PyPI - pulumi-vault - Versions diffs - 6.2.0a1718953130__py3-none-any.whl → 6.3.0__py3-none-any.whl - Mend

pulumi-vault 6.2.0a1718953130py3-none-any.whl → 6.3.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

pulumi_vault/__init__.py +26 -0
pulumi_vault/_inputs.py +20 -0
pulumi_vault/_utilities.py +40 -4
pulumi_vault/auth_backend.py +47 -0
pulumi_vault/aws/auth_backend_client.py +247 -7
pulumi_vault/aws/secret_backend_role.py +169 -0
pulumi_vault/azure/auth_backend_config.py +133 -0
pulumi_vault/azure/backend.py +197 -0
pulumi_vault/database/secrets_mount.py +282 -0
pulumi_vault/gcp/auth_backend.py +244 -0
pulumi_vault/gcp/secret_backend.py +271 -3
pulumi_vault/generic/endpoint.py +6 -6
pulumi_vault/identity/get_entity.py +2 -2
pulumi_vault/jwt/auth_backend_role.py +28 -35
pulumi_vault/kubernetes/secret_backend.py +282 -0
pulumi_vault/ldap/secret_backend.py +282 -0
pulumi_vault/mount.py +331 -0
pulumi_vault/okta/auth_backend.py +441 -0
pulumi_vault/outputs.py +20 -0
pulumi_vault/pkisecret/__init__.py +2 -0
pulumi_vault/pkisecret/_inputs.py +40 -0
pulumi_vault/pkisecret/backend_config_est.py +614 -0
pulumi_vault/pkisecret/get_backend_config_est.py +233 -0
pulumi_vault/pkisecret/outputs.py +64 -0
pulumi_vault/pkisecret/secret_backend_cert.py +2 -2
pulumi_vault/pkisecret/secret_backend_config_ca.py +2 -2
pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +2 -2
pulumi_vault/pkisecret/secret_backend_root_cert.py +2 -2
pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +2 -2
pulumi_vault/pkisecret/secret_backend_sign.py +2 -2
pulumi_vault/plugin.py +590 -0
pulumi_vault/plugin_pinned_version.py +293 -0
pulumi_vault/provider.py +1 -3
pulumi_vault/pulumi-plugin.json +1 -1
pulumi_vault/quota_lease_count.py +47 -0
pulumi_vault/quota_rate_limit.py +47 -0
pulumi_vault/ssh/secret_backend_ca.py +94 -0
{pulumi_vault-6.2.0a1718953130.dist-info → pulumi_vault-6.3.0.dist-info}/METADATA +1 -1
{pulumi_vault-6.2.0a1718953130.dist-info → pulumi_vault-6.3.0.dist-info}/RECORD +41 -37
{pulumi_vault-6.2.0a1718953130.dist-info → pulumi_vault-6.3.0.dist-info}/WHEEL +1 -1
{pulumi_vault-6.2.0a1718953130.dist-info → pulumi_vault-6.3.0.dist-info}/top_level.txt +0 -0

pulumi_vault/aws/secret_backend_role.py CHANGED Viewed

@@ -17,7 +17,9 @@ class SecretBackendRoleArgs:
                  backend: pulumi.Input[str],
                  credential_type: pulumi.Input[str],
                  default_sts_ttl: Optional[pulumi.Input[int]] = None,
+                 external_id: Optional[pulumi.Input[str]] = None,
                  iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  max_sts_ttl: Optional[pulumi.Input[int]] = None,
                  name: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
@@ -25,6 +27,7 @@ class SecretBackendRoleArgs:
                  policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  policy_document: Optional[pulumi.Input[str]] = None,
                  role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  user_path: Optional[pulumi.Input[str]] = None):
         """
         The set of arguments for constructing a SecretBackendRole resource.
@@ -38,12 +41,16 @@ class SecretBackendRoleArgs:
                and a default TTL is specified on the role,
                then this default TTL will be used. Valid only when `credential_type` is one of
                `assumed_role` or `federation_token`.
+        :param pulumi.Input[str] external_id: External ID to set for assume role creds.
+               Valid only when `credential_type` is set to `assumed_role`.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
                against this vault role will be added to these IAM Groups. For a credential
                type of `assumed_role` or `federation_token`, the policies sent to the
                corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
                policies from each group in `iam_groups` combined with the `policy_document`
                and `policy_arns` parameters.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
+               to be used as tags for any IAM user that is created by this role.
         :param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
                (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
                one of `assumed_role` or `federation_token`.
@@ -72,6 +79,9 @@ class SecretBackendRoleArgs:
         :param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
                is allowed to assume. Required when `credential_type` is `assumed_role` and
                prohibited otherwise.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
+               during assume role creds creation. Valid only when `credential_type` is set to
+               `assumed_role`.
         :param pulumi.Input[str] user_path: The path for the user name. Valid only when
                `credential_type` is `iam_user`. Default is `/`.
         """
@@ -79,8 +89,12 @@ class SecretBackendRoleArgs:
         pulumi.set(__self__, "credential_type", credential_type)
         if default_sts_ttl is not None:
             pulumi.set(__self__, "default_sts_ttl", default_sts_ttl)
+        if external_id is not None:
+            pulumi.set(__self__, "external_id", external_id)
         if iam_groups is not None:
             pulumi.set(__self__, "iam_groups", iam_groups)
+        if iam_tags is not None:
+            pulumi.set(__self__, "iam_tags", iam_tags)
         if max_sts_ttl is not None:
             pulumi.set(__self__, "max_sts_ttl", max_sts_ttl)
         if name is not None:
@@ -95,6 +109,8 @@ class SecretBackendRoleArgs:
             pulumi.set(__self__, "policy_document", policy_document)
         if role_arns is not None:
             pulumi.set(__self__, "role_arns", role_arns)
+        if session_tags is not None:
+            pulumi.set(__self__, "session_tags", session_tags)
         if user_path is not None:
             pulumi.set(__self__, "user_path", user_path)
@@ -141,6 +157,19 @@ class SecretBackendRoleArgs:
     def default_sts_ttl(self, value: Optional[pulumi.Input[int]]):
         pulumi.set(self, "default_sts_ttl", value)
+    @property
+    @pulumi.getter(name="externalId")
+    def external_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        External ID to set for assume role creds.
+        Valid only when `credential_type` is set to `assumed_role`.
+        """
+        return pulumi.get(self, "external_id")
+    @external_id.setter
+    def external_id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "external_id", value)
     @property
     @pulumi.getter(name="iamGroups")
     def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -158,6 +187,19 @@ class SecretBackendRoleArgs:
     def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
         pulumi.set(self, "iam_groups", value)
+    @property
+    @pulumi.getter(name="iamTags")
+    def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
+        """
+        A map of strings representing key/value pairs
+        to be used as tags for any IAM user that is created by this role.
+        """
+        return pulumi.get(self, "iam_tags")
+    @iam_tags.setter
+    def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
+        pulumi.set(self, "iam_tags", value)
     @property
     @pulumi.getter(name="maxStsTtl")
     def max_sts_ttl(self) -> Optional[pulumi.Input[int]]:
@@ -263,6 +305,20 @@ class SecretBackendRoleArgs:
     def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
         pulumi.set(self, "role_arns", value)
+    @property
+    @pulumi.getter(name="sessionTags")
+    def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
+        """
+        A map of strings representing key/value pairs to be set
+        during assume role creds creation. Valid only when `credential_type` is set to
+        `assumed_role`.
+        """
+        return pulumi.get(self, "session_tags")
+    @session_tags.setter
+    def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
+        pulumi.set(self, "session_tags", value)
     @property
     @pulumi.getter(name="userPath")
     def user_path(self) -> Optional[pulumi.Input[str]]:
@@ -283,7 +339,9 @@ class _SecretBackendRoleState:
                  backend: Optional[pulumi.Input[str]] = None,
                  credential_type: Optional[pulumi.Input[str]] = None,
                  default_sts_ttl: Optional[pulumi.Input[int]] = None,
+                 external_id: Optional[pulumi.Input[str]] = None,
                  iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  max_sts_ttl: Optional[pulumi.Input[int]] = None,
                  name: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
@@ -291,6 +349,7 @@ class _SecretBackendRoleState:
                  policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  policy_document: Optional[pulumi.Input[str]] = None,
                  role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  user_path: Optional[pulumi.Input[str]] = None):
         """
         Input properties used for looking up and filtering SecretBackendRole resources.
@@ -304,12 +363,16 @@ class _SecretBackendRoleState:
                and a default TTL is specified on the role,
                then this default TTL will be used. Valid only when `credential_type` is one of
                `assumed_role` or `federation_token`.
+        :param pulumi.Input[str] external_id: External ID to set for assume role creds.
+               Valid only when `credential_type` is set to `assumed_role`.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
                against this vault role will be added to these IAM Groups. For a credential
                type of `assumed_role` or `federation_token`, the policies sent to the
                corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
                policies from each group in `iam_groups` combined with the `policy_document`
                and `policy_arns` parameters.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
+               to be used as tags for any IAM user that is created by this role.
         :param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
                (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
                one of `assumed_role` or `federation_token`.
@@ -338,6 +401,9 @@ class _SecretBackendRoleState:
         :param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
                is allowed to assume. Required when `credential_type` is `assumed_role` and
                prohibited otherwise.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
+               during assume role creds creation. Valid only when `credential_type` is set to
+               `assumed_role`.
         :param pulumi.Input[str] user_path: The path for the user name. Valid only when
                `credential_type` is `iam_user`. Default is `/`.
         """
@@ -347,8 +413,12 @@ class _SecretBackendRoleState:
             pulumi.set(__self__, "credential_type", credential_type)
         if default_sts_ttl is not None:
             pulumi.set(__self__, "default_sts_ttl", default_sts_ttl)
+        if external_id is not None:
+            pulumi.set(__self__, "external_id", external_id)
         if iam_groups is not None:
             pulumi.set(__self__, "iam_groups", iam_groups)
+        if iam_tags is not None:
+            pulumi.set(__self__, "iam_tags", iam_tags)
         if max_sts_ttl is not None:
             pulumi.set(__self__, "max_sts_ttl", max_sts_ttl)
         if name is not None:
@@ -363,6 +433,8 @@ class _SecretBackendRoleState:
             pulumi.set(__self__, "policy_document", policy_document)
         if role_arns is not None:
             pulumi.set(__self__, "role_arns", role_arns)
+        if session_tags is not None:
+            pulumi.set(__self__, "session_tags", session_tags)
         if user_path is not None:
             pulumi.set(__self__, "user_path", user_path)
@@ -409,6 +481,19 @@ class _SecretBackendRoleState:
     def default_sts_ttl(self, value: Optional[pulumi.Input[int]]):
         pulumi.set(self, "default_sts_ttl", value)
+    @property
+    @pulumi.getter(name="externalId")
+    def external_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        External ID to set for assume role creds.
+        Valid only when `credential_type` is set to `assumed_role`.
+        """
+        return pulumi.get(self, "external_id")
+    @external_id.setter
+    def external_id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "external_id", value)
     @property
     @pulumi.getter(name="iamGroups")
     def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -426,6 +511,19 @@ class _SecretBackendRoleState:
     def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
         pulumi.set(self, "iam_groups", value)
+    @property
+    @pulumi.getter(name="iamTags")
+    def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
+        """
+        A map of strings representing key/value pairs
+        to be used as tags for any IAM user that is created by this role.
+        """
+        return pulumi.get(self, "iam_tags")
+    @iam_tags.setter
+    def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
+        pulumi.set(self, "iam_tags", value)
     @property
     @pulumi.getter(name="maxStsTtl")
     def max_sts_ttl(self) -> Optional[pulumi.Input[int]]:
@@ -531,6 +629,20 @@ class _SecretBackendRoleState:
     def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
         pulumi.set(self, "role_arns", value)
+    @property
+    @pulumi.getter(name="sessionTags")
+    def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
+        """
+        A map of strings representing key/value pairs to be set
+        during assume role creds creation. Valid only when `credential_type` is set to
+        `assumed_role`.
+        """
+        return pulumi.get(self, "session_tags")
+    @session_tags.setter
+    def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
+        pulumi.set(self, "session_tags", value)
     @property
     @pulumi.getter(name="userPath")
     def user_path(self) -> Optional[pulumi.Input[str]]:
@@ -553,7 +665,9 @@ class SecretBackendRole(pulumi.CustomResource):
                  backend: Optional[pulumi.Input[str]] = None,
                  credential_type: Optional[pulumi.Input[str]] = None,
                  default_sts_ttl: Optional[pulumi.Input[int]] = None,
+                 external_id: Optional[pulumi.Input[str]] = None,
                  iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  max_sts_ttl: Optional[pulumi.Input[int]] = None,
                  name: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
@@ -561,6 +675,7 @@ class SecretBackendRole(pulumi.CustomResource):
                  policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  policy_document: Optional[pulumi.Input[str]] = None,
                  role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  user_path: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
@@ -610,12 +725,16 @@ class SecretBackendRole(pulumi.CustomResource):
                and a default TTL is specified on the role,
                then this default TTL will be used. Valid only when `credential_type` is one of
                `assumed_role` or `federation_token`.
+        :param pulumi.Input[str] external_id: External ID to set for assume role creds.
+               Valid only when `credential_type` is set to `assumed_role`.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
                against this vault role will be added to these IAM Groups. For a credential
                type of `assumed_role` or `federation_token`, the policies sent to the
                corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
                policies from each group in `iam_groups` combined with the `policy_document`
                and `policy_arns` parameters.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
+               to be used as tags for any IAM user that is created by this role.
         :param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
                (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
                one of `assumed_role` or `federation_token`.
@@ -644,6 +763,9 @@ class SecretBackendRole(pulumi.CustomResource):
         :param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
                is allowed to assume. Required when `credential_type` is `assumed_role` and
                prohibited otherwise.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
+               during assume role creds creation. Valid only when `credential_type` is set to
+               `assumed_role`.
         :param pulumi.Input[str] user_path: The path for the user name. Valid only when
                `credential_type` is `iam_user`. Default is `/`.
         """
@@ -706,7 +828,9 @@ class SecretBackendRole(pulumi.CustomResource):
                  backend: Optional[pulumi.Input[str]] = None,
                  credential_type: Optional[pulumi.Input[str]] = None,
                  default_sts_ttl: Optional[pulumi.Input[int]] = None,
+                 external_id: Optional[pulumi.Input[str]] = None,
                  iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  max_sts_ttl: Optional[pulumi.Input[int]] = None,
                  name: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
@@ -714,6 +838,7 @@ class SecretBackendRole(pulumi.CustomResource):
                  policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  policy_document: Optional[pulumi.Input[str]] = None,
                  role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  user_path: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -731,7 +856,9 @@ class SecretBackendRole(pulumi.CustomResource):
                 raise TypeError("Missing required property 'credential_type'")
             __props__.__dict__["credential_type"] = credential_type
             __props__.__dict__["default_sts_ttl"] = default_sts_ttl
+            __props__.__dict__["external_id"] = external_id
             __props__.__dict__["iam_groups"] = iam_groups
+            __props__.__dict__["iam_tags"] = iam_tags
             __props__.__dict__["max_sts_ttl"] = max_sts_ttl
             __props__.__dict__["name"] = name
             __props__.__dict__["namespace"] = namespace
@@ -739,6 +866,7 @@ class SecretBackendRole(pulumi.CustomResource):
             __props__.__dict__["policy_arns"] = policy_arns
             __props__.__dict__["policy_document"] = policy_document
             __props__.__dict__["role_arns"] = role_arns
+            __props__.__dict__["session_tags"] = session_tags
             __props__.__dict__["user_path"] = user_path
         super(SecretBackendRole, __self__).__init__(
             'vault:aws/secretBackendRole:SecretBackendRole',
@@ -753,7 +881,9 @@ class SecretBackendRole(pulumi.CustomResource):
             backend: Optional[pulumi.Input[str]] = None,
             credential_type: Optional[pulumi.Input[str]] = None,
             default_sts_ttl: Optional[pulumi.Input[int]] = None,
+            external_id: Optional[pulumi.Input[str]] = None,
             iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+            iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
             max_sts_ttl: Optional[pulumi.Input[int]] = None,
             name: Optional[pulumi.Input[str]] = None,
             namespace: Optional[pulumi.Input[str]] = None,
@@ -761,6 +891,7 @@ class SecretBackendRole(pulumi.CustomResource):
             policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             policy_document: Optional[pulumi.Input[str]] = None,
             role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+            session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
             user_path: Optional[pulumi.Input[str]] = None) -> 'SecretBackendRole':
         """
         Get an existing SecretBackendRole resource's state with the given name, id, and optional extra
@@ -779,12 +910,16 @@ class SecretBackendRole(pulumi.CustomResource):
                and a default TTL is specified on the role,
                then this default TTL will be used. Valid only when `credential_type` is one of
                `assumed_role` or `federation_token`.
+        :param pulumi.Input[str] external_id: External ID to set for assume role creds.
+               Valid only when `credential_type` is set to `assumed_role`.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
                against this vault role will be added to these IAM Groups. For a credential
                type of `assumed_role` or `federation_token`, the policies sent to the
                corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
                policies from each group in `iam_groups` combined with the `policy_document`
                and `policy_arns` parameters.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
+               to be used as tags for any IAM user that is created by this role.
         :param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
                (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
                one of `assumed_role` or `federation_token`.
@@ -813,6 +948,9 @@ class SecretBackendRole(pulumi.CustomResource):
         :param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
                is allowed to assume. Required when `credential_type` is `assumed_role` and
                prohibited otherwise.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
+               during assume role creds creation. Valid only when `credential_type` is set to
+               `assumed_role`.
         :param pulumi.Input[str] user_path: The path for the user name. Valid only when
                `credential_type` is `iam_user`. Default is `/`.
         """
@@ -823,7 +961,9 @@ class SecretBackendRole(pulumi.CustomResource):
         __props__.__dict__["backend"] = backend
         __props__.__dict__["credential_type"] = credential_type
         __props__.__dict__["default_sts_ttl"] = default_sts_ttl
+        __props__.__dict__["external_id"] = external_id
         __props__.__dict__["iam_groups"] = iam_groups
+        __props__.__dict__["iam_tags"] = iam_tags
         __props__.__dict__["max_sts_ttl"] = max_sts_ttl
         __props__.__dict__["name"] = name
         __props__.__dict__["namespace"] = namespace
@@ -831,6 +971,7 @@ class SecretBackendRole(pulumi.CustomResource):
         __props__.__dict__["policy_arns"] = policy_arns
         __props__.__dict__["policy_document"] = policy_document
         __props__.__dict__["role_arns"] = role_arns
+        __props__.__dict__["session_tags"] = session_tags
         __props__.__dict__["user_path"] = user_path
         return SecretBackendRole(resource_name, opts=opts, __props__=__props__)
@@ -865,6 +1006,15 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "default_sts_ttl")
+    @property
+    @pulumi.getter(name="externalId")
+    def external_id(self) -> pulumi.Output[Optional[str]]:
+        """
+        External ID to set for assume role creds.
+        Valid only when `credential_type` is set to `assumed_role`.
+        """
+        return pulumi.get(self, "external_id")
     @property
     @pulumi.getter(name="iamGroups")
     def iam_groups(self) -> pulumi.Output[Optional[Sequence[str]]]:
@@ -878,6 +1028,15 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "iam_groups")
+    @property
+    @pulumi.getter(name="iamTags")
+    def iam_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
+        """
+        A map of strings representing key/value pairs
+        to be used as tags for any IAM user that is created by this role.
+        """
+        return pulumi.get(self, "iam_tags")
     @property
     @pulumi.getter(name="maxStsTtl")
     def max_sts_ttl(self) -> pulumi.Output[int]:
@@ -955,6 +1114,16 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "role_arns")
+    @property
+    @pulumi.getter(name="sessionTags")
+    def session_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
+        """
+        A map of strings representing key/value pairs to be set
+        during assume role creds creation. Valid only when `credential_type` is set to
+        `assumed_role`.
+        """
+        return pulumi.get(self, "session_tags")
     @property
     @pulumi.getter(name="userPath")
     def user_path(self) -> pulumi.Output[Optional[str]]:

pulumi-vault 6.2.0a1718953130__py3-none-any.whl → 6.3.0__py3-none-any.whl

pulumi-vault 6.2.0a1718953130py3-none-any.whl → 6.3.0py3-none-any.whl