pulumi-vault 6.0.0__py3-none-any.whl → 6.1.0__py3-none-any.whl

pulumi_vault/mongodbatlas/secret_role.py

@@ -28,7 +28,7 @@ class SecretRoleArgs:
         """
         The set of arguments for constructing a SecretRole resource.
         :param pulumi.Input[str] mount: Path where the MongoDB Atlas Secrets Engine is mounted.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] cidr_blocks: Whitelist entry in CIDR notation to be added for the API key.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: IP address to be added to the whitelist for the API key.
         :param pulumi.Input[str] max_ttl: The maximum allowed lifetime of credentials issued using this role.
@@ -40,8 +40,8 @@ class SecretRoleArgs:
         :param pulumi.Input[str] organization_id: Unique identifier for the organization to which the target API Key belongs. 
                Required if `project_id` is not set.
         :param pulumi.Input[str] project_id: Unique identifier for the project to which the target API Key belongs.
-               Required if `organization_id is` not set.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key.
+               Required if `organization_id` is not set.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
         :param pulumi.Input[str] ttl: Duration in seconds after which the issued credential should expire.
         """
         pulumi.set(__self__, "mount", mount)
@@ -81,7 +81,7 @@ class SecretRoleArgs:
     @pulumi.getter
     def roles(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
         """
-        List of roles that the API Key needs to have.
+        List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
         """
         return pulumi.get(self, "roles")
 
@@ -170,7 +170,7 @@ class SecretRoleArgs:
     def project_id(self) -> Optional[pulumi.Input[str]]:
         """
         Unique identifier for the project to which the target API Key belongs.
-        Required if `organization_id is` not set.
+        Required if `organization_id` is not set.
         """
         return pulumi.get(self, "project_id")
 
@@ -182,7 +182,7 @@ class SecretRoleArgs:
     @pulumi.getter(name="projectRoles")
     def project_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        Roles assigned when an org API key is assigned to a project API key.
+        Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
         """
         return pulumi.get(self, "project_roles")
 
@@ -231,9 +231,9 @@ class _SecretRoleState:
         :param pulumi.Input[str] organization_id: Unique identifier for the organization to which the target API Key belongs. 
                Required if `project_id` is not set.
         :param pulumi.Input[str] project_id: Unique identifier for the project to which the target API Key belongs.
-               Required if `organization_id is` not set.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have.
+               Required if `organization_id` is not set.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
         :param pulumi.Input[str] ttl: Duration in seconds after which the issued credential should expire.
         """
         if cidr_blocks is not None:
@@ -352,7 +352,7 @@ class _SecretRoleState:
     def project_id(self) -> Optional[pulumi.Input[str]]:
         """
         Unique identifier for the project to which the target API Key belongs.
-        Required if `organization_id is` not set.
+        Required if `organization_id` is not set.
         """
         return pulumi.get(self, "project_id")
 
@@ -364,7 +364,7 @@ class _SecretRoleState:
     @pulumi.getter(name="projectRoles")
     def project_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        Roles assigned when an org API key is assigned to a project API key.
+        Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
         """
         return pulumi.get(self, "project_roles")
 
@@ -376,7 +376,7 @@ class _SecretRoleState:
     @pulumi.getter
     def roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        List of roles that the API Key needs to have.
+        List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
         """
         return pulumi.get(self, "roles")
 
