pulumi-vault 6.4.0__py3-none-any.whl → 6.4.0a1723454543__py3-none-any.whl

pulumi_vault/kubernetes/get_auth_backend_config.py

@@ -4,14 +4,9 @@
 
 import copy
 import warnings
-import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
-if sys.version_info >= (3, 11):
-    from typing import NotRequired, TypedDict, TypeAlias
-else:
-    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [
@@ -26,7 +21,7 @@ class GetAuthBackendConfigResult:
     """
     A collection of values returned by getAuthBackendConfig.
     """
-    def __init__(__self__, backend=None, disable_iss_validation=None, disable_local_ca_jwt=None, id=None, issuer=None, kubernetes_ca_cert=None, kubernetes_host=None, namespace=None, pem_keys=None, use_annotations_as_alias_metadata=None):
+    def __init__(__self__, backend=None, disable_iss_validation=None, disable_local_ca_jwt=None, id=None, issuer=None, kubernetes_ca_cert=None, kubernetes_host=None, namespace=None, pem_keys=None):
         if backend and not isinstance(backend, str):
             raise TypeError("Expected argument 'backend' to be a str")
         pulumi.set(__self__, "backend", backend)
@@ -54,9 +49,6 @@ class GetAuthBackendConfigResult:
         if pem_keys and not isinstance(pem_keys, list):
             raise TypeError("Expected argument 'pem_keys' to be a list")
         pulumi.set(__self__, "pem_keys", pem_keys)
-        if use_annotations_as_alias_metadata and not isinstance(use_annotations_as_alias_metadata, bool):
-            raise TypeError("Expected argument 'use_annotations_as_alias_metadata' to be a bool")
-        pulumi.set(__self__, "use_annotations_as_alias_metadata", use_annotations_as_alias_metadata)
 
     @property
     @pulumi.getter
@@ -66,17 +58,11 @@ class GetAuthBackendConfigResult:
     @property
     @pulumi.getter(name="disableIssValidation")
     def disable_iss_validation(self) -> bool:
-        """
-        (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
-        """
         return pulumi.get(self, "disable_iss_validation")
 
     @property
     @pulumi.getter(name="disableLocalCaJwt")
     def disable_local_ca_jwt(self) -> bool:
-        """
-        (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
-        """
         return pulumi.get(self, "disable_local_ca_jwt")
 
     @property
@@ -124,14 +110,6 @@ class GetAuthBackendConfigResult:
         """
         return pulumi.get(self, "pem_keys")
 
-    @property
-    @pulumi.getter(name="useAnnotationsAsAliasMetadata")
-    def use_annotations_as_alias_metadata(self) -> bool:
-        """
-        (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
-        """
-        return pulumi.get(self, "use_annotations_as_alias_metadata")
-
 
 class AwaitableGetAuthBackendConfigResult(GetAuthBackendConfigResult):
     # pylint: disable=using-constant-test
@@ -147,8 +125,7 @@ class AwaitableGetAuthBackendConfigResult(GetAuthBackendConfigResult):
             kubernetes_ca_cert=self.kubernetes_ca_cert,
             kubernetes_host=self.kubernetes_host,
             namespace=self.namespace,
-            pem_keys=self.pem_keys,
-            use_annotations_as_alias_metadata=self.use_annotations_as_alias_metadata)
+            pem_keys=self.pem_keys)
 
 
 def get_auth_backend_config(backend: Optional[str] = None,
@@ -159,7 +136,6 @@ def get_auth_backend_config(backend: Optional[str] = None,
                             kubernetes_host: Optional[str] = None,
                             namespace: Optional[str] = None,
                             pem_keys: Optional[Sequence[str]] = None,
-                            use_annotations_as_alias_metadata: Optional[bool] = None,
                             opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetAuthBackendConfigResult:
     """
     Reads the Role of an Kubernetes from a Vault server. See the [Vault
@@ -169,8 +145,6 @@ def get_auth_backend_config(backend: Optional[str] = None,
 
