pulumi-vault 6.2.0__py3-none-any.whl → 6.2.0a1712731873__py3-none-any.whl

pulumi_vault/raft_snapshot_agent_config.py

@@ -53,29 +53,56 @@ class RaftSnapshotAgentConfigArgs:
                or "google-gcs". The remaining parameters described below are all specific to
                the selected `storage_type` and prefixed accordingly.
         :param pulumi.Input[str] aws_access_key_id: AWS access key ID.
-        :param pulumi.Input[str] aws_s3_bucket: S3 bucket to write snapshots to.
-        :param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This should only be used for testing purposes.
+        :param pulumi.Input[str] aws_s3_bucket: `<required>` - S3 bucket to write snapshots to.
+        :param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This
+               should only be used for testing purposes, typically in conjunction with
+               `aws_s3_endpoint`.
         :param pulumi.Input[bool] aws_s3_enable_kms: Use KMS to encrypt bucket contents.
-        :param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.
-        :param pulumi.Input[bool] aws_s3_force_path_style: Use the endpoint/bucket URL style instead of bucket.endpoint.
-        :param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when aws_s3_enable_kms=true
-        :param pulumi.Input[str] aws_s3_region: AWS region bucket is in.
+        :param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when
+               using a non-AWS S3 implementation like Minio.
+        :param pulumi.Input[bool] aws_s3_force_path_style: Use the endpoint/bucket URL style
+               instead of bucket.endpoint. May be needed when setting `aws_s3_endpoint`.
+        :param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when `aws_s3_enable_kms = true`
+        :param pulumi.Input[str] aws_s3_region: `<required>` - AWS region bucket is in.
         :param pulumi.Input[bool] aws_s3_server_side_encryption: Use AES256 to encrypt bucket contents.
         :param pulumi.Input[str] aws_secret_access_key: AWS secret access key.
         :param pulumi.Input[str] aws_session_token: AWS session token.
         :param pulumi.Input[str] azure_account_key: Azure account key.
         :param pulumi.Input[str] azure_account_name: Azure account name.
         :param pulumi.Input[str] azure_blob_environment: Azure blob environment.
-        :param pulumi.Input[str] azure_container_name: Azure container name to write snapshots to.
-        :param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.
+        :param pulumi.Input[str] azure_container_name: `<required>` - Azure container name to write
+               snapshots to.
+        :param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically
+               only set when using a non-Azure implementation like Azurite.
         :param pulumi.Input[str] file_prefix: Within the directory or bucket
                prefix given by `path_prefix`, the file or object name of snapshot files
                will start with this string.
-        :param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint.
-        :param pulumi.Input[str] google_endpoint: GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.
-        :param pulumi.Input[str] google_gcs_bucket: GCS bucket to write snapshots to.
-        :param pulumi.Input[str] google_service_account_key: Google service account key in JSON format.
-        :param pulumi.Input[int] local_max_space: The maximum space, in bytes, to use for snapshots.
+        :param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint. This
+               should only be used for testing purposes, typically in conjunction with
+               `google_endpoint`.
+        :param pulumi.Input[str] google_endpoint: GCS endpoint. This is typically only set when
+               using a non-Google GCS implementation like fake-gcs-server.
+        :param pulumi.Input[str] google_gcs_bucket: `<required>` - GCS bucket to write snapshots to.
+        :param pulumi.Input[str] google_service_account_key: Google service account key in JSON format. 
+               The raw value looks like this:
+               
+               ```json
+               {
+               "type": "service_account",
+               "project_id": "project-id",
+               "private_key_id": "key-id",
+               "private_key": "-----BEGIN RSA PRIVATE KEY-----\\nMIIEpQ ... /WZs=\\n-----END RSA PRIVATE KEY-----\\n",
+               "client_email": "service-account-email",
+               "client_id": "client-id",
+               "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+               "token_uri": "https://accounts.google.com/o/oauth2/token",
+               "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+               "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service-account-email"
+               }
+               ```
+        :param pulumi.Input[int] local_max_space: For `storage_type = local`, the maximum
+               space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough
+               space left in this allowance.
         :param pulumi.Input[str] name: `<required>` – Name of the configuration to modify.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
@@ -196,7 +223,7 @@ class RaftSnapshotAgentConfigArgs:
     @pulumi.getter(name="awsS3Bucket")
     def aws_s3_bucket(self) -> Optional[pulumi.Input[str]]:
         """
-        S3 bucket to write snapshots to.
+        `<required>` - S3 bucket to write snapshots to.
         """
         return pulumi.get(self, "aws_s3_bucket")
 
