pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +22 -7
  5. pulumi_vault/ad/secret_backend.py +14 -144
  6. pulumi_vault/ad/secret_library.py +14 -11
  7. pulumi_vault/ad/secret_role.py +12 -11
  8. pulumi_vault/alicloud/auth_backend_role.py +74 -192
  9. pulumi_vault/approle/auth_backend_login.py +12 -11
  10. pulumi_vault/approle/auth_backend_role.py +75 -193
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
  13. pulumi_vault/audit.py +24 -27
  14. pulumi_vault/audit_request_header.py +11 -6
  15. pulumi_vault/auth_backend.py +64 -12
  16. pulumi_vault/aws/auth_backend_cert.py +12 -7
  17. pulumi_vault/aws/auth_backend_client.py +265 -24
  18. pulumi_vault/aws/auth_backend_config_identity.py +12 -11
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +75 -193
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
  24. pulumi_vault/aws/auth_backend_sts_role.py +12 -11
  25. pulumi_vault/aws/get_access_credentials.py +34 -7
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +75 -7
  28. pulumi_vault/aws/secret_backend_role.py +183 -11
  29. pulumi_vault/aws/secret_backend_static_role.py +14 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +151 -17
  32. pulumi_vault/azure/auth_backend_role.py +75 -193
  33. pulumi_vault/azure/backend.py +223 -29
  34. pulumi_vault/azure/backend_role.py +42 -41
  35. pulumi_vault/azure/get_access_credentials.py +39 -11
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -271
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +22 -25
  44. pulumi_vault/consul/secret_backend_role.py +14 -80
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +117 -114
  48. pulumi_vault/database/secret_backend_role.py +29 -24
  49. pulumi_vault/database/secret_backend_static_role.py +85 -15
  50. pulumi_vault/database/secrets_mount.py +425 -138
  51. pulumi_vault/egp_policy.py +16 -15
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +248 -35
  54. pulumi_vault/gcp/auth_backend_role.py +75 -271
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -9
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -16
  58. pulumi_vault/gcp/secret_impersonated_account.py +74 -17
  59. pulumi_vault/gcp/secret_roleset.py +29 -26
  60. pulumi_vault/gcp/secret_static_account.py +37 -34
  61. pulumi_vault/generic/endpoint.py +22 -21
  62. pulumi_vault/generic/get_secret.py +68 -12
  63. pulumi_vault/generic/secret.py +19 -14
  64. pulumi_vault/get_auth_backend.py +24 -11
  65. pulumi_vault/get_auth_backends.py +33 -11
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -15
  69. pulumi_vault/get_policy_document.py +34 -23
  70. pulumi_vault/get_raft_autopilot_state.py +29 -14
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +17 -16
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +14 -13
  75. pulumi_vault/github/user.py +14 -13
  76. pulumi_vault/identity/entity.py +18 -15
  77. pulumi_vault/identity/entity_alias.py +18 -15
  78. pulumi_vault/identity/entity_policies.py +24 -19
  79. pulumi_vault/identity/get_entity.py +40 -14
  80. pulumi_vault/identity/get_group.py +45 -13
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -11
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -13
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -14
  84. pulumi_vault/identity/group.py +50 -49
  85. pulumi_vault/identity/group_alias.py +14 -11
  86. pulumi_vault/identity/group_member_entity_ids.py +24 -74
  87. pulumi_vault/identity/group_member_group_ids.py +36 -27
  88. pulumi_vault/identity/group_policies.py +16 -15
  89. pulumi_vault/identity/mfa_duo.py +9 -8
  90. pulumi_vault/identity/mfa_login_enforcement.py +13 -8
  91. pulumi_vault/identity/mfa_okta.py +9 -8
  92. pulumi_vault/identity/mfa_pingid.py +5 -4
  93. pulumi_vault/identity/mfa_totp.py +5 -4
  94. pulumi_vault/identity/oidc.py +12 -11
  95. pulumi_vault/identity/oidc_assignment.py +22 -13
  96. pulumi_vault/identity/oidc_client.py +34 -25
  97. pulumi_vault/identity/oidc_key.py +28 -19
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
  99. pulumi_vault/identity/oidc_provider.py +34 -23
  100. pulumi_vault/identity/oidc_role.py +40 -27
  101. pulumi_vault/identity/oidc_scope.py +18 -15
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +39 -46
  105. pulumi_vault/jwt/auth_backend_role.py +131 -260
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +22 -21
  108. pulumi_vault/kmip/secret_role.py +12 -11
  109. pulumi_vault/kmip/secret_scope.py +12 -11
  110. pulumi_vault/kubernetes/auth_backend_config.py +55 -7
  111. pulumi_vault/kubernetes/auth_backend_role.py +68 -179
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -15
  115. pulumi_vault/kubernetes/secret_backend.py +314 -29
  116. pulumi_vault/kubernetes/secret_backend_role.py +135 -56
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +23 -12
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
  120. pulumi_vault/kv/get_secret_v2.py +89 -9
  121. pulumi_vault/kv/get_secrets_list.py +22 -15
  122. pulumi_vault/kv/get_secrets_list_v2.py +35 -19
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +19 -18
  125. pulumi_vault/kv/secret_backend_v2.py +12 -11
  126. pulumi_vault/kv/secret_v2.py +55 -52
  127. pulumi_vault/ldap/auth_backend.py +125 -168
  128. pulumi_vault/ldap/auth_backend_group.py +12 -11
  129. pulumi_vault/ldap/auth_backend_user.py +12 -11
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +352 -84
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +14 -11
  135. pulumi_vault/ldap/secret_backend_static_role.py +67 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +27 -43
