PyPI - pulumi-vault - Versions diffs - 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl - Mend

pulumi-vault 5.21.0a1710160723py3-none-any.whl → 6.5.0a1736850018py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (229) hide show

pulumi_vault/__init__.py +52 -0
pulumi_vault/_inputs.py +560 -0
pulumi_vault/_utilities.py +41 -5
pulumi_vault/ad/get_access_credentials.py +22 -7
pulumi_vault/ad/secret_backend.py +14 -144
pulumi_vault/ad/secret_library.py +14 -11
pulumi_vault/ad/secret_role.py +12 -11
pulumi_vault/alicloud/auth_backend_role.py +74 -192
pulumi_vault/approle/auth_backend_login.py +12 -11
pulumi_vault/approle/auth_backend_role.py +75 -193
pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
pulumi_vault/audit.py +24 -27
pulumi_vault/audit_request_header.py +11 -6
pulumi_vault/auth_backend.py +64 -12
pulumi_vault/aws/auth_backend_cert.py +12 -7
pulumi_vault/aws/auth_backend_client.py +265 -24
pulumi_vault/aws/auth_backend_config_identity.py +12 -11
pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
pulumi_vault/aws/auth_backend_login.py +19 -22
pulumi_vault/aws/auth_backend_role.py +75 -193
pulumi_vault/aws/auth_backend_role_tag.py +12 -7
pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
pulumi_vault/aws/auth_backend_sts_role.py +12 -11
pulumi_vault/aws/get_access_credentials.py +34 -7
pulumi_vault/aws/get_static_access_credentials.py +19 -5
pulumi_vault/aws/secret_backend.py +75 -7
pulumi_vault/aws/secret_backend_role.py +183 -11
pulumi_vault/aws/secret_backend_static_role.py +14 -11
pulumi_vault/azure/_inputs.py +24 -0
pulumi_vault/azure/auth_backend_config.py +151 -17
pulumi_vault/azure/auth_backend_role.py +75 -193
pulumi_vault/azure/backend.py +223 -29
pulumi_vault/azure/backend_role.py +42 -41
pulumi_vault/azure/get_access_credentials.py +39 -11
pulumi_vault/azure/outputs.py +5 -0
pulumi_vault/cert_auth_backend_role.py +87 -271
pulumi_vault/config/__init__.pyi +5 -0
pulumi_vault/config/_inputs.py +73 -0
pulumi_vault/config/outputs.py +35 -0
pulumi_vault/config/ui_custom_message.py +529 -0
pulumi_vault/config/vars.py +5 -0
pulumi_vault/consul/secret_backend.py +22 -25
pulumi_vault/consul/secret_backend_role.py +14 -80
pulumi_vault/database/_inputs.py +2770 -881
pulumi_vault/database/outputs.py +721 -838
pulumi_vault/database/secret_backend_connection.py +117 -114
pulumi_vault/database/secret_backend_role.py +29 -24
pulumi_vault/database/secret_backend_static_role.py +85 -15
pulumi_vault/database/secrets_mount.py +425 -138
pulumi_vault/egp_policy.py +16 -15
pulumi_vault/gcp/_inputs.py +111 -0
pulumi_vault/gcp/auth_backend.py +248 -35
pulumi_vault/gcp/auth_backend_role.py +75 -271
pulumi_vault/gcp/get_auth_backend_role.py +43 -9
pulumi_vault/gcp/outputs.py +5 -0
pulumi_vault/gcp/secret_backend.py +287 -16
pulumi_vault/gcp/secret_impersonated_account.py +74 -17
pulumi_vault/gcp/secret_roleset.py +29 -26
pulumi_vault/gcp/secret_static_account.py +37 -34
pulumi_vault/generic/endpoint.py +22 -21
pulumi_vault/generic/get_secret.py +68 -12
pulumi_vault/generic/secret.py +19 -14
pulumi_vault/get_auth_backend.py +24 -11
pulumi_vault/get_auth_backends.py +33 -11
pulumi_vault/get_namespace.py +226 -0
pulumi_vault/get_namespaces.py +153 -0
pulumi_vault/get_nomad_access_token.py +31 -15
pulumi_vault/get_policy_document.py +34 -23
pulumi_vault/get_raft_autopilot_state.py +29 -14
pulumi_vault/github/_inputs.py +55 -0
pulumi_vault/github/auth_backend.py +17 -16
pulumi_vault/github/outputs.py +5 -0
pulumi_vault/github/team.py +14 -13
pulumi_vault/github/user.py +14 -13
pulumi_vault/identity/entity.py +18 -15