@@ -208,7 +235,9 @@ class RaftSnapshotAgentConfigArgs:
     @pulumi.getter(name="awsS3DisableTls")
     def aws_s3_disable_tls(self) -> Optional[pulumi.Input[bool]]:
         """
-        Disable TLS for the S3 endpoint. This should only be used for testing purposes.
+        Disable TLS for the S3 endpoint. This
+        should only be used for testing purposes, typically in conjunction with
+        `aws_s3_endpoint`.
         """
         return pulumi.get(self, "aws_s3_disable_tls")
 
@@ -232,7 +261,8 @@ class RaftSnapshotAgentConfigArgs:
     @pulumi.getter(name="awsS3Endpoint")
     def aws_s3_endpoint(self) -> Optional[pulumi.Input[str]]:
         """
-        AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.
+        AWS endpoint. This is typically only set when
+        using a non-AWS S3 implementation like Minio.
         """
         return pulumi.get(self, "aws_s3_endpoint")
 
@@ -244,7 +274,8 @@ class RaftSnapshotAgentConfigArgs:
     @pulumi.getter(name="awsS3ForcePathStyle")
     def aws_s3_force_path_style(self) -> Optional[pulumi.Input[bool]]:
         """
-        Use the endpoint/bucket URL style instead of bucket.endpoint.
+        Use the endpoint/bucket URL style
+        instead of bucket.endpoint. May be needed when setting `aws_s3_endpoint`.
         """
         return pulumi.get(self, "aws_s3_force_path_style")
 
@@ -256,7 +287,7 @@ class RaftSnapshotAgentConfigArgs:
     @pulumi.getter(name="awsS3KmsKey")
     def aws_s3_kms_key(self) -> Optional[pulumi.Input[str]]:
         """
-        Use named KMS key, when aws_s3_enable_kms=true
+        Use named KMS key, when `aws_s3_enable_kms = true`
         """
         return pulumi.get(self, "aws_s3_kms_key")
 
@@ -268,7 +299,7 @@ class RaftSnapshotAgentConfigArgs:
     @pulumi.getter(name="awsS3Region")
     def aws_s3_region(self) -> Optional[pulumi.Input[str]]:
         """
-        AWS region bucket is in.
+        `<required>` - AWS region bucket is in.
         """
         return pulumi.get(self, "aws_s3_region")
 
@@ -352,7 +383,8 @@ class RaftSnapshotAgentConfigArgs:
     @pulumi.getter(name="azureContainerName")
     def azure_container_name(self) -> Optional[pulumi.Input[str]]:
         """
-        Azure container name to write snapshots to.
+        `<required>` - Azure container name to write
+        snapshots to.
         """
         return pulumi.get(self, "azure_container_name")
 
@@ -364,7 +396,8 @@ class RaftSnapshotAgentConfigArgs:
     @pulumi.getter(name="azureEndpoint")
     def azure_endpoint(self) -> Optional[pulumi.Input[str]]:
         """
-        Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.
+        Azure blob storage endpoint. This is typically
+        only set when using a non-Azure implementation like Azurite.
         """
         return pulumi.get(self, "azure_endpoint")
 
@@ -390,7 +423,9 @@ class RaftSnapshotAgentConfigArgs:
     @pulumi.getter(name="googleDisableTls")
     def google_disable_tls(self) -> Optional[pulumi.Input[bool]]:
         """
-        Disable TLS for the GCS endpoint.
+        Disable TLS for the GCS endpoint. This
+        should only be used for testing purposes, typically in conjunction with
+        `google_endpoint`.
         """
         return pulumi.get(self, "google_disable_tls")
 
@@ -402,7 +437,8 @@ class RaftSnapshotAgentConfigArgs:
     @pulumi.getter(name="googleEndpoint")
     def google_endpoint(self) -> Optional[pulumi.Input[str]]:
         """
-        GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.
+        GCS endpoint. This is typically only set when
+        using a non-Google GCS implementation like fake-gcs-server.
         """
         return pulumi.get(self, "google_endpoint")
 
@@ -414,7 +450,7 @@ class RaftSnapshotAgentConfigArgs:
     @pulumi.getter(name="googleGcsBucket")
     def google_gcs_bucket(self) -> Optional[pulumi.Input[str]]:
         """
-        GCS bucket to write snapshots to.
+        `<required>` - GCS bucket to write snapshots to.
         """
         return pulumi.get(self, "google_gcs_bucket")
 
@@ -426,7 +462,23 @@ class RaftSnapshotAgentConfigArgs:
     @pulumi.getter(name="googleServiceAccountKey")
     def google_service_account_key(self) -> Optional[pulumi.Input[str]]:
         """
-        Google service account key in JSON format.
+        Google service account key in JSON format. 
+        The raw value looks like this:
+
+        ```json
+        {
+        "type": "service_account",
+        "project_id": "project-id",
+        "private_key_id": "key-id",
+        "private_key": "-----BEGIN RSA PRIVATE KEY-----\\nMIIEpQ ... /WZs=\\n-----END RSA PRIVATE KEY-----\\n",
+        "client_email": "service-account-email",
+        "client_id": "client-id",
+        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+        "token_uri": "https://accounts.google.com/o/oauth2/token",
+        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+        "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service-account-email"
+        }
+        ```
         """
         return pulumi.get(self, "google_service_account_key")
 