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +16 -13
  140. pulumi_vault/mfa_okta.py +16 -13
  141. pulumi_vault/mfa_pingid.py +16 -13
  142. pulumi_vault/mfa_totp.py +22 -19
  143. pulumi_vault/mongodbatlas/secret_backend.py +18 -17
  144. pulumi_vault/mongodbatlas/secret_role.py +41 -38
  145. pulumi_vault/mount.py +389 -65
  146. pulumi_vault/namespace.py +26 -21
  147. pulumi_vault/nomad_secret_backend.py +16 -15
  148. pulumi_vault/nomad_secret_role.py +12 -11
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +483 -41
  151. pulumi_vault/okta/auth_backend_group.py +12 -11
  152. pulumi_vault/okta/auth_backend_user.py +12 -11
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +18 -15
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -13
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -12
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
  174. pulumi_vault/pkisecret/secret_backend_key.py +12 -7
  175. pulumi_vault/pkisecret/secret_backend_role.py +19 -16
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +12 -7
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +58 -8
  185. pulumi_vault/quota_rate_limit.py +54 -4
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +16 -15
  189. pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
  190. pulumi_vault/raft_autopilot.py +12 -11
  191. pulumi_vault/raft_snapshot_agent_config.py +121 -311
  192. pulumi_vault/rgp_policy.py +14 -13
  193. pulumi_vault/saml/auth_backend.py +20 -19
  194. pulumi_vault/saml/auth_backend_role.py +90 -199
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -75
  199. pulumi_vault/secrets/sync_aws_destination.py +240 -29
  200. pulumi_vault/secrets/sync_azure_destination.py +90 -33
  201. pulumi_vault/secrets/sync_config.py +7 -6
  202. pulumi_vault/secrets/sync_gcp_destination.py +156 -27
  203. pulumi_vault/secrets/sync_gh_destination.py +187 -15
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +72 -15
  206. pulumi_vault/ssh/_inputs.py +28 -32
  207. pulumi_vault/ssh/outputs.py +11 -32
  208. pulumi_vault/ssh/secret_backend_ca.py +106 -11
  209. pulumi_vault/ssh/secret_backend_role.py +83 -120
  210. pulumi_vault/terraformcloud/secret_backend.py +5 -56
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -24
  212. pulumi_vault/terraformcloud/secret_role.py +14 -76
  213. pulumi_vault/token.py +26 -25
  214. pulumi_vault/tokenauth/auth_backend_role.py +76 -201
  215. pulumi_vault/transform/alphabet.py +16 -13
  216. pulumi_vault/transform/get_decode.py +45 -21
  217. pulumi_vault/transform/get_encode.py +45 -21
  218. pulumi_vault/transform/role.py +16 -13
  219. pulumi_vault/transform/template.py +30 -25
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -25
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +25 -97
  224. pulumi_vault/transit/secret_cache_config.py +12 -11
  225. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736850018.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736850018.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['SyncGcpDestinationArgs', 'SyncGcpDestination']
@@ -15,20 +20,28 @@ __all__ = ['SyncGcpDestinationArgs', 'SyncGcpDestination']
15
20
  class SyncGcpDestinationArgs:
16
21
  def __init__(__self__, *,
17
22
  credentials: Optional[pulumi.Input[str]] = None,
18
- custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
23
+ custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
24
+ granularity: Optional[pulumi.Input[str]] = None,
19
25
  name: Optional[pulumi.Input[str]] = None,
20
26
  namespace: Optional[pulumi.Input[str]] = None,
27
+ project_id: Optional[pulumi.Input[str]] = None,
21
28
  secret_name_template: Optional[pulumi.Input[str]] = None):
22
29
  """
23
30
  The set of arguments for constructing a SyncGcpDestination resource.
24
31
  :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
25
32
  Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
26
33
  variable.
27
- :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
34
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
35
+ :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
36
+ at the destination. Supports `secret-path` and `secret-key`.
28
37
  :param pulumi.Input[str] name: Unique name of the GCP destination.
29
38
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
30
39
  The value should not contain leading or trailing forward slashes.
31
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
40
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
41
+ :param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
42
+ overrides the project ID derived from the service account JSON credentials or application
43
+ default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
44
+ to perform Secret Manager actions in the target project.
32
45
  :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
33
46
  Supports a subset of the Go Template syntax.
34
47
  """
@@ -36,10 +49,14 @@ class SyncGcpDestinationArgs:
36
49
  pulumi.set(__self__, "credentials", credentials)
37
50
  if custom_tags is not None:
38
51
  pulumi.set(__self__, "custom_tags", custom_tags)
52
+ if granularity is not None:
53
+ pulumi.set(__self__, "granularity", granularity)
39
54
  if name is not None:
40
55
  pulumi.set(__self__, "name", name)
41
56
  if namespace is not None:
42
57
  pulumi.set(__self__, "namespace", namespace)
58
+ if project_id is not None:
59
+ pulumi.set(__self__, "project_id", project_id)
43
60
  if secret_name_template is not None:
44
61
  pulumi.set(__self__, "secret_name_template", secret_name_template)
45
62
 
