pulumi-vault 6.1.0__py3-none-any.whl → 6.1.0a1711522308__py3-none-any.whl

pulumi_vault/__init__.py

@@ -12,8 +12,6 @@ from .cert_auth_backend_role import *
 from .egp_policy import *
 from .get_auth_backend import *
 from .get_auth_backends import *
-from .get_namespace import *
-from .get_namespaces import *
 from .get_nomad_access_token import *
 from .get_policy_document import *
 from .get_raft_autopilot_state import *

pulumi_vault/kubernetes/secret_backend_role.py

@@ -14,9 +14,8 @@ __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
 @pulumi.input_type
 class SecretBackendRoleArgs:
     def __init__(__self__, *,
+                 allowed_kubernetes_namespaces: pulumi.Input[Sequence[pulumi.Input[str]]],
                  backend: pulumi.Input[str],
-                 allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
-                 allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  extra_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  generated_role_rules: Optional[pulumi.Input[str]] = None,
@@ -30,15 +29,10 @@ class SecretBackendRoleArgs:
                  token_max_ttl: Optional[pulumi.Input[int]] = None):
         """
         The set of arguments for constructing a SecretBackendRole resource.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role 
+               can generate credentials for. If set to `*` all namespaces are allowed.
         :param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
                the role in.
-        :param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces 
-               in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
-               of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
-               If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role 
-               can generate credentials for. If set to `*` all namespaces are allowed. If set with
-               `allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated 
                Kubernetes objects.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_labels: Additional labels to apply to all generated Kubernetes 
@@ -68,11 +62,8 @@ class SecretBackendRoleArgs:
         :param pulumi.Input[int] token_default_ttl: The default TTL for generated Kubernetes tokens in seconds.
         :param pulumi.Input[int] token_max_ttl: The maximum TTL for generated Kubernetes tokens in seconds.
         """
+        pulumi.set(__self__, "allowed_kubernetes_namespaces", allowed_kubernetes_namespaces)
         pulumi.set(__self__, "backend", backend)
-        if allowed_kubernetes_namespace_selector is not None:
-            pulumi.set(__self__, "allowed_kubernetes_namespace_selector", allowed_kubernetes_namespace_selector)
-        if allowed_kubernetes_namespaces is not None:
-            pulumi.set(__self__, "allowed_kubernetes_namespaces", allowed_kubernetes_namespaces)
         if extra_annotations is not None:
             pulumi.set(__self__, "extra_annotations", extra_annotations)
         if extra_labels is not None:
@@ -96,6 +87,19 @@ class SecretBackendRoleArgs:
         if token_max_ttl is not None:
             pulumi.set(__self__, "token_max_ttl", token_max_ttl)
 
+    @property
+    @pulumi.getter(name="allowedKubernetesNamespaces")
+    def allowed_kubernetes_namespaces(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
+        """
+        The list of Kubernetes namespaces this role 
+        can generate credentials for. If set to `*` all namespaces are allowed.
+        """
+        return pulumi.get(self, "allowed_kubernetes_namespaces")
+
+    @allowed_kubernetes_namespaces.setter
+    def allowed_kubernetes_namespaces(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
+        pulumi.set(self, "allowed_kubernetes_namespaces", value)
+
     @property
     @pulumi.getter
     def backend(self) -> pulumi.Input[str]:
@@ -109,35 +113,6 @@ class SecretBackendRoleArgs:
     def backend(self, value: pulumi.Input[str]):
         pulumi.set(self, "backend", value)
 