@@ -438,7 +490,9 @@ class RaftSnapshotAgentConfigArgs:
     @pulumi.getter(name="localMaxSpace")
     def local_max_space(self) -> Optional[pulumi.Input[int]]:
         """
-        The maximum space, in bytes, to use for snapshots.
+        For `storage_type = local`, the maximum
+        space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough
+        space left in this allowance.
         """
         return pulumi.get(self, "local_max_space")
 
@@ -522,30 +576,57 @@ class _RaftSnapshotAgentConfigState:
         """
         Input properties used for looking up and filtering RaftSnapshotAgentConfig resources.
         :param pulumi.Input[str] aws_access_key_id: AWS access key ID.
-        :param pulumi.Input[str] aws_s3_bucket: S3 bucket to write snapshots to.
-        :param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This should only be used for testing purposes.
+        :param pulumi.Input[str] aws_s3_bucket: `<required>` - S3 bucket to write snapshots to.
+        :param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This
+               should only be used for testing purposes, typically in conjunction with
+               `aws_s3_endpoint`.
         :param pulumi.Input[bool] aws_s3_enable_kms: Use KMS to encrypt bucket contents.
-        :param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.
-        :param pulumi.Input[bool] aws_s3_force_path_style: Use the endpoint/bucket URL style instead of bucket.endpoint.
-        :param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when aws_s3_enable_kms=true
-        :param pulumi.Input[str] aws_s3_region: AWS region bucket is in.
+        :param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when
+               using a non-AWS S3 implementation like Minio.
+        :param pulumi.Input[bool] aws_s3_force_path_style: Use the endpoint/bucket URL style
+               instead of bucket.endpoint. May be needed when setting `aws_s3_endpoint`.
+        :param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when `aws_s3_enable_kms = true`
+        :param pulumi.Input[str] aws_s3_region: `<required>` - AWS region bucket is in.
         :param pulumi.Input[bool] aws_s3_server_side_encryption: Use AES256 to encrypt bucket contents.
         :param pulumi.Input[str] aws_secret_access_key: AWS secret access key.
         :param pulumi.Input[str] aws_session_token: AWS session token.
         :param pulumi.Input[str] azure_account_key: Azure account key.
         :param pulumi.Input[str] azure_account_name: Azure account name.
         :param pulumi.Input[str] azure_blob_environment: Azure blob environment.
-        :param pulumi.Input[str] azure_container_name: Azure container name to write snapshots to.
-        :param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.
+        :param pulumi.Input[str] azure_container_name: `<required>` - Azure container name to write
+               snapshots to.
+        :param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically
+               only set when using a non-Azure implementation like Azurite.
         :param pulumi.Input[str] file_prefix: Within the directory or bucket
                prefix given by `path_prefix`, the file or object name of snapshot files
                will start with this string.
-        :param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint.
-        :param pulumi.Input[str] google_endpoint: GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.
-        :param pulumi.Input[str] google_gcs_bucket: GCS bucket to write snapshots to.
-        :param pulumi.Input[str] google_service_account_key: Google service account key in JSON format.
+        :param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint. This
+               should only be used for testing purposes, typically in conjunction with
+               `google_endpoint`.
+        :param pulumi.Input[str] google_endpoint: GCS endpoint. This is typically only set when
+               using a non-Google GCS implementation like fake-gcs-server.
+        :param pulumi.Input[str] google_gcs_bucket: `<required>` - GCS bucket to write snapshots to.
+        :param pulumi.Input[str] google_service_account_key: Google service account key in JSON format. 
+               The raw value looks like this:
+               
+               ```json
+               {
+               "type": "service_account",
+               "project_id": "project-id",
+               "private_key_id": "key-id",
+               "private_key": "-----BEGIN RSA PRIVATE KEY-----\\nMIIEpQ ... /WZs=\\n-----END RSA PRIVATE KEY-----\\n",
+               "client_email": "service-account-email",
+               "client_id": "client-id",
+               "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+               "token_uri": "https://accounts.google.com/o/oauth2/token",
+               "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+               "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service-account-email"
+               }
+               ```
         :param pulumi.Input[int] interval_seconds: `<required>` - Time (in seconds) between snapshots.
-        :param pulumi.Input[int] local_max_space: The maximum space, in bytes, to use for snapshots.
+        :param pulumi.Input[int] local_max_space: For `storage_type = local`, the maximum
+               space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough
+               space left in this allowance.
         :param pulumi.Input[str] name: `<required>` – Name of the configuration to modify.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
@@ -635,7 +716,7 @@ class _RaftSnapshotAgentConfigState:
     @pulumi.getter(name="awsS3Bucket")
     def aws_s3_bucket(self) -> Optional[pulumi.Input[str]]:
         """
-        S3 bucket to write snapshots to.
+        `<required>` - S3 bucket to write snapshots to.
         """
         return pulumi.get(self, "aws_s3_bucket")
 
