pulumi-vault 6.3.0a1723010642__py3-none-any.whl → 6.3.1__py3-none-any.whl

pulumi_vault/aws/secret_backend_role.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
@@ -17,6 +22,7 @@ class SecretBackendRoleArgs:
                  backend: pulumi.Input[str],
                  credential_type: pulumi.Input[str],
                  default_sts_ttl: Optional[pulumi.Input[int]] = None,
+                 external_id: Optional[pulumi.Input[str]] = None,
                  iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  max_sts_ttl: Optional[pulumi.Input[int]] = None,
@@ -26,6 +32,7 @@ class SecretBackendRoleArgs:
                  policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  policy_document: Optional[pulumi.Input[str]] = None,
                  role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  user_path: Optional[pulumi.Input[str]] = None):
         """
         The set of arguments for constructing a SecretBackendRole resource.
@@ -39,6 +46,8 @@ class SecretBackendRoleArgs:
                and a default TTL is specified on the role,
                then this default TTL will be used. Valid only when `credential_type` is one of
                `assumed_role` or `federation_token`.
+        :param pulumi.Input[str] external_id: External ID to set for assume role creds. 
+               Valid only when `credential_type` is set to `assumed_role`.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
                against this vault role will be added to these IAM Groups. For a credential
                type of `assumed_role` or `federation_token`, the policies sent to the
@@ -75,6 +84,9 @@ class SecretBackendRoleArgs:
         :param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
                is allowed to assume. Required when `credential_type` is `assumed_role` and
                prohibited otherwise.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
+               during assume role creds creation. Valid only when `credential_type` is set to
+               `assumed_role`.
         :param pulumi.Input[str] user_path: The path for the user name. Valid only when 
                `credential_type` is `iam_user`. Default is `/`.
         """
@@ -82,6 +94,8 @@ class SecretBackendRoleArgs:
         pulumi.set(__self__, "credential_type", credential_type)
         if default_sts_ttl is not None:
             pulumi.set(__self__, "default_sts_ttl", default_sts_ttl)
+        if external_id is not None:
+            pulumi.set(__self__, "external_id", external_id)
         if iam_groups is not None:
             pulumi.set(__self__, "iam_groups", iam_groups)
         if iam_tags is not None:
@@ -100,6 +114,8 @@ class SecretBackendRoleArgs:
             pulumi.set(__self__, "policy_document", policy_document)
         if role_arns is not None:
             pulumi.set(__self__, "role_arns", role_arns)
+        if session_tags is not None:
+            pulumi.set(__self__, "session_tags", session_tags)
         if user_path is not None:
             pulumi.set(__self__, "user_path", user_path)
 
@@ -146,6 +162,19 @@ class SecretBackendRoleArgs:
     def default_sts_ttl(self, value: Optional[pulumi.Input[int]]):
         pulumi.set(self, "default_sts_ttl", value)
 
+    @property
+    @pulumi.getter(name="externalId")
+    def external_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        External ID to set for assume role creds. 
+        Valid only when `credential_type` is set to `assumed_role`.
+        """
+        return pulumi.get(self, "external_id")
+
+    @external_id.setter
+    def external_id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "external_id", value)
+
     @property
     @pulumi.getter(name="iamGroups")
     def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -281,6 +310,20 @@ class SecretBackendRoleArgs:
     def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
         pulumi.set(self, "role_arns", value)
 
