pulumi-vault 6.2.0__py3-none-any.whl → 6.2.0a1712731873__py3-none-any.whl

pulumi_vault/azure/backend.py

@@ -21,9 +21,6 @@ class BackendArgs:
                  description: Optional[pulumi.Input[str]] = None,
                  disable_remount: Optional[pulumi.Input[bool]] = None,
                  environment: Optional[pulumi.Input[str]] = None,
-                 identity_token_audience: Optional[pulumi.Input[str]] = None,
-                 identity_token_key: Optional[pulumi.Input[str]] = None,
-                 identity_token_ttl: Optional[pulumi.Input[int]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  path: Optional[pulumi.Input[str]] = None,
                  use_microsoft_graph_api: Optional[pulumi.Input[bool]] = None):
@@ -37,12 +34,6 @@ class BackendArgs:
         :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
         :param pulumi.Input[str] environment: The Azure environment.
-        :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
-               *Available only for Vault Enterprise*
-        :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
-               *Available only for Vault Enterprise*
-        :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
-               *Available only for Vault Enterprise*
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -62,19 +53,10 @@ class BackendArgs:
             pulumi.set(__self__, "disable_remount", disable_remount)
         if environment is not None:
             pulumi.set(__self__, "environment", environment)
-        if identity_token_audience is not None:
-            pulumi.set(__self__, "identity_token_audience", identity_token_audience)
-        if identity_token_key is not None:
-            pulumi.set(__self__, "identity_token_key", identity_token_key)
-        if identity_token_ttl is not None:
-            pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
         if namespace is not None:
             pulumi.set(__self__, "namespace", namespace)
         if path is not None:
             pulumi.set(__self__, "path", path)
-        if use_microsoft_graph_api is not None:
-            warnings.warn("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""", DeprecationWarning)
-            pulumi.log.warn("""use_microsoft_graph_api is deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
         if use_microsoft_graph_api is not None:
             pulumi.set(__self__, "use_microsoft_graph_api", use_microsoft_graph_api)
 
@@ -163,45 +145,6 @@ class BackendArgs:
     def environment(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "environment", value)
 
-    @property
-    @pulumi.getter(name="identityTokenAudience")
-    def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
-        """
-        The audience claim value. Requires Vault 1.17+.
-        *Available only for Vault Enterprise*
-        """
-        return pulumi.get(self, "identity_token_audience")
-
-    @identity_token_audience.setter
-    def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "identity_token_audience", value)
-
-    @property
-    @pulumi.getter(name="identityTokenKey")
-    def identity_token_key(self) -> Optional[pulumi.Input[str]]:
-        """
-        The key to use for signing identity tokens. Requires Vault 1.17+.
-        *Available only for Vault Enterprise*
-        """
-        return pulumi.get(self, "identity_token_key")
-
-    @identity_token_key.setter
-    def identity_token_key(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "identity_token_key", value)
-
-    @property
-    @pulumi.getter(name="identityTokenTtl")
-    def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
-        """
-        The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
-        *Available only for Vault Enterprise*
-        """
-        return pulumi.get(self, "identity_token_ttl")
-
-    @identity_token_ttl.setter
-    def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
-        pulumi.set(self, "identity_token_ttl", value)
-
     @property
     @pulumi.getter
     def namespace(self) -> Optional[pulumi.Input[str]]:
@@ -235,9 +178,6 @@ class BackendArgs:
         """
         Use the Microsoft Graph API. Should be set to true on vault-1.10+
         """
-        warnings.warn("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""", DeprecationWarning)
-        pulumi.log.warn("""use_microsoft_graph_api is deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
-
         return pulumi.get(self, "use_microsoft_graph_api")
 
