PyPI - pulumi-vault - Versions diffs - 6.3.2__py3-none-any.whl → 6.4.0__py3-none-any.whl - Mend

pulumi-vault 6.3.2py3-none-any.whl → 6.4.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

pulumi_vault/approle/auth_backend_role_secret_id.py +94 -0
pulumi_vault/database/_inputs.py +200 -0
pulumi_vault/database/outputs.py +140 -0
pulumi_vault/database/secret_backend_static_role.py +64 -1
pulumi_vault/gcp/secret_impersonated_account.py +57 -3
pulumi_vault/kubernetes/auth_backend_config.py +50 -3
pulumi_vault/kubernetes/get_auth_backend_config.py +34 -4
pulumi_vault/kv/get_secret_v2.py +0 -2
pulumi_vault/ldap/auth_backend.py +47 -0
pulumi_vault/pulumi-plugin.json +1 -1
pulumi_vault/ssh/secret_backend_role.py +34 -0
{pulumi_vault-6.3.2.dist-info → pulumi_vault-6.4.0.dist-info}/METADATA +1 -1
{pulumi_vault-6.3.2.dist-info → pulumi_vault-6.4.0.dist-info}/RECORD +15 -15
{pulumi_vault-6.3.2.dist-info → pulumi_vault-6.4.0.dist-info}/WHEEL +1 -1
{pulumi_vault-6.3.2.dist-info → pulumi_vault-6.4.0.dist-info}/top_level.txt +0 -0

pulumi_vault/approle/auth_backend_role_secret_id.py CHANGED Viewed

@@ -24,7 +24,9 @@ class AuthBackendRoleSecretIdArgs:
                  cidr_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  metadata: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
+                 num_uses: Optional[pulumi.Input[int]] = None,
                  secret_id: Optional[pulumi.Input[str]] = None,
+                 ttl: Optional[pulumi.Input[int]] = None,
                  with_wrapped_accessor: Optional[pulumi.Input[bool]] = None,
                  wrapping_ttl: Optional[pulumi.Input[str]] = None):
         """
@@ -39,8 +41,10 @@ class AuthBackendRoleSecretIdArgs:
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
+        :param pulumi.Input[int] num_uses: The number of uses for the secret-id.
         :param pulumi.Input[str] secret_id: The SecretID to be created. If set, uses "Push"
                mode.  Defaults to Vault auto-generating SecretIDs.
+        :param pulumi.Input[int] ttl: The TTL duration of the SecretID.
         :param pulumi.Input[bool] with_wrapped_accessor: Set to `true` to use the wrapped secret-id accessor as the resource ID.
                If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or
                invalidated through unwrapping.
@@ -58,8 +62,12 @@ class AuthBackendRoleSecretIdArgs:
             pulumi.set(__self__, "metadata", metadata)
         if namespace is not None:
             pulumi.set(__self__, "namespace", namespace)
+        if num_uses is not None:
+            pulumi.set(__self__, "num_uses", num_uses)
         if secret_id is not None:
             pulumi.set(__self__, "secret_id", secret_id)
+        if ttl is not None:
+            pulumi.set(__self__, "ttl", ttl)
         if with_wrapped_accessor is not None:
             pulumi.set(__self__, "with_wrapped_accessor", with_wrapped_accessor)
         if wrapping_ttl is not None:
@@ -130,6 +138,18 @@ class AuthBackendRoleSecretIdArgs:
     def namespace(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "namespace", value)
+    @property
+    @pulumi.getter(name="numUses")
+    def num_uses(self) -> Optional[pulumi.Input[int]]:
+        """
+        The number of uses for the secret-id.