+    @property
+    @pulumi.getter(name="sessionTags")
+    def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
+        """
+        A map of strings representing key/value pairs to be set
+        during assume role creds creation. Valid only when `credential_type` is set to
+        `assumed_role`.
+        """
+        return pulumi.get(self, "session_tags")
+
+    @session_tags.setter
+    def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
+        pulumi.set(self, "session_tags", value)
+
     @property
     @pulumi.getter(name="userPath")
     def user_path(self) -> Optional[pulumi.Input[str]]:
@@ -301,6 +344,7 @@ class _SecretBackendRoleState:
                  backend: Optional[pulumi.Input[str]] = None,
                  credential_type: Optional[pulumi.Input[str]] = None,
                  default_sts_ttl: Optional[pulumi.Input[int]] = None,
+                 external_id: Optional[pulumi.Input[str]] = None,
                  iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  max_sts_ttl: Optional[pulumi.Input[int]] = None,
@@ -310,6 +354,7 @@ class _SecretBackendRoleState:
                  policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  policy_document: Optional[pulumi.Input[str]] = None,
                  role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  user_path: Optional[pulumi.Input[str]] = None):
         """
         Input properties used for looking up and filtering SecretBackendRole resources.
@@ -323,6 +368,8 @@ class _SecretBackendRoleState:
                and a default TTL is specified on the role,
                then this default TTL will be used. Valid only when `credential_type` is one of
                `assumed_role` or `federation_token`.
+        :param pulumi.Input[str] external_id: External ID to set for assume role creds. 
+               Valid only when `credential_type` is set to `assumed_role`.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
                against this vault role will be added to these IAM Groups. For a credential
                type of `assumed_role` or `federation_token`, the policies sent to the
@@ -359,6 +406,9 @@ class _SecretBackendRoleState:
         :param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
                is allowed to assume. Required when `credential_type` is `assumed_role` and
                prohibited otherwise.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
+               during assume role creds creation. Valid only when `credential_type` is set to
+               `assumed_role`.
         :param pulumi.Input[str] user_path: The path for the user name. Valid only when 
                `credential_type` is `iam_user`. Default is `/`.
         """
@@ -368,6 +418,8 @@ class _SecretBackendRoleState:
             pulumi.set(__self__, "credential_type", credential_type)
         if default_sts_ttl is not None:
             pulumi.set(__self__, "default_sts_ttl", default_sts_ttl)
+        if external_id is not None:
+            pulumi.set(__self__, "external_id", external_id)
         if iam_groups is not None:
             pulumi.set(__self__, "iam_groups", iam_groups)
         if iam_tags is not None:
@@ -386,6 +438,8 @@ class _SecretBackendRoleState:
             pulumi.set(__self__, "policy_document", policy_document)
         if role_arns is not None:
             pulumi.set(__self__, "role_arns", role_arns)
+        if session_tags is not None:
+            pulumi.set(__self__, "session_tags", session_tags)
         if user_path is not None:
             pulumi.set(__self__, "user_path", user_path)
 
@@ -432,6 +486,19 @@ class _SecretBackendRoleState:
     def default_sts_ttl(self, value: Optional[pulumi.Input[int]]):
         pulumi.set(self, "default_sts_ttl", value)
 
+    @property
+    @pulumi.getter(name="externalId")
+    def external_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        External ID to set for assume role creds. 
+        Valid only when `credential_type` is set to `assumed_role`.
+        """
+        return pulumi.get(self, "external_id")
+
+    @external_id.setter
+    def external_id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "external_id", value)
+
     @property
     @pulumi.getter(name="iamGroups")
     def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -567,6 +634,20 @@ class _SecretBackendRoleState:
     def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
         pulumi.set(self, "role_arns", value)
 