     :param str backend: The unique name for the Kubernetes backend the config to
            retrieve Role attributes for resides in. Defaults to "kubernetes".
-    :param bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
-    :param bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
     :param str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
     :param str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
     :param str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
@@ -179,7 +153,6 @@ def get_auth_backend_config(backend: Optional[str] = None,
            The `namespace` is always relative to the provider's configured namespace.
            *Available only for Vault Enterprise*.
     :param Sequence[str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
-    :param bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
     """
     __args__ = dict()
     __args__['backend'] = backend
@@ -190,7 +163,6 @@ def get_auth_backend_config(backend: Optional[str] = None,
     __args__['kubernetesHost'] = kubernetes_host
     __args__['namespace'] = namespace
     __args__['pemKeys'] = pem_keys
-    __args__['useAnnotationsAsAliasMetadata'] = use_annotations_as_alias_metadata
     opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
     __ret__ = pulumi.runtime.invoke('vault:kubernetes/getAuthBackendConfig:getAuthBackendConfig', __args__, opts=opts, typ=GetAuthBackendConfigResult).value
 
@@ -203,8 +175,10 @@ def get_auth_backend_config(backend: Optional[str] = None,
         kubernetes_ca_cert=pulumi.get(__ret__, 'kubernetes_ca_cert'),
         kubernetes_host=pulumi.get(__ret__, 'kubernetes_host'),
         namespace=pulumi.get(__ret__, 'namespace'),
-        pem_keys=pulumi.get(__ret__, 'pem_keys'),
-        use_annotations_as_alias_metadata=pulumi.get(__ret__, 'use_annotations_as_alias_metadata'))
+        pem_keys=pulumi.get(__ret__, 'pem_keys'))
+
+
+@_utilities.lift_output_func(get_auth_backend_config)
 def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]] = None,
                                    disable_iss_validation: Optional[pulumi.Input[Optional[bool]]] = None,
                                    disable_local_ca_jwt: Optional[pulumi.Input[Optional[bool]]] = None,
@@ -213,7 +187,6 @@ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]
                                    kubernetes_host: Optional[pulumi.Input[Optional[str]]] = None,
                                    namespace: Optional[pulumi.Input[Optional[str]]] = None,
                                    pem_keys: Optional[pulumi.Input[Optional[Sequence[str]]]] = None,
-                                   use_annotations_as_alias_metadata: Optional[pulumi.Input[Optional[bool]]] = None,
                                    opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAuthBackendConfigResult]:
     """
     Reads the Role of an Kubernetes from a Vault server. See the [Vault
@@ -223,8 +196,6 @@ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]
 
     :param str backend: The unique name for the Kubernetes backend the config to
            retrieve Role attributes for resides in. Defaults to "kubernetes".
-    :param bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
-    :param bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
     :param str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
     :param str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
     :param str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
@@ -233,28 +204,5 @@ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]
            The `namespace` is always relative to the provider's configured namespace.
            *Available only for Vault Enterprise*.
     :param Sequence[str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
-    :param bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
     """
-    __args__ = dict()
-    __args__['backend'] = backend
-    __args__['disableIssValidation'] = disable_iss_validation
-    __args__['disableLocalCaJwt'] = disable_local_ca_jwt
-    __args__['issuer'] = issuer
-    __args__['kubernetesCaCert'] = kubernetes_ca_cert
-    __args__['kubernetesHost'] = kubernetes_host
-    __args__['namespace'] = namespace
-    __args__['pemKeys'] = pem_keys
-    __args__['useAnnotationsAsAliasMetadata'] = use_annotations_as_alias_metadata
-    opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
-    __ret__ = pulumi.runtime.invoke_output('vault:kubernetes/getAuthBackendConfig:getAuthBackendConfig', __args__, opts=opts, typ=GetAuthBackendConfigResult)
-    return __ret__.apply(lambda __response__: GetAuthBackendConfigResult(
-        backend=pulumi.get(__response__, 'backend'),
-        disable_iss_validation=pulumi.get(__response__, 'disable_iss_validation'),
-        disable_local_ca_jwt=pulumi.get(__response__, 'disable_local_ca_jwt'),
-        id=pulumi.get(__response__, 'id'),
-        issuer=pulumi.get(__response__, 'issuer'),
-        kubernetes_ca_cert=pulumi.get(__response__, 'kubernetes_ca_cert'),
-        kubernetes_host=pulumi.get(__response__, 'kubernetes_host'),
-        namespace=pulumi.get(__response__, 'namespace'),
-        pem_keys=pulumi.get(__response__, 'pem_keys'),
-        use_annotations_as_alias_metadata=pulumi.get(__response__, 'use_annotations_as_alias_metadata')))
+    ...

