pulumi-vault 6.3.0a1723010642__py3-none-any.whl → 6.3.1__py3-none-any.whl

pulumi_vault/gcp/_inputs.py

@@ -4,18 +4,53 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [
     'AuthBackendCustomEndpointArgs',
+    'AuthBackendCustomEndpointArgsDict',
     'AuthBackendTuneArgs',
+    'AuthBackendTuneArgsDict',
     'SecretRolesetBindingArgs',
+    'SecretRolesetBindingArgsDict',
     'SecretStaticAccountBindingArgs',
+    'SecretStaticAccountBindingArgsDict',
 ]
 
+MYPY = False
+
+if not MYPY:
+    class AuthBackendCustomEndpointArgsDict(TypedDict):
+        api: NotRequired[pulumi.Input[str]]
+        """
+        Replaces the service endpoint used in API requests to `https://www.googleapis.com`.
+        """
+        compute: NotRequired[pulumi.Input[str]]
+        """
+        Replaces the service endpoint used in API requests to `https://compute.googleapis.com`.
+
+        The endpoint value provided for a given key has the form of `scheme://host:port`.
+        The `scheme://` and `:port` portions of the endpoint value are optional.
+        """
+        crm: NotRequired[pulumi.Input[str]]
+        """
+        Replaces the service endpoint used in API requests to `https://cloudresourcemanager.googleapis.com`.
+        """
+        iam: NotRequired[pulumi.Input[str]]
+        """
+        Replaces the service endpoint used in API requests to `https://iam.googleapis.com`.
+        """
+elif False:
+    AuthBackendCustomEndpointArgsDict: TypeAlias = Mapping[str, Any]
+
 @pulumi.input_type
 class AuthBackendCustomEndpointArgs:
     def __init__(__self__, *,
@@ -93,6 +128,56 @@ class AuthBackendCustomEndpointArgs:
         pulumi.set(self, "iam", value)
 
 
+if not MYPY:
+    class AuthBackendTuneArgsDict(TypedDict):
+        allowed_response_headers: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        List of headers to whitelist and allowing
+        a plugin to include them in the response.
+        """
+        audit_non_hmac_request_keys: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        Specifies the list of keys that will
+        not be HMAC'd by audit devices in the request data object.
+        """
+        audit_non_hmac_response_keys: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        Specifies the list of keys that will
+        not be HMAC'd by audit devices in the response data object.
+        """
+        default_lease_ttl: NotRequired[pulumi.Input[str]]
+        """
+        Specifies the default time-to-live.
+        If set, this overrides the global default.
+        Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
+        """
+        listing_visibility: NotRequired[pulumi.Input[str]]
+        """
+        Specifies whether to show this mount in
+        the UI-specific listing endpoint. Valid values are "unauth" or "hidden".
+        """
+        max_lease_ttl: NotRequired[pulumi.Input[str]]
+        """
+        Specifies the maximum time-to-live.
+        If set, this overrides the global default.
+        Must be a valid [duration string](https://golang.org/pkg/time/#ParseDuration)
+        """
+        passthrough_request_headers: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        List of headers to whitelist and
+        pass from the request to the backend.
+        """
+        token_type: NotRequired[pulumi.Input[str]]
+        """
+        Specifies the type of tokens that should be returned by
+        the mount. Valid values are "default-service", "default-batch", "service", "batch".
+
+
+        For more details on the usage of each argument consult the [Vault GCP API documentation](https://www.vaultproject.io/api-docs/auth/gcp#configure).
+        """
+elif False:
+    AuthBackendTuneArgsDict: TypeAlias = Mapping[str, Any]
+
 @pulumi.input_type
 class AuthBackendTuneArgs:
     def __init__(__self__, *,
@@ -254,6 +339,19 @@ class AuthBackendTuneArgs:
         pulumi.set(self, "token_type", value)
 