pulumi_vault/identity/entity_alias.py +18 -15
pulumi_vault/identity/entity_policies.py +24 -19
pulumi_vault/identity/get_entity.py +40 -14
pulumi_vault/identity/get_group.py +45 -13
pulumi_vault/identity/get_oidc_client_creds.py +21 -11
pulumi_vault/identity/get_oidc_openid_config.py +39 -13
pulumi_vault/identity/get_oidc_public_keys.py +29 -14
pulumi_vault/identity/group.py +50 -49
pulumi_vault/identity/group_alias.py +14 -11
pulumi_vault/identity/group_member_entity_ids.py +24 -74
pulumi_vault/identity/group_member_group_ids.py +36 -27
pulumi_vault/identity/group_policies.py +16 -15
pulumi_vault/identity/mfa_duo.py +9 -8
pulumi_vault/identity/mfa_login_enforcement.py +13 -8
pulumi_vault/identity/mfa_okta.py +9 -8
pulumi_vault/identity/mfa_pingid.py +5 -4
pulumi_vault/identity/mfa_totp.py +5 -4
pulumi_vault/identity/oidc.py +12 -11
pulumi_vault/identity/oidc_assignment.py +22 -13
pulumi_vault/identity/oidc_client.py +34 -25
pulumi_vault/identity/oidc_key.py +28 -19
pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
pulumi_vault/identity/oidc_provider.py +34 -23
pulumi_vault/identity/oidc_role.py +40 -27
pulumi_vault/identity/oidc_scope.py +18 -15
pulumi_vault/identity/outputs.py +8 -3
pulumi_vault/jwt/_inputs.py +55 -0
pulumi_vault/jwt/auth_backend.py +39 -46
pulumi_vault/jwt/auth_backend_role.py +131 -260
pulumi_vault/jwt/outputs.py +5 -0
pulumi_vault/kmip/secret_backend.py +22 -21
pulumi_vault/kmip/secret_role.py +12 -11
pulumi_vault/kmip/secret_scope.py +12 -11
pulumi_vault/kubernetes/auth_backend_config.py +55 -7
pulumi_vault/kubernetes/auth_backend_role.py +68 -179
pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
pulumi_vault/kubernetes/get_service_account_token.py +39 -15
pulumi_vault/kubernetes/secret_backend.py +314 -29
pulumi_vault/kubernetes/secret_backend_role.py +135 -56
pulumi_vault/kv/_inputs.py +36 -4
pulumi_vault/kv/get_secret.py +23 -12
pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
pulumi_vault/kv/get_secret_v2.py +89 -9
pulumi_vault/kv/get_secrets_list.py +22 -15
pulumi_vault/kv/get_secrets_list_v2.py +35 -19
pulumi_vault/kv/outputs.py +8 -3
pulumi_vault/kv/secret.py +19 -18
pulumi_vault/kv/secret_backend_v2.py +12 -11
pulumi_vault/kv/secret_v2.py +55 -52
pulumi_vault/ldap/auth_backend.py +125 -168
pulumi_vault/ldap/auth_backend_group.py +12 -11
pulumi_vault/ldap/auth_backend_user.py +12 -11
pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
pulumi_vault/ldap/get_static_credentials.py +24 -5
pulumi_vault/ldap/secret_backend.py +352 -84
pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
pulumi_vault/ldap/secret_backend_library_set.py +14 -11
pulumi_vault/ldap/secret_backend_static_role.py +67 -12
pulumi_vault/managed/_inputs.py +289 -132
pulumi_vault/managed/keys.py +27 -43
pulumi_vault/managed/outputs.py +89 -132
pulumi_vault/mfa_duo.py +16 -13
pulumi_vault/mfa_okta.py +16 -13
pulumi_vault/mfa_pingid.py +16 -13
pulumi_vault/mfa_totp.py +22 -19
pulumi_vault/mongodbatlas/secret_backend.py +18 -17
pulumi_vault/mongodbatlas/secret_role.py +41 -38
pulumi_vault/mount.py +389 -65
pulumi_vault/namespace.py +26 -21
pulumi_vault/nomad_secret_backend.py +16 -15
pulumi_vault/nomad_secret_role.py +12 -11
pulumi_vault/okta/_inputs.py +47 -8
pulumi_vault/okta/auth_backend.py +483 -41
pulumi_vault/okta/auth_backend_group.py +12 -11
pulumi_vault/okta/auth_backend_user.py +12 -11
pulumi_vault/okta/outputs.py +13 -8
pulumi_vault/outputs.py +5 -0
pulumi_vault/password_policy.py +18 -15
pulumi_vault/pkisecret/__init__.py +3 -0
pulumi_vault/pkisecret/_inputs.py +81 -0
pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
pulumi_vault/pkisecret/backend_config_est.py +619 -0
pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
pulumi_vault/pkisecret/get_backend_key.py +24 -13
pulumi_vault/pkisecret/get_backend_keys.py +21 -12
pulumi_vault/pkisecret/outputs.py +69 -0
pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
pulumi_vault/pkisecret/secret_backend_key.py +12 -7
pulumi_vault/pkisecret/secret_backend_role.py +19 -16
pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
pulumi_vault/plugin.py +595 -0
pulumi_vault/plugin_pinned_version.py +298 -0
pulumi_vault/policy.py +12 -7
pulumi_vault/provider.py +48 -53
pulumi_vault/pulumi-plugin.json +2 -1
pulumi_vault/quota_lease_count.py +58 -8
pulumi_vault/quota_rate_limit.py +54 -4
pulumi_vault/rabbitmq/_inputs.py +61 -0
pulumi_vault/rabbitmq/outputs.py +5 -0
pulumi_vault/rabbitmq/secret_backend.py +16 -15
pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
pulumi_vault/raft_autopilot.py +12 -11
pulumi_vault/raft_snapshot_agent_config.py +121 -311
pulumi_vault/rgp_policy.py +14 -13
pulumi_vault/saml/auth_backend.py +20 -19
pulumi_vault/saml/auth_backend_role.py +90 -199
pulumi_vault/secrets/__init__.py +3 -0
pulumi_vault/secrets/_inputs.py +110 -0
pulumi_vault/secrets/outputs.py +94 -0
pulumi_vault/secrets/sync_association.py +56 -75
pulumi_vault/secrets/sync_aws_destination.py +240 -29
pulumi_vault/secrets/sync_azure_destination.py +90 -33
pulumi_vault/secrets/sync_config.py +7 -6
pulumi_vault/secrets/sync_gcp_destination.py +156 -27
pulumi_vault/secrets/sync_gh_destination.py +187 -15
pulumi_vault/secrets/sync_github_apps.py +375 -0
pulumi_vault/secrets/sync_vercel_destination.py +72 -15
pulumi_vault/ssh/_inputs.py +28 -32
pulumi_vault/ssh/outputs.py +11 -32
pulumi_vault/ssh/secret_backend_ca.py +106 -11
pulumi_vault/ssh/secret_backend_role.py +83 -120
pulumi_vault/terraformcloud/secret_backend.py +5 -56
pulumi_vault/terraformcloud/secret_creds.py +14 -24
pulumi_vault/terraformcloud/secret_role.py +14 -76
pulumi_vault/token.py +26 -25
pulumi_vault/tokenauth/auth_backend_role.py +76 -201
pulumi_vault/transform/alphabet.py +16 -13
pulumi_vault/transform/get_decode.py +45 -21
pulumi_vault/transform/get_encode.py +45 -21
pulumi_vault/transform/role.py +16 -13
pulumi_vault/transform/template.py +30 -25
pulumi_vault/transform/transformation.py +12 -7
pulumi_vault/transit/get_decrypt.py +26 -25
pulumi_vault/transit/get_encrypt.py +24 -19
pulumi_vault/transit/secret_backend_key.py +25 -97
pulumi_vault/transit/secret_cache_config.py +12 -11
{pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
{pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
{pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0

pulumi_vault/secrets/sync_gcp_destination.py CHANGED Viewed

@@ -4,9 +4,14 @@
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 __all__ = ['SyncGcpDestinationArgs', 'SyncGcpDestination']
@@ -15,20 +20,28 @@ __all__ = ['SyncGcpDestinationArgs', 'SyncGcpDestination']
 class SyncGcpDestinationArgs:
     def __init__(__self__, *,
                  credentials: Optional[pulumi.Input[str]] = None,
-                 custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 granularity: Optional[pulumi.Input[str]] = None,
                  name: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
+                 project_id: Optional[pulumi.Input[str]] = None,
                  secret_name_template: Optional[pulumi.Input[str]] = None):
         """
         The set of arguments for constructing a SyncGcpDestination resource.
