @token_ttl.setter
347
+ def token_ttl(self, value: Optional[pulumi.Input[int]]):
348
+ pulumi.set(self, "token_ttl", value)
349
+
350
+ @property
351
+ @pulumi.getter(name="tokenType")
352
+ def token_type(self) -> Optional[pulumi.Input[str]]:
353
+ """
354
+ The type of token to generate, service or batch
355
+ """
356
+ return pulumi.get(self, "token_type")
357
+
358
+ @token_type.setter
359
+ def token_type(self, value: Optional[pulumi.Input[str]]):
360
+ pulumi.set(self, "token_type", value)
361
+
206
362
  @property
207
363
  @pulumi.getter
364
+ @_utilities.deprecated("""Deprecated. Please use `token_ttl` instead.""")
208
365
  def ttl(self) -> Optional[pulumi.Input[str]]:
209
366
  """
210
367
  Duration after which authentication will be expired.
@@ -244,6 +401,15 @@ class _AuthBackendState:
244
401
  organization: Optional[pulumi.Input[str]] = None,
245
402
  path: Optional[pulumi.Input[str]] = None,
246
403
  token: Optional[pulumi.Input[str]] = None,
404
+ token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
405
+ token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
406
+ token_max_ttl: Optional[pulumi.Input[int]] = None,
407
+ token_no_default_policy: Optional[pulumi.Input[bool]] = None,
408
+ token_num_uses: Optional[pulumi.Input[int]] = None,
409
+ token_period: Optional[pulumi.Input[int]] = None,
410
+ token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
411
+ token_ttl: Optional[pulumi.Input[int]] = None,
412
+ token_type: Optional[pulumi.Input[str]] = None,
247
413
  ttl: Optional[pulumi.Input[str]] = None,
248
414
  users: Optional[pulumi.Input[Sequence[pulumi.Input['AuthBackendUserArgs']]]] = None):
249
415
  """
@@ -260,12 +426,21 @@ class _AuthBackendState:
260
426
  [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
261
427
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
262
428
  The value should not contain leading or trailing forward slashes.
263
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
429
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
264
430
  *Available only for Vault Enterprise*.
265
431
  :param pulumi.Input[str] organization: The Okta organization. This will be the first part of the url `https://XXX.okta.com`
266
432
  :param pulumi.Input[str] path: Path to mount the Okta auth backend. Default to path `okta`.
267
433
  :param pulumi.Input[str] token: The Okta API token. This is required to query Okta for user group membership.
268
434
  If this is not supplied only locally configured groups will be enabled.
435
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
436
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
437
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
438
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
439
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
440
+ :param pulumi.Input[int] token_period: Generated Token's Period
441
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
442
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
443
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
269
444
  :param pulumi.Input[str] ttl: Duration after which authentication will be expired.
270
445
  [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
271
446
  :param pulumi.Input[Sequence[pulumi.Input['AuthBackendUserArgs']]] users: Associate Okta users with groups or policies within Vault.
@@ -283,6 +458,9 @@ class _AuthBackendState:
283
458
  pulumi.set(__self__, "disable_remount", disable_remount)
284
459
  if groups is not None:
285
460
  pulumi.set(__self__, "groups", groups)
461
+ if max_ttl is not None:
462
+ warnings.warn("""Deprecated. Please use `token_max_ttl` instead.""", DeprecationWarning)
463
+ pulumi.log.warn("""max_ttl is deprecated: Deprecated. Please use `token_max_ttl` instead.""")