@@ -647,7 +728,9 @@ class _RaftSnapshotAgentConfigState:
     @pulumi.getter(name="awsS3DisableTls")
     def aws_s3_disable_tls(self) -> Optional[pulumi.Input[bool]]:
         """
-        Disable TLS for the S3 endpoint. This should only be used for testing purposes.
+        Disable TLS for the S3 endpoint. This
+        should only be used for testing purposes, typically in conjunction with
+        `aws_s3_endpoint`.
         """
         return pulumi.get(self, "aws_s3_disable_tls")
 
@@ -671,7 +754,8 @@ class _RaftSnapshotAgentConfigState:
     @pulumi.getter(name="awsS3Endpoint")
     def aws_s3_endpoint(self) -> Optional[pulumi.Input[str]]:
         """
-        AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.
+        AWS endpoint. This is typically only set when
+        using a non-AWS S3 implementation like Minio.
         """
         return pulumi.get(self, "aws_s3_endpoint")
 
@@ -683,7 +767,8 @@ class _RaftSnapshotAgentConfigState:
     @pulumi.getter(name="awsS3ForcePathStyle")
     def aws_s3_force_path_style(self) -> Optional[pulumi.Input[bool]]:
         """
-        Use the endpoint/bucket URL style instead of bucket.endpoint.
+        Use the endpoint/bucket URL style
+        instead of bucket.endpoint. May be needed when setting `aws_s3_endpoint`.
         """
         return pulumi.get(self, "aws_s3_force_path_style")
 
@@ -695,7 +780,7 @@ class _RaftSnapshotAgentConfigState:
     @pulumi.getter(name="awsS3KmsKey")
     def aws_s3_kms_key(self) -> Optional[pulumi.Input[str]]:
         """
-        Use named KMS key, when aws_s3_enable_kms=true
+        Use named KMS key, when `aws_s3_enable_kms = true`
         """
         return pulumi.get(self, "aws_s3_kms_key")
 
@@ -707,7 +792,7 @@ class _RaftSnapshotAgentConfigState:
     @pulumi.getter(name="awsS3Region")
     def aws_s3_region(self) -> Optional[pulumi.Input[str]]:
         """
-        AWS region bucket is in.
+        `<required>` - AWS region bucket is in.
         """
         return pulumi.get(self, "aws_s3_region")
 
@@ -791,7 +876,8 @@ class _RaftSnapshotAgentConfigState:
     @pulumi.getter(name="azureContainerName")
     def azure_container_name(self) -> Optional[pulumi.Input[str]]:
         """
-        Azure container name to write snapshots to.
+        `<required>` - Azure container name to write
+        snapshots to.
         """
         return pulumi.get(self, "azure_container_name")
 
@@ -803,7 +889,8 @@ class _RaftSnapshotAgentConfigState:
     @pulumi.getter(name="azureEndpoint")
     def azure_endpoint(self) -> Optional[pulumi.Input[str]]:
         """
-        Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.
+        Azure blob storage endpoint. This is typically
+        only set when using a non-Azure implementation like Azurite.
         """
         return pulumi.get(self, "azure_endpoint")
 
@@ -829,7 +916,9 @@ class _RaftSnapshotAgentConfigState:
     @pulumi.getter(name="googleDisableTls")
     def google_disable_tls(self) -> Optional[pulumi.Input[bool]]:
         """
-        Disable TLS for the GCS endpoint.
+        Disable TLS for the GCS endpoint. This
+        should only be used for testing purposes, typically in conjunction with
+        `google_endpoint`.
         """
         return pulumi.get(self, "google_disable_tls")
 
@@ -841,7 +930,8 @@ class _RaftSnapshotAgentConfigState:
     @pulumi.getter(name="googleEndpoint")
     def google_endpoint(self) -> Optional[pulumi.Input[str]]:
         """
-        GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.
+        GCS endpoint. This is typically only set when
+        using a non-Google GCS implementation like fake-gcs-server.
         """
         return pulumi.get(self, "google_endpoint")
 
@@ -853,7 +943,7 @@ class _RaftSnapshotAgentConfigState:
     @pulumi.getter(name="googleGcsBucket")
     def google_gcs_bucket(self) -> Optional[pulumi.Input[str]]:
         """
-        GCS bucket to write snapshots to.
+        `<required>` - GCS bucket to write snapshots to.
         """
         return pulumi.get(self, "google_gcs_bucket")
 