pulumi_vault/kubernetes/get_auth_backend_role.py

@@ -4,14 +4,9 @@
 
 import copy
 import warnings
-import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
-if sys.version_info >= (3, 11):
-    from typing import NotRequired, TypedDict, TypeAlias
-else:
-    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [
@@ -341,6 +336,9 @@ def get_auth_backend_role(audience: Optional[str] = None,
         token_policies=pulumi.get(__ret__, 'token_policies'),
         token_ttl=pulumi.get(__ret__, 'token_ttl'),
         token_type=pulumi.get(__ret__, 'token_type'))
+
+
+@_utilities.lift_output_func(get_auth_backend_role)
 def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[str]]] = None,
                                  backend: Optional[pulumi.Input[Optional[str]]] = None,
                                  namespace: Optional[pulumi.Input[Optional[str]]] = None,
@@ -397,37 +395,4 @@ def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[str]]]
            `default-service` and `default-batch` which specify the type to return unless the client
            requests a different type at generation time.
     """
-    __args__ = dict()
-    __args__['audience'] = audience
-    __args__['backend'] = backend
-    __args__['namespace'] = namespace
-    __args__['roleName'] = role_name
-    __args__['tokenBoundCidrs'] = token_bound_cidrs
-    __args__['tokenExplicitMaxTtl'] = token_explicit_max_ttl
-    __args__['tokenMaxTtl'] = token_max_ttl
-    __args__['tokenNoDefaultPolicy'] = token_no_default_policy
-    __args__['tokenNumUses'] = token_num_uses
-    __args__['tokenPeriod'] = token_period
-    __args__['tokenPolicies'] = token_policies
-    __args__['tokenTtl'] = token_ttl
-    __args__['tokenType'] = token_type
-    opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
-    __ret__ = pulumi.runtime.invoke_output('vault:kubernetes/getAuthBackendRole:getAuthBackendRole', __args__, opts=opts, typ=GetAuthBackendRoleResult)
-    return __ret__.apply(lambda __response__: GetAuthBackendRoleResult(
-        alias_name_source=pulumi.get(__response__, 'alias_name_source'),
-        audience=pulumi.get(__response__, 'audience'),
-        backend=pulumi.get(__response__, 'backend'),
-        bound_service_account_names=pulumi.get(__response__, 'bound_service_account_names'),
-        bound_service_account_namespaces=pulumi.get(__response__, 'bound_service_account_namespaces'),
-        id=pulumi.get(__response__, 'id'),
-        namespace=pulumi.get(__response__, 'namespace'),
-        role_name=pulumi.get(__response__, 'role_name'),
-        token_bound_cidrs=pulumi.get(__response__, 'token_bound_cidrs'),
-        token_explicit_max_ttl=pulumi.get(__response__, 'token_explicit_max_ttl'),
-        token_max_ttl=pulumi.get(__response__, 'token_max_ttl'),
-        token_no_default_policy=pulumi.get(__response__, 'token_no_default_policy'),
-        token_num_uses=pulumi.get(__response__, 'token_num_uses'),
-        token_period=pulumi.get(__response__, 'token_period'),
-        token_policies=pulumi.get(__response__, 'token_policies'),
-        token_ttl=pulumi.get(__response__, 'token_ttl'),
-        token_type=pulumi.get(__response__, 'token_type')))
+    ...