         :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
                Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
                variable.
-        :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
+               at the destination. Supports `secret-path` and `secret-key`.
         :param pulumi.Input[str] name: Unique name of the GCP destination.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        :param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
+               overrides the project ID derived from the service account JSON credentials or application
+               default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
+               to perform Secret Manager actions in the target project.
         :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
                Supports a subset of the Go Template syntax.
         """
@@ -36,10 +49,14 @@ class SyncGcpDestinationArgs:
             pulumi.set(__self__, "credentials", credentials)
         if custom_tags is not None:
             pulumi.set(__self__, "custom_tags", custom_tags)
+        if granularity is not None:
+            pulumi.set(__self__, "granularity", granularity)
         if name is not None:
             pulumi.set(__self__, "name", name)
         if namespace is not None:
             pulumi.set(__self__, "namespace", namespace)
+        if project_id is not None:
+            pulumi.set(__self__, "project_id", project_id)
         if secret_name_template is not None:
             pulumi.set(__self__, "secret_name_template", secret_name_template)
@@ -59,16 +76,29 @@ class SyncGcpDestinationArgs:
     @property
     @pulumi.getter(name="customTags")
-    def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
+    def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
         """
         Custom tags to set on the secret managed at the destination.
         """
         return pulumi.get(self, "custom_tags")
     @custom_tags.setter
-    def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
+    def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "custom_tags", value)
+    @property
+    @pulumi.getter
+    def granularity(self) -> Optional[pulumi.Input[str]]:
+        """
+        Determines what level of information is synced as a distinct resource
+        at the destination. Supports `secret-path` and `secret-key`.
+        """
+        return pulumi.get(self, "granularity")
+    @granularity.setter
+    def granularity(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "granularity", value)
     @property
     @pulumi.getter
     def name(self) -> Optional[pulumi.Input[str]]:
@@ -87,7 +117,7 @@ class SyncGcpDestinationArgs:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         """
         return pulumi.get(self, "namespace")
@@ -95,6 +125,21 @@ class SyncGcpDestinationArgs:
     def namespace(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "namespace", value)
+    @property
+    @pulumi.getter(name="projectId")
+    def project_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        The target project to manage secrets in. If set,
+        overrides the project ID derived from the service account JSON credentials or application
+        default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
+        to perform Secret Manager actions in the target project.
+        """
+        return pulumi.get(self, "project_id")
+    @project_id.setter
+    def project_id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "project_id", value)
     @property
     @pulumi.getter(name="secretNameTemplate")
     def secret_name_template(self) -> Optional[pulumi.Input[str]]:
@@ -113,9 +158,11 @@ class SyncGcpDestinationArgs:
 class _SyncGcpDestinationState:
     def __init__(__self__, *,
                  credentials: Optional[pulumi.Input[str]] = None,
-                 custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 granularity: Optional[pulumi.Input[str]] = None,
                  name: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
+                 project_id: Optional[pulumi.Input[str]] = None,
                  secret_name_template: Optional[pulumi.Input[str]] = None,
                  type: Optional[pulumi.Input[str]] = None):
         """
@@ -123,11 +170,17 @@ class _SyncGcpDestinationState:
         :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
                Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
                variable.
-        :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
+               at the destination. Supports `secret-path` and `secret-key`.
         :param pulumi.Input[str] name: Unique name of the GCP destination.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        :param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
+               overrides the project ID derived from the service account JSON credentials or application
+               default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
+               to perform Secret Manager actions in the target project.