 
+if not MYPY:
+    class SecretRolesetBindingArgsDict(TypedDict):
+        resource: pulumi.Input[str]
+        """
+        Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different [formats](https://www.vaultproject.io/docs/secrets/gcp/index.html#roleset-bindings).
+        """
+        roles: pulumi.Input[Sequence[pulumi.Input[str]]]
+        """
+        List of [GCP IAM roles](https://cloud.google.com/iam/docs/understanding-roles) for the resource.
+        """
+elif False:
+    SecretRolesetBindingArgsDict: TypeAlias = Mapping[str, Any]
+
 @pulumi.input_type
 class SecretRolesetBindingArgs:
     def __init__(__self__, *,
@@ -291,6 +389,19 @@ class SecretRolesetBindingArgs:
         pulumi.set(self, "roles", value)
 
 
+if not MYPY:
+    class SecretStaticAccountBindingArgsDict(TypedDict):
+        resource: pulumi.Input[str]
+        """
+        Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different [formats](https://www.vaultproject.io/docs/secrets/gcp/index.html#bindings).
+        """
+        roles: pulumi.Input[Sequence[pulumi.Input[str]]]
+        """
+        List of [GCP IAM roles](https://cloud.google.com/iam/docs/understanding-roles) for the resource.
+        """
+elif False:
+    SecretStaticAccountBindingArgsDict: TypeAlias = Mapping[str, Any]
+
 @pulumi.input_type
 class SecretStaticAccountBindingArgs:
     def __init__(__self__, *,

pulumi_vault/gcp/auth_backend.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 from . import outputs
 from ._inputs import *
@@ -629,7 +634,7 @@ class AuthBackend(pulumi.CustomResource):
                  client_email: Optional[pulumi.Input[str]] = None,
                  client_id: Optional[pulumi.Input[str]] = None,
                  credentials: Optional[pulumi.Input[str]] = None,
-                 custom_endpoint: Optional[pulumi.Input[pulumi.InputType['AuthBackendCustomEndpointArgs']]] = None,
+                 custom_endpoint: Optional[pulumi.Input[Union['AuthBackendCustomEndpointArgs', 'AuthBackendCustomEndpointArgsDict']]] = None,
                  description: Optional[pulumi.Input[str]] = None,
                  disable_remount: Optional[pulumi.Input[bool]] = None,
                  identity_token_audience: Optional[pulumi.Input[str]] = None,
@@ -641,7 +646,7 @@ class AuthBackend(pulumi.CustomResource):
                  private_key_id: Optional[pulumi.Input[str]] = None,
                  project_id: Optional[pulumi.Input[str]] = None,
                  service_account_email: Optional[pulumi.Input[str]] = None,
-                 tune: Optional[pulumi.Input[pulumi.InputType['AuthBackendTuneArgs']]] = None,
+                 tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
                  __props__=None):
         """
         Provides a resource to configure the [GCP auth backend within Vault](https://www.vaultproject.io/docs/auth/gcp.html).
@@ -673,7 +678,7 @@ class AuthBackend(pulumi.CustomResource):
         :param pulumi.Input[str] client_email: The clients email associated with the credentials
         :param pulumi.Input[str] client_id: The Client ID of the credentials
         :param pulumi.Input[str] credentials: A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
-        :param pulumi.Input[pulumi.InputType['AuthBackendCustomEndpointArgs']] custom_endpoint: Specifies overrides to
+        :param pulumi.Input[Union['AuthBackendCustomEndpointArgs', 'AuthBackendCustomEndpointArgsDict']] custom_endpoint: Specifies overrides to
                [service endpoints](https://cloud.google.com/apis/design/glossary#api_service_endpoint)
                used when making API requests. This allows specific requests made during authentication
                to target alternative service endpoints for use in [Private Google Access](https://cloud.google.com/vpc/docs/configure-private-google-access)
@@ -699,7 +704,7 @@ class AuthBackend(pulumi.CustomResource):
         :param pulumi.Input[str] project_id: The GCP Project ID
         :param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
                Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
-        :param pulumi.Input[pulumi.InputType['AuthBackendTuneArgs']] tune: Extra configuration block. Structure is documented below.
+        :param pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']] tune: Extra configuration block. Structure is documented below.
                
