pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736850018__py3-none-any.whl

pulumi_vault/ssh/_inputs.py

@@ -4,37 +4,46 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [
     'SecretBackendRoleAllowedUserKeyConfigArgs',
+    'SecretBackendRoleAllowedUserKeyConfigArgsDict',
 ]
 
+MYPY = False
+
+if not MYPY:
+    class SecretBackendRoleAllowedUserKeyConfigArgsDict(TypedDict):
+        lengths: pulumi.Input[Sequence[pulumi.Input[int]]]
+        """
+        List of allowed key lengths, vault-1.10 and above
+        """
+        type: pulumi.Input[str]
+        """
+        Key type, choices:
+        rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521
+        """
+elif False:
+    SecretBackendRoleAllowedUserKeyConfigArgsDict: TypeAlias = Mapping[str, Any]
+
 @pulumi.input_type
 class SecretBackendRoleAllowedUserKeyConfigArgs:
     def __init__(__self__, *,
                  lengths: pulumi.Input[Sequence[pulumi.Input[int]]],
                  type: pulumi.Input[str]):
         """
-        :param pulumi.Input[Sequence[pulumi.Input[int]]] lengths: A list of allowed key lengths as integers. 
-               For key types that do not support setting the length a value of `[0]` should be used.
-               Setting multiple lengths is only supported on Vault 1.10+. For prior releases `length`
-               must be set to a single element list.
-               
-               Example configuration blocks that might be included in the `ssh.SecretBackendRole`
-               
-               <!--Start PulumiCodeChooser -->
-               ```python
-               import pulumi
-               ```
-               <!--End PulumiCodeChooser -->
-        :param pulumi.Input[str] type: The SSH public key type.  
-               *Supported key types are:*
-               `rsa`, `ecdsa`, `ec`, `dsa`, `ed25519`, `ssh-rsa`, `ssh-dss`, `ssh-ed25519`,
-               `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`
+        :param pulumi.Input[Sequence[pulumi.Input[int]]] lengths: List of allowed key lengths, vault-1.10 and above
+        :param pulumi.Input[str] type: Key type, choices:
+               rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521
         """
         pulumi.set(__self__, "lengths", lengths)
         pulumi.set(__self__, "type", type)
@@ -43,18 +52,7 @@ class SecretBackendRoleAllowedUserKeyConfigArgs:
     @pulumi.getter
     def lengths(self) -> pulumi.Input[Sequence[pulumi.Input[int]]]:
         """
-        A list of allowed key lengths as integers. 
-        For key types that do not support setting the length a value of `[0]` should be used.
-        Setting multiple lengths is only supported on Vault 1.10+. For prior releases `length`
-        must be set to a single element list.
-
-        Example configuration blocks that might be included in the `ssh.SecretBackendRole`
-
-        <!--Start PulumiCodeChooser -->
-        ```python
-        import pulumi
-        ```
-        <!--End PulumiCodeChooser -->
+        List of allowed key lengths, vault-1.10 and above
         """
         return pulumi.get(self, "lengths")
 
@@ -66,10 +64,8 @@ class SecretBackendRoleAllowedUserKeyConfigArgs:
     @pulumi.getter
     def type(self) -> pulumi.Input[str]:
         """
-        The SSH public key type.  
-        *Supported key types are:*
-        `rsa`, `ecdsa`, `ec`, `dsa`, `ed25519`, `ssh-rsa`, `ssh-dss`, `ssh-ed25519`,
-        `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`
+        Key type, choices:
+        rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521
         """
         return pulumi.get(self, "type")
 