@@ -865,7 +955,23 @@ class _RaftSnapshotAgentConfigState:
     @pulumi.getter(name="googleServiceAccountKey")
     def google_service_account_key(self) -> Optional[pulumi.Input[str]]:
         """
-        Google service account key in JSON format.
+        Google service account key in JSON format. 
+        The raw value looks like this:
+
+        ```json
+        {
+        "type": "service_account",
+        "project_id": "project-id",
+        "private_key_id": "key-id",
+        "private_key": "-----BEGIN RSA PRIVATE KEY-----\\nMIIEpQ ... /WZs=\\n-----END RSA PRIVATE KEY-----\\n",
+        "client_email": "service-account-email",
+        "client_id": "client-id",
+        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+        "token_uri": "https://accounts.google.com/o/oauth2/token",
+        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+        "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service-account-email"
+        }
+        ```
         """
         return pulumi.get(self, "google_service_account_key")
 
@@ -889,7 +995,9 @@ class _RaftSnapshotAgentConfigState:
     @pulumi.getter(name="localMaxSpace")
     def local_max_space(self) -> Optional[pulumi.Input[int]]:
         """
-        The maximum space, in bytes, to use for snapshots.
+        For `storage_type = local`, the maximum
+        space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough
+        space left in this allowance.
         """
         return pulumi.get(self, "local_max_space")
 
@@ -1006,20 +1114,22 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
         ## Example Usage
 
         ### Local Storage
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
-        local_backups = vault.RaftSnapshotAgentConfig("local_backups",
-            name="local",
+        local_backups = vault.RaftSnapshotAgentConfig("localBackups",
             interval_seconds=86400,
-            retain=7,
+            local_max_space=10000000,
             path_prefix="/opt/vault/snapshots/",
-            storage_type="local",
-            local_max_space=10000000)
+            retain=7,
+            storage_type="local")
         ```
+        <!--End PulumiCodeChooser -->
 
         ### AWS S3
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_aws as aws
@@ -1029,8 +1139,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
         aws_access_key_id = config.require_object("awsAccessKeyId")
         aws_secret_access_key = config.require_object("awsSecretAccessKey")
         current = aws.get_region()
-        s3_backups = vault.RaftSnapshotAgentConfig("s3_backups",
-            name="s3",
+        s3_backups = vault.RaftSnapshotAgentConfig("s3Backups",
             interval_seconds=86400,
             retain=7,
             path_prefix="/path/in/bucket",
@@ -1041,9 +1150,11 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
             aws_secret_access_key=aws_secret_access_key,
             aws_s3_enable_kms=True)
         ```
+        <!--End PulumiCodeChooser -->
 
         ### Azure BLOB
 
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
@@ -1051,8 +1162,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
         config = pulumi.Config()
         azure_account_name = config.require_object("azureAccountName")
         azure_account_key = config.require_object("azureAccountKey")
-        azure_backups = vault.RaftSnapshotAgentConfig("azure_backups",
-            name="azure_backup",
+        azure_backups = vault.RaftSnapshotAgentConfig("azureBackups",
             interval_seconds=86400,
             retain=7,
             path_prefix="/",
@@ -1061,6 +1171,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
             azure_account_name=azure_account_name,
             azure_account_key=azure_account_key)
         ```
+        <!--End PulumiCodeChooser -->
 