         :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
                Supports a subset of the Go Template syntax.
         :param pulumi.Input[str] type: The type of the secrets destination (`gcp-sm`).
@@ -136,10 +189,14 @@ class _SyncGcpDestinationState:
             pulumi.set(__self__, "credentials", credentials)
         if custom_tags is not None:
             pulumi.set(__self__, "custom_tags", custom_tags)
+        if granularity is not None:
+            pulumi.set(__self__, "granularity", granularity)
         if name is not None:
             pulumi.set(__self__, "name", name)
         if namespace is not None:
             pulumi.set(__self__, "namespace", namespace)
+        if project_id is not None:
+            pulumi.set(__self__, "project_id", project_id)
         if secret_name_template is not None:
             pulumi.set(__self__, "secret_name_template", secret_name_template)
         if type is not None:
@@ -161,16 +218,29 @@ class _SyncGcpDestinationState:
     @property
     @pulumi.getter(name="customTags")
-    def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
+    def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
         """
         Custom tags to set on the secret managed at the destination.
         """
         return pulumi.get(self, "custom_tags")
     @custom_tags.setter
-    def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
+    def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "custom_tags", value)
+    @property
+    @pulumi.getter
+    def granularity(self) -> Optional[pulumi.Input[str]]:
+        """
+        Determines what level of information is synced as a distinct resource
+        at the destination. Supports `secret-path` and `secret-key`.
+        """
+        return pulumi.get(self, "granularity")
+    @granularity.setter
+    def granularity(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "granularity", value)
     @property
     @pulumi.getter
     def name(self) -> Optional[pulumi.Input[str]]:
@@ -189,7 +259,7 @@ class _SyncGcpDestinationState:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         """
         return pulumi.get(self, "namespace")
@@ -197,6 +267,21 @@ class _SyncGcpDestinationState:
     def namespace(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "namespace", value)
+    @property
+    @pulumi.getter(name="projectId")
+    def project_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        The target project to manage secrets in. If set,
+        overrides the project ID derived from the service account JSON credentials or application
+        default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
+        to perform Secret Manager actions in the target project.
+        """
+        return pulumi.get(self, "project_id")
+    @project_id.setter
+    def project_id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "project_id", value)
     @property
     @pulumi.getter(name="secretNameTemplate")
     def secret_name_template(self) -> Optional[pulumi.Input[str]]:
@@ -229,27 +314,30 @@ class SyncGcpDestination(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  credentials: Optional[pulumi.Input[str]] = None,
-                 custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 granularity: Optional[pulumi.Input[str]] = None,
                  name: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
+                 project_id: Optional[pulumi.Input[str]] = None,
                  secret_name_template: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
         ## Example Usage
-        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
+        import pulumi_std as std
         import pulumi_vault as vault
         gcp = vault.secrets.SyncGcpDestination("gcp",
-            credentials=(lambda path: open(path).read())(var["credentials_file"]),
+            name="gcp-dest",
+            project_id="gcp-project-id",
+            credentials=std.file(input=credentials_file).result,
             secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
             custom_tags={
                 "foo": "bar",
             })
         ```
-        <!--End PulumiCodeChooser -->
         ## Import
@@ -264,11 +352,17 @@ class SyncGcpDestination(pulumi.CustomResource):
         :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
                Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
                variable.
-        :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
+               at the destination. Supports `secret-path` and `secret-key`.
         :param pulumi.Input[str] name: Unique name of the GCP destination.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        :param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
+               overrides the project ID derived from the service account JSON credentials or application
+               default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
+               to perform Secret Manager actions in the target project.
         :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
                Supports a subset of the Go Template syntax.