+    @property
+    @pulumi.getter(name="sessionTags")
+    def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
+        """
+        A map of strings representing key/value pairs to be set
+        during assume role creds creation. Valid only when `credential_type` is set to
+        `assumed_role`.
+        """
+        return pulumi.get(self, "session_tags")
+
+    @session_tags.setter
+    def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
+        pulumi.set(self, "session_tags", value)
+
     @property
     @pulumi.getter(name="userPath")
     def user_path(self) -> Optional[pulumi.Input[str]]:
@@ -589,6 +670,7 @@ class SecretBackendRole(pulumi.CustomResource):
                  backend: Optional[pulumi.Input[str]] = None,
                  credential_type: Optional[pulumi.Input[str]] = None,
                  default_sts_ttl: Optional[pulumi.Input[int]] = None,
+                 external_id: Optional[pulumi.Input[str]] = None,
                  iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  max_sts_ttl: Optional[pulumi.Input[int]] = None,
@@ -598,6 +680,7 @@ class SecretBackendRole(pulumi.CustomResource):
                  policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  policy_document: Optional[pulumi.Input[str]] = None,
                  role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  user_path: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
@@ -647,6 +730,8 @@ class SecretBackendRole(pulumi.CustomResource):
                and a default TTL is specified on the role,
                then this default TTL will be used. Valid only when `credential_type` is one of
                `assumed_role` or `federation_token`.
+        :param pulumi.Input[str] external_id: External ID to set for assume role creds. 
+               Valid only when `credential_type` is set to `assumed_role`.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
                against this vault role will be added to these IAM Groups. For a credential
                type of `assumed_role` or `federation_token`, the policies sent to the
@@ -683,6 +768,9 @@ class SecretBackendRole(pulumi.CustomResource):
         :param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
                is allowed to assume. Required when `credential_type` is `assumed_role` and
                prohibited otherwise.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
+               during assume role creds creation. Valid only when `credential_type` is set to
+               `assumed_role`.
         :param pulumi.Input[str] user_path: The path for the user name. Valid only when 
                `credential_type` is `iam_user`. Default is `/`.
         """
@@ -745,6 +833,7 @@ class SecretBackendRole(pulumi.CustomResource):
                  backend: Optional[pulumi.Input[str]] = None,
                  credential_type: Optional[pulumi.Input[str]] = None,
                  default_sts_ttl: Optional[pulumi.Input[int]] = None,
+                 external_id: Optional[pulumi.Input[str]] = None,
                  iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  max_sts_ttl: Optional[pulumi.Input[int]] = None,
@@ -754,6 +843,7 @@ class SecretBackendRole(pulumi.CustomResource):
                  policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  policy_document: Optional[pulumi.Input[str]] = None,
                  role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  user_path: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -771,6 +861,7 @@ class SecretBackendRole(pulumi.CustomResource):
                 raise TypeError("Missing required property 'credential_type'")
             __props__.__dict__["credential_type"] = credential_type
             __props__.__dict__["default_sts_ttl"] = default_sts_ttl
+            __props__.__dict__["external_id"] = external_id
             __props__.__dict__["iam_groups"] = iam_groups
             __props__.__dict__["iam_tags"] = iam_tags
             __props__.__dict__["max_sts_ttl"] = max_sts_ttl
@@ -780,6 +871,7 @@ class SecretBackendRole(pulumi.CustomResource):
             __props__.__dict__["policy_arns"] = policy_arns
             __props__.__dict__["policy_document"] = policy_document
             __props__.__dict__["role_arns"] = role_arns
+            __props__.__dict__["session_tags"] = session_tags
             __props__.__dict__["user_path"] = user_path
         super(SecretBackendRole, __self__).__init__(
             'vault:aws/secretBackendRole:SecretBackendRole',
@@ -794,6 +886,7 @@ class SecretBackendRole(pulumi.CustomResource):
             backend: Optional[pulumi.Input[str]] = None,
             credential_type: Optional[pulumi.Input[str]] = None,
             default_sts_ttl: Optional[pulumi.Input[int]] = None,
+            external_id: Optional[pulumi.Input[str]] = None,
             iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
             max_sts_ttl: Optional[pulumi.Input[int]] = None,
@@ -803,6 +896,7 @@ class SecretBackendRole(pulumi.CustomResource):
             policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             policy_document: Optional[pulumi.Input[str]] = None,
             role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+            session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
             user_path: Optional[pulumi.Input[str]] = None) -> 'SecretBackendRole':
         """
         Get an existing SecretBackendRole resource's state with the given name, id, and optional extra
@@ -821,6 +915,8 @@ class SecretBackendRole(pulumi.CustomResource):
                and a default TTL is specified on the role,
                then this default TTL will be used. Valid only when `credential_type` is one of
                `assumed_role` or `federation_token`.
+        :param pulumi.Input[str] external_id: External ID to set for assume role creds. 
+               Valid only when `credential_type` is set to `assumed_role`.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
                against this vault role will be added to these IAM Groups. For a credential
                type of `assumed_role` or `federation_token`, the policies sent to the
@@ -857,6 +953,9 @@ class SecretBackendRole(pulumi.CustomResource):
         :param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
                is allowed to assume. Required when `credential_type` is `assumed_role` and
                prohibited otherwise.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
+               during assume role creds creation. Valid only when `credential_type` is set to
+               `assumed_role`.
         :param pulumi.Input[str] user_path: The path for the user name. Valid only when 
                `credential_type` is `iam_user`. Default is `/`.
         """
@@ -867,6 +966,7 @@ class SecretBackendRole(pulumi.CustomResource):
         __props__.__dict__["backend"] = backend
         __props__.__dict__["credential_type"] = credential_type
         __props__.__dict__["default_sts_ttl"] = default_sts_ttl
+        __props__.__dict__["external_id"] = external_id
         __props__.__dict__["iam_groups"] = iam_groups
         __props__.__dict__["iam_tags"] = iam_tags
         __props__.__dict__["max_sts_ttl"] = max_sts_ttl
@@ -876,6 +976,7 @@ class SecretBackendRole(pulumi.CustomResource):
         __props__.__dict__["policy_arns"] = policy_arns
         __props__.__dict__["policy_document"] = policy_document
         __props__.__dict__["role_arns"] = role_arns
+        __props__.__dict__["session_tags"] = session_tags
         __props__.__dict__["user_path"] = user_path
         return SecretBackendRole(resource_name, opts=opts, __props__=__props__)
 