         ## Import
 
@@ -1073,30 +1184,57 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] aws_access_key_id: AWS access key ID.
-        :param pulumi.Input[str] aws_s3_bucket: S3 bucket to write snapshots to.
-        :param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This should only be used for testing purposes.
+        :param pulumi.Input[str] aws_s3_bucket: `<required>` - S3 bucket to write snapshots to.
+        :param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This
+               should only be used for testing purposes, typically in conjunction with
+               `aws_s3_endpoint`.
         :param pulumi.Input[bool] aws_s3_enable_kms: Use KMS to encrypt bucket contents.
-        :param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.
-        :param pulumi.Input[bool] aws_s3_force_path_style: Use the endpoint/bucket URL style instead of bucket.endpoint.
-        :param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when aws_s3_enable_kms=true
-        :param pulumi.Input[str] aws_s3_region: AWS region bucket is in.
+        :param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when
+               using a non-AWS S3 implementation like Minio.
+        :param pulumi.Input[bool] aws_s3_force_path_style: Use the endpoint/bucket URL style
+               instead of bucket.endpoint. May be needed when setting `aws_s3_endpoint`.
+        :param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when `aws_s3_enable_kms = true`
+        :param pulumi.Input[str] aws_s3_region: `<required>` - AWS region bucket is in.
         :param pulumi.Input[bool] aws_s3_server_side_encryption: Use AES256 to encrypt bucket contents.
         :param pulumi.Input[str] aws_secret_access_key: AWS secret access key.
         :param pulumi.Input[str] aws_session_token: AWS session token.
         :param pulumi.Input[str] azure_account_key: Azure account key.
         :param pulumi.Input[str] azure_account_name: Azure account name.
         :param pulumi.Input[str] azure_blob_environment: Azure blob environment.
-        :param pulumi.Input[str] azure_container_name: Azure container name to write snapshots to.
-        :param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.
+        :param pulumi.Input[str] azure_container_name: `<required>` - Azure container name to write
+               snapshots to.
+        :param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically
+               only set when using a non-Azure implementation like Azurite.
         :param pulumi.Input[str] file_prefix: Within the directory or bucket
                prefix given by `path_prefix`, the file or object name of snapshot files
                will start with this string.
-        :param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint.
-        :param pulumi.Input[str] google_endpoint: GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.
-        :param pulumi.Input[str] google_gcs_bucket: GCS bucket to write snapshots to.
-        :param pulumi.Input[str] google_service_account_key: Google service account key in JSON format.
+        :param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint. This
+               should only be used for testing purposes, typically in conjunction with
+               `google_endpoint`.
+        :param pulumi.Input[str] google_endpoint: GCS endpoint. This is typically only set when
+               using a non-Google GCS implementation like fake-gcs-server.
+        :param pulumi.Input[str] google_gcs_bucket: `<required>` - GCS bucket to write snapshots to.
+        :param pulumi.Input[str] google_service_account_key: Google service account key in JSON format. 
+               The raw value looks like this:
+               
+               ```json
+               {
+               "type": "service_account",
+               "project_id": "project-id",
+               "private_key_id": "key-id",
+               "private_key": "-----BEGIN RSA PRIVATE KEY-----\\nMIIEpQ ... /WZs=\\n-----END RSA PRIVATE KEY-----\\n",
+               "client_email": "service-account-email",
+               "client_id": "client-id",
+               "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+               "token_uri": "https://accounts.google.com/o/oauth2/token",
+               "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+               "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service-account-email"
+               }
+               ```
         :param pulumi.Input[int] interval_seconds: `<required>` - Time (in seconds) between snapshots.
-        :param pulumi.Input[int] local_max_space: The maximum space, in bytes, to use for snapshots.
+        :param pulumi.Input[int] local_max_space: For `storage_type = local`, the maximum
+               space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough
+               space left in this allowance.
         :param pulumi.Input[str] name: `<required>` – Name of the configuration to modify.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
@@ -1123,20 +1261,22 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
         ## Example Usage
 
         ### Local Storage
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
-        local_backups = vault.RaftSnapshotAgentConfig("local_backups",
-            name="local",
+        local_backups = vault.RaftSnapshotAgentConfig("localBackups",
             interval_seconds=86400,
-            retain=7,
+            local_max_space=10000000,
             path_prefix="/opt/vault/snapshots/",
-            storage_type="local",
-            local_max_space=10000000)
+            retain=7,
+            storage_type="local")
         ```
+        <!--End PulumiCodeChooser -->
 
         ### AWS S3
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_aws as aws
@@ -1146,8 +1286,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
         aws_access_key_id = config.require_object("awsAccessKeyId")
         aws_secret_access_key = config.require_object("awsSecretAccessKey")
         current = aws.get_region()
-        s3_backups = vault.RaftSnapshotAgentConfig("s3_backups",
-            name="s3",
+        s3_backups = vault.RaftSnapshotAgentConfig("s3Backups",
             interval_seconds=86400,
             retain=7,
             path_prefix="/path/in/bucket",
@@ -1158,9 +1297,11 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
             aws_secret_access_key=aws_secret_access_key,
             aws_s3_enable_kms=True)
         ```
+        <!--End PulumiCodeChooser -->
 
         ### Azure BLOB
 
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
@@ -1168,8 +1309,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
         config = pulumi.Config()
         azure_account_name = config.require_object("azureAccountName")
         azure_account_key = config.require_object("azureAccountKey")
-        azure_backups = vault.RaftSnapshotAgentConfig("azure_backups",
-            name="azure_backup",
+        azure_backups = vault.RaftSnapshotAgentConfig("azureBackups",
             interval_seconds=86400,
             retain=7,
             path_prefix="/",
@@ -1178,6 +1318,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
             azure_account_name=azure_account_name,
             azure_account_key=azure_account_key)
         ```
+        <!--End PulumiCodeChooser -->
 