286
464
  if max_ttl is not None:
287
465
  pulumi.set(__self__, "max_ttl", max_ttl)
288
466
  if namespace is not None:
@@ -293,6 +471,27 @@ class _AuthBackendState:
293
471
  pulumi.set(__self__, "path", path)
294
472
  if token is not None:
295
473
  pulumi.set(__self__, "token", token)
474
+ if token_bound_cidrs is not None:
475
+ pulumi.set(__self__, "token_bound_cidrs", token_bound_cidrs)
476
+ if token_explicit_max_ttl is not None:
477
+ pulumi.set(__self__, "token_explicit_max_ttl", token_explicit_max_ttl)
478
+ if token_max_ttl is not None:
479
+ pulumi.set(__self__, "token_max_ttl", token_max_ttl)
480
+ if token_no_default_policy is not None:
481
+ pulumi.set(__self__, "token_no_default_policy", token_no_default_policy)
482
+ if token_num_uses is not None:
483
+ pulumi.set(__self__, "token_num_uses", token_num_uses)
484
+ if token_period is not None:
485
+ pulumi.set(__self__, "token_period", token_period)
486
+ if token_policies is not None:
487
+ pulumi.set(__self__, "token_policies", token_policies)
488
+ if token_ttl is not None:
489
+ pulumi.set(__self__, "token_ttl", token_ttl)
490
+ if token_type is not None:
491
+ pulumi.set(__self__, "token_type", token_type)
492
+ if ttl is not None:
493
+ warnings.warn("""Deprecated. Please use `token_ttl` instead.""", DeprecationWarning)
494
+ pulumi.log.warn("""ttl is deprecated: Deprecated. Please use `token_ttl` instead.""")
296
495
  if ttl is not None:
297
496
  pulumi.set(__self__, "ttl", ttl)
298
497
  if users is not None:
@@ -374,6 +573,7 @@ class _AuthBackendState:
374
573
 
375
574
  @property
376
575
  @pulumi.getter(name="maxTtl")
576
+ @_utilities.deprecated("""Deprecated. Please use `token_max_ttl` instead.""")
377
577
  def max_ttl(self) -> Optional[pulumi.Input[str]]:
378
578
  """
379
579
  Maximum duration after which authentication will be expired
@@ -391,7 +591,7 @@ class _AuthBackendState:
391
591
  """
392
592
  The namespace to provision the resource in.
393
593
  The value should not contain leading or trailing forward slashes.
394
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
594
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
395
595
  *Available only for Vault Enterprise*.
396
596
  """
397
597
  return pulumi.get(self, "namespace")
@@ -437,8 +637,117 @@ class _AuthBackendState:
437
637
  def token(self, value: Optional[pulumi.Input[str]]):
438
638
  pulumi.set(self, "token", value)
439
639
 
640
+ @property
641
+ @pulumi.getter(name="tokenBoundCidrs")
642
+ def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
643
+ """
644
+ Specifies the blocks of IP addresses which are allowed to use the generated token
645
+ """
646
+ return pulumi.get(self, "token_bound_cidrs")
647
+
648
+ @token_bound_cidrs.setter
649
+ def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
650
+ pulumi.set(self, "token_bound_cidrs", value)
651
+
652
+ @property
653
+ @pulumi.getter(name="tokenExplicitMaxTtl")
654
+ def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
655
+ """
656
+ Generated Token's Explicit Maximum TTL in seconds
657
+ """
658
+ return pulumi.get(self, "token_explicit_max_ttl")
659
+
660
+ @token_explicit_max_ttl.setter
661
+ def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
662
+ pulumi.set(self, "token_explicit_max_ttl", value)
663
+
664
+ @property
665
+ @pulumi.getter(name="tokenMaxTtl")
666
+ def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
667
+ """
668
+ The maximum lifetime of the generated token
669
+ """
670
+ return pulumi.get(self, "token_max_ttl")
671
+
672
+ @token_max_ttl.setter
673
+ def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
674
+ pulumi.set(self, "token_max_ttl", value)
675
+
676
+ @property
677
+ @pulumi.getter(name="tokenNoDefaultPolicy")
678
+ def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
679
+ """
680