pulumi_vault/ssh/outputs.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [
@@ -19,22 +24,9 @@ class SecretBackendRoleAllowedUserKeyConfig(dict):
                  lengths: Sequence[int],
                  type: str):
         """
-        :param Sequence[int] lengths: A list of allowed key lengths as integers. 
-               For key types that do not support setting the length a value of `[0]` should be used.
-               Setting multiple lengths is only supported on Vault 1.10+. For prior releases `length`
-               must be set to a single element list.
-               
-               Example configuration blocks that might be included in the `ssh.SecretBackendRole`
-               
-               <!--Start PulumiCodeChooser -->
-               ```python
-               import pulumi
-               ```
-               <!--End PulumiCodeChooser -->
-        :param str type: The SSH public key type.  
-               *Supported key types are:*
-               `rsa`, `ecdsa`, `ec`, `dsa`, `ed25519`, `ssh-rsa`, `ssh-dss`, `ssh-ed25519`,
-               `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`
+        :param Sequence[int] lengths: List of allowed key lengths, vault-1.10 and above
+        :param str type: Key type, choices:
+               rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521
         """
         pulumi.set(__self__, "lengths", lengths)
         pulumi.set(__self__, "type", type)
@@ -43,18 +35,7 @@ class SecretBackendRoleAllowedUserKeyConfig(dict):
     @pulumi.getter
     def lengths(self) -> Sequence[int]:
         """
-        A list of allowed key lengths as integers. 
-        For key types that do not support setting the length a value of `[0]` should be used.
-        Setting multiple lengths is only supported on Vault 1.10+. For prior releases `length`
-        must be set to a single element list.
-
-        Example configuration blocks that might be included in the `ssh.SecretBackendRole`
-
-        <!--Start PulumiCodeChooser -->
-        ```python
-        import pulumi
-        ```
-        <!--End PulumiCodeChooser -->
+        List of allowed key lengths, vault-1.10 and above
         """
         return pulumi.get(self, "lengths")
 
@@ -62,10 +43,8 @@ class SecretBackendRoleAllowedUserKeyConfig(dict):
     @pulumi.getter
     def type(self) -> str:
         """
-        The SSH public key type.  
-        *Supported key types are:*
-        `rsa`, `ecdsa`, `ec`, `dsa`, `ed25519`, `ssh-rsa`, `ssh-dss`, `ssh-ed25519`,
-        `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`
+        Key type, choices:
+        rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521
         """
         return pulumi.get(self, "type")
 

pulumi_vault/ssh/secret_backend_ca.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['SecretBackendCaArgs', 'SecretBackendCa']
@@ -16,6 +21,8 @@ class SecretBackendCaArgs:
     def __init__(__self__, *,
                  backend: Optional[pulumi.Input[str]] = None,
                  generate_signing_key: Optional[pulumi.Input[bool]] = None,
+                 key_bits: Optional[pulumi.Input[int]] = None,
+                 key_type: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  private_key: Optional[pulumi.Input[str]] = None,
                  public_key: Optional[pulumi.Input[str]] = None):
@@ -23,9 +30,11 @@ class SecretBackendCaArgs:
         The set of arguments for constructing a SecretBackendCa resource.
         :param pulumi.Input[str] backend: The path where the SSH secret backend is mounted. Defaults to 'ssh'
         :param pulumi.Input[bool] generate_signing_key: Whether Vault should generate the signing key pair internally. Defaults to true
+        :param pulumi.Input[int] key_bits: Specifies the desired key bits for the generated SSH CA key when `generate_signing_key` is set to `true`.
+        :param pulumi.Input[str] key_type: Specifies the desired key type for the generated SSH CA key when `generate_signing_key` is set to `true`.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] private_key: Private key part the SSH CA key pair; required if generate_signing_key is false.
         :param pulumi.Input[str] public_key: The public key part the SSH CA key pair; required if generate_signing_key is false.
@@ -34,6 +43,10 @@ class SecretBackendCaArgs:
             pulumi.set(__self__, "backend", backend)
         if generate_signing_key is not None:
             pulumi.set(__self__, "generate_signing_key", generate_signing_key)
+        if key_bits is not None:
+            pulumi.set(__self__, "key_bits", key_bits)
+        if key_type is not None:
+            pulumi.set(__self__, "key_type", key_type)
         if namespace is not None:
             pulumi.set(__self__, "namespace", namespace)
         if private_key is not None:
@@ -65,13 +78,37 @@ class SecretBackendCaArgs:
     def generate_signing_key(self, value: Optional[pulumi.Input[bool]]):
         pulumi.set(self, "generate_signing_key", value)
 