@@ -910,6 +1011,15 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "default_sts_ttl")
 
+    @property
+    @pulumi.getter(name="externalId")
+    def external_id(self) -> pulumi.Output[Optional[str]]:
+        """
+        External ID to set for assume role creds. 
+        Valid only when `credential_type` is set to `assumed_role`.
+        """
+        return pulumi.get(self, "external_id")
+
     @property
     @pulumi.getter(name="iamGroups")
     def iam_groups(self) -> pulumi.Output[Optional[Sequence[str]]]:
@@ -1009,6 +1119,16 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "role_arns")
 
+    @property
+    @pulumi.getter(name="sessionTags")
+    def session_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
+        """
+        A map of strings representing key/value pairs to be set
+        during assume role creds creation. Valid only when `credential_type` is set to
+        `assumed_role`.
+        """
+        return pulumi.get(self, "session_tags")
+
     @property
     @pulumi.getter(name="userPath")
     def user_path(self) -> pulumi.Output[Optional[str]]:

pulumi_vault/aws/secret_backend_static_role.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['SecretBackendStaticRoleArgs', 'SecretBackendStaticRole']

pulumi_vault/azure/_inputs.py

@@ -4,16 +4,32 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [
     'BackendRoleAzureGroupArgs',
+    'BackendRoleAzureGroupArgsDict',
     'BackendRoleAzureRoleArgs',
+    'BackendRoleAzureRoleArgsDict',
 ]
 
+MYPY = False
+
+if not MYPY:
+    class BackendRoleAzureGroupArgsDict(TypedDict):
+        group_name: pulumi.Input[str]
+        object_id: NotRequired[pulumi.Input[str]]
+elif False:
+    BackendRoleAzureGroupArgsDict: TypeAlias = Mapping[str, Any]
+
 @pulumi.input_type
 class BackendRoleAzureGroupArgs:
     def __init__(__self__, *,
@@ -42,6 +58,14 @@ class BackendRoleAzureGroupArgs:
         pulumi.set(self, "object_id", value)
 