-    @property
-    @pulumi.getter(name="allowedKubernetesNamespaceSelector")
-    def allowed_kubernetes_namespace_selector(self) -> Optional[pulumi.Input[str]]:
-        """
-        A label selector for Kubernetes namespaces 
-        in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
-        of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
-        If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
-        """
-        return pulumi.get(self, "allowed_kubernetes_namespace_selector")
-
-    @allowed_kubernetes_namespace_selector.setter
-    def allowed_kubernetes_namespace_selector(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "allowed_kubernetes_namespace_selector", value)
-
-    @property
-    @pulumi.getter(name="allowedKubernetesNamespaces")
-    def allowed_kubernetes_namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        The list of Kubernetes namespaces this role 
-        can generate credentials for. If set to `*` all namespaces are allowed. If set with
-        `allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
-        """
-        return pulumi.get(self, "allowed_kubernetes_namespaces")
-
-    @allowed_kubernetes_namespaces.setter
-    def allowed_kubernetes_namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "allowed_kubernetes_namespaces", value)
-
     @property
     @pulumi.getter(name="extraAnnotations")
     def extra_annotations(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
@@ -291,7 +266,6 @@ class SecretBackendRoleArgs:
 @pulumi.input_type
 class _SecretBackendRoleState:
     def __init__(__self__, *,
-                 allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
                  allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  backend: Optional[pulumi.Input[str]] = None,
                  extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
@@ -307,13 +281,8 @@ class _SecretBackendRoleState:
                  token_max_ttl: Optional[pulumi.Input[int]] = None):
         """
         Input properties used for looking up and filtering SecretBackendRole resources.
-        :param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces 
-               in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
-               of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
-               If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role 
-               can generate credentials for. If set to `*` all namespaces are allowed. If set with
-               `allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
+               can generate credentials for. If set to `*` all namespaces are allowed.
         :param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
                the role in.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated 
@@ -345,8 +314,6 @@ class _SecretBackendRoleState:
         :param pulumi.Input[int] token_default_ttl: The default TTL for generated Kubernetes tokens in seconds.
         :param pulumi.Input[int] token_max_ttl: The maximum TTL for generated Kubernetes tokens in seconds.
         """
-        if allowed_kubernetes_namespace_selector is not None:
-            pulumi.set(__self__, "allowed_kubernetes_namespace_selector", allowed_kubernetes_namespace_selector)
         if allowed_kubernetes_namespaces is not None:
             pulumi.set(__self__, "allowed_kubernetes_namespaces", allowed_kubernetes_namespaces)
         if backend is not None:
@@ -374,28 +341,12 @@ class _SecretBackendRoleState:
         if token_max_ttl is not None:
             pulumi.set(__self__, "token_max_ttl", token_max_ttl)
 
-    @property
-    @pulumi.getter(name="allowedKubernetesNamespaceSelector")
-    def allowed_kubernetes_namespace_selector(self) -> Optional[pulumi.Input[str]]:
-        """
-        A label selector for Kubernetes namespaces 
-        in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
-        of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
-        If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
-        """
-        return pulumi.get(self, "allowed_kubernetes_namespace_selector")
-
-    @allowed_kubernetes_namespace_selector.setter
-    def allowed_kubernetes_namespace_selector(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "allowed_kubernetes_namespace_selector", value)
-
     @property
     @pulumi.getter(name="allowedKubernetesNamespaces")
     def allowed_kubernetes_namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
         The list of Kubernetes namespaces this role 
-        can generate credentials for. If set to `*` all namespaces are allowed. If set with
-        `allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
+        can generate credentials for. If set to `*` all namespaces are allowed.
         """
         return pulumi.get(self, "allowed_kubernetes_namespaces")
 
@@ -571,7 +522,6 @@ class SecretBackendRole(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
                  allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  backend: Optional[pulumi.Input[str]] = None,
                  extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
@@ -699,13 +649,8 @@ class SecretBackendRole(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces 
-               in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
-               of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
-               If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role 
-               can generate credentials for. If set to `*` all namespaces are allowed. If set with
-               `allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
+               can generate credentials for. If set to `*` all namespaces are allowed.
         :param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
                the role in.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated 
@@ -869,7 +814,6 @@ class SecretBackendRole(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
                  allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  backend: Optional[pulumi.Input[str]] = None,
                  extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
@@ -892,7 +836,8 @@ class SecretBackendRole(pulumi.CustomResource):
                 raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
             __props__ = SecretBackendRoleArgs.__new__(SecretBackendRoleArgs)
 