+ If true, the 'default' policy will not automatically be added to generated tokens
681
+ """
682
+ return pulumi.get(self, "token_no_default_policy")
683
+
684
+ @token_no_default_policy.setter
685
+ def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
686
+ pulumi.set(self, "token_no_default_policy", value)
687
+
688
+ @property
689
+ @pulumi.getter(name="tokenNumUses")
690
+ def token_num_uses(self) -> Optional[pulumi.Input[int]]:
691
+ """
692
+ The maximum number of times a token may be used, a value of zero means unlimited
693
+ """
694
+ return pulumi.get(self, "token_num_uses")
695
+
696
+ @token_num_uses.setter
697
+ def token_num_uses(self, value: Optional[pulumi.Input[int]]):
698
+ pulumi.set(self, "token_num_uses", value)
699
+
700
+ @property
701
+ @pulumi.getter(name="tokenPeriod")
702
+ def token_period(self) -> Optional[pulumi.Input[int]]:
703
+ """
704
+ Generated Token's Period
705
+ """
706
+ return pulumi.get(self, "token_period")
707
+
708
+ @token_period.setter
709
+ def token_period(self, value: Optional[pulumi.Input[int]]):
710
+ pulumi.set(self, "token_period", value)
711
+
712
+ @property
713
+ @pulumi.getter(name="tokenPolicies")
714
+ def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
715
+ """
716
+ Generated Token's Policies
717
+ """
718
+ return pulumi.get(self, "token_policies")
719
+
720
+ @token_policies.setter
721
+ def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
722
+ pulumi.set(self, "token_policies", value)
723
+
724
+ @property
725
+ @pulumi.getter(name="tokenTtl")
726
+ def token_ttl(self) -> Optional[pulumi.Input[int]]:
727
+ """
728
+ The initial ttl of the token to generate in seconds
729
+ """
730
+ return pulumi.get(self, "token_ttl")
731
+
732
+ @token_ttl.setter
733
+ def token_ttl(self, value: Optional[pulumi.Input[int]]):
734
+ pulumi.set(self, "token_ttl", value)
735
+
736
+ @property
737
+ @pulumi.getter(name="tokenType")
738
+ def token_type(self) -> Optional[pulumi.Input[str]]:
739
+ """
740
+ The type of token to generate, service or batch
741
+ """
742
+ return pulumi.get(self, "token_type")
743
+
744
+ @token_type.setter
745
+ def token_type(self, value: Optional[pulumi.Input[str]]):
746
+ pulumi.set(self, "token_type", value)
747
+
440
748
  @property
441
749
  @pulumi.getter
750
+ @_utilities.deprecated("""Deprecated. Please use `token_ttl` instead.""")
442
751
  def ttl(self) -> Optional[pulumi.Input[str]]:
443
752
  """
444
753
  Duration after which authentication will be expired.
@@ -473,14 +782,23 @@ class AuthBackend(pulumi.CustomResource):
473
782
  bypass_okta_mfa: Optional[pulumi.Input[bool]] = None,
474
783
  description: Optional[pulumi.Input[str]] = None,
475
784
  disable_remount: Optional[pulumi.Input[bool]] = None,
476
- groups: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['AuthBackendGroupArgs']]]]] = None,
785
+ groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendGroupArgs', 'AuthBackendGroupArgsDict']]]]] = None,
477
786
  max_ttl: Optional[pulumi.Input[str]] = None,
478
787
  namespace: Optional[pulumi.Input[str]] = None,
479
788
  organization: Optional[pulumi.Input[str]] = None,
480
789
  path: Optional[pulumi.Input[str]] = None,
481
790
  token: Optional[pulumi.Input[str]] = None,
791
+ token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
792
+ token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
793
+ token_max_ttl: Optional[pulumi.Input[int]] = None,
794
+ token_no_default_policy: Optional[pulumi.Input[bool]] = None,
795
+ token_num_uses: Optional[pulumi.Input[int]] = None,
796
+ token_period: Optional[pulumi.Input[int]] = None,
797
+ token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
798
+ token_ttl: Optional[pulumi.Input[int]] = None,
799
+ token_type: Optional[pulumi.Input[str]] = None,
482
800
  ttl: Optional[pulumi.Input[str]] = None,
483
- users: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['AuthBackendUserArgs']]]]] = None,