         ## Import
 
@@ -1319,30 +1460,57 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] aws_access_key_id: AWS access key ID.
-        :param pulumi.Input[str] aws_s3_bucket: S3 bucket to write snapshots to.
-        :param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This should only be used for testing purposes.
+        :param pulumi.Input[str] aws_s3_bucket: `<required>` - S3 bucket to write snapshots to.
+        :param pulumi.Input[bool] aws_s3_disable_tls: Disable TLS for the S3 endpoint. This
+               should only be used for testing purposes, typically in conjunction with
+               `aws_s3_endpoint`.
         :param pulumi.Input[bool] aws_s3_enable_kms: Use KMS to encrypt bucket contents.
-        :param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.
-        :param pulumi.Input[bool] aws_s3_force_path_style: Use the endpoint/bucket URL style instead of bucket.endpoint.
-        :param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when aws_s3_enable_kms=true
-        :param pulumi.Input[str] aws_s3_region: AWS region bucket is in.
+        :param pulumi.Input[str] aws_s3_endpoint: AWS endpoint. This is typically only set when
+               using a non-AWS S3 implementation like Minio.
+        :param pulumi.Input[bool] aws_s3_force_path_style: Use the endpoint/bucket URL style
+               instead of bucket.endpoint. May be needed when setting `aws_s3_endpoint`.
+        :param pulumi.Input[str] aws_s3_kms_key: Use named KMS key, when `aws_s3_enable_kms = true`
+        :param pulumi.Input[str] aws_s3_region: `<required>` - AWS region bucket is in.
         :param pulumi.Input[bool] aws_s3_server_side_encryption: Use AES256 to encrypt bucket contents.
         :param pulumi.Input[str] aws_secret_access_key: AWS secret access key.
         :param pulumi.Input[str] aws_session_token: AWS session token.
         :param pulumi.Input[str] azure_account_key: Azure account key.
         :param pulumi.Input[str] azure_account_name: Azure account name.
         :param pulumi.Input[str] azure_blob_environment: Azure blob environment.
-        :param pulumi.Input[str] azure_container_name: Azure container name to write snapshots to.
-        :param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.
+        :param pulumi.Input[str] azure_container_name: `<required>` - Azure container name to write
+               snapshots to.
+        :param pulumi.Input[str] azure_endpoint: Azure blob storage endpoint. This is typically
+               only set when using a non-Azure implementation like Azurite.
         :param pulumi.Input[str] file_prefix: Within the directory or bucket
                prefix given by `path_prefix`, the file or object name of snapshot files
                will start with this string.
-        :param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint.
-        :param pulumi.Input[str] google_endpoint: GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.
-        :param pulumi.Input[str] google_gcs_bucket: GCS bucket to write snapshots to.
-        :param pulumi.Input[str] google_service_account_key: Google service account key in JSON format.
+        :param pulumi.Input[bool] google_disable_tls: Disable TLS for the GCS endpoint. This
+               should only be used for testing purposes, typically in conjunction with
+               `google_endpoint`.
+        :param pulumi.Input[str] google_endpoint: GCS endpoint. This is typically only set when
+               using a non-Google GCS implementation like fake-gcs-server.
+        :param pulumi.Input[str] google_gcs_bucket: `<required>` - GCS bucket to write snapshots to.
+        :param pulumi.Input[str] google_service_account_key: Google service account key in JSON format. 
+               The raw value looks like this:
+               
+               ```json
+               {
+               "type": "service_account",
+               "project_id": "project-id",
+               "private_key_id": "key-id",
+               "private_key": "-----BEGIN RSA PRIVATE KEY-----\\nMIIEpQ ... /WZs=\\n-----END RSA PRIVATE KEY-----\\n",
+               "client_email": "service-account-email",
+               "client_id": "client-id",
+               "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+               "token_uri": "https://accounts.google.com/o/oauth2/token",
+               "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+               "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service-account-email"
+               }
+               ```
         :param pulumi.Input[int] interval_seconds: `<required>` - Time (in seconds) between snapshots.
-        :param pulumi.Input[int] local_max_space: The maximum space, in bytes, to use for snapshots.
+        :param pulumi.Input[int] local_max_space: For `storage_type = local`, the maximum
+               space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough
+               space left in this allowance.
         :param pulumi.Input[str] name: `<required>` – Name of the configuration to modify.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
@@ -1405,7 +1573,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
     @pulumi.getter(name="awsS3Bucket")
     def aws_s3_bucket(self) -> pulumi.Output[Optional[str]]:
         """
-        S3 bucket to write snapshots to.
+        `<required>` - S3 bucket to write snapshots to.
         """
         return pulumi.get(self, "aws_s3_bucket")
 
@@ -1413,7 +1581,9 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
     @pulumi.getter(name="awsS3DisableTls")
     def aws_s3_disable_tls(self) -> pulumi.Output[Optional[bool]]:
         """
-        Disable TLS for the S3 endpoint. This should only be used for testing purposes.
+        Disable TLS for the S3 endpoint. This
+        should only be used for testing purposes, typically in conjunction with
+        `aws_s3_endpoint`.
         """
         return pulumi.get(self, "aws_s3_disable_tls")
 