     @use_microsoft_graph_api.setter
@@ -253,9 +193,6 @@ class _BackendState:
                  description: Optional[pulumi.Input[str]] = None,
                  disable_remount: Optional[pulumi.Input[bool]] = None,
                  environment: Optional[pulumi.Input[str]] = None,
-                 identity_token_audience: Optional[pulumi.Input[str]] = None,
-                 identity_token_key: Optional[pulumi.Input[str]] = None,
-                 identity_token_ttl: Optional[pulumi.Input[int]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  path: Optional[pulumi.Input[str]] = None,
                  subscription_id: Optional[pulumi.Input[str]] = None,
@@ -269,12 +206,6 @@ class _BackendState:
         :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
         :param pulumi.Input[str] environment: The Azure environment.
-        :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
-               *Available only for Vault Enterprise*
-        :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
-               *Available only for Vault Enterprise*
-        :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
-               *Available only for Vault Enterprise*
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -294,12 +225,6 @@ class _BackendState:
             pulumi.set(__self__, "disable_remount", disable_remount)
         if environment is not None:
             pulumi.set(__self__, "environment", environment)
-        if identity_token_audience is not None:
-            pulumi.set(__self__, "identity_token_audience", identity_token_audience)
-        if identity_token_key is not None:
-            pulumi.set(__self__, "identity_token_key", identity_token_key)
-        if identity_token_ttl is not None:
-            pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
         if namespace is not None:
             pulumi.set(__self__, "namespace", namespace)
         if path is not None:
@@ -308,9 +233,6 @@ class _BackendState:
             pulumi.set(__self__, "subscription_id", subscription_id)
         if tenant_id is not None:
             pulumi.set(__self__, "tenant_id", tenant_id)
-        if use_microsoft_graph_api is not None:
-            warnings.warn("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""", DeprecationWarning)
-            pulumi.log.warn("""use_microsoft_graph_api is deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
         if use_microsoft_graph_api is not None:
             pulumi.set(__self__, "use_microsoft_graph_api", use_microsoft_graph_api)
 
@@ -375,45 +297,6 @@ class _BackendState:
     def environment(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "environment", value)
 
-    @property
-    @pulumi.getter(name="identityTokenAudience")
-    def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
-        """
-        The audience claim value. Requires Vault 1.17+.
-        *Available only for Vault Enterprise*
-        """
-        return pulumi.get(self, "identity_token_audience")
-
-    @identity_token_audience.setter
-    def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "identity_token_audience", value)
-
-    @property
-    @pulumi.getter(name="identityTokenKey")
-    def identity_token_key(self) -> Optional[pulumi.Input[str]]:
-        """
-        The key to use for signing identity tokens. Requires Vault 1.17+.
-        *Available only for Vault Enterprise*
-        """
-        return pulumi.get(self, "identity_token_key")
-
-    @identity_token_key.setter
-    def identity_token_key(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "identity_token_key", value)
-
-    @property
-    @pulumi.getter(name="identityTokenTtl")
-    def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
-        """
-        The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
-        *Available only for Vault Enterprise*
-        """
-        return pulumi.get(self, "identity_token_ttl")
-
-    @identity_token_ttl.setter
-    def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
-        pulumi.set(self, "identity_token_ttl", value)
-
     @property
     @pulumi.getter
     def namespace(self) -> Optional[pulumi.Input[str]]:
@@ -471,9 +354,6 @@ class _BackendState:
         """
         Use the Microsoft Graph API. Should be set to true on vault-1.10+
         """
-        warnings.warn("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""", DeprecationWarning)
-        pulumi.log.warn("""use_microsoft_graph_api is deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
-
         return pulumi.get(self, "use_microsoft_graph_api")
 
     @use_microsoft_graph_api.setter
@@ -491,9 +371,6 @@ class Backend(pulumi.CustomResource):
                  description: Optional[pulumi.Input[str]] = None,
                  disable_remount: Optional[pulumi.Input[bool]] = None,
                  environment: Optional[pulumi.Input[str]] = None,
-                 identity_token_audience: Optional[pulumi.Input[str]] = None,
-                 identity_token_key: Optional[pulumi.Input[str]] = None,
-                 identity_token_ttl: Optional[pulumi.Input[int]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  path: Optional[pulumi.Input[str]] = None,
                  subscription_id: Optional[pulumi.Input[str]] = None,
@@ -505,46 +382,37 @@ class Backend(pulumi.CustomResource):
 