+        """
+        return pulumi.get(self, "num_uses")
+    @num_uses.setter
+    def num_uses(self, value: Optional[pulumi.Input[int]]):
+        pulumi.set(self, "num_uses", value)
     @property
     @pulumi.getter(name="secretId")
     def secret_id(self) -> Optional[pulumi.Input[str]]:
@@ -143,6 +163,18 @@ class AuthBackendRoleSecretIdArgs:
     def secret_id(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "secret_id", value)
+    @property
+    @pulumi.getter
+    def ttl(self) -> Optional[pulumi.Input[int]]:
+        """
+        The TTL duration of the SecretID.
+        """
+        return pulumi.get(self, "ttl")
+    @ttl.setter
+    def ttl(self, value: Optional[pulumi.Input[int]]):
+        pulumi.set(self, "ttl", value)
     @property
     @pulumi.getter(name="withWrappedAccessor")
     def with_wrapped_accessor(self) -> Optional[pulumi.Input[bool]]:
@@ -181,8 +213,10 @@ class _AuthBackendRoleSecretIdState:
                  cidr_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  metadata: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
+                 num_uses: Optional[pulumi.Input[int]] = None,
                  role_name: Optional[pulumi.Input[str]] = None,
                  secret_id: Optional[pulumi.Input[str]] = None,
+                 ttl: Optional[pulumi.Input[int]] = None,
                  with_wrapped_accessor: Optional[pulumi.Input[bool]] = None,
                  wrapping_accessor: Optional[pulumi.Input[str]] = None,
                  wrapping_token: Optional[pulumi.Input[str]] = None,
@@ -199,9 +233,11 @@ class _AuthBackendRoleSecretIdState:
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
+        :param pulumi.Input[int] num_uses: The number of uses for the secret-id.
         :param pulumi.Input[str] role_name: The name of the role to create the SecretID for.
         :param pulumi.Input[str] secret_id: The SecretID to be created. If set, uses "Push"
                mode.  Defaults to Vault auto-generating SecretIDs.
+        :param pulumi.Input[int] ttl: The TTL duration of the SecretID.
         :param pulumi.Input[bool] with_wrapped_accessor: Set to `true` to use the wrapped secret-id accessor as the resource ID.
                If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or
                invalidated through unwrapping.
@@ -223,10 +259,14 @@ class _AuthBackendRoleSecretIdState:
             pulumi.set(__self__, "metadata", metadata)
         if namespace is not None:
             pulumi.set(__self__, "namespace", namespace)
+        if num_uses is not None:
+            pulumi.set(__self__, "num_uses", num_uses)
         if role_name is not None:
             pulumi.set(__self__, "role_name", role_name)
         if secret_id is not None:
             pulumi.set(__self__, "secret_id", secret_id)
+        if ttl is not None:
+            pulumi.set(__self__, "ttl", ttl)
         if with_wrapped_accessor is not None:
             pulumi.set(__self__, "with_wrapped_accessor", with_wrapped_accessor)
         if wrapping_accessor is not None:
@@ -301,6 +341,18 @@ class _AuthBackendRoleSecretIdState:
     def namespace(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "namespace", value)
+    @property
+    @pulumi.getter(name="numUses")
+    def num_uses(self) -> Optional[pulumi.Input[int]]:
+        """
+        The number of uses for the secret-id.
+        """
+        return pulumi.get(self, "num_uses")
+    @num_uses.setter
+    def num_uses(self, value: Optional[pulumi.Input[int]]):
+        pulumi.set(self, "num_uses", value)
     @property
     @pulumi.getter(name="roleName")
     def role_name(self) -> Optional[pulumi.Input[str]]:
@@ -326,6 +378,18 @@ class _AuthBackendRoleSecretIdState:
     def secret_id(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "secret_id", value)
+    @property
+    @pulumi.getter
+    def ttl(self) -> Optional[pulumi.Input[int]]:
+        """
+        The TTL duration of the SecretID.