@@ -59,16 +76,29 @@ class SyncGcpDestinationArgs:
59
76
 
60
77
  @property
61
78
  @pulumi.getter(name="customTags")
62
- def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
79
+ def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
63
80
  """
64
81
  Custom tags to set on the secret managed at the destination.
65
82
  """
66
83
  return pulumi.get(self, "custom_tags")
67
84
 
68
85
  @custom_tags.setter
69
- def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
86
+ def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
70
87
  pulumi.set(self, "custom_tags", value)
71
88
 
89
+ @property
90
+ @pulumi.getter
91
+ def granularity(self) -> Optional[pulumi.Input[str]]:
92
+ """
93
+ Determines what level of information is synced as a distinct resource
94
+ at the destination. Supports `secret-path` and `secret-key`.
95
+ """
96
+ return pulumi.get(self, "granularity")
97
+
98
+ @granularity.setter
99
+ def granularity(self, value: Optional[pulumi.Input[str]]):
100
+ pulumi.set(self, "granularity", value)
101
+
72
102
  @property
73
103
  @pulumi.getter
74
104
  def name(self) -> Optional[pulumi.Input[str]]:
@@ -87,7 +117,7 @@ class SyncGcpDestinationArgs:
87
117
  """
88
118
  The namespace to provision the resource in.
89
119
  The value should not contain leading or trailing forward slashes.
90
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
120
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
91
121
  """
92
122
  return pulumi.get(self, "namespace")
93
123
 
@@ -95,6 +125,21 @@ class SyncGcpDestinationArgs:
95
125
  def namespace(self, value: Optional[pulumi.Input[str]]):
96
126
  pulumi.set(self, "namespace", value)
97
127
 