                The `tune` block is used to tune the auth backend:
         """
@@ -752,7 +757,7 @@ class AuthBackend(pulumi.CustomResource):
                  client_email: Optional[pulumi.Input[str]] = None,
                  client_id: Optional[pulumi.Input[str]] = None,
                  credentials: Optional[pulumi.Input[str]] = None,
-                 custom_endpoint: Optional[pulumi.Input[pulumi.InputType['AuthBackendCustomEndpointArgs']]] = None,
+                 custom_endpoint: Optional[pulumi.Input[Union['AuthBackendCustomEndpointArgs', 'AuthBackendCustomEndpointArgsDict']]] = None,
                  description: Optional[pulumi.Input[str]] = None,
                  disable_remount: Optional[pulumi.Input[bool]] = None,
                  identity_token_audience: Optional[pulumi.Input[str]] = None,
@@ -764,7 +769,7 @@ class AuthBackend(pulumi.CustomResource):
                  private_key_id: Optional[pulumi.Input[str]] = None,
                  project_id: Optional[pulumi.Input[str]] = None,
                  service_account_email: Optional[pulumi.Input[str]] = None,
-                 tune: Optional[pulumi.Input[pulumi.InputType['AuthBackendTuneArgs']]] = None,
+                 tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -807,7 +812,7 @@ class AuthBackend(pulumi.CustomResource):
             client_email: Optional[pulumi.Input[str]] = None,
             client_id: Optional[pulumi.Input[str]] = None,
             credentials: Optional[pulumi.Input[str]] = None,
-            custom_endpoint: Optional[pulumi.Input[pulumi.InputType['AuthBackendCustomEndpointArgs']]] = None,
+            custom_endpoint: Optional[pulumi.Input[Union['AuthBackendCustomEndpointArgs', 'AuthBackendCustomEndpointArgsDict']]] = None,
             description: Optional[pulumi.Input[str]] = None,
             disable_remount: Optional[pulumi.Input[bool]] = None,
             identity_token_audience: Optional[pulumi.Input[str]] = None,
@@ -819,7 +824,7 @@ class AuthBackend(pulumi.CustomResource):
             private_key_id: Optional[pulumi.Input[str]] = None,
             project_id: Optional[pulumi.Input[str]] = None,
             service_account_email: Optional[pulumi.Input[str]] = None,
-            tune: Optional[pulumi.Input[pulumi.InputType['AuthBackendTuneArgs']]] = None) -> 'AuthBackend':
+            tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None) -> 'AuthBackend':
         """
         Get an existing AuthBackend resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -831,7 +836,7 @@ class AuthBackend(pulumi.CustomResource):
         :param pulumi.Input[str] client_email: The clients email associated with the credentials
         :param pulumi.Input[str] client_id: The Client ID of the credentials
         :param pulumi.Input[str] credentials: A JSON string containing the contents of a GCP credentials file. If this value is empty, Vault will try to use Application Default Credentials from the machine on which the Vault server is running.
-        :param pulumi.Input[pulumi.InputType['AuthBackendCustomEndpointArgs']] custom_endpoint: Specifies overrides to
+        :param pulumi.Input[Union['AuthBackendCustomEndpointArgs', 'AuthBackendCustomEndpointArgsDict']] custom_endpoint: Specifies overrides to
                [service endpoints](https://cloud.google.com/apis/design/glossary#api_service_endpoint)
                used when making API requests. This allows specific requests made during authentication
                to target alternative service endpoints for use in [Private Google Access](https://cloud.google.com/vpc/docs/configure-private-google-access)
@@ -857,7 +862,7 @@ class AuthBackend(pulumi.CustomResource):
         :param pulumi.Input[str] project_id: The GCP Project ID
         :param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
                Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
-        :param pulumi.Input[pulumi.InputType['AuthBackendTuneArgs']] tune: Extra configuration block. Structure is documented below.
+        :param pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']] tune: Extra configuration block. Structure is documented below.
                