+        """
+        return pulumi.get(self, "ttl")
+    @ttl.setter
+    def ttl(self, value: Optional[pulumi.Input[int]]):
+        pulumi.set(self, "ttl", value)
     @property
     @pulumi.getter(name="withWrappedAccessor")
     def with_wrapped_accessor(self) -> Optional[pulumi.Input[bool]]:
@@ -390,8 +454,10 @@ class AuthBackendRoleSecretId(pulumi.CustomResource):
                  cidr_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  metadata: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
+                 num_uses: Optional[pulumi.Input[int]] = None,
                  role_name: Optional[pulumi.Input[str]] = None,
                  secret_id: Optional[pulumi.Input[str]] = None,
+                 ttl: Optional[pulumi.Input[int]] = None,
                  with_wrapped_accessor: Optional[pulumi.Input[bool]] = None,
                  wrapping_ttl: Optional[pulumi.Input[str]] = None,
                  __props__=None):
@@ -435,9 +501,11 @@ class AuthBackendRoleSecretId(pulumi.CustomResource):
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
+        :param pulumi.Input[int] num_uses: The number of uses for the secret-id.
         :param pulumi.Input[str] role_name: The name of the role to create the SecretID for.
         :param pulumi.Input[str] secret_id: The SecretID to be created. If set, uses "Push"
                mode.  Defaults to Vault auto-generating SecretIDs.
+        :param pulumi.Input[int] ttl: The TTL duration of the SecretID.
         :param pulumi.Input[bool] with_wrapped_accessor: Set to `true` to use the wrapped secret-id accessor as the resource ID.
                If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or
                invalidated through unwrapping.
@@ -500,8 +568,10 @@ class AuthBackendRoleSecretId(pulumi.CustomResource):
                  cidr_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  metadata: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
+                 num_uses: Optional[pulumi.Input[int]] = None,
                  role_name: Optional[pulumi.Input[str]] = None,
                  secret_id: Optional[pulumi.Input[str]] = None,
+                 ttl: Optional[pulumi.Input[int]] = None,
                  with_wrapped_accessor: Optional[pulumi.Input[bool]] = None,
                  wrapping_ttl: Optional[pulumi.Input[str]] = None,
                  __props__=None):
@@ -517,10 +587,12 @@ class AuthBackendRoleSecretId(pulumi.CustomResource):
             __props__.__dict__["cidr_lists"] = cidr_lists
             __props__.__dict__["metadata"] = metadata
             __props__.__dict__["namespace"] = namespace
+            __props__.__dict__["num_uses"] = num_uses
             if role_name is None and not opts.urn:
                 raise TypeError("Missing required property 'role_name'")
             __props__.__dict__["role_name"] = role_name
             __props__.__dict__["secret_id"] = None if secret_id is None else pulumi.Output.secret(secret_id)
+            __props__.__dict__["ttl"] = ttl
             __props__.__dict__["with_wrapped_accessor"] = with_wrapped_accessor
             __props__.__dict__["wrapping_ttl"] = wrapping_ttl
             __props__.__dict__["accessor"] = None
@@ -545,8 +617,10 @@ class AuthBackendRoleSecretId(pulumi.CustomResource):
             cidr_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             metadata: Optional[pulumi.Input[str]] = None,
             namespace: Optional[pulumi.Input[str]] = None,
+            num_uses: Optional[pulumi.Input[int]] = None,
             role_name: Optional[pulumi.Input[str]] = None,
             secret_id: Optional[pulumi.Input[str]] = None,
+            ttl: Optional[pulumi.Input[int]] = None,
             with_wrapped_accessor: Optional[pulumi.Input[bool]] = None,
             wrapping_accessor: Optional[pulumi.Input[str]] = None,
             wrapping_token: Optional[pulumi.Input[str]] = None,
@@ -568,9 +642,11 @@ class AuthBackendRoleSecretId(pulumi.CustomResource):
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
+        :param pulumi.Input[int] num_uses: The number of uses for the secret-id.
         :param pulumi.Input[str] role_name: The name of the role to create the SecretID for.
         :param pulumi.Input[str] secret_id: The SecretID to be created. If set, uses "Push"
                mode.  Defaults to Vault auto-generating SecretIDs.
