pulumi-vault 6.3.0a1723010642__py3-none-any.whl → 6.3.1__py3-none-any.whl

pulumi_vault/managed/_inputs.py

@@ -4,17 +4,88 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [
     'KeysAwArgs',
+    'KeysAwArgsDict',
     'KeysAzureArgs',
+    'KeysAzureArgsDict',
     'KeysPkcArgs',
+    'KeysPkcArgsDict',
 ]
 
+MYPY = False
+
+if not MYPY:
+    class KeysAwArgsDict(TypedDict):
+        access_key: pulumi.Input[str]
+        """
+        The AWS access key to use
+        """
+        key_bits: pulumi.Input[str]
+        """
+        The size in bits for an RSA key. This field is required when 'key_type' is 'RSA'
+        """
+        key_type: pulumi.Input[str]
+        """
+        The type of key to use
+        """
+        kms_key: pulumi.Input[str]
+        """
+        An identifier for the key
+        """
+        name: pulumi.Input[str]
+        """
+        A unique lowercase name that serves as identifying the key
+        """
+        secret_key: pulumi.Input[str]
+        """
+        The AWS secret key to use
+        """
+        allow_generate_key: NotRequired[pulumi.Input[bool]]
+        """
+        If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
+        """
+        allow_replace_key: NotRequired[pulumi.Input[bool]]
+        """
+        Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
+        """
+        allow_store_key: NotRequired[pulumi.Input[bool]]
+        """
+        Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
+        """
+        any_mount: NotRequired[pulumi.Input[bool]]
+        """
+        Allow usage from any mount point within the namespace if 'true'
+        """
+        curve: NotRequired[pulumi.Input[str]]
+        """
+        The curve to use for an ECDSA key. Used when key_type is 'ECDSA'. Required if 'allow_generate_key' is true
+        """
+        endpoint: NotRequired[pulumi.Input[str]]
+        """
+        Used to specify a custom AWS endpoint
+        """
+        region: NotRequired[pulumi.Input[str]]
+        """
+        The AWS region where the keys are stored (or will be stored)
+        """
+        uuid: NotRequired[pulumi.Input[str]]
+        """
+        ID of the managed key read from Vault
+        """
+elif False:
+    KeysAwArgsDict: TypeAlias = Mapping[str, Any]
+
 @pulumi.input_type
 class KeysAwArgs:
     def __init__(__self__, *,
@@ -240,6 +311,71 @@ class KeysAwArgs:
         pulumi.set(self, "uuid", value)
 
 
+if not MYPY:
+    class KeysAzureArgsDict(TypedDict):
+        client_id: pulumi.Input[str]
+        """
+        The client id for credentials to query the Azure APIs
+        """
+        client_secret: pulumi.Input[str]
+        """
+        The client secret for credentials to query the Azure APIs
+        """
+        key_name: pulumi.Input[str]
+        """
+        The Key Vault key to use for encryption and decryption
+        """
+        key_type: pulumi.Input[str]
+        """
+        The type of key to use
+        """
+        name: pulumi.Input[str]
+        """
+        A unique lowercase name that serves as identifying the key
+        """
+        tenant_id: pulumi.Input[str]
+        """
+        The tenant id for the Azure Active Directory organization
+        """
+        vault_name: pulumi.Input[str]
+        """
+        The Key Vault vault to use the encryption keys for encryption and decryption
+        """
+        allow_generate_key: NotRequired[pulumi.Input[bool]]
+        """
+        If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
+        """
+        allow_replace_key: NotRequired[pulumi.Input[bool]]
+        """
+        Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
+        """
+        allow_store_key: NotRequired[pulumi.Input[bool]]
+        """
+        Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
+        """
+        any_mount: NotRequired[pulumi.Input[bool]]
+        """
+        Allow usage from any mount point within the namespace if 'true'
+        """
+        environment: NotRequired[pulumi.Input[str]]
+        """
+        The Azure Cloud environment API endpoints to use
+        """
+        key_bits: NotRequired[pulumi.Input[str]]
+        """
+        The size in bits for an RSA key. This field is required when 'key_type' is 'RSA' or when 'allow_generate_key' is true
+        """
+        resource: NotRequired[pulumi.Input[str]]
+        """
+        The Azure Key Vault resource's DNS Suffix to connect to
+        """
+        uuid: NotRequired[pulumi.Input[str]]
+        """
+        ID of the managed key read from Vault
+        """
+elif False:
+    KeysAzureArgsDict: TypeAlias = Mapping[str, Any]
+
 @pulumi.input_type
 class KeysAzureArgs:
     def __init__(__self__, *,
@@ -480,6 +616,75 @@ class KeysAzureArgs:
         pulumi.set(self, "uuid", value)
 