@@ -427,17 +427,17 @@ class SecretRole(pulumi.CustomResource):
             type="mongodbatlas",
             description="MongoDB Atlas secret engine mount")
         config = vault.mongodbatlas.SecretBackend("config",
-            mount="vault_mount.mongo.path",
+            mount=mongo.path,
             private_key="privateKey",
             public_key="publicKey")
         role = vault.mongodbatlas.SecretRole("role",
             mount=mongo.path,
             organization_id="7cf5a45a9ccf6400e60981b7",
             project_id="5cf5a45a9ccf6400e60981b6",
-            roles="ORG_READ_ONLY",
+            roles=["ORG_READ_ONLY"],
             ip_addresses="192.168.1.5, 192.168.1.6",
             cidr_blocks="192.168.1.3/35",
-            project_roles="GROUP_READ_ONLY",
+            project_roles=["GROUP_READ_ONLY"],
             ttl="60",
             max_ttl="120")
         ```
@@ -466,9 +466,9 @@ class SecretRole(pulumi.CustomResource):
         :param pulumi.Input[str] organization_id: Unique identifier for the organization to which the target API Key belongs. 
                Required if `project_id` is not set.
         :param pulumi.Input[str] project_id: Unique identifier for the project to which the target API Key belongs.
-               Required if `organization_id is` not set.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have.
+               Required if `organization_id` is not set.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
         :param pulumi.Input[str] ttl: Duration in seconds after which the issued credential should expire.
         """
         ...
@@ -490,17 +490,17 @@ class SecretRole(pulumi.CustomResource):
             type="mongodbatlas",
             description="MongoDB Atlas secret engine mount")
         config = vault.mongodbatlas.SecretBackend("config",
-            mount="vault_mount.mongo.path",
+            mount=mongo.path,
             private_key="privateKey",
             public_key="publicKey")
         role = vault.mongodbatlas.SecretRole("role",
             mount=mongo.path,
             organization_id="7cf5a45a9ccf6400e60981b7",
             project_id="5cf5a45a9ccf6400e60981b6",
-            roles="ORG_READ_ONLY",
+            roles=["ORG_READ_ONLY"],
             ip_addresses="192.168.1.5, 192.168.1.6",
             cidr_blocks="192.168.1.3/35",
-            project_roles="GROUP_READ_ONLY",
+            project_roles=["GROUP_READ_ONLY"],
             ttl="60",
             max_ttl="120")
         ```
@@ -605,9 +605,9 @@ class SecretRole(pulumi.CustomResource):
         :param pulumi.Input[str] organization_id: Unique identifier for the organization to which the target API Key belongs. 
                Required if `project_id` is not set.
         :param pulumi.Input[str] project_id: Unique identifier for the project to which the target API Key belongs.
-               Required if `organization_id is` not set.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have.
+               Required if `organization_id` is not set.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
         :param pulumi.Input[str] ttl: Duration in seconds after which the issued credential should expire.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -692,7 +692,7 @@ class SecretRole(pulumi.CustomResource):
     def project_id(self) -> pulumi.Output[Optional[str]]:
         """
         Unique identifier for the project to which the target API Key belongs.
-        Required if `organization_id is` not set.
+        Required if `organization_id` is not set.
         """
         return pulumi.get(self, "project_id")
 
@@ -700,7 +700,7 @@ class SecretRole(pulumi.CustomResource):
     @pulumi.getter(name="projectRoles")
     def project_roles(self) -> pulumi.Output[Optional[Sequence[str]]]:
         """
-        Roles assigned when an org API key is assigned to a project API key.
+        Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
         """
         return pulumi.get(self, "project_roles")
 
@@ -708,7 +708,7 @@ class SecretRole(pulumi.CustomResource):
     @pulumi.getter
     def roles(self) -> pulumi.Output[Sequence[str]]:
         """
-        List of roles that the API Key needs to have.
+        List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
         """
         return pulumi.get(self, "roles")
 

pulumi_vault/secrets/__init__.py

@@ -13,3 +13,5 @@ from .sync_gcp_destination import *
 from .sync_gh_destination import *
 from .sync_github_apps import *
 from .sync_vercel_destination import *
+from ._inputs import *
+from . import outputs