pulumi_vault/kubernetes/get_service_account_token.py

@@ -4,14 +4,9 @@
 
 import copy
 import warnings
-import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
-if sys.version_info >= (3, 11):
-    from typing import NotRequired, TypedDict, TypeAlias
-else:
-    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [
@@ -259,6 +254,9 @@ def get_service_account_token(backend: Optional[str] = None,
         service_account_namespace=pulumi.get(__ret__, 'service_account_namespace'),
         service_account_token=pulumi.get(__ret__, 'service_account_token'),
         ttl=pulumi.get(__ret__, 'ttl'))
+
+
+@_utilities.lift_output_func(get_service_account_token)
 def get_service_account_token_output(backend: Optional[pulumi.Input[str]] = None,
                                      cluster_role_binding: Optional[pulumi.Input[Optional[bool]]] = None,
                                      kubernetes_namespace: Optional[pulumi.Input[str]] = None,
@@ -319,26 +317,4 @@ def get_service_account_token_output(backend: Optional[pulumi.Input[str]] = None
     :param str ttl: The TTL of the generated Kubernetes service account token, specified in 
            seconds or as a Go duration format string.
     """
-    __args__ = dict()
-    __args__['backend'] = backend
-    __args__['clusterRoleBinding'] = cluster_role_binding
-    __args__['kubernetesNamespace'] = kubernetes_namespace
-    __args__['namespace'] = namespace
-    __args__['role'] = role
-    __args__['ttl'] = ttl
-    opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
-    __ret__ = pulumi.runtime.invoke_output('vault:kubernetes/getServiceAccountToken:getServiceAccountToken', __args__, opts=opts, typ=GetServiceAccountTokenResult)
-    return __ret__.apply(lambda __response__: GetServiceAccountTokenResult(
-        backend=pulumi.get(__response__, 'backend'),
-        cluster_role_binding=pulumi.get(__response__, 'cluster_role_binding'),
-        id=pulumi.get(__response__, 'id'),
-        kubernetes_namespace=pulumi.get(__response__, 'kubernetes_namespace'),
-        lease_duration=pulumi.get(__response__, 'lease_duration'),
-        lease_id=pulumi.get(__response__, 'lease_id'),
-        lease_renewable=pulumi.get(__response__, 'lease_renewable'),
-        namespace=pulumi.get(__response__, 'namespace'),
-        role=pulumi.get(__response__, 'role'),
-        service_account_name=pulumi.get(__response__, 'service_account_name'),
-        service_account_namespace=pulumi.get(__response__, 'service_account_namespace'),
-        service_account_token=pulumi.get(__response__, 'service_account_token'),
-        ttl=pulumi.get(__response__, 'ttl')))
+    ...

pulumi_vault/kubernetes/secret_backend.py

@@ -4,14 +4,9 @@
 
 import copy
 import warnings
-import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
-if sys.version_info >= (3, 11):
-    from typing import NotRequired, TypedDict, TypeAlias
-else:
-    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['SecretBackendArgs', 'SecretBackend']
@@ -36,7 +31,7 @@ class SecretBackendArgs:
                  local: Optional[pulumi.Input[bool]] = None,
                  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
-                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
                  passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  plugin_version: Optional[pulumi.Input[str]] = None,
                  seal_wrap: Optional[pulumi.Input[bool]] = None,
@@ -69,7 +64,7 @@ class SecretBackendArgs:
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
+        :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
         :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
         :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
         :param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
@@ -336,14 +331,14 @@ class SecretBackendArgs:
 
     @property
     @pulumi.getter
-    def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
+    def options(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
         """
         Specifies mount type specific options that are passed to the backend
         """
         return pulumi.get(self, "options")
 
     @options.setter
-    def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
+    def options(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
         pulumi.set(self, "options", value)
 
     @property
@@ -417,7 +412,7 @@ class _SecretBackendState:
                  local: Optional[pulumi.Input[bool]] = None,
                  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
-                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
                  passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  path: Optional[pulumi.Input[str]] = None,
                  plugin_version: Optional[pulumi.Input[str]] = None,
@@ -451,7 +446,7 @@ class _SecretBackendState:
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
+        :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
         :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
         :param pulumi.Input[str] path: Where the secret backend will be mounted
         :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
@@ -722,14 +717,14 @@ class _SecretBackendState:
 
     @property
     @pulumi.getter
-    def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
+    def options(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
         """
         Specifies mount type specific options that are passed to the backend
         """
         return pulumi.get(self, "options")
 
     @options.setter
-    def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
+    def options(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
         pulumi.set(self, "options", value)
 
     @property
@@ -816,7 +811,7 @@ class SecretBackend(pulumi.CustomResource):
                  local: Optional[pulumi.Input[bool]] = None,
                  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
-                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
                  passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  path: Optional[pulumi.Input[str]] = None,
                  plugin_version: Optional[pulumi.Input[str]] = None,
@@ -877,7 +872,7 @@ class SecretBackend(pulumi.CustomResource):
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
+        :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
         :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
         :param pulumi.Input[str] path: Where the secret backend will be mounted
         :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
@@ -950,7 +945,7 @@ class SecretBackend(pulumi.CustomResource):
                  local: Optional[pulumi.Input[bool]] = None,
                  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
-                 options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
                  passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  path: Optional[pulumi.Input[str]] = None,
                  plugin_version: Optional[pulumi.Input[str]] = None,
@@ -1019,7 +1014,7 @@ class SecretBackend(pulumi.CustomResource):
             local: Optional[pulumi.Input[bool]] = None,
             max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
             namespace: Optional[pulumi.Input[str]] = None,
-            options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+            options: Optional[pulumi.Input[Mapping[str, Any]]] = None,
             passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             path: Optional[pulumi.Input[str]] = None,
             plugin_version: Optional[pulumi.Input[str]] = None,
@@ -1058,7 +1053,7 @@ class SecretBackend(pulumi.CustomResource):
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
+        :param pulumi.Input[Mapping[str, Any]] options: Specifies mount type specific options that are passed to the backend
         :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
         :param pulumi.Input[str] path: Where the secret backend will be mounted
         :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
@@ -1243,7 +1238,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
+    def options(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
         """
         Specifies mount type specific options that are passed to the backend
         """

pulumi_vault/kubernetes/secret_backend_role.py

@@ -4,14 +4,9 @@
 
 import copy
 import warnings
-import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
-if sys.version_info >= (3, 11):
-    from typing import NotRequired, TypedDict, TypeAlias
-else:
-    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']

pulumi_vault/kv/_inputs.py

@@ -4,57 +4,25 @@
 
 import copy
 import warnings
-import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
-if sys.version_info >= (3, 11):
-    from typing import NotRequired, TypedDict, TypeAlias
-else:
-    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [
     'SecretV2CustomMetadataArgs',
-    'SecretV2CustomMetadataArgsDict',
 ]
 
-MYPY = False
-
-if not MYPY:
-    class SecretV2CustomMetadataArgsDict(TypedDict):
-        cas_required: NotRequired[pulumi.Input[bool]]
-        """
-        If true, all keys will require the cas parameter to be set on all write requests.
-        """
-        data: NotRequired[pulumi.Input[Mapping[str, pulumi.Input[str]]]]
-        """
-        A mapping whose keys are the top-level data keys returned from
-        Vault and whose values are the corresponding values. This map can only
-        represent string data, so any non-string values returned from Vault are
-        serialized as JSON.
-        """
-        delete_version_after: NotRequired[pulumi.Input[int]]
-        """
-        If set, specifies the length of time before a version is deleted.
-        """
-        max_versions: NotRequired[pulumi.Input[int]]
-        """
-        The number of versions to keep per key.
-        """
-elif False:
-    SecretV2CustomMetadataArgsDict: TypeAlias = Mapping[str, Any]
-
 @pulumi.input_type
 class SecretV2CustomMetadataArgs:
     def __init__(__self__, *,
                  cas_required: Optional[pulumi.Input[bool]] = None,
-                 data: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 data: Optional[pulumi.Input[Mapping[str, Any]]] = None,
                  delete_version_after: Optional[pulumi.Input[int]] = None,
                  max_versions: Optional[pulumi.Input[int]] = None):
         """
         :param pulumi.Input[bool] cas_required: If true, all keys will require the cas parameter to be set on all write requests.
-        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] data: A mapping whose keys are the top-level data keys returned from
+        :param pulumi.Input[Mapping[str, Any]] data: A mapping whose keys are the top-level data keys returned from
                Vault and whose values are the corresponding values. This map can only
                represent string data, so any non-string values returned from Vault are
                serialized as JSON.
@@ -84,7 +52,7 @@ class SecretV2CustomMetadataArgs:
 
     @property
     @pulumi.getter
-    def data(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
+    def data(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
         """
         A mapping whose keys are the top-level data keys returned from
         Vault and whose values are the corresponding values. This map can only
@@ -94,7 +62,7 @@ class SecretV2CustomMetadataArgs:
         return pulumi.get(self, "data")
 
     @data.setter
-    def data(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
+    def data(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
         pulumi.set(self, "data", value)
 
     @property

pulumi_vault/kv/get_secret.py

@@ -4,14 +4,9 @@
 
 import copy
 import warnings
-import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
-if sys.version_info >= (3, 11):
-    from typing import NotRequired, TypedDict, TypeAlias
-else:
-    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [
@@ -54,7 +49,7 @@ class GetSecretResult:
 
     @property
     @pulumi.getter
-    def data(self) -> Mapping[str, str]:
+    def data(self) -> Mapping[str, Any]:
         """
         A mapping whose keys are the top-level data keys returned from
         Vault and whose values are the corresponding values. This map can only
@@ -186,6 +181,9 @@ def get_secret(namespace: Optional[str] = None,
         lease_renewable=pulumi.get(__ret__, 'lease_renewable'),
         namespace=pulumi.get(__ret__, 'namespace'),
         path=pulumi.get(__ret__, 'path'))
+
+
+@_utilities.lift_output_func(get_secret)
 def get_secret_output(namespace: Optional[pulumi.Input[Optional[str]]] = None,
                       path: Optional[pulumi.Input[str]] = None,
                       opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSecretResult]:
@@ -224,17 +222,4 @@ def get_secret_output(namespace: Optional[pulumi.Input[Optional[str]]] = None,
            *Available only for Vault Enterprise*.
     :param str path: Full path of the KV-V1 secret.
     """
-    __args__ = dict()
-    __args__['namespace'] = namespace
-    __args__['path'] = path
-    opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
-    __ret__ = pulumi.runtime.invoke_output('vault:kv/getSecret:getSecret', __args__, opts=opts, typ=GetSecretResult)
-    return __ret__.apply(lambda __response__: GetSecretResult(
-        data=pulumi.get(__response__, 'data'),
-        data_json=pulumi.get(__response__, 'data_json'),
-        id=pulumi.get(__response__, 'id'),
-        lease_duration=pulumi.get(__response__, 'lease_duration'),
-        lease_id=pulumi.get(__response__, 'lease_id'),
-        lease_renewable=pulumi.get(__response__, 'lease_renewable'),
-        namespace=pulumi.get(__response__, 'namespace'),
-        path=pulumi.get(__response__, 'path')))
+    ...

pulumi_vault/kv/get_secret_subkeys_v2.py

@@ -4,14 +4,9 @@
 
 import copy
 import warnings
-import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
-if sys.version_info >= (3, 11):
-    from typing import NotRequired, TypedDict, TypeAlias
-else:
-    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [
@@ -57,7 +52,7 @@ class GetSecretSubkeysV2Result:
 
     @property
     @pulumi.getter
-    def data(self) -> Mapping[str, str]:
+    def data(self) -> Mapping[str, Any]:
         """
         Subkeys for the KV-V2 secret stored as a serialized map of strings.
         """
@@ -202,6 +197,9 @@ def get_secret_subkeys_v2(depth: Optional[int] = None,
         namespace=pulumi.get(__ret__, 'namespace'),
         path=pulumi.get(__ret__, 'path'),
         version=pulumi.get(__ret__, 'version'))
+
+
+@_utilities.lift_output_func(get_secret_subkeys_v2)
 def get_secret_subkeys_v2_output(depth: Optional[pulumi.Input[Optional[int]]] = None,
                                  mount: Optional[pulumi.Input[str]] = None,
                                  name: Optional[pulumi.Input[str]] = None,
@@ -255,21 +253,4 @@ def get_secret_subkeys_v2_output(depth: Optional[pulumi.Input[Optional[int]]] =
     :param int version: Specifies the version to return. If not 
            set the latest version is returned.
     """
-    __args__ = dict()
-    __args__['depth'] = depth
-    __args__['mount'] = mount
-    __args__['name'] = name
-    __args__['namespace'] = namespace
-    __args__['version'] = version
-    opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
-    __ret__ = pulumi.runtime.invoke_output('vault:kv/getSecretSubkeysV2:getSecretSubkeysV2', __args__, opts=opts, typ=GetSecretSubkeysV2Result)
-    return __ret__.apply(lambda __response__: GetSecretSubkeysV2Result(
-        data=pulumi.get(__response__, 'data'),
-        data_json=pulumi.get(__response__, 'data_json'),
-        depth=pulumi.get(__response__, 'depth'),
-        id=pulumi.get(__response__, 'id'),
-        mount=pulumi.get(__response__, 'mount'),
-        name=pulumi.get(__response__, 'name'),
-        namespace=pulumi.get(__response__, 'namespace'),
-        path=pulumi.get(__response__, 'path'),
-        version=pulumi.get(__response__, 'version')))
+    ...