pulumi-vault 6.4.0a1723454543__py3-none-any.whl → 6.4.0a1724220732__py3-none-any.whl

pulumi_vault/pkisecret/_inputs.py

@@ -17,11 +17,11 @@ __all__ = [
 @pulumi.input_type
 class BackendConfigEstAuthenticatorsArgs:
     def __init__(__self__, *,
-                 cert: Optional[pulumi.Input[Mapping[str, Any]]] = None,
-                 userpass: Optional[pulumi.Input[Mapping[str, Any]]] = None):
+                 cert: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 userpass: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None):
         """
-        :param pulumi.Input[Mapping[str, Any]] cert: "The accessor (required) and cert_role (optional) properties for cert auth backends".
-        :param pulumi.Input[Mapping[str, Any]] userpass: "The accessor (required) property for user pass auth backends".
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] cert: "The accessor (required) and cert_role (optional) properties for cert auth backends".
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] userpass: "The accessor (required) property for user pass auth backends".
         """
         if cert is not None:
             pulumi.set(__self__, "cert", cert)
@@ -30,26 +30,26 @@ class BackendConfigEstAuthenticatorsArgs:
 
     @property
     @pulumi.getter
-    def cert(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
+    def cert(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
         """
         "The accessor (required) and cert_role (optional) properties for cert auth backends".
         """
         return pulumi.get(self, "cert")
 
     @cert.setter
-    def cert(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
+    def cert(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "cert", value)
 
     @property
     @pulumi.getter
-    def userpass(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
+    def userpass(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
         """
         "The accessor (required) property for user pass auth backends".
         """
         return pulumi.get(self, "userpass")
 
     @userpass.setter
-    def userpass(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
+    def userpass(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "userpass", value)
 
 

pulumi_vault/pkisecret/backend_config_est.py

@@ -23,7 +23,7 @@ class BackendConfigEstArgs:
                  default_path_policy: Optional[pulumi.Input[str]] = None,
                  enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
                  enabled: Optional[pulumi.Input[bool]] = None,
-                 label_to_path_policy: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  namespace: Optional[pulumi.Input[str]] = None):
         """
         The set of arguments for constructing a BackendConfigEst resource.
@@ -37,7 +37,7 @@ class BackendConfigEstArgs:
         :param pulumi.Input[str] default_path_policy: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
         :param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
         :param pulumi.Input[bool] enabled: Specifies whether EST is enabled.
-        :param pulumi.Input[Mapping[str, Any]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
         :param pulumi.Input[str] namespace: The namespace of the target resource.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -150,14 +150,14 @@ class BackendConfigEstArgs:
 
     @property
     @pulumi.getter(name="labelToPathPolicy")
-    def label_to_path_policy(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
+    def label_to_path_policy(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
         """
         Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
         """
         return pulumi.get(self, "label_to_path_policy")
 
     @label_to_path_policy.setter
-    def label_to_path_policy(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
+    def label_to_path_policy(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "label_to_path_policy", value)
 
     @property
@@ -186,7 +186,7 @@ class _BackendConfigEstState:
                  default_path_policy: Optional[pulumi.Input[str]] = None,
                  enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
                  enabled: Optional[pulumi.Input[bool]] = None,
-                 label_to_path_policy: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  last_updated: Optional[pulumi.Input[str]] = None,
                  namespace: Optional[pulumi.Input[str]] = None):
         """
@@ -201,7 +201,7 @@ class _BackendConfigEstState:
         :param pulumi.Input[str] default_path_policy: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
         :param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
         :param pulumi.Input[bool] enabled: Specifies whether EST is enabled.
-        :param pulumi.Input[Mapping[str, Any]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
         :param pulumi.Input[str] last_updated: A read-only timestamp representing the last time the configuration was updated.
         :param pulumi.Input[str] namespace: The namespace of the target resource.
                The value should not contain leading or trailing forward slashes.
@@ -318,14 +318,14 @@ class _BackendConfigEstState:
 
     @property
     @pulumi.getter(name="labelToPathPolicy")
-    def label_to_path_policy(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
+    def label_to_path_policy(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
         """
         Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
         """
         return pulumi.get(self, "label_to_path_policy")
 
     @label_to_path_policy.setter
-    def label_to_path_policy(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
+    def label_to_path_policy(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "label_to_path_policy", value)
 
     @property
@@ -368,7 +368,7 @@ class BackendConfigEst(pulumi.CustomResource):
                  default_path_policy: Optional[pulumi.Input[str]] = None,
                  enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
                  enabled: Optional[pulumi.Input[bool]] = None,
-                 label_to_path_policy: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
@@ -396,7 +396,7 @@ class BackendConfigEst(pulumi.CustomResource):
         :param pulumi.Input[str] default_path_policy: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
         :param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
         :param pulumi.Input[bool] enabled: Specifies whether EST is enabled.
-        :param pulumi.Input[Mapping[str, Any]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
         :param pulumi.Input[str] namespace: The namespace of the target resource.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -443,7 +443,7 @@ class BackendConfigEst(pulumi.CustomResource):
                  default_path_policy: Optional[pulumi.Input[str]] = None,
                  enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
                  enabled: Optional[pulumi.Input[bool]] = None,
-                 label_to_path_policy: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -483,7 +483,7 @@ class BackendConfigEst(pulumi.CustomResource):
             default_path_policy: Optional[pulumi.Input[str]] = None,
             enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
             enabled: Optional[pulumi.Input[bool]] = None,
-            label_to_path_policy: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+            label_to_path_policy: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
             last_updated: Optional[pulumi.Input[str]] = None,
             namespace: Optional[pulumi.Input[str]] = None) -> 'BackendConfigEst':
         """
@@ -503,7 +503,7 @@ class BackendConfigEst(pulumi.CustomResource):
         :param pulumi.Input[str] default_path_policy: Required to be set if default_mount is enabled. Specifies the behavior for requests using the default EST label. Can be sign-verbatim or a role given by role:<role_name>.
         :param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
         :param pulumi.Input[bool] enabled: Specifies whether EST is enabled.
-        :param pulumi.Input[Mapping[str, Any]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] label_to_path_policy: Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
         :param pulumi.Input[str] last_updated: A read-only timestamp representing the last time the configuration was updated.
         :param pulumi.Input[str] namespace: The namespace of the target resource.
                The value should not contain leading or trailing forward slashes.
@@ -587,7 +587,7 @@ class BackendConfigEst(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="labelToPathPolicy")
-    def label_to_path_policy(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
+    def label_to_path_policy(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
         """
         Configures a pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
         """

pulumi_vault/pkisecret/get_backend_config_est.py

@@ -120,7 +120,7 @@ class GetBackendConfigEstResult:
 
     @property
     @pulumi.getter(name="labelToPathPolicy")
-    def label_to_path_policy(self) -> Mapping[str, Any]:
+    def label_to_path_policy(self) -> Mapping[str, str]:
         """
         A pairing of an EST label with the redirected behavior for requests hitting that role. The path policy can be sign-verbatim or a role given by role:<role_name>. Labels must be unique across Vault cluster, and will register .well-known/est/<label> URL paths.
         """

pulumi_vault/pkisecret/get_backend_issuers.py

@@ -56,7 +56,7 @@ class GetBackendIssuersResult:
 
     @property
     @pulumi.getter(name="keyInfo")
-    def key_info(self) -> Mapping[str, Any]:
+    def key_info(self) -> Mapping[str, str]:
         """
         Map of issuer strings read from Vault.
         """

pulumi_vault/pkisecret/get_backend_keys.py

@@ -56,7 +56,7 @@ class GetBackendKeysResult:
 
     @property
     @pulumi.getter(name="keyInfo")
-    def key_info(self) -> Mapping[str, Any]:
+    def key_info(self) -> Mapping[str, str]:
         """
         Map of key strings read from Vault.
         """

pulumi_vault/pkisecret/outputs.py

@@ -18,11 +18,11 @@ __all__ = [
 @pulumi.output_type
 class BackendConfigEstAuthenticators(dict):
     def __init__(__self__, *,
-                 cert: Optional[Mapping[str, Any]] = None,
-                 userpass: Optional[Mapping[str, Any]] = None):
+                 cert: Optional[Mapping[str, str]] = None,
+                 userpass: Optional[Mapping[str, str]] = None):
         """
-        :param Mapping[str, Any] cert: "The accessor (required) and cert_role (optional) properties for cert auth backends".
-        :param Mapping[str, Any] userpass: "The accessor (required) property for user pass auth backends".
+        :param Mapping[str, str] cert: "The accessor (required) and cert_role (optional) properties for cert auth backends".
+        :param Mapping[str, str] userpass: "The accessor (required) property for user pass auth backends".
         """
         if cert is not None:
             pulumi.set(__self__, "cert", cert)
@@ -31,7 +31,7 @@ class BackendConfigEstAuthenticators(dict):
 
     @property
     @pulumi.getter
-    def cert(self) -> Optional[Mapping[str, Any]]:
+    def cert(self) -> Optional[Mapping[str, str]]:
         """
         "The accessor (required) and cert_role (optional) properties for cert auth backends".
         """
@@ -39,7 +39,7 @@ class BackendConfigEstAuthenticators(dict):
 
     @property
     @pulumi.getter
-    def userpass(self) -> Optional[Mapping[str, Any]]:
+    def userpass(self) -> Optional[Mapping[str, str]]:
         """
         "The accessor (required) property for user pass auth backends".
         """
@@ -95,11 +95,11 @@ class SecretBackendRolePolicyIdentifier(dict):
 @pulumi.output_type
 class GetBackendConfigEstAuthenticatorResult(dict):
     def __init__(__self__, *,
-                 cert: Optional[Mapping[str, Any]] = None,
-                 userpass: Optional[Mapping[str, Any]] = None):
+                 cert: Optional[Mapping[str, str]] = None,
+                 userpass: Optional[Mapping[str, str]] = None):
         """
-        :param Mapping[str, Any] cert: "The accessor and cert_role properties for cert auth backends".
-        :param Mapping[str, Any] userpass: "The accessor property for user pass auth backends".
+        :param Mapping[str, str] cert: "The accessor and cert_role properties for cert auth backends".
+        :param Mapping[str, str] userpass: "The accessor property for user pass auth backends".
         """
         if cert is not None:
             pulumi.set(__self__, "cert", cert)
@@ -108,7 +108,7 @@ class GetBackendConfigEstAuthenticatorResult(dict):
 
     @property
     @pulumi.getter
-    def cert(self) -> Optional[Mapping[str, Any]]:
+    def cert(self) -> Optional[Mapping[str, str]]:
         """
         "The accessor and cert_role properties for cert auth backends".
         """
@@ -116,7 +116,7 @@ class GetBackendConfigEstAuthenticatorResult(dict):
 
     @property
     @pulumi.getter
-    def userpass(self) -> Optional[Mapping[str, Any]]:
+    def userpass(self) -> Optional[Mapping[str, str]]:
         """
         "The accessor property for user pass auth backends".
         """

pulumi_vault/pulumi-plugin.json

@@ -1,5 +1,5 @@
 {
   "resource": true,
   "name": "vault",
-  "version": "6.4.0-alpha.1723454543"
+  "version": "6.4.0-alpha.1724220732"
 }

pulumi_vault/saml/auth_backend_role.py

@@ -15,7 +15,7 @@ __all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
 class AuthBackendRoleArgs:
     def __init__(__self__, *,
                  path: pulumi.Input[str],
-                 bound_attributes: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  bound_attributes_type: Optional[pulumi.Input[str]] = None,
                  bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  bound_subjects_type: Optional[pulumi.Input[str]] = None,
@@ -34,7 +34,7 @@ class AuthBackendRoleArgs:
         """
         The set of arguments for constructing a AuthBackendRole resource.
         :param pulumi.Input[str] path: Path where the auth backend is mounted.
-        :param pulumi.Input[Mapping[str, Any]] bound_attributes: Mapping of attribute names to values that are expected to
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_attributes: Mapping of attribute names to values that are expected to
                exist in the SAML assertion.
         :param pulumi.Input[str] bound_attributes_type: The type of matching assertion to perform on
                `bound_attributes_type`.
@@ -105,7 +105,7 @@ class AuthBackendRoleArgs:
 
     @property
     @pulumi.getter(name="boundAttributes")
-    def bound_attributes(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
+    def bound_attributes(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
         """
         Mapping of attribute names to values that are expected to
         exist in the SAML assertion.
@@ -113,7 +113,7 @@ class AuthBackendRoleArgs:
         return pulumi.get(self, "bound_attributes")
 
     @bound_attributes.setter
-    def bound_attributes(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
+    def bound_attributes(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "bound_attributes", value)
 
     @property
@@ -305,7 +305,7 @@ class AuthBackendRoleArgs:
 @pulumi.input_type
 class _AuthBackendRoleState:
     def __init__(__self__, *,
-                 bound_attributes: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  bound_attributes_type: Optional[pulumi.Input[str]] = None,
                  bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  bound_subjects_type: Optional[pulumi.Input[str]] = None,
@@ -324,7 +324,7 @@ class _AuthBackendRoleState:
                  token_type: Optional[pulumi.Input[str]] = None):
         """
         Input properties used for looking up and filtering AuthBackendRole resources.
-        :param pulumi.Input[Mapping[str, Any]] bound_attributes: Mapping of attribute names to values that are expected to
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_attributes: Mapping of attribute names to values that are expected to
                exist in the SAML assertion.
         :param pulumi.Input[str] bound_attributes_type: The type of matching assertion to perform on
                `bound_attributes_type`.
@@ -385,7 +385,7 @@ class _AuthBackendRoleState:
 
     @property
     @pulumi.getter(name="boundAttributes")
-    def bound_attributes(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
+    def bound_attributes(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
         """
         Mapping of attribute names to values that are expected to
         exist in the SAML assertion.
@@ -393,7 +393,7 @@ class _AuthBackendRoleState:
         return pulumi.get(self, "bound_attributes")
 
     @bound_attributes.setter
-    def bound_attributes(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
+    def bound_attributes(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "bound_attributes", value)
 
     @property
@@ -599,7 +599,7 @@ class AuthBackendRole(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 bound_attributes: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  bound_attributes_type: Optional[pulumi.Input[str]] = None,
                  bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  bound_subjects_type: Optional[pulumi.Input[str]] = None,
@@ -656,7 +656,7 @@ class AuthBackendRole(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[Mapping[str, Any]] bound_attributes: Mapping of attribute names to values that are expected to
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_attributes: Mapping of attribute names to values that are expected to
                exist in the SAML assertion.
         :param pulumi.Input[str] bound_attributes_type: The type of matching assertion to perform on
                `bound_attributes_type`.
@@ -738,7 +738,7 @@ class AuthBackendRole(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 bound_attributes: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  bound_attributes_type: Optional[pulumi.Input[str]] = None,
                  bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  bound_subjects_type: Optional[pulumi.Input[str]] = None,
@@ -793,7 +793,7 @@ class AuthBackendRole(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            bound_attributes: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+            bound_attributes: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
             bound_attributes_type: Optional[pulumi.Input[str]] = None,
             bound_subjects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             bound_subjects_type: Optional[pulumi.Input[str]] = None,
@@ -817,7 +817,7 @@ class AuthBackendRole(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[Mapping[str, Any]] bound_attributes: Mapping of attribute names to values that are expected to
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_attributes: Mapping of attribute names to values that are expected to
                exist in the SAML assertion.
         :param pulumi.Input[str] bound_attributes_type: The type of matching assertion to perform on
                `bound_attributes_type`.
@@ -866,7 +866,7 @@ class AuthBackendRole(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="boundAttributes")
-    def bound_attributes(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
+    def bound_attributes(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
         """
         Mapping of attribute names to values that are expected to
         exist in the SAML assertion.

pulumi_vault/secrets/sync_aws_destination.py

@@ -15,7 +15,7 @@ __all__ = ['SyncAwsDestinationArgs', 'SyncAwsDestination']
 class SyncAwsDestinationArgs:
     def __init__(__self__, *,
                  access_key_id: Optional[pulumi.Input[str]] = None,
-                 custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  external_id: Optional[pulumi.Input[str]] = None,
                  granularity: Optional[pulumi.Input[str]] = None,
                  name: Optional[pulumi.Input[str]] = None,
@@ -29,7 +29,7 @@ class SyncAwsDestinationArgs:
         :param pulumi.Input[str] access_key_id: Access key id to authenticate against the AWS secrets manager.
                Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
                variable.
-        :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
         :param pulumi.Input[str] external_id: Optional extra protection that must match the trust policy granting access to the
                AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
                The field is mutable with no special condition, but users must be careful that the new value fits with the trust
@@ -92,14 +92,14 @@ class SyncAwsDestinationArgs:
 
     @property
     @pulumi.getter(name="customTags")
-    def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
+    def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
         """
         Custom tags to set on the secret managed at the destination.
         """
         return pulumi.get(self, "custom_tags")
 
     @custom_tags.setter
-    def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
+    def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "custom_tags", value)
 
     @property
@@ -219,7 +219,7 @@ class SyncAwsDestinationArgs:
 class _SyncAwsDestinationState:
     def __init__(__self__, *,
                  access_key_id: Optional[pulumi.Input[str]] = None,
-                 custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  external_id: Optional[pulumi.Input[str]] = None,
                  granularity: Optional[pulumi.Input[str]] = None,
                  name: Optional[pulumi.Input[str]] = None,
@@ -234,7 +234,7 @@ class _SyncAwsDestinationState:
         :param pulumi.Input[str] access_key_id: Access key id to authenticate against the AWS secrets manager.
                Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
                variable.
-        :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
         :param pulumi.Input[str] external_id: Optional extra protection that must match the trust policy granting access to the
                AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
                The field is mutable with no special condition, but users must be careful that the new value fits with the trust
@@ -300,14 +300,14 @@ class _SyncAwsDestinationState:
 
     @property
     @pulumi.getter(name="customTags")
-    def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, Any]]]:
+    def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
         """
         Custom tags to set on the secret managed at the destination.
         """
         return pulumi.get(self, "custom_tags")
 
     @custom_tags.setter
-    def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, Any]]]):
+    def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "custom_tags", value)
 
     @property
@@ -441,7 +441,7 @@ class SyncAwsDestination(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  access_key_id: Optional[pulumi.Input[str]] = None,
-                 custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  external_id: Optional[pulumi.Input[str]] = None,
                  granularity: Optional[pulumi.Input[str]] = None,
                  name: Optional[pulumi.Input[str]] = None,
@@ -484,7 +484,7 @@ class SyncAwsDestination(pulumi.CustomResource):
         :param pulumi.Input[str] access_key_id: Access key id to authenticate against the AWS secrets manager.
                Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
                variable.
-        :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
         :param pulumi.Input[str] external_id: Optional extra protection that must match the trust policy granting access to the
                AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
                The field is mutable with no special condition, but users must be careful that the new value fits with the trust
@@ -560,7 +560,7 @@ class SyncAwsDestination(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  access_key_id: Optional[pulumi.Input[str]] = None,
-                 custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  external_id: Optional[pulumi.Input[str]] = None,
                  granularity: Optional[pulumi.Input[str]] = None,
                  name: Optional[pulumi.Input[str]] = None,
@@ -602,7 +602,7 @@ class SyncAwsDestination(pulumi.CustomResource):
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
             access_key_id: Optional[pulumi.Input[str]] = None,
-            custom_tags: Optional[pulumi.Input[Mapping[str, Any]]] = None,
+            custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
             external_id: Optional[pulumi.Input[str]] = None,
             granularity: Optional[pulumi.Input[str]] = None,
             name: Optional[pulumi.Input[str]] = None,
@@ -622,7 +622,7 @@ class SyncAwsDestination(pulumi.CustomResource):
         :param pulumi.Input[str] access_key_id: Access key id to authenticate against the AWS secrets manager.
                Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
                variable.
-        :param pulumi.Input[Mapping[str, Any]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
         :param pulumi.Input[str] external_id: Optional extra protection that must match the trust policy granting access to the
                AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
                The field is mutable with no special condition, but users must be careful that the new value fits with the trust
@@ -678,7 +678,7 @@ class SyncAwsDestination(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="customTags")
-    def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, Any]]]:
+    def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
         """
         Custom tags to set on the secret managed at the destination.
         """