pulumi_vault/secrets/_inputs.py

@@ -0,0 +1,80 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+from .. import _utilities
+
+__all__ = [
+    'SyncAssociationMetadataArgs',
+]
+
+@pulumi.input_type
+class SyncAssociationMetadataArgs:
+    def __init__(__self__, *,
+                 sub_key: Optional[pulumi.Input[str]] = None,
+                 sync_status: Optional[pulumi.Input[str]] = None,
+                 updated_at: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] sub_key: Subkey of the associated secret.
+        :param pulumi.Input[str] sync_status: A map of sync statuses for each subkey of the associated secret
+               (for ex. `{kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}`).
+        :param pulumi.Input[str] updated_at: A map of duration strings specifying when each subkey of the associated
+               secret was last updated.
+               (for ex.
+               `{kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00",
+               kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}`).
+        """
+        if sub_key is not None:
+            pulumi.set(__self__, "sub_key", sub_key)
+        if sync_status is not None:
+            pulumi.set(__self__, "sync_status", sync_status)
+        if updated_at is not None:
+            pulumi.set(__self__, "updated_at", updated_at)
+
+    @property
+    @pulumi.getter(name="subKey")
+    def sub_key(self) -> Optional[pulumi.Input[str]]:
+        """
+        Subkey of the associated secret.
+        """
+        return pulumi.get(self, "sub_key")
+
+    @sub_key.setter
+    def sub_key(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "sub_key", value)
+
+    @property
+    @pulumi.getter(name="syncStatus")
+    def sync_status(self) -> Optional[pulumi.Input[str]]:
+        """
+        A map of sync statuses for each subkey of the associated secret
+        (for ex. `{kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}`).
+        """
+        return pulumi.get(self, "sync_status")
+
+    @sync_status.setter
+    def sync_status(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "sync_status", value)
+
+    @property
+    @pulumi.getter(name="updatedAt")
+    def updated_at(self) -> Optional[pulumi.Input[str]]:
+        """
+        A map of duration strings specifying when each subkey of the associated
+        secret was last updated.
+        (for ex.
+        `{kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00",
+        kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}`).
+        """
+        return pulumi.get(self, "updated_at")
+
+    @updated_at.setter
+    def updated_at(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "updated_at", value)
+
+

pulumi_vault/secrets/outputs.py

@@ -0,0 +1,89 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+from .. import _utilities
+
+__all__ = [
+    'SyncAssociationMetadata',
+]
+
+@pulumi.output_type
+class SyncAssociationMetadata(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "subKey":
+            suggest = "sub_key"
+        elif key == "syncStatus":
+            suggest = "sync_status"
+        elif key == "updatedAt":
+            suggest = "updated_at"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in SyncAssociationMetadata. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        SyncAssociationMetadata.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        SyncAssociationMetadata.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 sub_key: Optional[str] = None,
+                 sync_status: Optional[str] = None,
+                 updated_at: Optional[str] = None):
+        """
+        :param str sub_key: Subkey of the associated secret.
+        :param str sync_status: A map of sync statuses for each subkey of the associated secret
+               (for ex. `{kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}`).
+        :param str updated_at: A map of duration strings specifying when each subkey of the associated
+               secret was last updated.
+               (for ex.
+               `{kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00",
+               kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}`).
+        """
+        if sub_key is not None:
+            pulumi.set(__self__, "sub_key", sub_key)
+        if sync_status is not None:
+            pulumi.set(__self__, "sync_status", sync_status)
+        if updated_at is not None:
+            pulumi.set(__self__, "updated_at", updated_at)
+
+    @property
+    @pulumi.getter(name="subKey")
+    def sub_key(self) -> Optional[str]:
+        """
+        Subkey of the associated secret.
+        """
+        return pulumi.get(self, "sub_key")
+
+    @property
+    @pulumi.getter(name="syncStatus")
+    def sync_status(self) -> Optional[str]:
+        """
+        A map of sync statuses for each subkey of the associated secret
+        (for ex. `{kv_624bea/aws-token/dev: "SYNCED", kv_624bea/aws-token/prod: "SYNCED"}`).
+        """
+        return pulumi.get(self, "sync_status")
+
+    @property
+    @pulumi.getter(name="updatedAt")
+    def updated_at(self) -> Optional[str]:
+        """
+        A map of duration strings specifying when each subkey of the associated
+        secret was last updated.
+        (for ex.
+        `{kv_624bea/aws-token/dev: "2024-03-21T12:42:02.558533-07:00",
+        kv_624bea/aws-token/prod: "2024-03-21T12:42:02.558533-07:00"}`).
+        """
+        return pulumi.get(self, "updated_at")
+
+

pulumi_vault/secrets/sync_association.py

@@ -8,6 +8,8 @@ import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
 from .. import _utilities
+from . import outputs
+from ._inputs import *
 