@@ -1429,7 +1599,8 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
     @pulumi.getter(name="awsS3Endpoint")
     def aws_s3_endpoint(self) -> pulumi.Output[Optional[str]]:
         """
-        AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.
+        AWS endpoint. This is typically only set when
+        using a non-AWS S3 implementation like Minio.
         """
         return pulumi.get(self, "aws_s3_endpoint")
 
@@ -1437,7 +1608,8 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
     @pulumi.getter(name="awsS3ForcePathStyle")
     def aws_s3_force_path_style(self) -> pulumi.Output[Optional[bool]]:
         """
-        Use the endpoint/bucket URL style instead of bucket.endpoint.
+        Use the endpoint/bucket URL style
+        instead of bucket.endpoint. May be needed when setting `aws_s3_endpoint`.
         """
         return pulumi.get(self, "aws_s3_force_path_style")
 
@@ -1445,7 +1617,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
     @pulumi.getter(name="awsS3KmsKey")
     def aws_s3_kms_key(self) -> pulumi.Output[Optional[str]]:
         """
-        Use named KMS key, when aws_s3_enable_kms=true
+        Use named KMS key, when `aws_s3_enable_kms = true`
         """
         return pulumi.get(self, "aws_s3_kms_key")
 
@@ -1453,7 +1625,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
     @pulumi.getter(name="awsS3Region")
     def aws_s3_region(self) -> pulumi.Output[Optional[str]]:
         """
-        AWS region bucket is in.
+        `<required>` - AWS region bucket is in.
         """
         return pulumi.get(self, "aws_s3_region")
 
@@ -1509,7 +1681,8 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
     @pulumi.getter(name="azureContainerName")
     def azure_container_name(self) -> pulumi.Output[Optional[str]]:
         """
-        Azure container name to write snapshots to.
+        `<required>` - Azure container name to write
+        snapshots to.
         """
         return pulumi.get(self, "azure_container_name")
 
@@ -1517,7 +1690,8 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
     @pulumi.getter(name="azureEndpoint")
     def azure_endpoint(self) -> pulumi.Output[Optional[str]]:
         """
-        Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.
+        Azure blob storage endpoint. This is typically
+        only set when using a non-Azure implementation like Azurite.
         """
         return pulumi.get(self, "azure_endpoint")
 
@@ -1535,7 +1709,9 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
     @pulumi.getter(name="googleDisableTls")
     def google_disable_tls(self) -> pulumi.Output[Optional[bool]]:
         """
-        Disable TLS for the GCS endpoint.
+        Disable TLS for the GCS endpoint. This
+        should only be used for testing purposes, typically in conjunction with
+        `google_endpoint`.
         """
         return pulumi.get(self, "google_disable_tls")
 
@@ -1543,7 +1719,8 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
     @pulumi.getter(name="googleEndpoint")
     def google_endpoint(self) -> pulumi.Output[Optional[str]]:
         """
-        GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.
+        GCS endpoint. This is typically only set when
+        using a non-Google GCS implementation like fake-gcs-server.
         """
         return pulumi.get(self, "google_endpoint")
 
@@ -1551,7 +1728,7 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
     @pulumi.getter(name="googleGcsBucket")
     def google_gcs_bucket(self) -> pulumi.Output[Optional[str]]:
         """
-        GCS bucket to write snapshots to.
+        `<required>` - GCS bucket to write snapshots to.
         """
         return pulumi.get(self, "google_gcs_bucket")
 
@@ -1559,7 +1736,23 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
     @pulumi.getter(name="googleServiceAccountKey")
     def google_service_account_key(self) -> pulumi.Output[Optional[str]]:
         """
-        Google service account key in JSON format.
+        Google service account key in JSON format. 
+        The raw value looks like this:
+
+        ```json
+        {
+        "type": "service_account",
+        "project_id": "project-id",
+        "private_key_id": "key-id",
+        "private_key": "-----BEGIN RSA PRIVATE KEY-----\\nMIIEpQ ... /WZs=\\n-----END RSA PRIVATE KEY-----\\n",
+        "client_email": "service-account-email",
+        "client_id": "client-id",
+        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+        "token_uri": "https://accounts.google.com/o/oauth2/token",
+        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+        "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service-account-email"
+        }
+        ```
         """
         return pulumi.get(self, "google_service_account_key")
 
@@ -1575,7 +1768,9 @@ class RaftSnapshotAgentConfig(pulumi.CustomResource):
     @pulumi.getter(name="localMaxSpace")
     def local_max_space(self) -> pulumi.Output[Optional[int]]:
         """
-        The maximum space, in bytes, to use for snapshots.
+        For `storage_type = local`, the maximum
+        space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough
+        space left in this allowance.
         """
         return pulumi.get(self, "local_max_space")