 
+if not MYPY:
+    class BackendRoleAzureRoleArgsDict(TypedDict):
+        scope: pulumi.Input[str]
+        role_id: NotRequired[pulumi.Input[str]]
+        role_name: NotRequired[pulumi.Input[str]]
+elif False:
+    BackendRoleAzureRoleArgsDict: TypeAlias = Mapping[str, Any]
+
 @pulumi.input_type
 class BackendRoleAzureRoleArgs:
     def __init__(__self__, *,

pulumi_vault/azure/auth_backend_config.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['AuthBackendConfigArgs', 'AuthBackendConfig']

pulumi_vault/azure/auth_backend_role.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']

pulumi_vault/azure/backend.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['BackendArgs', 'Backend']

pulumi_vault/azure/backend_role.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 from . import outputs
 from ._inputs import *
@@ -450,8 +455,8 @@ class BackendRole(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  application_object_id: Optional[pulumi.Input[str]] = None,
-                 azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BackendRoleAzureGroupArgs']]]]] = None,
-                 azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BackendRoleAzureRoleArgs']]]]] = None,
+                 azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]]] = None,
+                 azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]]] = None,
                  backend: Optional[pulumi.Input[str]] = None,
                  description: Optional[pulumi.Input[str]] = None,
                  max_ttl: Optional[pulumi.Input[str]] = None,
@@ -484,10 +489,10 @@ class BackendRole(pulumi.CustomResource):
             ],
             ttl="300",
             max_ttl="600",
-            azure_roles=[vault.azure.BackendRoleAzureRoleArgs(
-                role_name="Reader",
-                scope=f"/subscriptions/{subscription_id}/resourceGroups/azure-vault-group",
-            )])
+            azure_roles=[{
+                "role_name": "Reader",
+                "scope": f"/subscriptions/{subscription_id}/resourceGroups/azure-vault-group",
+            }])
         existing_object_id = vault.azure.BackendRole("existing_object_id",
             backend=azure.path,
             role="existing_object_id",
@@ -500,8 +505,8 @@ class BackendRole(pulumi.CustomResource):
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] application_object_id: Application Object ID for an existing service principal that will
                be used instead of creating dynamic service principals. If present, `azure_roles` and `permanently_delete` will be ignored.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BackendRoleAzureGroupArgs']]]] azure_groups: List of Azure groups to be assigned to the generated service principal.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BackendRoleAzureRoleArgs']]]] azure_roles: List of Azure roles to be assigned to the generated service principal.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]] azure_groups: List of Azure groups to be assigned to the generated service principal.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]] azure_roles: List of Azure roles to be assigned to the generated service principal.
         :param pulumi.Input[str] backend: Path to the mounted Azure auth backend
         :param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
         :param pulumi.Input[str] max_ttl: Specifies the maximum TTL for service principals generated using this role. Accepts time
@@ -547,10 +552,10 @@ class BackendRole(pulumi.CustomResource):
             ],
             ttl="300",
             max_ttl="600",
-            azure_roles=[vault.azure.BackendRoleAzureRoleArgs(
-                role_name="Reader",
-                scope=f"/subscriptions/{subscription_id}/resourceGroups/azure-vault-group",
-            )])
+            azure_roles=[{
+                "role_name": "Reader",
+                "scope": f"/subscriptions/{subscription_id}/resourceGroups/azure-vault-group",
+            }])
         existing_object_id = vault.azure.BackendRole("existing_object_id",
             backend=azure.path,
             role="existing_object_id",
@@ -575,8 +580,8 @@ class BackendRole(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  application_object_id: Optional[pulumi.Input[str]] = None,
-                 azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BackendRoleAzureGroupArgs']]]]] = None,
-                 azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BackendRoleAzureRoleArgs']]]]] = None,
+                 azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]]] = None,
+                 azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]]] = None,
                  backend: Optional[pulumi.Input[str]] = None,
                  description: Optional[pulumi.Input[str]] = None,
                  max_ttl: Optional[pulumi.Input[str]] = None,
@@ -620,8 +625,8 @@ class BackendRole(pulumi.CustomResource):
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
             application_object_id: Optional[pulumi.Input[str]] = None,
-            azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BackendRoleAzureGroupArgs']]]]] = None,
-            azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BackendRoleAzureRoleArgs']]]]] = None,
+            azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]]] = None,
+            azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]]] = None,
             backend: Optional[pulumi.Input[str]] = None,
             description: Optional[pulumi.Input[str]] = None,
             max_ttl: Optional[pulumi.Input[str]] = None,
@@ -640,8 +645,8 @@ class BackendRole(pulumi.CustomResource):
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] application_object_id: Application Object ID for an existing service principal that will
                be used instead of creating dynamic service principals. If present, `azure_roles` and `permanently_delete` will be ignored.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BackendRoleAzureGroupArgs']]]] azure_groups: List of Azure groups to be assigned to the generated service principal.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BackendRoleAzureRoleArgs']]]] azure_roles: List of Azure roles to be assigned to the generated service principal.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]] azure_groups: List of Azure groups to be assigned to the generated service principal.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]] azure_roles: List of Azure roles to be assigned to the generated service principal.
         :param pulumi.Input[str] backend: Path to the mounted Azure auth backend
         :param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
         :param pulumi.Input[str] max_ttl: Specifies the maximum TTL for service principals generated using this role. Accepts time