801
+ users: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendUserArgs', 'AuthBackendUserArgsDict']]]]] = None,
484
802
  __props__=None):
485
803
  """
486
804
  Provides a resource for managing an
@@ -488,28 +806,26 @@ class AuthBackend(pulumi.CustomResource):
488
806
 
489
807
  ## Example Usage
490
808
 
491
- <!--Start PulumiCodeChooser -->
492
809
  ```python
493
810
  import pulumi
494
811
  import pulumi_vault as vault
495
812
 
496
813
  example = vault.okta.AuthBackend("example",
497
814
  description="Demonstration of the Terraform Okta auth backend",
498
- groups=[vault.okta.AuthBackendGroupArgs(
499
- group_name="foo",
500
- policies=[
815
+ organization="example",
816
+ token="something that should be kept secret",
817
+ groups=[{
818
+ "group_name": "foo",
819
+ "policies": [
501
820
  "one",
502
821
  "two",
503
822
  ],
504
- )],
505
- organization="example",
506
- token="something that should be kept secret",
507
- users=[vault.okta.AuthBackendUserArgs(
508
- groups=["foo"],
509
- username="bar",
510
- )])
823
+ }],
824
+ users=[{
825
+ "username": "bar",
826
+ "groups": ["foo"],
827
+ }])
511
828
  ```
512
- <!--End PulumiCodeChooser -->
513
829
 
514
830
  ## Import
515
831
 
@@ -526,21 +842,30 @@ class AuthBackend(pulumi.CustomResource):
526
842
  :param pulumi.Input[str] description: The description of the auth backend
527
843
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
528
844
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
529
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['AuthBackendGroupArgs']]]] groups: Associate Okta groups with policies within Vault.
845
+ :param pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendGroupArgs', 'AuthBackendGroupArgsDict']]]] groups: Associate Okta groups with policies within Vault.
530
846
  See below for more details.
531
847
  :param pulumi.Input[str] max_ttl: Maximum duration after which authentication will be expired
532
848
  [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
533
849
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
534
850
  The value should not contain leading or trailing forward slashes.
535
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
851
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
536
852
  *Available only for Vault Enterprise*.
537
853
  :param pulumi.Input[str] organization: The Okta organization. This will be the first part of the url `https://XXX.okta.com`
538
854
  :param pulumi.Input[str] path: Path to mount the Okta auth backend. Default to path `okta`.
539
855
  :param pulumi.Input[str] token: The Okta API token. This is required to query Okta for user group membership.
540
856
  If this is not supplied only locally configured groups will be enabled.
857
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
858
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
859
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
860
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
861
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
862
+ :param pulumi.Input[int] token_period: Generated Token's Period
863
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
864
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
865
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
541
866
  :param pulumi.Input[str] ttl: Duration after which authentication will be expired.
542
867
  [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
543
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['AuthBackendUserArgs']]]] users: Associate Okta users with groups or policies within Vault.
868
+ :param pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendUserArgs', 'AuthBackendUserArgsDict']]]] users: Associate Okta users with groups or policies within Vault.
544
869
  See below for more details.
545
870
  """
546
871
  ...