                The `tune` block is used to tune the auth backend:
         """

pulumi_vault/gcp/auth_backend_role.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']

pulumi_vault/gcp/get_auth_backend_role.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [
@@ -393,9 +398,6 @@ def get_auth_backend_role(backend: Optional[str] = None,
         token_ttl=pulumi.get(__ret__, 'token_ttl'),
         token_type=pulumi.get(__ret__, 'token_type'),
         type=pulumi.get(__ret__, 'type'))
-
-
-@_utilities.lift_output_func(get_auth_backend_role)
 def get_auth_backend_role_output(backend: Optional[pulumi.Input[Optional[str]]] = None,
                                  namespace: Optional[pulumi.Input[Optional[str]]] = None,
                                  role_name: Optional[pulumi.Input[str]] = None,
@@ -458,4 +460,40 @@ def get_auth_backend_role_output(backend: Optional[pulumi.Input[Optional[str]]]
            `default-service` and `default-batch` which specify the type to return unless the client
            requests a different type at generation time.
     """
-    ...
+    __args__ = dict()
+    __args__['backend'] = backend
+    __args__['namespace'] = namespace
+    __args__['roleName'] = role_name
+    __args__['tokenBoundCidrs'] = token_bound_cidrs
+    __args__['tokenExplicitMaxTtl'] = token_explicit_max_ttl
+    __args__['tokenMaxTtl'] = token_max_ttl
+    __args__['tokenNoDefaultPolicy'] = token_no_default_policy
+    __args__['tokenNumUses'] = token_num_uses
+    __args__['tokenPeriod'] = token_period
+    __args__['tokenPolicies'] = token_policies
+    __args__['tokenTtl'] = token_ttl
+    __args__['tokenType'] = token_type
+    opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke_output('vault:gcp/getAuthBackendRole:getAuthBackendRole', __args__, opts=opts, typ=GetAuthBackendRoleResult)
+    return __ret__.apply(lambda __response__: GetAuthBackendRoleResult(
+        backend=pulumi.get(__response__, 'backend'),
+        bound_instance_groups=pulumi.get(__response__, 'bound_instance_groups'),
+        bound_labels=pulumi.get(__response__, 'bound_labels'),
+        bound_projects=pulumi.get(__response__, 'bound_projects'),
+        bound_regions=pulumi.get(__response__, 'bound_regions'),
+        bound_service_accounts=pulumi.get(__response__, 'bound_service_accounts'),
+        bound_zones=pulumi.get(__response__, 'bound_zones'),
+        id=pulumi.get(__response__, 'id'),
+        namespace=pulumi.get(__response__, 'namespace'),
+        role_id=pulumi.get(__response__, 'role_id'),
+        role_name=pulumi.get(__response__, 'role_name'),
+        token_bound_cidrs=pulumi.get(__response__, 'token_bound_cidrs'),
+        token_explicit_max_ttl=pulumi.get(__response__, 'token_explicit_max_ttl'),
+        token_max_ttl=pulumi.get(__response__, 'token_max_ttl'),
+        token_no_default_policy=pulumi.get(__response__, 'token_no_default_policy'),
+        token_num_uses=pulumi.get(__response__, 'token_num_uses'),
+        token_period=pulumi.get(__response__, 'token_period'),
+        token_policies=pulumi.get(__response__, 'token_policies'),
+        token_ttl=pulumi.get(__response__, 'token_ttl'),
+        token_type=pulumi.get(__response__, 'token_type'),
+        type=pulumi.get(__response__, 'type')))

pulumi_vault/gcp/outputs.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [

pulumi_vault/gcp/secret_backend.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['SecretBackendArgs', 'SecretBackend']

pulumi_vault/gcp/secret_impersonated_account.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['SecretImpersonatedAccountArgs', 'SecretImpersonatedAccount']