+        :param pulumi.Input[int] ttl: The TTL duration of the SecretID.
         :param pulumi.Input[bool] with_wrapped_accessor: Set to `true` to use the wrapped secret-id accessor as the resource ID.
                If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or
                invalidated through unwrapping.
@@ -591,8 +667,10 @@ class AuthBackendRoleSecretId(pulumi.CustomResource):
         __props__.__dict__["cidr_lists"] = cidr_lists
         __props__.__dict__["metadata"] = metadata
         __props__.__dict__["namespace"] = namespace
+        __props__.__dict__["num_uses"] = num_uses
         __props__.__dict__["role_name"] = role_name
         __props__.__dict__["secret_id"] = secret_id
+        __props__.__dict__["ttl"] = ttl
         __props__.__dict__["with_wrapped_accessor"] = with_wrapped_accessor
         __props__.__dict__["wrapping_accessor"] = wrapping_accessor
         __props__.__dict__["wrapping_token"] = wrapping_token
@@ -644,6 +722,14 @@ class AuthBackendRoleSecretId(pulumi.CustomResource):
         """
         return pulumi.get(self, "namespace")
+    @property
+    @pulumi.getter(name="numUses")
+    def num_uses(self) -> pulumi.Output[Optional[int]]:
+        """
+        The number of uses for the secret-id.
+        """
+        return pulumi.get(self, "num_uses")
     @property
     @pulumi.getter(name="roleName")
     def role_name(self) -> pulumi.Output[str]:
@@ -661,6 +747,14 @@ class AuthBackendRoleSecretId(pulumi.CustomResource):
         """
         return pulumi.get(self, "secret_id")
+    @property
+    @pulumi.getter
+    def ttl(self) -> pulumi.Output[Optional[int]]:
+        """
+        The TTL duration of the SecretID.
+        """
+        return pulumi.get(self, "ttl")
     @property
     @pulumi.getter(name="withWrappedAccessor")
     def with_wrapped_accessor(self) -> pulumi.Output[Optional[bool]]:

pulumi_vault/database/_inputs.py CHANGED Viewed

@@ -125,6 +125,10 @@ if not MYPY:
         """
         The CQL protocol version to use.
         """
+        skip_verification: NotRequired[pulumi.Input[bool]]
+        """
+        Skip permissions checks when a connection to Cassandra is first created. These checks ensure that Vault is able to create roles, but can be resource intensive in clusters with many roles.
+        """
         tls: NotRequired[pulumi.Input[bool]]
         """
         Whether to use TLS when connecting to Cassandra.
@@ -147,6 +151,7 @@ class SecretBackendConnectionCassandraArgs:
                  pem_json: Optional[pulumi.Input[str]] = None,
                  port: Optional[pulumi.Input[int]] = None,
                  protocol_version: Optional[pulumi.Input[int]] = None,
+                 skip_verification: Optional[pulumi.Input[bool]] = None,
                  tls: Optional[pulumi.Input[bool]] = None,
                  username: Optional[pulumi.Input[str]] = None):
         """
@@ -158,6 +163,7 @@ class SecretBackendConnectionCassandraArgs:
         :param pulumi.Input[str] pem_json: Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.
         :param pulumi.Input[int] port: The transport port to use to connect to Cassandra.
         :param pulumi.Input[int] protocol_version: The CQL protocol version to use.
+        :param pulumi.Input[bool] skip_verification: Skip permissions checks when a connection to Cassandra is first created. These checks ensure that Vault is able to create roles, but can be resource intensive in clusters with many roles.
         :param pulumi.Input[bool] tls: Whether to use TLS when connecting to Cassandra.
         :param pulumi.Input[str] username: The username to use when authenticating with Cassandra.