+    @property
+    @pulumi.getter(name="keyBits")
+    def key_bits(self) -> Optional[pulumi.Input[int]]:
+        """
+        Specifies the desired key bits for the generated SSH CA key when `generate_signing_key` is set to `true`.
+        """
+        return pulumi.get(self, "key_bits")
+
+    @key_bits.setter
+    def key_bits(self, value: Optional[pulumi.Input[int]]):
+        pulumi.set(self, "key_bits", value)
+
+    @property
+    @pulumi.getter(name="keyType")
+    def key_type(self) -> Optional[pulumi.Input[str]]:
+        """
+        Specifies the desired key type for the generated SSH CA key when `generate_signing_key` is set to `true`.
+        """
+        return pulumi.get(self, "key_type")
+
+    @key_type.setter
+    def key_type(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "key_type", value)
+
     @property
     @pulumi.getter
     def namespace(self) -> Optional[pulumi.Input[str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -110,6 +147,8 @@ class _SecretBackendCaState:
     def __init__(__self__, *,
                  backend: Optional[pulumi.Input[str]] = None,
                  generate_signing_key: Optional[pulumi.Input[bool]] = None,
+                 key_bits: Optional[pulumi.Input[int]] = None,
+                 key_type: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  private_key: Optional[pulumi.Input[str]] = None,
                  public_key: Optional[pulumi.Input[str]] = None):
@@ -117,9 +156,11 @@ class _SecretBackendCaState:
         Input properties used for looking up and filtering SecretBackendCa resources.
         :param pulumi.Input[str] backend: The path where the SSH secret backend is mounted. Defaults to 'ssh'
         :param pulumi.Input[bool] generate_signing_key: Whether Vault should generate the signing key pair internally. Defaults to true
+        :param pulumi.Input[int] key_bits: Specifies the desired key bits for the generated SSH CA key when `generate_signing_key` is set to `true`.
+        :param pulumi.Input[str] key_type: Specifies the desired key type for the generated SSH CA key when `generate_signing_key` is set to `true`.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] private_key: Private key part the SSH CA key pair; required if generate_signing_key is false.
         :param pulumi.Input[str] public_key: The public key part the SSH CA key pair; required if generate_signing_key is false.
@@ -128,6 +169,10 @@ class _SecretBackendCaState:
             pulumi.set(__self__, "backend", backend)
         if generate_signing_key is not None:
             pulumi.set(__self__, "generate_signing_key", generate_signing_key)
+        if key_bits is not None:
+            pulumi.set(__self__, "key_bits", key_bits)
+        if key_type is not None:
+            pulumi.set(__self__, "key_type", key_type)
         if namespace is not None:
             pulumi.set(__self__, "namespace", namespace)
         if private_key is not None:
@@ -159,13 +204,37 @@ class _SecretBackendCaState:
     def generate_signing_key(self, value: Optional[pulumi.Input[bool]]):
         pulumi.set(self, "generate_signing_key", value)
 
+    @property
+    @pulumi.getter(name="keyBits")
+    def key_bits(self) -> Optional[pulumi.Input[int]]:
+        """
+        Specifies the desired key bits for the generated SSH CA key when `generate_signing_key` is set to `true`.
+        """
+        return pulumi.get(self, "key_bits")
+
+    @key_bits.setter
+    def key_bits(self, value: Optional[pulumi.Input[int]]):
+        pulumi.set(self, "key_bits", value)
+
+    @property
+    @pulumi.getter(name="keyType")
+    def key_type(self) -> Optional[pulumi.Input[str]]:
+        """
+        Specifies the desired key type for the generated SSH CA key when `generate_signing_key` is set to `true`.
+        """
+        return pulumi.get(self, "key_type")
+
+    @key_type.setter
+    def key_type(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "key_type", value)
+
     @property
     @pulumi.getter
     def namespace(self) -> Optional[pulumi.Input[str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -206,6 +275,8 @@ class SecretBackendCa(pulumi.CustomResource):
                  opts: Optional[pulumi.ResourceOptions] = None,
                  backend: Optional[pulumi.Input[str]] = None,
                  generate_signing_key: Optional[pulumi.Input[bool]] = None,
+                 key_bits: Optional[pulumi.Input[int]] = None,
+                 key_type: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  private_key: Optional[pulumi.Input[str]] = None,
                  public_key: Optional[pulumi.Input[str]] = None,
@@ -216,7 +287,6 @@ class SecretBackendCa(pulumi.CustomResource):
 
         ## Example Usage
 
-        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
@@ -224,7 +294,6 @@ class SecretBackendCa(pulumi.CustomResource):
         example = vault.Mount("example", type="ssh")
         foo = vault.ssh.SecretBackendCa("foo", backend=example.path)
         ```
-        <!--End PulumiCodeChooser -->
 
         ## Import
 
@@ -238,9 +307,11 @@ class SecretBackendCa(pulumi.CustomResource):
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] backend: The path where the SSH secret backend is mounted. Defaults to 'ssh'
         :param pulumi.Input[bool] generate_signing_key: Whether Vault should generate the signing key pair internally. Defaults to true
+        :param pulumi.Input[int] key_bits: Specifies the desired key bits for the generated SSH CA key when `generate_signing_key` is set to `true`.
+        :param pulumi.Input[str] key_type: Specifies the desired key type for the generated SSH CA key when `generate_signing_key` is set to `true`.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] private_key: Private key part the SSH CA key pair; required if generate_signing_key is false.
         :param pulumi.Input[str] public_key: The public key part the SSH CA key pair; required if generate_signing_key is false.
@@ -257,7 +328,6 @@ class SecretBackendCa(pulumi.CustomResource):
 