-            __props__.__dict__["allowed_kubernetes_namespace_selector"] = allowed_kubernetes_namespace_selector
+            if allowed_kubernetes_namespaces is None and not opts.urn:
+                raise TypeError("Missing required property 'allowed_kubernetes_namespaces'")
             __props__.__dict__["allowed_kubernetes_namespaces"] = allowed_kubernetes_namespaces
             if backend is None and not opts.urn:
                 raise TypeError("Missing required property 'backend'")
@@ -918,7 +863,6 @@ class SecretBackendRole(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            allowed_kubernetes_namespace_selector: Optional[pulumi.Input[str]] = None,
             allowed_kubernetes_namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             backend: Optional[pulumi.Input[str]] = None,
             extra_annotations: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
@@ -939,13 +883,8 @@ class SecretBackendRole(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] allowed_kubernetes_namespace_selector: A label selector for Kubernetes namespaces 
-               in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
-               of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
-               If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_kubernetes_namespaces: The list of Kubernetes namespaces this role 
-               can generate credentials for. If set to `*` all namespaces are allowed. If set with
-               `allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
+               can generate credentials for. If set to `*` all namespaces are allowed.
         :param pulumi.Input[str] backend: The path of the Kubernetes Secrets Engine backend mount to create
                the role in.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] extra_annotations: Additional annotations to apply to all generated 
@@ -981,7 +920,6 @@ class SecretBackendRole(pulumi.CustomResource):
 
         __props__ = _SecretBackendRoleState.__new__(_SecretBackendRoleState)
 
-        __props__.__dict__["allowed_kubernetes_namespace_selector"] = allowed_kubernetes_namespace_selector
         __props__.__dict__["allowed_kubernetes_namespaces"] = allowed_kubernetes_namespaces
         __props__.__dict__["backend"] = backend
         __props__.__dict__["extra_annotations"] = extra_annotations
@@ -997,24 +935,12 @@ class SecretBackendRole(pulumi.CustomResource):
         __props__.__dict__["token_max_ttl"] = token_max_ttl
         return SecretBackendRole(resource_name, opts=opts, __props__=__props__)
 
-    @property
-    @pulumi.getter(name="allowedKubernetesNamespaceSelector")
-    def allowed_kubernetes_namespace_selector(self) -> pulumi.Output[Optional[str]]:
-        """
-        A label selector for Kubernetes namespaces 
-        in which credentials can be generated. Accepts either a JSON or YAML object. The value should be
-        of type [LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#labelselector-v1-meta).
-        If set with `allowed_kubernetes_namespace`, the conditions are `OR`ed.
-        """
-        return pulumi.get(self, "allowed_kubernetes_namespace_selector")
-
     @property
     @pulumi.getter(name="allowedKubernetesNamespaces")
-    def allowed_kubernetes_namespaces(self) -> pulumi.Output[Optional[Sequence[str]]]:
+    def allowed_kubernetes_namespaces(self) -> pulumi.Output[Sequence[str]]:
         """
         The list of Kubernetes namespaces this role 
-        can generate credentials for. If set to `*` all namespaces are allowed. If set with
-        `allowed_kubernetes_namespace_selector`, the conditions are `OR`ed.
+        can generate credentials for. If set to `*` all namespaces are allowed.
         """
         return pulumi.get(self, "allowed_kubernetes_namespaces")
 

pulumi_vault/mongodbatlas/secret_backend.py

@@ -199,11 +199,11 @@ class SecretBackend(pulumi.CustomResource):
         import pulumi_vault as vault
 
         mongo = vault.Mount("mongo",
+            description="MongoDB Atlas secret engine mount",
             path="mongodbatlas",
-            type="mongodbatlas",
-            description="MongoDB Atlas secret engine mount")
+            type="mongodbatlas")
         config = vault.mongodbatlas.SecretBackend("config",
-            mount=mongo.path,
+            mount="vault_mount.mongo.path",
             private_key="privateKey",
             public_key="publicKey")
         ```
@@ -242,11 +242,11 @@ class SecretBackend(pulumi.CustomResource):
         import pulumi_vault as vault
 
         mongo = vault.Mount("mongo",
+            description="MongoDB Atlas secret engine mount",
             path="mongodbatlas",
-            type="mongodbatlas",
-            description="MongoDB Atlas secret engine mount")
+            type="mongodbatlas")
         config = vault.mongodbatlas.SecretBackend("config",
-            mount=mongo.path,
+            mount="vault_mount.mongo.path",
             private_key="privateKey",
             public_key="publicKey")
         ```