pulumi_vault/azure/get_access_credentials.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [
@@ -298,9 +303,6 @@ def get_access_credentials(backend: Optional[str] = None,
         subscription_id=pulumi.get(__ret__, 'subscription_id'),
         tenant_id=pulumi.get(__ret__, 'tenant_id'),
         validate_creds=pulumi.get(__ret__, 'validate_creds'))
-
-
-@_utilities.lift_output_func(get_access_credentials)
 def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
                                   environment: Optional[pulumi.Input[Optional[str]]] = None,
                                   max_cred_validation_seconds: Optional[pulumi.Input[Optional[int]]] = None,
@@ -365,4 +367,34 @@ def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
            credentials without checking whether they have fully propagated throughout
            Azure Active Directory. Designating `true` activates testing.
     """
-    ...
+    __args__ = dict()
+    __args__['backend'] = backend
+    __args__['environment'] = environment
+    __args__['maxCredValidationSeconds'] = max_cred_validation_seconds
+    __args__['namespace'] = namespace
+    __args__['numSecondsBetweenTests'] = num_seconds_between_tests
+    __args__['numSequentialSuccesses'] = num_sequential_successes
+    __args__['role'] = role
+    __args__['subscriptionId'] = subscription_id
+    __args__['tenantId'] = tenant_id
+    __args__['validateCreds'] = validate_creds
+    opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke_output('vault:azure/getAccessCredentials:getAccessCredentials', __args__, opts=opts, typ=GetAccessCredentialsResult)
+    return __ret__.apply(lambda __response__: GetAccessCredentialsResult(
+        backend=pulumi.get(__response__, 'backend'),
+        client_id=pulumi.get(__response__, 'client_id'),
+        client_secret=pulumi.get(__response__, 'client_secret'),
+        environment=pulumi.get(__response__, 'environment'),
+        id=pulumi.get(__response__, 'id'),
+        lease_duration=pulumi.get(__response__, 'lease_duration'),
+        lease_id=pulumi.get(__response__, 'lease_id'),
+        lease_renewable=pulumi.get(__response__, 'lease_renewable'),
+        lease_start_time=pulumi.get(__response__, 'lease_start_time'),
+        max_cred_validation_seconds=pulumi.get(__response__, 'max_cred_validation_seconds'),
+        namespace=pulumi.get(__response__, 'namespace'),
+        num_seconds_between_tests=pulumi.get(__response__, 'num_seconds_between_tests'),
+        num_sequential_successes=pulumi.get(__response__, 'num_sequential_successes'),
+        role=pulumi.get(__response__, 'role'),
+        subscription_id=pulumi.get(__response__, 'subscription_id'),
+        tenant_id=pulumi.get(__response__, 'tenant_id'),
+        validate_creds=pulumi.get(__response__, 'validate_creds')))

pulumi_vault/azure/outputs.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [

pulumi_vault/cert_auth_backend_role.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from . import _utilities
 
 __all__ = ['CertAuthBackendRoleArgs', 'CertAuthBackendRole']

pulumi_vault/config/__init__.pyi

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 from . import outputs