         ## Example Usage
 
-        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
@@ -265,7 +335,6 @@ class SecretBackendCa(pulumi.CustomResource):
         example = vault.Mount("example", type="ssh")
         foo = vault.ssh.SecretBackendCa("foo", backend=example.path)
         ```
-        <!--End PulumiCodeChooser -->
 
         ## Import
 
@@ -292,6 +361,8 @@ class SecretBackendCa(pulumi.CustomResource):
                  opts: Optional[pulumi.ResourceOptions] = None,
                  backend: Optional[pulumi.Input[str]] = None,
                  generate_signing_key: Optional[pulumi.Input[bool]] = None,
+                 key_bits: Optional[pulumi.Input[int]] = None,
+                 key_type: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  private_key: Optional[pulumi.Input[str]] = None,
                  public_key: Optional[pulumi.Input[str]] = None,
@@ -306,6 +377,8 @@ class SecretBackendCa(pulumi.CustomResource):
 
             __props__.__dict__["backend"] = backend
             __props__.__dict__["generate_signing_key"] = generate_signing_key
+            __props__.__dict__["key_bits"] = key_bits
+            __props__.__dict__["key_type"] = key_type
             __props__.__dict__["namespace"] = namespace
             __props__.__dict__["private_key"] = None if private_key is None else pulumi.Output.secret(private_key)
             __props__.__dict__["public_key"] = public_key
@@ -323,6 +396,8 @@ class SecretBackendCa(pulumi.CustomResource):
             opts: Optional[pulumi.ResourceOptions] = None,
             backend: Optional[pulumi.Input[str]] = None,
             generate_signing_key: Optional[pulumi.Input[bool]] = None,
+            key_bits: Optional[pulumi.Input[int]] = None,
+            key_type: Optional[pulumi.Input[str]] = None,
             namespace: Optional[pulumi.Input[str]] = None,
             private_key: Optional[pulumi.Input[str]] = None,
             public_key: Optional[pulumi.Input[str]] = None) -> 'SecretBackendCa':
@@ -335,9 +410,11 @@ class SecretBackendCa(pulumi.CustomResource):
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] backend: The path where the SSH secret backend is mounted. Defaults to 'ssh'
         :param pulumi.Input[bool] generate_signing_key: Whether Vault should generate the signing key pair internally. Defaults to true
+        :param pulumi.Input[int] key_bits: Specifies the desired key bits for the generated SSH CA key when `generate_signing_key` is set to `true`.
+        :param pulumi.Input[str] key_type: Specifies the desired key type for the generated SSH CA key when `generate_signing_key` is set to `true`.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] private_key: Private key part the SSH CA key pair; required if generate_signing_key is false.
         :param pulumi.Input[str] public_key: The public key part the SSH CA key pair; required if generate_signing_key is false.
@@ -348,6 +425,8 @@ class SecretBackendCa(pulumi.CustomResource):
 
         __props__.__dict__["backend"] = backend
         __props__.__dict__["generate_signing_key"] = generate_signing_key
+        __props__.__dict__["key_bits"] = key_bits
+        __props__.__dict__["key_type"] = key_type
         __props__.__dict__["namespace"] = namespace
         __props__.__dict__["private_key"] = private_key
         __props__.__dict__["public_key"] = public_key
@@ -369,13 +448,29 @@ class SecretBackendCa(pulumi.CustomResource):
         """
         return pulumi.get(self, "generate_signing_key")
 
+    @property
+    @pulumi.getter(name="keyBits")
+    def key_bits(self) -> pulumi.Output[Optional[int]]:
+        """
+        Specifies the desired key bits for the generated SSH CA key when `generate_signing_key` is set to `true`.
+        """
+        return pulumi.get(self, "key_bits")
+
+    @property
+    @pulumi.getter(name="keyType")
+    def key_type(self) -> pulumi.Output[Optional[str]]:
+        """
+        Specifies the desired key type for the generated SSH CA key when `generate_signing_key` is set to `true`.
+        """
+        return pulumi.get(self, "key_type")
+
     @property
     @pulumi.getter
     def namespace(self) -> pulumi.Output[Optional[str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")