         ### *Vault-1.9 And Above*
 
-        You can setup the Azure secrets engine with Workload Identity Federation (WIF) for a secret-less configuration:
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
         azure = vault.azure.Backend("azure",
-            subscription_id="11111111-2222-3333-4444-111111111111",
-            tenant_id="11111111-2222-3333-4444-222222222222",
             client_id="11111111-2222-3333-4444-333333333333",
-            identity_token_audience="<TOKEN_AUDIENCE>",
-            identity_token_ttl="<TOKEN_TTL>")
-        ```
-
-        ```python
-        import pulumi
-        import pulumi_vault as vault
-
-        azure = vault.azure.Backend("azure",
-            use_microsoft_graph_api=True,
+            client_secret="12345678901234567890",
+            environment="AzurePublicCloud",
             subscription_id="11111111-2222-3333-4444-111111111111",
             tenant_id="11111111-2222-3333-4444-222222222222",
-            client_id="11111111-2222-3333-4444-333333333333",
-            client_secret="12345678901234567890",
-            environment="AzurePublicCloud")
+            use_microsoft_graph_api=True)
         ```
+        <!--End PulumiCodeChooser -->
 
         ### *Vault-1.8 And Below*
 
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
         azure = vault.azure.Backend("azure",
-            use_microsoft_graph_api=False,
-            subscription_id="11111111-2222-3333-4444-111111111111",
-            tenant_id="11111111-2222-3333-4444-222222222222",
             client_id="11111111-2222-3333-4444-333333333333",
             client_secret="12345678901234567890",
-            environment="AzurePublicCloud")
+            environment="AzurePublicCloud",
+            subscription_id="11111111-2222-3333-4444-111111111111",
+            tenant_id="11111111-2222-3333-4444-222222222222",
+            use_microsoft_graph_api=False)
         ```
+        <!--End PulumiCodeChooser -->
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
@@ -554,12 +422,6 @@ class Backend(pulumi.CustomResource):
         :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
         :param pulumi.Input[str] environment: The Azure environment.
-        :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
-               *Available only for Vault Enterprise*
-        :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
-               *Available only for Vault Enterprise*
-        :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
-               *Available only for Vault Enterprise*
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -580,46 +442,37 @@ class Backend(pulumi.CustomResource):
 
         ### *Vault-1.9 And Above*
 
-        You can setup the Azure secrets engine with Workload Identity Federation (WIF) for a secret-less configuration:
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
         azure = vault.azure.Backend("azure",
-            subscription_id="11111111-2222-3333-4444-111111111111",
-            tenant_id="11111111-2222-3333-4444-222222222222",
             client_id="11111111-2222-3333-4444-333333333333",
-            identity_token_audience="<TOKEN_AUDIENCE>",
-            identity_token_ttl="<TOKEN_TTL>")
-        ```
-
-        ```python
-        import pulumi
-        import pulumi_vault as vault
-
-        azure = vault.azure.Backend("azure",
-            use_microsoft_graph_api=True,
+            client_secret="12345678901234567890",
+            environment="AzurePublicCloud",
             subscription_id="11111111-2222-3333-4444-111111111111",
             tenant_id="11111111-2222-3333-4444-222222222222",
-            client_id="11111111-2222-3333-4444-333333333333",
-            client_secret="12345678901234567890",
-            environment="AzurePublicCloud")
+            use_microsoft_graph_api=True)
         ```
+        <!--End PulumiCodeChooser -->
 
         ### *Vault-1.8 And Below*
 
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
         azure = vault.azure.Backend("azure",
-            use_microsoft_graph_api=False,
-            subscription_id="11111111-2222-3333-4444-111111111111",
-            tenant_id="11111111-2222-3333-4444-222222222222",
             client_id="11111111-2222-3333-4444-333333333333",
             client_secret="12345678901234567890",
-            environment="AzurePublicCloud")
+            environment="AzurePublicCloud",
+            subscription_id="11111111-2222-3333-4444-111111111111",
+            tenant_id="11111111-2222-3333-4444-222222222222",
+            use_microsoft_graph_api=False)
         ```
+        <!--End PulumiCodeChooser -->
 