 __all__ = ['SyncAssociationArgs', 'SyncAssociation']
 
@@ -103,25 +105,25 @@ class SyncAssociationArgs:
 @pulumi.input_type
 class _SyncAssociationState:
     def __init__(__self__, *,
+                 metadatas: Optional[pulumi.Input[Sequence[pulumi.Input['SyncAssociationMetadataArgs']]]] = None,
                  mount: Optional[pulumi.Input[str]] = None,
                  name: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  secret_name: Optional[pulumi.Input[str]] = None,
-                 sync_status: Optional[pulumi.Input[str]] = None,
-                 type: Optional[pulumi.Input[str]] = None,
-                 updated_at: Optional[pulumi.Input[str]] = None):
+                 type: Optional[pulumi.Input[str]] = None):
         """
         Input properties used for looking up and filtering SyncAssociation resources.
+        :param pulumi.Input[Sequence[pulumi.Input['SyncAssociationMetadataArgs']]] metadatas: Metadata for each subkey of the associated secret.
         :param pulumi.Input[str] mount: Specifies the mount where the secret is located.
         :param pulumi.Input[str] name: Specifies the name of the destination.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         :param pulumi.Input[str] secret_name: Specifies the name of the secret to synchronize.
-        :param pulumi.Input[str] sync_status: Specifies the status of the association (for eg. `SYNCED`).
         :param pulumi.Input[str] type: Specifies the destination type.
-        :param pulumi.Input[str] updated_at: Duration string specifying when the secret was last updated.
         """
+        if metadatas is not None:
+            pulumi.set(__self__, "metadatas", metadatas)
         if mount is not None:
             pulumi.set(__self__, "mount", mount)
         if name is not None:
@@ -130,12 +132,20 @@ class _SyncAssociationState:
             pulumi.set(__self__, "namespace", namespace)
         if secret_name is not None:
             pulumi.set(__self__, "secret_name", secret_name)
-        if sync_status is not None:
-            pulumi.set(__self__, "sync_status", sync_status)
         if type is not None:
             pulumi.set(__self__, "type", type)
-        if updated_at is not None:
-            pulumi.set(__self__, "updated_at", updated_at)
+
+    @property
+    @pulumi.getter
+    def metadatas(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SyncAssociationMetadataArgs']]]]:
+        """
+        Metadata for each subkey of the associated secret.
+        """
+        return pulumi.get(self, "metadatas")
+
+    @metadatas.setter
+    def metadatas(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SyncAssociationMetadataArgs']]]]):
+        pulumi.set(self, "metadatas", value)
 
     @property
     @pulumi.getter
@@ -187,18 +197,6 @@ class _SyncAssociationState:
     def secret_name(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "secret_name", value)
 
-    @property
-    @pulumi.getter(name="syncStatus")
-    def sync_status(self) -> Optional[pulumi.Input[str]]:
-        """
-        Specifies the status of the association (for eg. `SYNCED`).
-        """
-        return pulumi.get(self, "sync_status")
-
-    @sync_status.setter
-    def sync_status(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "sync_status", value)
-
     @property
     @pulumi.getter
     def type(self) -> Optional[pulumi.Input[str]]:
@@ -211,18 +209,6 @@ class _SyncAssociationState:
     def type(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "type", value)
 