128
+ @property
129
+ @pulumi.getter(name="projectId")
130
+ def project_id(self) -> Optional[pulumi.Input[str]]:
131
+ """
132
+ The target project to manage secrets in. If set,
133
+ overrides the project ID derived from the service account JSON credentials or application
134
+ default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
135
+ to perform Secret Manager actions in the target project.
136
+ """
137
+ return pulumi.get(self, "project_id")
138
+
139
+ @project_id.setter
140
+ def project_id(self, value: Optional[pulumi.Input[str]]):
141
+ pulumi.set(self, "project_id", value)
142
+
98
143
  @property
99
144
  @pulumi.getter(name="secretNameTemplate")
100
145
  def secret_name_template(self) -> Optional[pulumi.Input[str]]:
@@ -113,9 +158,11 @@ class SyncGcpDestinationArgs:
113
158
  class _SyncGcpDestinationState:
114
159
  def __init__(__self__, *,
115
160
  credentials: Optional[pulumi.Input[str]] = None,
116
- custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
161
+ custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
162
+ granularity: Optional[pulumi.Input[str]] = None,
117
163
  name: Optional[pulumi.Input[str]] = None,
118
164
  namespace: Optional[pulumi.Input[str]] = None,
165
+ project_id: Optional[pulumi.Input[str]] = None,
119
166
  secret_name_template: Optional[pulumi.Input[str]] = None,
120
167
  type: Optional[pulumi.Input[str]] = None):
121
168
  """
@@ -123,11 +170,17 @@ class _SyncGcpDestinationState:
123
170
  :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
124
171
  Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
125
172
  variable.
126
- :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
173
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
174
+ :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
175
+ at the destination. Supports `secret-path` and `secret-key`.
127
176
  :param pulumi.Input[str] name: Unique name of the GCP destination.
128
177
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
129
178
  The value should not contain leading or trailing forward slashes.
130
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
179
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
180
+ :param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
181
+ overrides the project ID derived from the service account JSON credentials or application
182
+ default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
183
+ to perform Secret Manager actions in the target project.
131
184
  :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
132
185
  Supports a subset of the Go Template syntax.
133
186
  :param pulumi.Input[str] type: The type of the secrets destination (`gcp-sm`).
@@ -136,10 +189,14 @@ class _SyncGcpDestinationState:
136
189
  pulumi.set(__self__, "credentials", credentials)
137
190
  if custom_tags is not None:
138
191
  pulumi.set(__self__, "custom_tags", custom_tags)
192
+ if granularity is not None:
193
+ pulumi.set(__self__, "granularity", granularity)
139
194
  if name is not None:
140
195
  pulumi.set(__self__, "name", name)
141
196
  if namespace is not None:
142
197
  pulumi.set(__self__, "namespace", namespace)
198
+ if project_id is not None:
199
+ pulumi.set(__self__, "project_id", project_id)
143
200
  if secret_name_template is not None:
144
201
  pulumi.set(__self__, "secret_name_template", secret_name_template)
145
202
  if type is not None:
@@ -161,16 +218,29 @@ class _SyncGcpDestinationState:
161
218
 
162
219
  @property
163
220
  @pulumi.getter(name="customTags")
164
- def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
221
+ def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
165
222
  """
166
223
  Custom tags to set on the secret managed at the destination.
167
224
  """
168
225
  return pulumi.get(self, "custom_tags")
169
226
 
170
227
  @custom_tags.setter
171
- def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
228
+ def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
172
229
  pulumi.set(self, "custom_tags", value)
173
230
 
231
+ @property
232
+ @pulumi.getter
233
+ def granularity(self) -> Optional[pulumi.Input[str]]:
234
+ """
235
+ Determines what level of information is synced as a distinct resource
236
+ at the destination. Supports `secret-path` and `secret-key`.
237
+ """
238
+ return pulumi.get(self, "granularity")
239
+
240
+ @granularity.setter
241
+ def granularity(self, value: Optional[pulumi.Input[str]]):
242
+ pulumi.set(self, "granularity", value)
243
+
174
244
  @property
175
245
  @pulumi.getter
176
246
  def name(self) -> Optional[pulumi.Input[str]]:
@@ -189,7 +259,7 @@ class _SyncGcpDestinationState:
189
259
  """
190
260
  The namespace to provision the resource in.
191
261
  The value should not contain leading or trailing forward slashes.
192
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
262
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
193
263
  """
194
264
  return pulumi.get(self, "namespace")
195
265
 
@@ -197,6 +267,21 @@ class _SyncGcpDestinationState:
197
267
  def namespace(self, value: Optional[pulumi.Input[str]]):
198
268
  pulumi.set(self, "namespace", value)
199
269
 