pulumi_vault/gcp/secret_roleset.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 from . import outputs
 from ._inputs import *
@@ -283,7 +288,7 @@ class SecretRoleset(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  backend: Optional[pulumi.Input[str]] = None,
-                 bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretRolesetBindingArgs']]]]] = None,
+                 bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  project: Optional[pulumi.Input[str]] = None,
                  roleset: Optional[pulumi.Input[str]] = None,
@@ -312,10 +317,10 @@ class SecretRoleset(pulumi.CustomResource):
             secret_type="access_token",
             project=project,
             token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
-            bindings=[vault.gcp.SecretRolesetBindingArgs(
-                resource=f"//cloudresourcemanager.googleapis.com/projects/{project}",
-                roles=["roles/viewer"],
-            )])
+            bindings=[{
+                "resource": f"//cloudresourcemanager.googleapis.com/projects/{project}",
+                "roles": ["roles/viewer"],
+            }])
         ```
 
         ## Import
@@ -329,7 +334,7 @@ class SecretRoleset(pulumi.CustomResource):
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretRolesetBindingArgs']]]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -367,10 +372,10 @@ class SecretRoleset(pulumi.CustomResource):
             secret_type="access_token",
             project=project,
             token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
-            bindings=[vault.gcp.SecretRolesetBindingArgs(
-                resource=f"//cloudresourcemanager.googleapis.com/projects/{project}",
-                roles=["roles/viewer"],
-            )])
+            bindings=[{
+                "resource": f"//cloudresourcemanager.googleapis.com/projects/{project}",
+                "roles": ["roles/viewer"],
+            }])
         ```
 
         ## Import
@@ -397,7 +402,7 @@ class SecretRoleset(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  backend: Optional[pulumi.Input[str]] = None,
-                 bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretRolesetBindingArgs']]]]] = None,
+                 bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  project: Optional[pulumi.Input[str]] = None,
                  roleset: Optional[pulumi.Input[str]] = None,
@@ -439,7 +444,7 @@ class SecretRoleset(pulumi.CustomResource):
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
             backend: Optional[pulumi.Input[str]] = None,
-            bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretRolesetBindingArgs']]]]] = None,
+            bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]]] = None,
             namespace: Optional[pulumi.Input[str]] = None,
             project: Optional[pulumi.Input[str]] = None,
             roleset: Optional[pulumi.Input[str]] = None,
@@ -454,7 +459,7 @@ class SecretRoleset(pulumi.CustomResource):
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretRolesetBindingArgs']]]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretRolesetBindingArgs', 'SecretRolesetBindingArgsDict']]]] bindings: Bindings to create for this roleset. This can be specified multiple times for multiple bindings. Structure is documented below.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).

pulumi_vault/gcp/secret_static_account.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 from . import outputs
 from ._inputs import *
@@ -284,7 +289,7 @@ class SecretStaticAccount(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  backend: Optional[pulumi.Input[str]] = None,
-                 bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretStaticAccountBindingArgs']]]]] = None,
+                 bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  secret_type: Optional[pulumi.Input[str]] = None,
                  service_account_email: Optional[pulumi.Input[str]] = None,
@@ -315,10 +320,10 @@ class SecretStaticAccount(pulumi.CustomResource):
             secret_type="access_token",
             token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
             service_account_email=this["email"],
-            bindings=[vault.gcp.SecretStaticAccountBindingArgs(
-                resource=f"//cloudresourcemanager.googleapis.com/projects/{this['project']}",
-                roles=["roles/viewer"],
-            )])
+            bindings=[{
+                "resource": f"//cloudresourcemanager.googleapis.com/projects/{this['project']}",
+                "roles": ["roles/viewer"],
+            }])
         ```
 
         ## Import
@@ -332,7 +337,7 @@ class SecretStaticAccount(pulumi.CustomResource):
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretStaticAccountBindingArgs']]]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -372,10 +377,10 @@ class SecretStaticAccount(pulumi.CustomResource):
             secret_type="access_token",
             token_scopes=["https://www.googleapis.com/auth/cloud-platform"],
             service_account_email=this["email"],
-            bindings=[vault.gcp.SecretStaticAccountBindingArgs(
-                resource=f"//cloudresourcemanager.googleapis.com/projects/{this['project']}",
-                roles=["roles/viewer"],
-            )])
+            bindings=[{
+                "resource": f"//cloudresourcemanager.googleapis.com/projects/{this['project']}",
+                "roles": ["roles/viewer"],
+            }])
         ```
 