-    @property
-    @pulumi.getter(name="updatedAt")
-    def updated_at(self) -> Optional[pulumi.Input[str]]:
-        """
-        Duration string specifying when the secret was last updated.
-        """
-        return pulumi.get(self, "updated_at")
-
-    @updated_at.setter
-    def updated_at(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "updated_at", value)
-
 
 class SyncAssociation(pulumi.CustomResource):
     @overload
@@ -359,8 +345,7 @@ class SyncAssociation(pulumi.CustomResource):
             if type is None and not opts.urn:
                 raise TypeError("Missing required property 'type'")
             __props__.__dict__["type"] = type
-            __props__.__dict__["sync_status"] = None
-            __props__.__dict__["updated_at"] = None
+            __props__.__dict__["metadatas"] = None
         super(SyncAssociation, __self__).__init__(
             'vault:secrets/syncAssociation:SyncAssociation',
             resource_name,
@@ -371,13 +356,12 @@ class SyncAssociation(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
+            metadatas: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SyncAssociationMetadataArgs']]]]] = None,
             mount: Optional[pulumi.Input[str]] = None,
             name: Optional[pulumi.Input[str]] = None,
             namespace: Optional[pulumi.Input[str]] = None,
             secret_name: Optional[pulumi.Input[str]] = None,
-            sync_status: Optional[pulumi.Input[str]] = None,
-            type: Optional[pulumi.Input[str]] = None,
-            updated_at: Optional[pulumi.Input[str]] = None) -> 'SyncAssociation':
+            type: Optional[pulumi.Input[str]] = None) -> 'SyncAssociation':
         """
         Get an existing SyncAssociation resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -385,29 +369,35 @@ class SyncAssociation(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SyncAssociationMetadataArgs']]]] metadatas: Metadata for each subkey of the associated secret.
         :param pulumi.Input[str] mount: Specifies the mount where the secret is located.
         :param pulumi.Input[str] name: Specifies the name of the destination.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         :param pulumi.Input[str] secret_name: Specifies the name of the secret to synchronize.
-        :param pulumi.Input[str] sync_status: Specifies the status of the association (for eg. `SYNCED`).
         :param pulumi.Input[str] type: Specifies the destination type.
-        :param pulumi.Input[str] updated_at: Duration string specifying when the secret was last updated.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
         __props__ = _SyncAssociationState.__new__(_SyncAssociationState)
 
+        __props__.__dict__["metadatas"] = metadatas
         __props__.__dict__["mount"] = mount
         __props__.__dict__["name"] = name
         __props__.__dict__["namespace"] = namespace
         __props__.__dict__["secret_name"] = secret_name
-        __props__.__dict__["sync_status"] = sync_status
         __props__.__dict__["type"] = type
-        __props__.__dict__["updated_at"] = updated_at
         return SyncAssociation(resource_name, opts=opts, __props__=__props__)
 
+    @property
+    @pulumi.getter
+    def metadatas(self) -> pulumi.Output[Sequence['outputs.SyncAssociationMetadata']]:
+        """
+        Metadata for each subkey of the associated secret.
+        """
+        return pulumi.get(self, "metadatas")
+
     @property
     @pulumi.getter
     def mount(self) -> pulumi.Output[str]:
@@ -442,14 +432,6 @@ class SyncAssociation(pulumi.CustomResource):
         """
         return pulumi.get(self, "secret_name")
 
-    @property
-    @pulumi.getter(name="syncStatus")
-    def sync_status(self) -> pulumi.Output[str]:
-        """
-        Specifies the status of the association (for eg. `SYNCED`).
-        """
-        return pulumi.get(self, "sync_status")
-
     @property
     @pulumi.getter
     def type(self) -> pulumi.Output[str]:
@@ -458,11 +440,3 @@ class SyncAssociation(pulumi.CustomResource):
         """
         return pulumi.get(self, "type")
 
-    @property
-    @pulumi.getter(name="updatedAt")
-    def updated_at(self) -> pulumi.Output[str]:
-        """
-        Duration string specifying when the secret was last updated.
-        """
-        return pulumi.get(self, "updated_at")
-