         :param str resource_name: The name of the resource.
         :param BackendArgs args: The arguments to use to populate this resource's properties.
@@ -641,9 +494,6 @@ class Backend(pulumi.CustomResource):
                  description: Optional[pulumi.Input[str]] = None,
                  disable_remount: Optional[pulumi.Input[bool]] = None,
                  environment: Optional[pulumi.Input[str]] = None,
-                 identity_token_audience: Optional[pulumi.Input[str]] = None,
-                 identity_token_key: Optional[pulumi.Input[str]] = None,
-                 identity_token_ttl: Optional[pulumi.Input[int]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  path: Optional[pulumi.Input[str]] = None,
                  subscription_id: Optional[pulumi.Input[str]] = None,
@@ -663,9 +513,6 @@ class Backend(pulumi.CustomResource):
             __props__.__dict__["description"] = description
             __props__.__dict__["disable_remount"] = disable_remount
             __props__.__dict__["environment"] = environment
-            __props__.__dict__["identity_token_audience"] = identity_token_audience
-            __props__.__dict__["identity_token_key"] = identity_token_key
-            __props__.__dict__["identity_token_ttl"] = identity_token_ttl
             __props__.__dict__["namespace"] = namespace
             __props__.__dict__["path"] = path
             if subscription_id is None and not opts.urn:
@@ -692,9 +539,6 @@ class Backend(pulumi.CustomResource):
             description: Optional[pulumi.Input[str]] = None,
             disable_remount: Optional[pulumi.Input[bool]] = None,
             environment: Optional[pulumi.Input[str]] = None,
-            identity_token_audience: Optional[pulumi.Input[str]] = None,
-            identity_token_key: Optional[pulumi.Input[str]] = None,
-            identity_token_ttl: Optional[pulumi.Input[int]] = None,
             namespace: Optional[pulumi.Input[str]] = None,
             path: Optional[pulumi.Input[str]] = None,
             subscription_id: Optional[pulumi.Input[str]] = None,
@@ -713,12 +557,6 @@ class Backend(pulumi.CustomResource):
         :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
         :param pulumi.Input[str] environment: The Azure environment.
-        :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
-               *Available only for Vault Enterprise*
-        :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
-               *Available only for Vault Enterprise*
-        :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
-               *Available only for Vault Enterprise*
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -737,9 +575,6 @@ class Backend(pulumi.CustomResource):
         __props__.__dict__["description"] = description
         __props__.__dict__["disable_remount"] = disable_remount
         __props__.__dict__["environment"] = environment
-        __props__.__dict__["identity_token_audience"] = identity_token_audience
-        __props__.__dict__["identity_token_key"] = identity_token_key
-        __props__.__dict__["identity_token_ttl"] = identity_token_ttl
         __props__.__dict__["namespace"] = namespace
         __props__.__dict__["path"] = path
         __props__.__dict__["subscription_id"] = subscription_id
@@ -788,33 +623,6 @@ class Backend(pulumi.CustomResource):
         """
         return pulumi.get(self, "environment")
 
-    @property
-    @pulumi.getter(name="identityTokenAudience")
-    def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
-        """
-        The audience claim value. Requires Vault 1.17+.
-        *Available only for Vault Enterprise*
-        """
-        return pulumi.get(self, "identity_token_audience")
-
-    @property
-    @pulumi.getter(name="identityTokenKey")
-    def identity_token_key(self) -> pulumi.Output[Optional[str]]:
-        """
-        The key to use for signing identity tokens. Requires Vault 1.17+.
-        *Available only for Vault Enterprise*
-        """
-        return pulumi.get(self, "identity_token_key")
-
-    @property
-    @pulumi.getter(name="identityTokenTtl")
-    def identity_token_ttl(self) -> pulumi.Output[int]:
-        """
-        The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
-        *Available only for Vault Enterprise*
-        """
-        return pulumi.get(self, "identity_token_ttl")
-
     @property
     @pulumi.getter
     def namespace(self) -> pulumi.Output[Optional[str]]:
@@ -856,8 +664,5 @@ class Backend(pulumi.CustomResource):
         """
         Use the Microsoft Graph API. Should be set to true on vault-1.10+
         """
-        warnings.warn("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""", DeprecationWarning)
-        pulumi.log.warn("""use_microsoft_graph_api is deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
-
         return pulumi.get(self, "use_microsoft_graph_api")
 

pulumi_vault/azure/backend_role.py

@@ -465,16 +465,17 @@ class BackendRole(pulumi.CustomResource):
         """
         ## Example Usage
 