         """
@@ -177,6 +183,8 @@ class SecretBackendConnectionCassandraArgs:
             pulumi.set(__self__, "port", port)
         if protocol_version is not None:
             pulumi.set(__self__, "protocol_version", protocol_version)
+        if skip_verification is not None:
+            pulumi.set(__self__, "skip_verification", skip_verification)
         if tls is not None:
             pulumi.set(__self__, "tls", tls)
         if username is not None:
@@ -278,6 +286,18 @@ class SecretBackendConnectionCassandraArgs:
     def protocol_version(self, value: Optional[pulumi.Input[int]]):
         pulumi.set(self, "protocol_version", value)
+    @property
+    @pulumi.getter(name="skipVerification")
+    def skip_verification(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Skip permissions checks when a connection to Cassandra is first created. These checks ensure that Vault is able to create roles, but can be resource intensive in clusters with many roles.
+        """
+        return pulumi.get(self, "skip_verification")
+    @skip_verification.setter
+    def skip_verification(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "skip_verification", value)
     @property
     @pulumi.getter
     def tls(self) -> Optional[pulumi.Input[bool]]:
@@ -2605,10 +2625,26 @@ if not MYPY:
         """
         The root credential password used in the connection URL
         """
+        private_key: NotRequired[pulumi.Input[str]]
+        """
+        The secret key used for the x509 client certificate. Must be PEM encoded.
+        """
+        self_managed: NotRequired[pulumi.Input[bool]]
+        """
+        If set, allows onboarding static roles with a rootless connection configuration.
+        """
         service_account_json: NotRequired[pulumi.Input[str]]
         """
         A JSON encoded credential for use with IAM authorization
         """
+        tls_ca: NotRequired[pulumi.Input[str]]
+        """
+        The x509 CA file for validating the certificate presented by the PostgreSQL server. Must be PEM encoded.
+        """
+        tls_certificate: NotRequired[pulumi.Input[str]]
+        """
+        The x509 client certificate for connecting to the database. Must be PEM encoded.
+        """
         username: NotRequired[pulumi.Input[str]]
         """
         The root credential username used in the connection URL
@@ -2630,7 +2666,11 @@ class SecretBackendConnectionPostgresqlArgs:
                  max_idle_connections: Optional[pulumi.Input[int]] = None,
                  max_open_connections: Optional[pulumi.Input[int]] = None,
                  password: Optional[pulumi.Input[str]] = None,
+                 private_key: Optional[pulumi.Input[str]] = None,
+                 self_managed: Optional[pulumi.Input[bool]] = None,
                  service_account_json: Optional[pulumi.Input[str]] = None,
+                 tls_ca: Optional[pulumi.Input[str]] = None,
+                 tls_certificate: Optional[pulumi.Input[str]] = None,
                  username: Optional[pulumi.Input[str]] = None,
                  username_template: Optional[pulumi.Input[str]] = None):
         """
@@ -2641,7 +2681,11 @@ class SecretBackendConnectionPostgresqlArgs:
         :param pulumi.Input[int] max_idle_connections: Maximum number of idle connections to the database.
         :param pulumi.Input[int] max_open_connections: Maximum number of open connections to the database.
         :param pulumi.Input[str] password: The root credential password used in the connection URL
+        :param pulumi.Input[str] private_key: The secret key used for the x509 client certificate. Must be PEM encoded.
+        :param pulumi.Input[bool] self_managed: If set, allows onboarding static roles with a rootless connection configuration.
         :param pulumi.Input[str] service_account_json: A JSON encoded credential for use with IAM authorization
+        :param pulumi.Input[str] tls_ca: The x509 CA file for validating the certificate presented by the PostgreSQL server. Must be PEM encoded.
+        :param pulumi.Input[str] tls_certificate: The x509 client certificate for connecting to the database. Must be PEM encoded.
         :param pulumi.Input[str] username: The root credential username used in the connection URL
         :param pulumi.Input[str] username_template: Username generation template.