@@ -555,28 +880,26 @@ class AuthBackend(pulumi.CustomResource):
555
880
 
556
881
  ## Example Usage
557
882
 
558
- <!--Start PulumiCodeChooser -->
559
883
  ```python
560
884
  import pulumi
561
885
  import pulumi_vault as vault
562
886
 
563
887
  example = vault.okta.AuthBackend("example",
564
888
  description="Demonstration of the Terraform Okta auth backend",
565
- groups=[vault.okta.AuthBackendGroupArgs(
566
- group_name="foo",
567
- policies=[
889
+ organization="example",
890
+ token="something that should be kept secret",
891
+ groups=[{
892
+ "group_name": "foo",
893
+ "policies": [
568
894
  "one",
569
895
  "two",
570
896
  ],
571
- )],
572
- organization="example",
573
- token="something that should be kept secret",
574
- users=[vault.okta.AuthBackendUserArgs(
575
- groups=["foo"],
576
- username="bar",
577
- )])
897
+ }],
898
+ users=[{
899
+ "username": "bar",
900
+ "groups": ["foo"],
901
+ }])
578
902
  ```
579
- <!--End PulumiCodeChooser -->
580
903
 
581
904
  ## Import
582
905
 
@@ -605,14 +928,23 @@ class AuthBackend(pulumi.CustomResource):
605
928
  bypass_okta_mfa: Optional[pulumi.Input[bool]] = None,
606
929
  description: Optional[pulumi.Input[str]] = None,
607
930
  disable_remount: Optional[pulumi.Input[bool]] = None,
608
- groups: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['AuthBackendGroupArgs']]]]] = None,
931
+ groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendGroupArgs', 'AuthBackendGroupArgsDict']]]]] = None,
609
932
  max_ttl: Optional[pulumi.Input[str]] = None,
610
933
  namespace: Optional[pulumi.Input[str]] = None,
611
934
  organization: Optional[pulumi.Input[str]] = None,
612
935
  path: Optional[pulumi.Input[str]] = None,
613
936
  token: Optional[pulumi.Input[str]] = None,
937
+ token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
938
+ token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
939
+ token_max_ttl: Optional[pulumi.Input[int]] = None,
940
+ token_no_default_policy: Optional[pulumi.Input[bool]] = None,
941
+ token_num_uses: Optional[pulumi.Input[int]] = None,
942
+ token_period: Optional[pulumi.Input[int]] = None,
943
+ token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
944
+ token_ttl: Optional[pulumi.Input[int]] = None,
945
+ token_type: Optional[pulumi.Input[str]] = None,
614
946
  ttl: Optional[pulumi.Input[str]] = None,
615
- users: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['AuthBackendUserArgs']]]]] = None,
947
+ users: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendUserArgs', 'AuthBackendUserArgsDict']]]]] = None,
616
948
  __props__=None):
617
949
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
618
950
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -634,6 +966,15 @@ class AuthBackend(pulumi.CustomResource):
634
966
  __props__.__dict__["organization"] = organization
635
967
  __props__.__dict__["path"] = path
636
968
  __props__.__dict__["token"] = None if token is None else pulumi.Output.secret(token)
969
+ __props__.__dict__["token_bound_cidrs"] = token_bound_cidrs
970
+ __props__.__dict__["token_explicit_max_ttl"] = token_explicit_max_ttl
971
+ __props__.__dict__["token_max_ttl"] = token_max_ttl
972
+ __props__.__dict__["token_no_default_policy"] = token_no_default_policy
973
+ __props__.__dict__["token_num_uses"] = token_num_uses
974
+ __props__.__dict__["token_period"] = token_period
975
+ __props__.__dict__["token_policies"] = token_policies
976
+ __props__.__dict__["token_ttl"] = token_ttl
977
+ __props__.__dict__["token_type"] = token_type
637
978
  __props__.__dict__["ttl"] = ttl
638
979
  __props__.__dict__["users"] = users
639
980
  __props__.__dict__["accessor"] = None
@@ -654,14 +995,23 @@ class AuthBackend(pulumi.CustomResource):
654
995
  bypass_okta_mfa: Optional[pulumi.Input[bool]] = None,
655
996
  description: Optional[pulumi.Input[str]] = None,
656
997
  disable_remount: Optional[pulumi.Input[bool]] = None,
657
- groups: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['AuthBackendGroupArgs']]]]] = None,
998
+ groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendGroupArgs', 'AuthBackendGroupArgsDict']]]]] = None,
658
999
  max_ttl: Optional[pulumi.Input[str]] = None,
659
1000
  namespace: Optional[pulumi.Input[str]] = None,
660
1001
  organization: Optional[pulumi.Input[str]] = None,
661
1002
  path: Optional[pulumi.Input[str]] = None,
662
1003
  token: Optional[pulumi.Input[str]] = None,
1004
+ token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1005
+ token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
1006
+ token_max_ttl: Optional[pulumi.Input[int]] = None,
1007
+ token_no_default_policy: Optional[pulumi.Input[bool]] = None,
1008
+ token_num_uses: Optional[pulumi.Input[int]] = None,
1009
+ token_period: Optional[pulumi.Input[int]] = None,
1010
+ token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1011
+ token_ttl: Optional[pulumi.Input[int]] = None,
1012
+ token_type: Optional[pulumi.Input[str]] = None,
663
1013
  ttl: Optional[pulumi.Input[str]] = None,
664
- users: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['AuthBackendUserArgs']]]]] = None) -> 'AuthBackend':
1014
+ users: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendUserArgs', 'AuthBackendUserArgsDict']]]]] = None) -> 'AuthBackend':
665
1015
  """
666
1016
  Get an existing AuthBackend resource's state with the given name, id, and optional extra
667
1017
  properties used to qualify the lookup.