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
         azure = vault.azure.Backend("azure",
-            subscription_id=subscription_id,
-            tenant_id=tenant_id,
-            client_secret=client_secret,
-            client_id=client_id)
-        generated_role = vault.azure.BackendRole("generated_role",
+            subscription_id=var["subscription_id"],
+            tenant_id=var["tenant_id"],
+            client_secret=var["client_secret"],
+            client_id=var["client_id"])
+        generated_role = vault.azure.BackendRole("generatedRole",
             backend=azure.path,
             role="generated_role",
             sign_in_audience="AzureADMyOrg",
@@ -486,15 +487,16 @@ class BackendRole(pulumi.CustomResource):
             max_ttl="600",
             azure_roles=[vault.azure.BackendRoleAzureRoleArgs(
                 role_name="Reader",
-                scope=f"/subscriptions/{subscription_id}/resourceGroups/azure-vault-group",
+                scope=f"/subscriptions/{var['subscription_id']}/resourceGroups/azure-vault-group",
             )])
-        existing_object_id = vault.azure.BackendRole("existing_object_id",
+        existing_object_id = vault.azure.BackendRole("existingObjectId",
             backend=azure.path,
             role="existing_object_id",
             application_object_id="11111111-2222-3333-4444-44444444444",
             ttl="300",
             max_ttl="600")
         ```
+        <!--End PulumiCodeChooser -->
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
@@ -528,16 +530,17 @@ class BackendRole(pulumi.CustomResource):
         """
         ## Example Usage
 
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
         azure = vault.azure.Backend("azure",
-            subscription_id=subscription_id,
-            tenant_id=tenant_id,
-            client_secret=client_secret,
-            client_id=client_id)
-        generated_role = vault.azure.BackendRole("generated_role",
+            subscription_id=var["subscription_id"],
+            tenant_id=var["tenant_id"],
+            client_secret=var["client_secret"],
+            client_id=var["client_id"])
+        generated_role = vault.azure.BackendRole("generatedRole",
             backend=azure.path,
             role="generated_role",
             sign_in_audience="AzureADMyOrg",
@@ -549,15 +552,16 @@ class BackendRole(pulumi.CustomResource):
             max_ttl="600",
             azure_roles=[vault.azure.BackendRoleAzureRoleArgs(
                 role_name="Reader",
-                scope=f"/subscriptions/{subscription_id}/resourceGroups/azure-vault-group",
+                scope=f"/subscriptions/{var['subscription_id']}/resourceGroups/azure-vault-group",
             )])
-        existing_object_id = vault.azure.BackendRole("existing_object_id",
+        existing_object_id = vault.azure.BackendRole("existingObjectId",
             backend=azure.path,
             role="existing_object_id",
             application_object_id="11111111-2222-3333-4444-44444444444",
             ttl="300",
             max_ttl="600")
         ```
+        <!--End PulumiCodeChooser -->
 
         :param str resource_name: The name of the resource.
         :param BackendRoleArgs args: The arguments to use to populate this resource's properties.

pulumi_vault/azure/get_access_credentials.py

@@ -216,6 +216,7 @@ def get_access_credentials(backend: Optional[str] = None,
     """
     ## Example Usage
 
+    <!--Start PulumiCodeChooser -->
     ```python
     import pulumi
     import pulumi_vault as vault
@@ -226,6 +227,7 @@ def get_access_credentials(backend: Optional[str] = None,
         num_seconds_between_tests=1,
         max_cred_validation_seconds=300)
     ```
+    <!--End PulumiCodeChooser -->
 
     ## Caveats
 
@@ -315,6 +317,7 @@ def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
     """
     ## Example Usage
 
+    <!--Start PulumiCodeChooser -->
     ```python
     import pulumi
     import pulumi_vault as vault
@@ -325,6 +328,7 @@ def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
         num_seconds_between_tests=1,
         max_cred_validation_seconds=300)
     ```
+    <!--End PulumiCodeChooser -->
 
     ## Caveats