         """
@@ -2659,8 +2703,16 @@ class SecretBackendConnectionPostgresqlArgs:
             pulumi.set(__self__, "max_open_connections", max_open_connections)
         if password is not None:
             pulumi.set(__self__, "password", password)
+        if private_key is not None:
+            pulumi.set(__self__, "private_key", private_key)
+        if self_managed is not None:
+            pulumi.set(__self__, "self_managed", self_managed)
         if service_account_json is not None:
             pulumi.set(__self__, "service_account_json", service_account_json)
+        if tls_ca is not None:
+            pulumi.set(__self__, "tls_ca", tls_ca)
+        if tls_certificate is not None:
+            pulumi.set(__self__, "tls_certificate", tls_certificate)
         if username is not None:
             pulumi.set(__self__, "username", username)
         if username_template is not None:
@@ -2750,6 +2802,30 @@ class SecretBackendConnectionPostgresqlArgs:
     def password(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "password", value)
+    @property
+    @pulumi.getter(name="privateKey")
+    def private_key(self) -> Optional[pulumi.Input[str]]:
+        """
+        The secret key used for the x509 client certificate. Must be PEM encoded.
+        """
+        return pulumi.get(self, "private_key")
+    @private_key.setter
+    def private_key(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "private_key", value)
+    @property
+    @pulumi.getter(name="selfManaged")
+    def self_managed(self) -> Optional[pulumi.Input[bool]]:
+        """
+        If set, allows onboarding static roles with a rootless connection configuration.
+        """
+        return pulumi.get(self, "self_managed")
+    @self_managed.setter
+    def self_managed(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "self_managed", value)
     @property
     @pulumi.getter(name="serviceAccountJson")
     def service_account_json(self) -> Optional[pulumi.Input[str]]:
@@ -2762,6 +2838,30 @@ class SecretBackendConnectionPostgresqlArgs:
     def service_account_json(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "service_account_json", value)
+    @property
+    @pulumi.getter(name="tlsCa")
+    def tls_ca(self) -> Optional[pulumi.Input[str]]:
+        """
+        The x509 CA file for validating the certificate presented by the PostgreSQL server. Must be PEM encoded.
+        """
+        return pulumi.get(self, "tls_ca")
+    @tls_ca.setter
+    def tls_ca(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "tls_ca", value)
+    @property
+    @pulumi.getter(name="tlsCertificate")
+    def tls_certificate(self) -> Optional[pulumi.Input[str]]:
+        """
+        The x509 client certificate for connecting to the database. Must be PEM encoded.
+        """
+        return pulumi.get(self, "tls_certificate")
+    @tls_certificate.setter
+    def tls_certificate(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "tls_certificate", value)
     @property
     @pulumi.getter
     def username(self) -> Optional[pulumi.Input[str]]:
@@ -3408,6 +3508,10 @@ if not MYPY:
         """
         A list of database statements to be executed to rotate the root user's credentials.
         """
+        skip_verification: NotRequired[pulumi.Input[bool]]
+        """
+        Skip permissions checks when a connection to Cassandra is first created. These checks ensure that Vault is able to create roles, but can be resource intensive in clusters with many roles.
+        """
         tls: NotRequired[pulumi.Input[bool]]
         """
         Whether to use TLS when connecting to Cassandra.
@@ -3440,6 +3544,7 @@ class SecretsMountCassandraArgs:
                  port: Optional[pulumi.Input[int]] = None,
                  protocol_version: Optional[pulumi.Input[int]] = None,
                  root_rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 skip_verification: Optional[pulumi.Input[bool]] = None,
                  tls: Optional[pulumi.Input[bool]] = None,
                  username: Optional[pulumi.Input[str]] = None,
                  verify_connection: Optional[pulumi.Input[bool]] = None):
@@ -3460,6 +3565,7 @@ class SecretsMountCassandraArgs:
         :param pulumi.Input[int] port: The transport port to use to connect to Cassandra.