pulumi_vault/mongodbatlas/secret_role.py

@@ -28,7 +28,7 @@ class SecretRoleArgs:
         """
         The set of arguments for constructing a SecretRole resource.
         :param pulumi.Input[str] mount: Path where the MongoDB Atlas Secrets Engine is mounted.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] cidr_blocks: Whitelist entry in CIDR notation to be added for the API key.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: IP address to be added to the whitelist for the API key.
         :param pulumi.Input[str] max_ttl: The maximum allowed lifetime of credentials issued using this role.
@@ -40,8 +40,8 @@ class SecretRoleArgs:
         :param pulumi.Input[str] organization_id: Unique identifier for the organization to which the target API Key belongs. 
                Required if `project_id` is not set.
         :param pulumi.Input[str] project_id: Unique identifier for the project to which the target API Key belongs.
-               Required if `organization_id` is not set.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
+               Required if `organization_id is` not set.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key.
         :param pulumi.Input[str] ttl: Duration in seconds after which the issued credential should expire.
         """
         pulumi.set(__self__, "mount", mount)
@@ -81,7 +81,7 @@ class SecretRoleArgs:
     @pulumi.getter
     def roles(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
         """
-        List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
+        List of roles that the API Key needs to have.
         """
         return pulumi.get(self, "roles")
 
@@ -170,7 +170,7 @@ class SecretRoleArgs:
     def project_id(self) -> Optional[pulumi.Input[str]]:
         """
         Unique identifier for the project to which the target API Key belongs.
-        Required if `organization_id` is not set.
+        Required if `organization_id is` not set.
         """
         return pulumi.get(self, "project_id")
 
@@ -182,7 +182,7 @@ class SecretRoleArgs:
     @pulumi.getter(name="projectRoles")
     def project_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
+        Roles assigned when an org API key is assigned to a project API key.
         """
         return pulumi.get(self, "project_roles")
 
@@ -231,9 +231,9 @@ class _SecretRoleState:
         :param pulumi.Input[str] organization_id: Unique identifier for the organization to which the target API Key belongs. 
                Required if `project_id` is not set.
         :param pulumi.Input[str] project_id: Unique identifier for the project to which the target API Key belongs.
-               Required if `organization_id` is not set.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
+               Required if `organization_id is` not set.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have.
         :param pulumi.Input[str] ttl: Duration in seconds after which the issued credential should expire.
         """
         if cidr_blocks is not None:
@@ -352,7 +352,7 @@ class _SecretRoleState:
     def project_id(self) -> Optional[pulumi.Input[str]]:
         """
         Unique identifier for the project to which the target API Key belongs.
-        Required if `organization_id` is not set.
+        Required if `organization_id is` not set.
         """
         return pulumi.get(self, "project_id")
 
@@ -364,7 +364,7 @@ class _SecretRoleState:
     @pulumi.getter(name="projectRoles")
     def project_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
+        Roles assigned when an org API key is assigned to a project API key.
         """
         return pulumi.get(self, "project_roles")
 
@@ -376,7 +376,7 @@ class _SecretRoleState:
     @pulumi.getter
     def roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
+        List of roles that the API Key needs to have.
         """
         return pulumi.get(self, "roles")
 