 
+if not MYPY:
+    class KeysPkcArgsDict(TypedDict):
+        key_id: pulumi.Input[str]
+        """
+        The id of a PKCS#11 key to use
+        """
+        key_label: pulumi.Input[str]
+        """
+        The label of the key to use
+        """
+        library: pulumi.Input[str]
+        """
+        The name of the kms_library stanza to use from Vault's config to lookup the local library path
+        """
+        mechanism: pulumi.Input[str]
+        """
+        The encryption/decryption mechanism to use, specified as a hexadecimal (prefixed by 0x) string.
+        """
+        name: pulumi.Input[str]
+        """
+        A unique lowercase name that serves as identifying the key
+        """
+        pin: pulumi.Input[str]
+        """
+        The PIN for login
+        """
+        allow_generate_key: NotRequired[pulumi.Input[bool]]
+        """
+        If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend
+        """
+        allow_replace_key: NotRequired[pulumi.Input[bool]]
+        """
+        Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.
+        """
+        allow_store_key: NotRequired[pulumi.Input[bool]]
+        """
+        Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden
+        """
+        any_mount: NotRequired[pulumi.Input[bool]]
+        """
+        Allow usage from any mount point within the namespace if 'true'
+        """
+        curve: NotRequired[pulumi.Input[str]]
+        """
+        Supplies the curve value when using the 'CKM_ECDSA' mechanism. Required if 'allow_generate_key' is true
+        """
+        force_rw_session: NotRequired[pulumi.Input[str]]
+        """
+        Force all operations to open up a read-write session to the HSM
+        """
+        key_bits: NotRequired[pulumi.Input[str]]
+        """
+        Supplies the size in bits of the key when using 'CKM_RSA_PKCS_PSS', 'CKM_RSA_PKCS_OAEP' or 'CKM_RSA_PKCS' as a value for 'mechanism'. Required if 'allow_generate_key' is true
+        """
+        slot: NotRequired[pulumi.Input[str]]
+        """
+        The slot number to use, specified as a string in a decimal format (e.g. '2305843009213693953')
+        """
+        token_label: NotRequired[pulumi.Input[str]]
+        """
+        The slot token label to use
+        """
+        uuid: NotRequired[pulumi.Input[str]]
+        """
+        ID of the managed key read from Vault
+        """
+elif False:
+    KeysPkcArgsDict: TypeAlias = Mapping[str, Any]
+
 @pulumi.input_type
 class KeysPkcArgs:
     def __init__(__self__, *,