         :param pulumi.Input[int] protocol_version: The CQL protocol version to use.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
+        :param pulumi.Input[bool] skip_verification: Skip permissions checks when a connection to Cassandra is first created. These checks ensure that Vault is able to create roles, but can be resource intensive in clusters with many roles.
         :param pulumi.Input[bool] tls: Whether to use TLS when connecting to Cassandra.
         :param pulumi.Input[str] username: The username to use when authenticating with Cassandra.
         :param pulumi.Input[bool] verify_connection: Whether the connection should be verified on
@@ -3490,6 +3596,8 @@ class SecretsMountCassandraArgs:
             pulumi.set(__self__, "protocol_version", protocol_version)
         if root_rotation_statements is not None:
             pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
+        if skip_verification is not None:
+            pulumi.set(__self__, "skip_verification", skip_verification)
         if tls is not None:
             pulumi.set(__self__, "tls", tls)
         if username is not None:
@@ -3656,6 +3764,18 @@ class SecretsMountCassandraArgs:
     def root_rotation_statements(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
         pulumi.set(self, "root_rotation_statements", value)
+    @property
+    @pulumi.getter(name="skipVerification")
+    def skip_verification(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Skip permissions checks when a connection to Cassandra is first created. These checks ensure that Vault is able to create roles, but can be resource intensive in clusters with many roles.
+        """
+        return pulumi.get(self, "skip_verification")
+    @skip_verification.setter
+    def skip_verification(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "skip_verification", value)
     @property
     @pulumi.getter
     def tls(self) -> Optional[pulumi.Input[bool]]:
@@ -7587,14 +7707,30 @@ if not MYPY:
         """
         Specifies the name of the plugin to use.
         """
+        private_key: NotRequired[pulumi.Input[str]]
+        """
+        The secret key used for the x509 client certificate. Must be PEM encoded.
+        """
         root_rotation_statements: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
         """
         A list of database statements to be executed to rotate the root user's credentials.
         """
+        self_managed: NotRequired[pulumi.Input[bool]]
+        """
+        If set, allows onboarding static roles with a rootless connection configuration.
+        """
         service_account_json: NotRequired[pulumi.Input[str]]
         """
         A JSON encoded credential for use with IAM authorization
         """
+        tls_ca: NotRequired[pulumi.Input[str]]
+        """
+        The x509 CA file for validating the certificate presented by the PostgreSQL server. Must be PEM encoded.
+        """
+        tls_certificate: NotRequired[pulumi.Input[str]]
+        """
+        The x509 client certificate for connecting to the database. Must be PEM encoded.
+        """
         username: NotRequired[pulumi.Input[str]]
         """
         The root credential username used in the connection URL
@@ -7625,8 +7761,12 @@ class SecretsMountPostgresqlArgs:
                  max_open_connections: Optional[pulumi.Input[int]] = None,
                  password: Optional[pulumi.Input[str]] = None,
                  plugin_name: Optional[pulumi.Input[str]] = None,
+                 private_key: Optional[pulumi.Input[str]] = None,
                  root_rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 self_managed: Optional[pulumi.Input[bool]] = None,
                  service_account_json: Optional[pulumi.Input[str]] = None,
+                 tls_ca: Optional[pulumi.Input[str]] = None,
+                 tls_certificate: Optional[pulumi.Input[str]] = None,
                  username: Optional[pulumi.Input[str]] = None,
                  username_template: Optional[pulumi.Input[str]] = None,
                  verify_connection: Optional[pulumi.Input[bool]] = None):
@@ -7645,8 +7785,12 @@ class SecretsMountPostgresqlArgs:
         :param pulumi.Input[int] max_open_connections: Maximum number of open connections to the database.
         :param pulumi.Input[str] password: The root credential password used in the connection URL
         :param pulumi.Input[str] plugin_name: Specifies the name of the plugin to use.
+        :param pulumi.Input[str] private_key: The secret key used for the x509 client certificate. Must be PEM encoded.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
+        :param pulumi.Input[bool] self_managed: If set, allows onboarding static roles with a rootless connection configuration.