@@ -675,21 +1025,30 @@ class AuthBackend(pulumi.CustomResource):
675
1025
  :param pulumi.Input[str] description: The description of the auth backend
676
1026
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
677
1027
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
678
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['AuthBackendGroupArgs']]]] groups: Associate Okta groups with policies within Vault.
1028
+ :param pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendGroupArgs', 'AuthBackendGroupArgsDict']]]] groups: Associate Okta groups with policies within Vault.
679
1029
  See below for more details.
680
1030
  :param pulumi.Input[str] max_ttl: Maximum duration after which authentication will be expired
681
1031
  [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
682
1032
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
683
1033
  The value should not contain leading or trailing forward slashes.
684
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1034
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
685
1035
  *Available only for Vault Enterprise*.
686
1036
  :param pulumi.Input[str] organization: The Okta organization. This will be the first part of the url `https://XXX.okta.com`
687
1037
  :param pulumi.Input[str] path: Path to mount the Okta auth backend. Default to path `okta`.
688
1038
  :param pulumi.Input[str] token: The Okta API token. This is required to query Okta for user group membership.
689
1039
  If this is not supplied only locally configured groups will be enabled.
1040
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
1041
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
1042
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
1043
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
1044
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
1045
+ :param pulumi.Input[int] token_period: Generated Token's Period
1046
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
1047
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
1048
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
690
1049
  :param pulumi.Input[str] ttl: Duration after which authentication will be expired.
691
1050
  [See the documentation for info on valid duration formats](https://golang.org/pkg/time/#ParseDuration).
692
- :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['AuthBackendUserArgs']]]] users: Associate Okta users with groups or policies within Vault.
1051
+ :param pulumi.Input[Sequence[pulumi.Input[Union['AuthBackendUserArgs', 'AuthBackendUserArgsDict']]]] users: Associate Okta users with groups or policies within Vault.
693
1052
  See below for more details.
694
1053
  """
695
1054
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -707,6 +1066,15 @@ class AuthBackend(pulumi.CustomResource):
707
1066
  __props__.__dict__["organization"] = organization
708
1067
  __props__.__dict__["path"] = path
709
1068
  __props__.__dict__["token"] = token
1069
+ __props__.__dict__["token_bound_cidrs"] = token_bound_cidrs
1070
+ __props__.__dict__["token_explicit_max_ttl"] = token_explicit_max_ttl
1071
+ __props__.__dict__["token_max_ttl"] = token_max_ttl
1072
+ __props__.__dict__["token_no_default_policy"] = token_no_default_policy
1073
+ __props__.__dict__["token_num_uses"] = token_num_uses
1074
+ __props__.__dict__["token_period"] = token_period
1075
+ __props__.__dict__["token_policies"] = token_policies
1076
+ __props__.__dict__["token_ttl"] = token_ttl
1077
+ __props__.__dict__["token_type"] = token_type
710
1078
  __props__.__dict__["ttl"] = ttl
711
1079
  __props__.__dict__["users"] = users
712
1080
  return AuthBackend(resource_name, opts=opts, __props__=__props__)
@@ -763,6 +1131,7 @@ class AuthBackend(pulumi.CustomResource):
763
1131
 
764
1132
  @property
765
1133
  @pulumi.getter(name="maxTtl")
1134
+ @_utilities.deprecated("""Deprecated. Please use `token_max_ttl` instead.""")