         """
@@ -281,19 +375,20 @@ class SyncGcpDestination(pulumi.CustomResource):
         """
         ## Example Usage
-        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
+        import pulumi_std as std
         import pulumi_vault as vault
         gcp = vault.secrets.SyncGcpDestination("gcp",
-            credentials=(lambda path: open(path).read())(var["credentials_file"]),
+            name="gcp-dest",
+            project_id="gcp-project-id",
+            credentials=std.file(input=credentials_file).result,
             secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
             custom_tags={
                 "foo": "bar",
             })
         ```
-        <!--End PulumiCodeChooser -->
         ## Import
@@ -319,9 +414,11 @@ class SyncGcpDestination(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  credentials: Optional[pulumi.Input[str]] = None,
-                 custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 granularity: Optional[pulumi.Input[str]] = None,
                  name: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
+                 project_id: Optional[pulumi.Input[str]] = None,
                  secret_name_template: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -334,8 +431,10 @@ class SyncGcpDestination(pulumi.CustomResource):
             __props__.__dict__["credentials"] = None if credentials is None else pulumi.Output.secret(credentials)
             __props__.__dict__["custom_tags"] = custom_tags
+            __props__.__dict__["granularity"] = granularity
             __props__.__dict__["name"] = name
             __props__.__dict__["namespace"] = namespace
+            __props__.__dict__["project_id"] = project_id
             __props__.__dict__["secret_name_template"] = secret_name_template
             __props__.__dict__["type"] = None
         secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["credentials"])
@@ -351,9 +450,11 @@ class SyncGcpDestination(pulumi.CustomResource):
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
             credentials: Optional[pulumi.Input[str]] = None,
-            custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+            custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+            granularity: Optional[pulumi.Input[str]] = None,
             name: Optional[pulumi.Input[str]] = None,
             namespace: Optional[pulumi.Input[str]] = None,
+            project_id: Optional[pulumi.Input[str]] = None,
             secret_name_template: Optional[pulumi.Input[str]] = None,
             type: Optional[pulumi.Input[str]] = None) -> 'SyncGcpDestination':
         """
@@ -366,11 +467,17 @@ class SyncGcpDestination(pulumi.CustomResource):
         :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
                Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
                variable.
-        :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
+               at the destination. Supports `secret-path` and `secret-key`.
         :param pulumi.Input[str] name: Unique name of the GCP destination.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        :param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
+               overrides the project ID derived from the service account JSON credentials or application
+               default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
+               to perform Secret Manager actions in the target project.
         :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
                Supports a subset of the Go Template syntax.
         :param pulumi.Input[str] type: The type of the secrets destination (`gcp-sm`).
@@ -381,8 +488,10 @@ class SyncGcpDestination(pulumi.CustomResource):
         __props__.__dict__["credentials"] = credentials
         __props__.__dict__["custom_tags"] = custom_tags
+        __props__.__dict__["granularity"] = granularity
         __props__.__dict__["name"] = name
         __props__.__dict__["namespace"] = namespace
+        __props__.__dict__["project_id"] = project_id
         __props__.__dict__["secret_name_template"] = secret_name_template
         __props__.__dict__["type"] = type
         return SyncGcpDestination(resource_name, opts=opts, __props__=__props__)
@@ -399,12 +508,21 @@ class SyncGcpDestination(pulumi.CustomResource):
     @property
     @pulumi.getter(name="customTags")
-    def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
+    def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
         """
         Custom tags to set on the secret managed at the destination.
         """
         return pulumi.get(self, "custom_tags")
+    @property
+    @pulumi.getter
+    def granularity(self) -> pulumi.Output[Optional[str]]:
+        """
+        Determines what level of information is synced as a distinct resource
+        at the destination. Supports `secret-path` and `secret-key`.
+        """
+        return pulumi.get(self, "granularity")
     @property
     @pulumi.getter
     def name(self) -> pulumi.Output[str]:
@@ -419,10 +537,21 @@ class SyncGcpDestination(pulumi.CustomResource):
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         """
         return pulumi.get(self, "namespace")
+    @property
+    @pulumi.getter(name="projectId")
+    def project_id(self) -> pulumi.Output[Optional[str]]:
+        """
+        The target project to manage secrets in. If set,
+        overrides the project ID derived from the service account JSON credentials or application
+        default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
+        to perform Secret Manager actions in the target project.
+        """
+        return pulumi.get(self, "project_id")
     @property
     @pulumi.getter(name="secretNameTemplate")
     def secret_name_template(self) -> pulumi.Output[str]:

pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl

pulumi-vault 5.21.0a1710160723py3-none-any.whl → 6.5.0a1736850018py3-none-any.whl