         :param pulumi.Input[str] service_account_json: A JSON encoded credential for use with IAM authorization
+        :param pulumi.Input[str] tls_ca: The x509 CA file for validating the certificate presented by the PostgreSQL server. Must be PEM encoded.
+        :param pulumi.Input[str] tls_certificate: The x509 client certificate for connecting to the database. Must be PEM encoded.
         :param pulumi.Input[str] username: The root credential username used in the connection URL
         :param pulumi.Input[str] username_template: Username generation template.
         :param pulumi.Input[bool] verify_connection: Whether the connection should be verified on
@@ -7673,10 +7817,18 @@ class SecretsMountPostgresqlArgs:
             pulumi.set(__self__, "password", password)
         if plugin_name is not None:
             pulumi.set(__self__, "plugin_name", plugin_name)
+        if private_key is not None:
+            pulumi.set(__self__, "private_key", private_key)
         if root_rotation_statements is not None:
             pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
+        if self_managed is not None:
+            pulumi.set(__self__, "self_managed", self_managed)
         if service_account_json is not None:
             pulumi.set(__self__, "service_account_json", service_account_json)
+        if tls_ca is not None:
+            pulumi.set(__self__, "tls_ca", tls_ca)
+        if tls_certificate is not None:
+            pulumi.set(__self__, "tls_certificate", tls_certificate)
         if username is not None:
             pulumi.set(__self__, "username", username)
         if username_template is not None:
@@ -7819,6 +7971,18 @@ class SecretsMountPostgresqlArgs:
     def plugin_name(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "plugin_name", value)
+    @property
+    @pulumi.getter(name="privateKey")
+    def private_key(self) -> Optional[pulumi.Input[str]]:
+        """
+        The secret key used for the x509 client certificate. Must be PEM encoded.
+        """
+        return pulumi.get(self, "private_key")
+    @private_key.setter
+    def private_key(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "private_key", value)
     @property
     @pulumi.getter(name="rootRotationStatements")
     def root_rotation_statements(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -7831,6 +7995,18 @@ class SecretsMountPostgresqlArgs:
     def root_rotation_statements(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
         pulumi.set(self, "root_rotation_statements", value)
+    @property
+    @pulumi.getter(name="selfManaged")
+    def self_managed(self) -> Optional[pulumi.Input[bool]]:
+        """
+        If set, allows onboarding static roles with a rootless connection configuration.
+        """
+        return pulumi.get(self, "self_managed")
+    @self_managed.setter
+    def self_managed(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "self_managed", value)
     @property
     @pulumi.getter(name="serviceAccountJson")
     def service_account_json(self) -> Optional[pulumi.Input[str]]:
@@ -7843,6 +8019,30 @@ class SecretsMountPostgresqlArgs:
     def service_account_json(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "service_account_json", value)
+    @property
+    @pulumi.getter(name="tlsCa")
+    def tls_ca(self) -> Optional[pulumi.Input[str]]:
+        """
+        The x509 CA file for validating the certificate presented by the PostgreSQL server. Must be PEM encoded.
+        """
+        return pulumi.get(self, "tls_ca")
+    @tls_ca.setter
+    def tls_ca(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "tls_ca", value)
+    @property
+    @pulumi.getter(name="tlsCertificate")
+    def tls_certificate(self) -> Optional[pulumi.Input[str]]:
+        """
+        The x509 client certificate for connecting to the database. Must be PEM encoded.
+        """
+        return pulumi.get(self, "tls_certificate")
+    @tls_certificate.setter
+    def tls_certificate(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "tls_certificate", value)
     @property
     @pulumi.getter
     def username(self) -> Optional[pulumi.Input[str]]:

pulumi-vault 6.3.2__py3-none-any.whl → 6.4.0__py3-none-any.whl

pulumi-vault 6.3.2py3-none-any.whl → 6.4.0py3-none-any.whl