270
+ @property
271
+ @pulumi.getter(name="projectId")
272
+ def project_id(self) -> Optional[pulumi.Input[str]]:
273
+ """
274
+ The target project to manage secrets in. If set,
275
+ overrides the project ID derived from the service account JSON credentials or application
276
+ default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
277
+ to perform Secret Manager actions in the target project.
278
+ """
279
+ return pulumi.get(self, "project_id")
280
+
281
+ @project_id.setter
282
+ def project_id(self, value: Optional[pulumi.Input[str]]):
283
+ pulumi.set(self, "project_id", value)
284
+
200
285
  @property
201
286
  @pulumi.getter(name="secretNameTemplate")
202
287
  def secret_name_template(self) -> Optional[pulumi.Input[str]]:
@@ -229,27 +314,30 @@ class SyncGcpDestination(pulumi.CustomResource):
229
314
  resource_name: str,
230
315
  opts: Optional[pulumi.ResourceOptions] = None,
231
316
  credentials: Optional[pulumi.Input[str]] = None,
232
- custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
317
+ custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
318
+ granularity: Optional[pulumi.Input[str]] = None,
233
319
  name: Optional[pulumi.Input[str]] = None,
234
320
  namespace: Optional[pulumi.Input[str]] = None,
321
+ project_id: Optional[pulumi.Input[str]] = None,
235
322
  secret_name_template: Optional[pulumi.Input[str]] = None,
236
323
  __props__=None):
237
324
  """
238
325
  ## Example Usage
239
326
 
240
- <!--Start PulumiCodeChooser -->
241
327
  ```python
242
328
  import pulumi
329
+ import pulumi_std as std
243
330
  import pulumi_vault as vault
244
331
 
245
332
  gcp = vault.secrets.SyncGcpDestination("gcp",
246
- credentials=(lambda path: open(path).read())(var["credentials_file"]),
333
+ name="gcp-dest",
334
+ project_id="gcp-project-id",
335
+ credentials=std.file(input=credentials_file).result,
247
336
  secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
248
337
  custom_tags={
249
338
  "foo": "bar",
250
339
  })
251
340
  ```
252
- <!--End PulumiCodeChooser -->
253
341
 
254
342
  ## Import
255
343
 
@@ -264,11 +352,17 @@ class SyncGcpDestination(pulumi.CustomResource):
264
352
  :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
265
353
  Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
266
354
  variable.
267
- :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
355
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
356
+ :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
357
+ at the destination. Supports `secret-path` and `secret-key`.
268
358
  :param pulumi.Input[str] name: Unique name of the GCP destination.
269
359
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
270
360
  The value should not contain leading or trailing forward slashes.
271
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
361
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
362
+ :param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
363
+ overrides the project ID derived from the service account JSON credentials or application
364
+ default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
365
+ to perform Secret Manager actions in the target project.
272
366
  :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
273
367
  Supports a subset of the Go Template syntax.
274
368
  """
@@ -281,19 +375,20 @@ class SyncGcpDestination(pulumi.CustomResource):
281
375
  """
282
376
  ## Example Usage
283
377
 
284
- <!--Start PulumiCodeChooser -->
285
378
  ```python
286
379
  import pulumi
380
+ import pulumi_std as std
287
381
  import pulumi_vault as vault
288
382
 
289
383
  gcp = vault.secrets.SyncGcpDestination("gcp",
290
- credentials=(lambda path: open(path).read())(var["credentials_file"]),
384
+ name="gcp-dest",
385
+ project_id="gcp-project-id",
386
+ credentials=std.file(input=credentials_file).result,
291
387
  secret_name_template="vault_{{ .MountAccessor | lowercase }}_{{ .SecretPath | lowercase }}",
292
388
  custom_tags={
293
389
  "foo": "bar",
294
390
  })
295
391
  ```
296
- <!--End PulumiCodeChooser -->
297
392
 
298
393
  ## Import
299
394
 
@@ -319,9 +414,11 @@ class SyncGcpDestination(pulumi.CustomResource):
319
414
  resource_name: str,
320
415
  opts: Optional[pulumi.ResourceOptions] = None,
321
416
  credentials: Optional[pulumi.Input[str]] = None,
322
- custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
417
+ custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
418
+ granularity: Optional[pulumi.Input[str]] = None,
323
419
  name: Optional[pulumi.Input[str]] = None,
324
420
  namespace: Optional[pulumi.Input[str]] = None,
421
+ project_id: Optional[pulumi.Input[str]] = None,
325
422
  secret_name_template: Optional[pulumi.Input[str]] = None,
326
423
  __props__=None):
327
424
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -334,8 +431,10 @@ class SyncGcpDestination(pulumi.CustomResource):
334
431
 