pulumi_vault/managed/keys.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 from . import outputs
 from ._inputs import *
@@ -162,10 +167,10 @@ class Keys(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 aws: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysAwArgs']]]]] = None,
-                 azures: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysAzureArgs']]]]] = None,
+                 aws: Optional[pulumi.Input[Sequence[pulumi.Input[Union['KeysAwArgs', 'KeysAwArgsDict']]]]] = None,
+                 azures: Optional[pulumi.Input[Sequence[pulumi.Input[Union['KeysAzureArgs', 'KeysAzureArgsDict']]]]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
-                 pkcs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysPkcArgs']]]]] = None,
+                 pkcs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['KeysPkcArgs', 'KeysPkcArgsDict']]]]] = None,
                  __props__=None):
         """
         A resource that manages the lifecycle of all [Managed Keys](https://www.vaultproject.io/docs/enterprise/managed-keys) in Vault.
@@ -182,10 +187,10 @@ class Keys(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysAwArgs']]]] aws: Configuration block for AWS Managed Keys
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysAzureArgs']]]] azures: Configuration block for Azure Managed Keys
+        :param pulumi.Input[Sequence[pulumi.Input[Union['KeysAwArgs', 'KeysAwArgsDict']]]] aws: Configuration block for AWS Managed Keys
+        :param pulumi.Input[Sequence[pulumi.Input[Union['KeysAzureArgs', 'KeysAzureArgsDict']]]] azures: Configuration block for Azure Managed Keys
         :param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysPkcArgs']]]] pkcs: Configuration block for PKCS Managed Keys
+        :param pulumi.Input[Sequence[pulumi.Input[Union['KeysPkcArgs', 'KeysPkcArgsDict']]]] pkcs: Configuration block for PKCS Managed Keys
         """
         ...
     @overload
@@ -221,10 +226,10 @@ class Keys(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 aws: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysAwArgs']]]]] = None,
-                 azures: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysAzureArgs']]]]] = None,
+                 aws: Optional[pulumi.Input[Sequence[pulumi.Input[Union['KeysAwArgs', 'KeysAwArgsDict']]]]] = None,
+                 azures: Optional[pulumi.Input[Sequence[pulumi.Input[Union['KeysAzureArgs', 'KeysAzureArgsDict']]]]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
-                 pkcs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysPkcArgs']]]]] = None,
+                 pkcs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['KeysPkcArgs', 'KeysPkcArgsDict']]]]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -248,10 +253,10 @@ class Keys(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            aws: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysAwArgs']]]]] = None,
-            azures: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysAzureArgs']]]]] = None,
+            aws: Optional[pulumi.Input[Sequence[pulumi.Input[Union['KeysAwArgs', 'KeysAwArgsDict']]]]] = None,
+            azures: Optional[pulumi.Input[Sequence[pulumi.Input[Union['KeysAzureArgs', 'KeysAzureArgsDict']]]]] = None,
             namespace: Optional[pulumi.Input[str]] = None,
-            pkcs: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysPkcArgs']]]]] = None) -> 'Keys':
+            pkcs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['KeysPkcArgs', 'KeysPkcArgsDict']]]]] = None) -> 'Keys':
         """
         Get an existing Keys resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -259,10 +264,10 @@ class Keys(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysAwArgs']]]] aws: Configuration block for AWS Managed Keys
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysAzureArgs']]]] azures: Configuration block for Azure Managed Keys
+        :param pulumi.Input[Sequence[pulumi.Input[Union['KeysAwArgs', 'KeysAwArgsDict']]]] aws: Configuration block for AWS Managed Keys
+        :param pulumi.Input[Sequence[pulumi.Input[Union['KeysAzureArgs', 'KeysAzureArgsDict']]]] azures: Configuration block for Azure Managed Keys
         :param pulumi.Input[str] namespace: Target namespace. (requires Enterprise)
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KeysPkcArgs']]]] pkcs: Configuration block for PKCS Managed Keys
+        :param pulumi.Input[Sequence[pulumi.Input[Union['KeysPkcArgs', 'KeysPkcArgsDict']]]] pkcs: Configuration block for PKCS Managed Keys
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 

pulumi_vault/managed/outputs.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [

pulumi_vault/mfa_duo.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from . import _utilities
 
 __all__ = ['MfaDuoArgs', 'MfaDuo']

pulumi_vault/mfa_okta.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from . import _utilities
 
 __all__ = ['MfaOktaArgs', 'MfaOkta']

pulumi_vault/mfa_pingid.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from . import _utilities
 
 __all__ = ['MfaPingidArgs', 'MfaPingid']

pulumi_vault/mfa_totp.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from . import _utilities
 
 __all__ = ['MfaTotpArgs', 'MfaTotp']

pulumi_vault/mongodbatlas/secret_backend.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['SecretBackendArgs', 'SecretBackend']

pulumi_vault/mongodbatlas/secret_role.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['SecretRoleArgs', 'SecretRole']

pulumi_vault/mount.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from . import _utilities
 
 __all__ = ['MountArgs', 'Mount']
@@ -29,7 +34,7 @@ class MountArgs:
                  local: Optional[pulumi.Input[bool]] = None,
                  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
-                 options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  plugin_version: Optional[pulumi.Input[str]] = None,
                  seal_wrap: Optional[pulumi.Input[bool]] = None):
@@ -49,14 +54,15 @@ class MountArgs:
         :param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
         :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
                not provided, this will default to Vault's OIDC default key.
-        :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
+        :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
+               listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
         :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
         :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
         :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
                the plugin.
         :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. "v1.0.0".
@@ -240,7 +246,8 @@ class MountArgs:
     @pulumi.getter(name="listingVisibility")
     def listing_visibility(self) -> Optional[pulumi.Input[str]]:
         """
-        Specifies whether to show this mount in the UI-specific listing endpoint
+        Specifies whether to show this mount in the UI-specific
+        listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
         """
         return pulumi.get(self, "listing_visibility")
 