766
1135
  def max_ttl(self) -> pulumi.Output[Optional[str]]:
767
1136
  """
768
1137
  Maximum duration after which authentication will be expired
@@ -776,7 +1145,7 @@ class AuthBackend(pulumi.CustomResource):
776
1145
  """
777
1146
  The namespace to provision the resource in.
778
1147
  The value should not contain leading or trailing forward slashes.
779
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1148
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
780
1149
  *Available only for Vault Enterprise*.
781
1150
  """
782
1151
  return pulumi.get(self, "namespace")
@@ -806,8 +1175,81 @@ class AuthBackend(pulumi.CustomResource):
806
1175
  """
807
1176
  return pulumi.get(self, "token")
808
1177
 
1178
+ @property
1179
+ @pulumi.getter(name="tokenBoundCidrs")
1180
+ def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
1181
+ """
1182
+ Specifies the blocks of IP addresses which are allowed to use the generated token
1183
+ """
1184
+ return pulumi.get(self, "token_bound_cidrs")
1185
+
1186
+ @property
1187
+ @pulumi.getter(name="tokenExplicitMaxTtl")
1188
+ def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
1189
+ """
1190
+ Generated Token's Explicit Maximum TTL in seconds
1191
+ """
1192
+ return pulumi.get(self, "token_explicit_max_ttl")
1193
+
1194
+ @property
1195
+ @pulumi.getter(name="tokenMaxTtl")
1196
+ def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
1197
+ """
1198
+ The maximum lifetime of the generated token
1199
+ """
1200
+ return pulumi.get(self, "token_max_ttl")
1201
+
1202
+ @property
1203
+ @pulumi.getter(name="tokenNoDefaultPolicy")
1204
+ def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
1205
+ """
1206
+ If true, the 'default' policy will not automatically be added to generated tokens
1207
+ """
1208
+ return pulumi.get(self, "token_no_default_policy")
1209
+
1210
+ @property
1211
+ @pulumi.getter(name="tokenNumUses")
1212
+ def token_num_uses(self) -> pulumi.Output[Optional[int]]:
1213
+ """
1214
+ The maximum number of times a token may be used, a value of zero means unlimited
1215
+ """
1216
+ return pulumi.get(self, "token_num_uses")
1217
+
1218
+ @property
1219
+ @pulumi.getter(name="tokenPeriod")
1220
+ def token_period(self) -> pulumi.Output[Optional[int]]:
1221
+ """
1222
+ Generated Token's Period
1223
+ """
1224
+ return pulumi.get(self, "token_period")
1225
+
1226
+ @property
1227
+ @pulumi.getter(name="tokenPolicies")
1228
+ def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
1229
+ """
1230
+ Generated Token's Policies
1231
+ """
1232
+ return pulumi.get(self, "token_policies")
1233
+
1234
+ @property
1235
+ @pulumi.getter(name="tokenTtl")
1236
+ def token_ttl(self) -> pulumi.Output[Optional[int]]:
1237
+ """
1238
+ The initial ttl of the token to generate in seconds
1239
+ """
1240
+ return pulumi.get(self, "token_ttl")
1241
+
1242
+ @property
1243
+ @pulumi.getter(name="tokenType")
1244
+ def token_type(self) -> pulumi.Output[Optional[str]]:
1245
+ """
1246
+ The type of token to generate, service or batch
1247
+ """
1248
+ return pulumi.get(self, "token_type")
1249
+
809
1250
  @property
810
1251
  @pulumi.getter
1252
+ @_utilities.deprecated("""Deprecated. Please use `token_ttl` instead.""")
811
1253
  def ttl(self) -> pulumi.Output[Optional[str]]:
812
1254
  """
813
1255
  Duration after which authentication will be expired.