@@ -427,17 +427,17 @@ class SecretRole(pulumi.CustomResource):
             type="mongodbatlas",
             description="MongoDB Atlas secret engine mount")
         config = vault.mongodbatlas.SecretBackend("config",
-            mount=mongo.path,
+            mount="vault_mount.mongo.path",
             private_key="privateKey",
             public_key="publicKey")
         role = vault.mongodbatlas.SecretRole("role",
             mount=mongo.path,
             organization_id="7cf5a45a9ccf6400e60981b7",
             project_id="5cf5a45a9ccf6400e60981b6",
-            roles=["ORG_READ_ONLY"],
+            roles="ORG_READ_ONLY",
             ip_addresses="192.168.1.5, 192.168.1.6",
             cidr_blocks="192.168.1.3/35",
-            project_roles=["GROUP_READ_ONLY"],
+            project_roles="GROUP_READ_ONLY",
             ttl="60",
             max_ttl="120")
         ```
@@ -466,9 +466,9 @@ class SecretRole(pulumi.CustomResource):
         :param pulumi.Input[str] organization_id: Unique identifier for the organization to which the target API Key belongs. 
                Required if `project_id` is not set.
         :param pulumi.Input[str] project_id: Unique identifier for the project to which the target API Key belongs.
-               Required if `organization_id` is not set.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
+               Required if `organization_id is` not set.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have.
         :param pulumi.Input[str] ttl: Duration in seconds after which the issued credential should expire.
         """
         ...
@@ -490,17 +490,17 @@ class SecretRole(pulumi.CustomResource):
             type="mongodbatlas",
             description="MongoDB Atlas secret engine mount")
         config = vault.mongodbatlas.SecretBackend("config",
-            mount=mongo.path,
+            mount="vault_mount.mongo.path",
             private_key="privateKey",
             public_key="publicKey")
         role = vault.mongodbatlas.SecretRole("role",
             mount=mongo.path,
             organization_id="7cf5a45a9ccf6400e60981b7",
             project_id="5cf5a45a9ccf6400e60981b6",
-            roles=["ORG_READ_ONLY"],
+            roles="ORG_READ_ONLY",
             ip_addresses="192.168.1.5, 192.168.1.6",
             cidr_blocks="192.168.1.3/35",
-            project_roles=["GROUP_READ_ONLY"],
+            project_roles="GROUP_READ_ONLY",
             ttl="60",
             max_ttl="120")
         ```
@@ -605,9 +605,9 @@ class SecretRole(pulumi.CustomResource):
         :param pulumi.Input[str] organization_id: Unique identifier for the organization to which the target API Key belongs. 
                Required if `project_id` is not set.
         :param pulumi.Input[str] project_id: Unique identifier for the project to which the target API Key belongs.
-               Required if `organization_id` is not set.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
+               Required if `organization_id is` not set.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] project_roles: Roles assigned when an org API key is assigned to a project API key.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] roles: List of roles that the API Key needs to have.
         :param pulumi.Input[str] ttl: Duration in seconds after which the issued credential should expire.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -692,7 +692,7 @@ class SecretRole(pulumi.CustomResource):
     def project_id(self) -> pulumi.Output[Optional[str]]:
         """
         Unique identifier for the project to which the target API Key belongs.
-        Required if `organization_id` is not set.
+        Required if `organization_id is` not set.
         """
         return pulumi.get(self, "project_id")
 
@@ -700,7 +700,7 @@ class SecretRole(pulumi.CustomResource):
     @pulumi.getter(name="projectRoles")
     def project_roles(self) -> pulumi.Output[Optional[Sequence[str]]]:
         """
-        Roles assigned when an org API key is assigned to a project API key. Possible values are `GROUP_CLUSTER_MANAGER`, `GROUP_DATA_ACCESS_ADMIN`, `GROUP_DATA_ACCESS_READ_ONLY`, `GROUP_DATA_ACCESS_READ_WRITE`, `GROUP_OWNER` and `GROUP_READ_ONLY`.
+        Roles assigned when an org API key is assigned to a project API key.
         """
         return pulumi.get(self, "project_roles")
 
@@ -708,7 +708,7 @@ class SecretRole(pulumi.CustomResource):
     @pulumi.getter
     def roles(self) -> pulumi.Output[Sequence[str]]:
         """
-        List of roles that the API Key needs to have. Possible values are `ORG_OWNER`, `ORG_MEMBER`, `ORG_GROUP_CREATOR`, `ORG_BILLING_ADMIN` and `ORG_READ_ONLY`.
+        List of roles that the API Key needs to have.
         """
         return pulumi.get(self, "roles")
 

pulumi_vault/secrets/__init__.py

@@ -13,5 +13,3 @@ from .sync_gcp_destination import *
 from .sync_gh_destination import *
 from .sync_github_apps import *
 from .sync_vercel_destination import *
-from ._inputs import *
-from . import outputs