@@ -289,14 +296,14 @@ class MountArgs:
 
     @property
     @pulumi.getter
-    def options(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
+    def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
         """
         Specifies mount type specific options that are passed to the backend
         """
         return pulumi.get(self, "options")
 
     @options.setter
-    def options(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
+    def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "options", value)
 
     @property
@@ -356,7 +363,7 @@ class _MountState:
                  local: Optional[pulumi.Input[bool]] = None,
                  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
-                 options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  path: Optional[pulumi.Input[str]] = None,
                  plugin_version: Optional[pulumi.Input[str]] = None,
@@ -377,14 +384,15 @@ class _MountState:
         :param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
         :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
                not provided, this will default to Vault's OIDC default key.
-        :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
+        :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
+               listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
         :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
         :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
         :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
                the plugin.
         :param pulumi.Input[str] path: Where the secret backend will be mounted
@@ -562,7 +570,8 @@ class _MountState:
     @pulumi.getter(name="listingVisibility")
     def listing_visibility(self) -> Optional[pulumi.Input[str]]:
         """
-        Specifies whether to show this mount in the UI-specific listing endpoint
+        Specifies whether to show this mount in the UI-specific
+        listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
         """
         return pulumi.get(self, "listing_visibility")
 
@@ -611,14 +620,14 @@ class _MountState:
 
     @property
     @pulumi.getter
-    def options(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
+    def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
         """
         Specifies mount type specific options that are passed to the backend
         """
         return pulumi.get(self, "options")
 
     @options.setter
-    def options(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
+    def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "options", value)
 
     @property
@@ -703,7 +712,7 @@ class Mount(pulumi.CustomResource):
                  local: Optional[pulumi.Input[bool]] = None,
                  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
-                 options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  path: Optional[pulumi.Input[str]] = None,
                  plugin_version: Optional[pulumi.Input[str]] = None,
@@ -748,7 +757,7 @@ class Mount(pulumi.CustomResource):
             type="transit",
             description="This is an example transit secret engine mount",
             options={
-                "convergent_encryption": False,
+                "convergent_encryption": "false",
             })
         ```
 
@@ -786,14 +795,15 @@ class Mount(pulumi.CustomResource):
         :param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
         :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
                not provided, this will default to Vault's OIDC default key.
-        :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
+        :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
+               listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
         :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
         :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
         :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
                the plugin.
         :param pulumi.Input[str] path: Where the secret backend will be mounted
@@ -847,7 +857,7 @@ class Mount(pulumi.CustomResource):
             type="transit",
             description="This is an example transit secret engine mount",
             options={
-                "convergent_encryption": False,
+                "convergent_encryption": "false",
             })
         ```
 
@@ -899,7 +909,7 @@ class Mount(pulumi.CustomResource):
                  local: Optional[pulumi.Input[bool]] = None,
                  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
-                 options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  path: Optional[pulumi.Input[str]] = None,
                  plugin_version: Optional[pulumi.Input[str]] = None,
@@ -962,7 +972,7 @@ class Mount(pulumi.CustomResource):
             local: Optional[pulumi.Input[bool]] = None,
             max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
             namespace: Optional[pulumi.Input[str]] = None,
-            options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+            options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
             passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             path: Optional[pulumi.Input[str]] = None,
             plugin_version: Optional[pulumi.Input[str]] = None,
@@ -988,14 +998,15 @@ class Mount(pulumi.CustomResource):
         :param pulumi.Input[bool] external_entropy_access: Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source
         :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens. If
                not provided, this will default to Vault's OIDC default key.
-        :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
+        :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific
+               listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
         :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
         :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for tokens and secrets in seconds
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
         :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to
                the plugin.
         :param pulumi.Input[str] path: Where the secret backend will be mounted
@@ -1118,7 +1129,8 @@ class Mount(pulumi.CustomResource):
     @pulumi.getter(name="listingVisibility")
     def listing_visibility(self) -> pulumi.Output[Optional[str]]:
         """
-        Specifies whether to show this mount in the UI-specific listing endpoint
+        Specifies whether to show this mount in the UI-specific
+        listing endpoint. Valid values are `unauth` or `hidden`. If not set, behaves like `hidden`.
         """
         return pulumi.get(self, "listing_visibility")
 
@@ -1151,7 +1163,7 @@ class Mount(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def options(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
+    def options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
         """
         Specifies mount type specific options that are passed to the backend
         """