         ## Import
@@ -402,7 +407,7 @@ class SecretStaticAccount(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  backend: Optional[pulumi.Input[str]] = None,
-                 bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretStaticAccountBindingArgs']]]]] = None,
+                 bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  secret_type: Optional[pulumi.Input[str]] = None,
                  service_account_email: Optional[pulumi.Input[str]] = None,
@@ -442,7 +447,7 @@ class SecretStaticAccount(pulumi.CustomResource):
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
             backend: Optional[pulumi.Input[str]] = None,
-            bindings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretStaticAccountBindingArgs']]]]] = None,
+            bindings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]]] = None,
             namespace: Optional[pulumi.Input[str]] = None,
             secret_type: Optional[pulumi.Input[str]] = None,
             service_account_email: Optional[pulumi.Input[str]] = None,
@@ -457,7 +462,7 @@ class SecretStaticAccount(pulumi.CustomResource):
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] backend: Path where the GCP Secrets Engine is mounted
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretStaticAccountBindingArgs']]]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretStaticAccountBindingArgs', 'SecretStaticAccountBindingArgsDict']]]] bindings: Bindings to create for this static account. This can be specified multiple times for multiple bindings. Structure is documented below.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).

pulumi_vault/generic/endpoint.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['EndpointArgs', 'Endpoint']

pulumi_vault/generic/get_secret.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [
@@ -58,7 +63,7 @@ class GetSecretResult:
 
     @property
     @pulumi.getter
-    def data(self) -> Mapping[str, Any]:
+    def data(self) -> Mapping[str, str]:
         """
         A mapping whose keys are the top-level data keys returned from
         Vault and whose values are the corresponding values. This map can only
@@ -226,9 +231,6 @@ def get_secret(namespace: Optional[str] = None,
         path=pulumi.get(__ret__, 'path'),
         version=pulumi.get(__ret__, 'version'),
         with_lease_start_time=pulumi.get(__ret__, 'with_lease_start_time'))
-
-
-@_utilities.lift_output_func(get_secret)
 def get_secret_output(namespace: Optional[pulumi.Input[Optional[str]]] = None,
                       path: Optional[pulumi.Input[str]] = None,
                       version: Optional[pulumi.Input[Optional[int]]] = None,
@@ -283,4 +285,22 @@ def get_secret_output(namespace: Optional[pulumi.Input[Optional[str]]] = None,
            Note that storing the `lease_start_time` in the TF state will cause a persistent drift
            on every `pulumi preview` and will require a `pulumi up`.
     """
-    ...
+    __args__ = dict()
+    __args__['namespace'] = namespace
+    __args__['path'] = path
+    __args__['version'] = version
+    __args__['withLeaseStartTime'] = with_lease_start_time
+    opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke_output('vault:generic/getSecret:getSecret', __args__, opts=opts, typ=GetSecretResult)
+    return __ret__.apply(lambda __response__: GetSecretResult(
+        data=pulumi.get(__response__, 'data'),
+        data_json=pulumi.get(__response__, 'data_json'),
+        id=pulumi.get(__response__, 'id'),
+        lease_duration=pulumi.get(__response__, 'lease_duration'),
+        lease_id=pulumi.get(__response__, 'lease_id'),
+        lease_renewable=pulumi.get(__response__, 'lease_renewable'),
+        lease_start_time=pulumi.get(__response__, 'lease_start_time'),
+        namespace=pulumi.get(__response__, 'namespace'),
+        path=pulumi.get(__response__, 'path'),
+        version=pulumi.get(__response__, 'version'),
+        with_lease_start_time=pulumi.get(__response__, 'with_lease_start_time')))