335
432
  __props__.__dict__["credentials"] = None if credentials is None else pulumi.Output.secret(credentials)
336
433
  __props__.__dict__["custom_tags"] = custom_tags
434
+ __props__.__dict__["granularity"] = granularity
337
435
  __props__.__dict__["name"] = name
338
436
  __props__.__dict__["namespace"] = namespace
437
+ __props__.__dict__["project_id"] = project_id
339
438
  __props__.__dict__["secret_name_template"] = secret_name_template
340
439
  __props__.__dict__["type"] = None
341
440
  secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["credentials"])
@@ -351,9 +450,11 @@ class SyncGcpDestination(pulumi.CustomResource):
351
450
  id: pulumi.Input[str],
352
451
  opts: Optional[pulumi.ResourceOptions] = None,
353
452
  credentials: Optional[pulumi.Input[str]] = None,
354
- custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
453
+ custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
454
+ granularity: Optional[pulumi.Input[str]] = None,
355
455
  name: Optional[pulumi.Input[str]] = None,
356
456
  namespace: Optional[pulumi.Input[str]] = None,
457
+ project_id: Optional[pulumi.Input[str]] = None,
357
458
  secret_name_template: Optional[pulumi.Input[str]] = None,
358
459
  type: Optional[pulumi.Input[str]] = None) -> 'SyncGcpDestination':
359
460
  """
@@ -366,11 +467,17 @@ class SyncGcpDestination(pulumi.CustomResource):
366
467
  :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP.
367
468
  Can be omitted and directly provided to Vault using the `GOOGLE_APPLICATION_CREDENTIALS` environment
368
469
  variable.
369
- :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
470
+ :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
471
+ :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
472
+ at the destination. Supports `secret-path` and `secret-key`.
370
473
  :param pulumi.Input[str] name: Unique name of the GCP destination.
371
474
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
372
475
  The value should not contain leading or trailing forward slashes.
373
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
476
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
477
+ :param pulumi.Input[str] project_id: The target project to manage secrets in. If set,
478
+ overrides the project ID derived from the service account JSON credentials or application
479
+ default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
480
+ to perform Secret Manager actions in the target project.
374
481
  :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
375
482
  Supports a subset of the Go Template syntax.
376
483
  :param pulumi.Input[str] type: The type of the secrets destination (`gcp-sm`).
@@ -381,8 +488,10 @@ class SyncGcpDestination(pulumi.CustomResource):
381
488
 
382
489
  __props__.__dict__["credentials"] = credentials
383
490
  __props__.__dict__["custom_tags"] = custom_tags
491
+ __props__.__dict__["granularity"] = granularity
384
492
  __props__.__dict__["name"] = name
385
493
  __props__.__dict__["namespace"] = namespace
494
+ __props__.__dict__["project_id"] = project_id
386
495
  __props__.__dict__["secret_name_template"] = secret_name_template
387
496
  __props__.__dict__["type"] = type
388
497
  return SyncGcpDestination(resource_name, opts=opts, __props__=__props__)
@@ -399,12 +508,21 @@ class SyncGcpDestination(pulumi.CustomResource):
399
508
 
400
509
  @property
401
510
  @pulumi.getter(name="customTags")
402
- def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
511
+ def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
403
512
  """
404
513
  Custom tags to set on the secret managed at the destination.
405
514
  """
406
515
  return pulumi.get(self, "custom_tags")
407
516
 
517
+ @property
518
+ @pulumi.getter
519
+ def granularity(self) -> pulumi.Output[Optional[str]]:
520
+ """
521
+ Determines what level of information is synced as a distinct resource
522
+ at the destination. Supports `secret-path` and `secret-key`.
523
+ """
524
+ return pulumi.get(self, "granularity")
525
+
408
526
  @property
409
527
  @pulumi.getter
410
528
  def name(self) -> pulumi.Output[str]:
@@ -419,10 +537,21 @@ class SyncGcpDestination(pulumi.CustomResource):
419
537
  """
420
538
  The namespace to provision the resource in.
421
539
  The value should not contain leading or trailing forward slashes.
422
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
540
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
423
541
  """
424
542
  return pulumi.get(self, "namespace")
425
543
 
544
+ @property
545
+ @pulumi.getter(name="projectId")
546
+ def project_id(self) -> pulumi.Output[Optional[str]]:
547
+ """
548
+ The target project to manage secrets in. If set,
549
+ overrides the project ID derived from the service account JSON credentials or application
550
+ default credentials. The service account must be [authorized](https://cloud.google.com/iam/docs/service-account-overview#locations)
551
+ to perform Secret Manager actions in the target project.
552
+ """
553
+ return pulumi.get(self, "project_id")
554
+
426
555
  @property
427
556
  @pulumi.getter(name="secretNameTemplate")
428
557
  def secret_name_template(self) -> pulumi.Output[str]: