PyPI - pulumi-vault - Versions diffs - 6.2.0a1718953130__py3-none-any.whl → 6.3.0__py3-none-any.whl - Mend

pulumi-vault 6.2.0a1718953130py3-none-any.whl → 6.3.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

pulumi_vault/__init__.py +26 -0
pulumi_vault/_inputs.py +20 -0
pulumi_vault/_utilities.py +40 -4
pulumi_vault/auth_backend.py +47 -0
pulumi_vault/aws/auth_backend_client.py +247 -7
pulumi_vault/aws/secret_backend_role.py +169 -0
pulumi_vault/azure/auth_backend_config.py +133 -0
pulumi_vault/azure/backend.py +197 -0
pulumi_vault/database/secrets_mount.py +282 -0
pulumi_vault/gcp/auth_backend.py +244 -0
pulumi_vault/gcp/secret_backend.py +271 -3
pulumi_vault/generic/endpoint.py +6 -6
pulumi_vault/identity/get_entity.py +2 -2
pulumi_vault/jwt/auth_backend_role.py +28 -35
pulumi_vault/kubernetes/secret_backend.py +282 -0
pulumi_vault/ldap/secret_backend.py +282 -0
pulumi_vault/mount.py +331 -0
pulumi_vault/okta/auth_backend.py +441 -0
pulumi_vault/outputs.py +20 -0
pulumi_vault/pkisecret/__init__.py +2 -0
pulumi_vault/pkisecret/_inputs.py +40 -0
pulumi_vault/pkisecret/backend_config_est.py +614 -0
pulumi_vault/pkisecret/get_backend_config_est.py +233 -0
pulumi_vault/pkisecret/outputs.py +64 -0
pulumi_vault/pkisecret/secret_backend_cert.py +2 -2
pulumi_vault/pkisecret/secret_backend_config_ca.py +2 -2
pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +2 -2
pulumi_vault/pkisecret/secret_backend_root_cert.py +2 -2
pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +2 -2
pulumi_vault/pkisecret/secret_backend_sign.py +2 -2
pulumi_vault/plugin.py +590 -0
pulumi_vault/plugin_pinned_version.py +293 -0
pulumi_vault/provider.py +1 -3
pulumi_vault/pulumi-plugin.json +1 -1
pulumi_vault/quota_lease_count.py +47 -0
pulumi_vault/quota_rate_limit.py +47 -0
pulumi_vault/ssh/secret_backend_ca.py +94 -0
{pulumi_vault-6.2.0a1718953130.dist-info → pulumi_vault-6.3.0.dist-info}/METADATA +1 -1
{pulumi_vault-6.2.0a1718953130.dist-info → pulumi_vault-6.3.0.dist-info}/RECORD +41 -37
{pulumi_vault-6.2.0a1718953130.dist-info → pulumi_vault-6.3.0.dist-info}/WHEEL +1 -1
{pulumi_vault-6.2.0a1718953130.dist-info → pulumi_vault-6.3.0.dist-info}/top_level.txt +0 -0

pulumi_vault/azure/auth_backend_config.py CHANGED Viewed

@@ -20,6 +20,8 @@ class AuthBackendConfigArgs:
                  client_id: Optional[pulumi.Input[str]] = None,
                  client_secret: Optional[pulumi.Input[str]] = None,
                  environment: Optional[pulumi.Input[str]] = None,
+                 identity_token_audience: Optional[pulumi.Input[str]] = None,
+                 identity_token_ttl: Optional[pulumi.Input[int]] = None,
                  namespace: Optional[pulumi.Input[str]] = None):
         """
         The set of arguments for constructing a AuthBackendConfig resource.
@@ -36,6 +38,9 @@ class AuthBackendConfigArgs:
         :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
                AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
                AzureGermanCloud.  Defaults to `AzurePublicCloud`.
+        :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -51,6 +56,10 @@ class AuthBackendConfigArgs:
             pulumi.set(__self__, "client_secret", client_secret)
         if environment is not None:
             pulumi.set(__self__, "environment", environment)
+        if identity_token_audience is not None:
+            pulumi.set(__self__, "identity_token_audience", identity_token_audience)
+        if identity_token_ttl is not None:
+            pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
         if namespace is not None:
             pulumi.set(__self__, "namespace", namespace)
@@ -133,6 +142,31 @@ class AuthBackendConfigArgs:
     def environment(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "environment", value)
+    @property
+    @pulumi.getter(name="identityTokenAudience")
+    def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
+        """
+        The audience claim value for plugin identity tokens. Requires Vault 1.17+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "identity_token_audience")
+    @identity_token_audience.setter
+    def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "identity_token_audience", value)
+    @property
+    @pulumi.getter(name="identityTokenTtl")
+    def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
+        """
+        The TTL of generated identity tokens in seconds.
+        """
+        return pulumi.get(self, "identity_token_ttl")
+    @identity_token_ttl.setter
+    def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
+        pulumi.set(self, "identity_token_ttl", value)
     @property
     @pulumi.getter
     def namespace(self) -> Optional[pulumi.Input[str]]:
@@ -156,6 +190,8 @@ class _AuthBackendConfigState:
                  client_id: Optional[pulumi.Input[str]] = None,
                  client_secret: Optional[pulumi.Input[str]] = None,
                  environment: Optional[pulumi.Input[str]] = None,
+                 identity_token_audience: Optional[pulumi.Input[str]] = None,
+                 identity_token_ttl: Optional[pulumi.Input[int]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  resource: Optional[pulumi.Input[str]] = None,
                  tenant_id: Optional[pulumi.Input[str]] = None):
@@ -170,6 +206,9 @@ class _AuthBackendConfigState:
         :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
                AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
                AzureGermanCloud.  Defaults to `AzurePublicCloud`.
+        :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -187,6 +226,10 @@ class _AuthBackendConfigState:
             pulumi.set(__self__, "client_secret", client_secret)
         if environment is not None:
             pulumi.set(__self__, "environment", environment)
+        if identity_token_audience is not None:
+            pulumi.set(__self__, "identity_token_audience", identity_token_audience)
+        if identity_token_ttl is not None:
+            pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
         if namespace is not None:
             pulumi.set(__self__, "namespace", namespace)
         if resource is not None:
@@ -247,6 +290,31 @@ class _AuthBackendConfigState:
     def environment(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "environment", value)
+    @property
+    @pulumi.getter(name="identityTokenAudience")
+    def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
+        """
+        The audience claim value for plugin identity tokens. Requires Vault 1.17+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "identity_token_audience")
+    @identity_token_audience.setter
+    def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "identity_token_audience", value)
+    @property
+    @pulumi.getter(name="identityTokenTtl")
+    def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
+        """
+        The TTL of generated identity tokens in seconds.
+        """
+        return pulumi.get(self, "identity_token_ttl")
+    @identity_token_ttl.setter
+    def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
+        pulumi.set(self, "identity_token_ttl", value)
     @property
     @pulumi.getter
     def namespace(self) -> Optional[pulumi.Input[str]]:
@@ -298,6 +366,8 @@ class AuthBackendConfig(pulumi.CustomResource):
                  client_id: Optional[pulumi.Input[str]] = None,
                  client_secret: Optional[pulumi.Input[str]] = None,
                  environment: Optional[pulumi.Input[str]] = None,
+                 identity_token_audience: Optional[pulumi.Input[str]] = None,
+                 identity_token_ttl: Optional[pulumi.Input[int]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  resource: Optional[pulumi.Input[str]] = None,
                  tenant_id: Optional[pulumi.Input[str]] = None,
@@ -305,6 +375,22 @@ class AuthBackendConfig(pulumi.CustomResource):
         """
         ## Example Usage
+        You can setup the Azure auth engine with Workload Identity Federation (WIF) for a secret-less configuration:
+        ```python
+        import pulumi
+        import pulumi_vault as vault
+        example = vault.AuthBackend("example",
+            type="azure",
+            identity_token_key="example-key")
+        example_auth_backend_config = vault.azure.AuthBackendConfig("example",
+            backend=example.path,
+            tenant_id="11111111-2222-3333-4444-555555555555",
+            client_id="11111111-2222-3333-4444-555555555555",
+            identity_token_audience="<TOKEN_AUDIENCE>",
+            identity_token_ttl="<TOKEN_TTL>")
+        ```
         ```python
         import pulumi
         import pulumi_vault as vault
@@ -337,6 +423,9 @@ class AuthBackendConfig(pulumi.CustomResource):
         :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
                AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
                AzureGermanCloud.  Defaults to `AzurePublicCloud`.
+        :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -355,6 +444,22 @@ class AuthBackendConfig(pulumi.CustomResource):
         """
         ## Example Usage
+        You can setup the Azure auth engine with Workload Identity Federation (WIF) for a secret-less configuration:
+        ```python
+        import pulumi
+        import pulumi_vault as vault
+        example = vault.AuthBackend("example",
+            type="azure",
+            identity_token_key="example-key")
+        example_auth_backend_config = vault.azure.AuthBackendConfig("example",
+            backend=example.path,
+            tenant_id="11111111-2222-3333-4444-555555555555",
+            client_id="11111111-2222-3333-4444-555555555555",
+            identity_token_audience="<TOKEN_AUDIENCE>",
+            identity_token_ttl="<TOKEN_TTL>")
+        ```
         ```python
         import pulumi
         import pulumi_vault as vault
@@ -395,6 +500,8 @@ class AuthBackendConfig(pulumi.CustomResource):
                  client_id: Optional[pulumi.Input[str]] = None,
                  client_secret: Optional[pulumi.Input[str]] = None,
                  environment: Optional[pulumi.Input[str]] = None,
+                 identity_token_audience: Optional[pulumi.Input[str]] = None,
+                 identity_token_ttl: Optional[pulumi.Input[int]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  resource: Optional[pulumi.Input[str]] = None,
                  tenant_id: Optional[pulumi.Input[str]] = None,
@@ -411,6 +518,8 @@ class AuthBackendConfig(pulumi.CustomResource):
             __props__.__dict__["client_id"] = None if client_id is None else pulumi.Output.secret(client_id)
             __props__.__dict__["client_secret"] = None if client_secret is None else pulumi.Output.secret(client_secret)
             __props__.__dict__["environment"] = environment
+            __props__.__dict__["identity_token_audience"] = identity_token_audience
+            __props__.__dict__["identity_token_ttl"] = identity_token_ttl
             __props__.__dict__["namespace"] = namespace
             if resource is None and not opts.urn:
                 raise TypeError("Missing required property 'resource'")
@@ -434,6 +543,8 @@ class AuthBackendConfig(pulumi.CustomResource):
             client_id: Optional[pulumi.Input[str]] = None,
             client_secret: Optional[pulumi.Input[str]] = None,
             environment: Optional[pulumi.Input[str]] = None,
+            identity_token_audience: Optional[pulumi.Input[str]] = None,
+            identity_token_ttl: Optional[pulumi.Input[int]] = None,
             namespace: Optional[pulumi.Input[str]] = None,
             resource: Optional[pulumi.Input[str]] = None,
             tenant_id: Optional[pulumi.Input[str]] = None) -> 'AuthBackendConfig':
@@ -453,6 +564,9 @@ class AuthBackendConfig(pulumi.CustomResource):
         :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
                AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
                AzureGermanCloud.  Defaults to `AzurePublicCloud`.
+        :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -470,6 +584,8 @@ class AuthBackendConfig(pulumi.CustomResource):
         __props__.__dict__["client_id"] = client_id
         __props__.__dict__["client_secret"] = client_secret
         __props__.__dict__["environment"] = environment
+        __props__.__dict__["identity_token_audience"] = identity_token_audience
+        __props__.__dict__["identity_token_ttl"] = identity_token_ttl
         __props__.__dict__["namespace"] = namespace
         __props__.__dict__["resource"] = resource
         __props__.__dict__["tenant_id"] = tenant_id
@@ -512,6 +628,23 @@ class AuthBackendConfig(pulumi.CustomResource):
         """
         return pulumi.get(self, "environment")
+    @property
+    @pulumi.getter(name="identityTokenAudience")
+    def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
+        """
+        The audience claim value for plugin identity tokens. Requires Vault 1.17+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "identity_token_audience")
+    @property
+    @pulumi.getter(name="identityTokenTtl")
+    def identity_token_ttl(self) -> pulumi.Output[int]:
+        """
+        The TTL of generated identity tokens in seconds.
+        """
+        return pulumi.get(self, "identity_token_ttl")
     @property
     @pulumi.getter
     def namespace(self) -> pulumi.Output[Optional[str]]:

pulumi_vault/azure/backend.py CHANGED Viewed

@@ -21,6 +21,9 @@ class BackendArgs:
                  description: Optional[pulumi.Input[str]] = None,
                  disable_remount: Optional[pulumi.Input[bool]] = None,
                  environment: Optional[pulumi.Input[str]] = None,
+                 identity_token_audience: Optional[pulumi.Input[str]] = None,
+                 identity_token_key: Optional[pulumi.Input[str]] = None,
+                 identity_token_ttl: Optional[pulumi.Input[int]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  path: Optional[pulumi.Input[str]] = None,
                  use_microsoft_graph_api: Optional[pulumi.Input[bool]] = None):
@@ -34,6 +37,12 @@ class BackendArgs:
         :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
         :param pulumi.Input[str] environment: The Azure environment.
+        :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
+               *Available only for Vault Enterprise*
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -53,10 +62,19 @@ class BackendArgs:
             pulumi.set(__self__, "disable_remount", disable_remount)
         if environment is not None:
             pulumi.set(__self__, "environment", environment)
+        if identity_token_audience is not None:
+            pulumi.set(__self__, "identity_token_audience", identity_token_audience)
+        if identity_token_key is not None:
+            pulumi.set(__self__, "identity_token_key", identity_token_key)
+        if identity_token_ttl is not None:
+            pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
         if namespace is not None:
             pulumi.set(__self__, "namespace", namespace)
         if path is not None:
             pulumi.set(__self__, "path", path)
+        if use_microsoft_graph_api is not None:
+            warnings.warn("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""", DeprecationWarning)
+            pulumi.log.warn("""use_microsoft_graph_api is deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
         if use_microsoft_graph_api is not None:
             pulumi.set(__self__, "use_microsoft_graph_api", use_microsoft_graph_api)
@@ -145,6 +163,45 @@ class BackendArgs:
     def environment(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "environment", value)
+    @property
+    @pulumi.getter(name="identityTokenAudience")
+    def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
+        """
+        The audience claim value. Requires Vault 1.17+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "identity_token_audience")
+    @identity_token_audience.setter
+    def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "identity_token_audience", value)
+    @property
+    @pulumi.getter(name="identityTokenKey")
+    def identity_token_key(self) -> Optional[pulumi.Input[str]]:
+        """
+        The key to use for signing identity tokens. Requires Vault 1.17+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "identity_token_key")
+    @identity_token_key.setter
+    def identity_token_key(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "identity_token_key", value)
+    @property
+    @pulumi.getter(name="identityTokenTtl")
+    def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
+        """
+        The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "identity_token_ttl")
+    @identity_token_ttl.setter
+    def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
+        pulumi.set(self, "identity_token_ttl", value)
     @property
     @pulumi.getter
     def namespace(self) -> Optional[pulumi.Input[str]]:
@@ -174,6 +231,7 @@ class BackendArgs:
     @property
     @pulumi.getter(name="useMicrosoftGraphApi")
+    @_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
     def use_microsoft_graph_api(self) -> Optional[pulumi.Input[bool]]:
         """
         Use the Microsoft Graph API. Should be set to true on vault-1.10+
@@ -193,6 +251,9 @@ class _BackendState:
                  description: Optional[pulumi.Input[str]] = None,
                  disable_remount: Optional[pulumi.Input[bool]] = None,
                  environment: Optional[pulumi.Input[str]] = None,
+                 identity_token_audience: Optional[pulumi.Input[str]] = None,
+                 identity_token_key: Optional[pulumi.Input[str]] = None,
+                 identity_token_ttl: Optional[pulumi.Input[int]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  path: Optional[pulumi.Input[str]] = None,
                  subscription_id: Optional[pulumi.Input[str]] = None,
@@ -206,6 +267,12 @@ class _BackendState:
         :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
         :param pulumi.Input[str] environment: The Azure environment.
+        :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
+               *Available only for Vault Enterprise*
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -225,6 +292,12 @@ class _BackendState:
             pulumi.set(__self__, "disable_remount", disable_remount)
         if environment is not None:
             pulumi.set(__self__, "environment", environment)
+        if identity_token_audience is not None:
+            pulumi.set(__self__, "identity_token_audience", identity_token_audience)
+        if identity_token_key is not None:
+            pulumi.set(__self__, "identity_token_key", identity_token_key)
+        if identity_token_ttl is not None:
+            pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
         if namespace is not None:
             pulumi.set(__self__, "namespace", namespace)
         if path is not None:
@@ -233,6 +306,9 @@ class _BackendState:
             pulumi.set(__self__, "subscription_id", subscription_id)
         if tenant_id is not None:
             pulumi.set(__self__, "tenant_id", tenant_id)
+        if use_microsoft_graph_api is not None:
+            warnings.warn("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""", DeprecationWarning)
+            pulumi.log.warn("""use_microsoft_graph_api is deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
         if use_microsoft_graph_api is not None:
             pulumi.set(__self__, "use_microsoft_graph_api", use_microsoft_graph_api)
@@ -297,6 +373,45 @@ class _BackendState:
     def environment(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "environment", value)
+    @property
+    @pulumi.getter(name="identityTokenAudience")
+    def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
+        """
+        The audience claim value. Requires Vault 1.17+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "identity_token_audience")
+    @identity_token_audience.setter
+    def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "identity_token_audience", value)
+    @property
+    @pulumi.getter(name="identityTokenKey")
+    def identity_token_key(self) -> Optional[pulumi.Input[str]]:
+        """
+        The key to use for signing identity tokens. Requires Vault 1.17+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "identity_token_key")
+    @identity_token_key.setter
+    def identity_token_key(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "identity_token_key", value)
+    @property
+    @pulumi.getter(name="identityTokenTtl")
+    def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
+        """
+        The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "identity_token_ttl")
+    @identity_token_ttl.setter
+    def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
+        pulumi.set(self, "identity_token_ttl", value)
     @property
     @pulumi.getter
     def namespace(self) -> Optional[pulumi.Input[str]]:
@@ -350,6 +465,7 @@ class _BackendState:
     @property
     @pulumi.getter(name="useMicrosoftGraphApi")
+    @_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
     def use_microsoft_graph_api(self) -> Optional[pulumi.Input[bool]]:
         """
         Use the Microsoft Graph API. Should be set to true on vault-1.10+
@@ -371,6 +487,9 @@ class Backend(pulumi.CustomResource):
                  description: Optional[pulumi.Input[str]] = None,
                  disable_remount: Optional[pulumi.Input[bool]] = None,
                  environment: Optional[pulumi.Input[str]] = None,
+                 identity_token_audience: Optional[pulumi.Input[str]] = None,
+                 identity_token_key: Optional[pulumi.Input[str]] = None,
+                 identity_token_ttl: Optional[pulumi.Input[int]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  path: Optional[pulumi.Input[str]] = None,
                  subscription_id: Optional[pulumi.Input[str]] = None,
@@ -382,6 +501,19 @@ class Backend(pulumi.CustomResource):
         ### *Vault-1.9 And Above*
+        You can setup the Azure secrets engine with Workload Identity Federation (WIF) for a secret-less configuration:
+        ```python
+        import pulumi
+        import pulumi_vault as vault
+        azure = vault.azure.Backend("azure",
+            subscription_id="11111111-2222-3333-4444-111111111111",
+            tenant_id="11111111-2222-3333-4444-222222222222",
+            client_id="11111111-2222-3333-4444-333333333333",
+            identity_token_audience="<TOKEN_AUDIENCE>",
+            identity_token_ttl="<TOKEN_TTL>")
+        ```
         ```python
         import pulumi
         import pulumi_vault as vault
@@ -418,6 +550,12 @@ class Backend(pulumi.CustomResource):
         :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
         :param pulumi.Input[str] environment: The Azure environment.
+        :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
+               *Available only for Vault Enterprise*
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -438,6 +576,19 @@ class Backend(pulumi.CustomResource):
         ### *Vault-1.9 And Above*
+        You can setup the Azure secrets engine with Workload Identity Federation (WIF) for a secret-less configuration:
+        ```python
+        import pulumi
+        import pulumi_vault as vault
+        azure = vault.azure.Backend("azure",
+            subscription_id="11111111-2222-3333-4444-111111111111",
+            tenant_id="11111111-2222-3333-4444-222222222222",
+            client_id="11111111-2222-3333-4444-333333333333",
+            identity_token_audience="<TOKEN_AUDIENCE>",
+            identity_token_ttl="<TOKEN_TTL>")
+        ```
         ```python
         import pulumi
         import pulumi_vault as vault
@@ -486,6 +637,9 @@ class Backend(pulumi.CustomResource):
                  description: Optional[pulumi.Input[str]] = None,
                  disable_remount: Optional[pulumi.Input[bool]] = None,
                  environment: Optional[pulumi.Input[str]] = None,
+                 identity_token_audience: Optional[pulumi.Input[str]] = None,
+                 identity_token_key: Optional[pulumi.Input[str]] = None,
+                 identity_token_ttl: Optional[pulumi.Input[int]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  path: Optional[pulumi.Input[str]] = None,
                  subscription_id: Optional[pulumi.Input[str]] = None,
@@ -505,6 +659,9 @@ class Backend(pulumi.CustomResource):
             __props__.__dict__["description"] = description
             __props__.__dict__["disable_remount"] = disable_remount
             __props__.__dict__["environment"] = environment
+            __props__.__dict__["identity_token_audience"] = identity_token_audience
+            __props__.__dict__["identity_token_key"] = identity_token_key
+            __props__.__dict__["identity_token_ttl"] = identity_token_ttl
             __props__.__dict__["namespace"] = namespace
             __props__.__dict__["path"] = path
             if subscription_id is None and not opts.urn:
@@ -531,6 +688,9 @@ class Backend(pulumi.CustomResource):
             description: Optional[pulumi.Input[str]] = None,
             disable_remount: Optional[pulumi.Input[bool]] = None,
             environment: Optional[pulumi.Input[str]] = None,
+            identity_token_audience: Optional[pulumi.Input[str]] = None,
+            identity_token_key: Optional[pulumi.Input[str]] = None,
+            identity_token_ttl: Optional[pulumi.Input[int]] = None,
             namespace: Optional[pulumi.Input[str]] = None,
             path: Optional[pulumi.Input[str]] = None,
             subscription_id: Optional[pulumi.Input[str]] = None,
@@ -549,6 +709,12 @@ class Backend(pulumi.CustomResource):
         :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
         :param pulumi.Input[str] environment: The Azure environment.
+        :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
+               *Available only for Vault Enterprise*
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -567,6 +733,9 @@ class Backend(pulumi.CustomResource):
         __props__.__dict__["description"] = description
         __props__.__dict__["disable_remount"] = disable_remount
         __props__.__dict__["environment"] = environment
+        __props__.__dict__["identity_token_audience"] = identity_token_audience
+        __props__.__dict__["identity_token_key"] = identity_token_key
+        __props__.__dict__["identity_token_ttl"] = identity_token_ttl
         __props__.__dict__["namespace"] = namespace
         __props__.__dict__["path"] = path
         __props__.__dict__["subscription_id"] = subscription_id
@@ -615,6 +784,33 @@ class Backend(pulumi.CustomResource):
         """
         return pulumi.get(self, "environment")
+    @property
+    @pulumi.getter(name="identityTokenAudience")
+    def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
+        """
+        The audience claim value. Requires Vault 1.17+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "identity_token_audience")
+    @property
+    @pulumi.getter(name="identityTokenKey")
+    def identity_token_key(self) -> pulumi.Output[Optional[str]]:
+        """
+        The key to use for signing identity tokens. Requires Vault 1.17+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "identity_token_key")
+    @property
+    @pulumi.getter(name="identityTokenTtl")
+    def identity_token_ttl(self) -> pulumi.Output[int]:
+        """
+        The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "identity_token_ttl")
     @property
     @pulumi.getter
     def namespace(self) -> pulumi.Output[Optional[str]]:
@@ -652,6 +848,7 @@ class Backend(pulumi.CustomResource):
     @property
     @pulumi.getter(name="useMicrosoftGraphApi")
+    @_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
     def use_microsoft_graph_api(self) -> pulumi.Output[bool]:
         """
         Use the Microsoft Graph API. Should be set to true on vault-1.10+

pulumi-vault 6.2.0a1718953130__py3-none-any.whl → 6.3.0__py3-none-any.whl

pulumi-vault 6.2.0a1718953130py3-none-any.whl → 6.3.0py3-none-any.whl