pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl

pulumi_vault/aws/secret_backend_static_role.py

@@ -2,6 +2,7 @@
 # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
+import builtins
 import copy
 import warnings
 import sys
@@ -19,28 +20,46 @@ __all__ = ['SecretBackendStaticRoleArgs', 'SecretBackendStaticRole']
 @pulumi.input_type
 class SecretBackendStaticRoleArgs:
     def __init__(__self__, *,
-                 rotation_period: pulumi.Input[int],
-                 username: pulumi.Input[str],
-                 backend: Optional[pulumi.Input[str]] = None,
-                 name: Optional[pulumi.Input[str]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None):
+                 rotation_period: pulumi.Input[builtins.int],
+                 username: pulumi.Input[builtins.str],
+                 assume_role_arn: Optional[pulumi.Input[builtins.str]] = None,
+                 assume_role_session_name: Optional[pulumi.Input[builtins.str]] = None,
+                 backend: Optional[pulumi.Input[builtins.str]] = None,
+                 external_id: Optional[pulumi.Input[builtins.str]] = None,
+                 name: Optional[pulumi.Input[builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None):
         """
         The set of arguments for constructing a SecretBackendStaticRole resource.
-        :param pulumi.Input[int] rotation_period: How often Vault should rotate the password of the user entry.
-        :param pulumi.Input[str] username: The username of the existing AWS IAM to manage password rotation for.
-        :param pulumi.Input[str] backend: The unique path this backend should be mounted at. Must
+        :param pulumi.Input[builtins.int] rotation_period: How often Vault should rotate the password of the user entry.
+        :param pulumi.Input[builtins.str] username: The username of the existing AWS IAM to manage password rotation for.
+        :param pulumi.Input[builtins.str] assume_role_arn: Specifies the ARN of the role that Vault should assume.
+               When provided, Vault will use AWS STS to assume this role and generate temporary credentials.
+               If `assume_role_arn` is provided, `assume_role_session_name` must also be provided.
+               Requires Vault 1.19+. *Available only for Vault Enterprise*.
+        :param pulumi.Input[builtins.str] assume_role_session_name: Specifies the session name to use when assuming the role.
+               If `assume_role_session_name` is provided, `assume_role_arn` must also be provided.
+               Requires Vault 1.19+. *Available only for Vault Enterprise*.
+        :param pulumi.Input[builtins.str] backend: The unique path this backend should be mounted at. Must
                not begin or end with a `/`. Defaults to `aws`
-        :param pulumi.Input[str] name: The name to identify this role within the backend.
+        :param pulumi.Input[builtins.str] external_id: Specifies the external ID to use when assuming the role.
+               Requires Vault 1.19+. *Available only for Vault Enterprise*.
+        :param pulumi.Input[builtins.str] name: The name to identify this role within the backend.
                Must be unique within the backend.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         """
         pulumi.set(__self__, "rotation_period", rotation_period)
         pulumi.set(__self__, "username", username)
+        if assume_role_arn is not None:
+            pulumi.set(__self__, "assume_role_arn", assume_role_arn)
+        if assume_role_session_name is not None:
+            pulumi.set(__self__, "assume_role_session_name", assume_role_session_name)
         if backend is not None:
             pulumi.set(__self__, "backend", backend)
+        if external_id is not None:
+            pulumi.set(__self__, "external_id", external_id)
         if name is not None:
             pulumi.set(__self__, "name", name)
         if namespace is not None:
@@ -48,31 +67,60 @@ class SecretBackendStaticRoleArgs:
 
     @property
     @pulumi.getter(name="rotationPeriod")
-    def rotation_period(self) -> pulumi.Input[int]:
+    def rotation_period(self) -> pulumi.Input[builtins.int]:
         """
         How often Vault should rotate the password of the user entry.
         """
         return pulumi.get(self, "rotation_period")
 
     @rotation_period.setter
-    def rotation_period(self, value: pulumi.Input[int]):
+    def rotation_period(self, value: pulumi.Input[builtins.int]):
         pulumi.set(self, "rotation_period", value)
 
     @property
     @pulumi.getter
-    def username(self) -> pulumi.Input[str]:
+    def username(self) -> pulumi.Input[builtins.str]:
         """
         The username of the existing AWS IAM to manage password rotation for.
         """
         return pulumi.get(self, "username")
 
     @username.setter
-    def username(self, value: pulumi.Input[str]):
+    def username(self, value: pulumi.Input[builtins.str]):
         pulumi.set(self, "username", value)
 
+    @property
+    @pulumi.getter(name="assumeRoleArn")
+    def assume_role_arn(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        Specifies the ARN of the role that Vault should assume.
+        When provided, Vault will use AWS STS to assume this role and generate temporary credentials.
+        If `assume_role_arn` is provided, `assume_role_session_name` must also be provided.
+        Requires Vault 1.19+. *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "assume_role_arn")
+
+    @assume_role_arn.setter
+    def assume_role_arn(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "assume_role_arn", value)
+
+    @property
+    @pulumi.getter(name="assumeRoleSessionName")
+    def assume_role_session_name(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        Specifies the session name to use when assuming the role.
+        If `assume_role_session_name` is provided, `assume_role_arn` must also be provided.
+        Requires Vault 1.19+. *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "assume_role_session_name")
+
+    @assume_role_session_name.setter
+    def assume_role_session_name(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "assume_role_session_name", value)
+
     @property
     @pulumi.getter
-    def backend(self) -> Optional[pulumi.Input[str]]:
+    def backend(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The unique path this backend should be mounted at. Must
         not begin or end with a `/`. Defaults to `aws`
@@ -80,12 +128,25 @@ class SecretBackendStaticRoleArgs:
         return pulumi.get(self, "backend")
 
     @backend.setter
-    def backend(self, value: Optional[pulumi.Input[str]]):
+    def backend(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "backend", value)
 
+    @property
+    @pulumi.getter(name="externalId")
+    def external_id(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        Specifies the external ID to use when assuming the role.
+        Requires Vault 1.19+. *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "external_id")
+
+    @external_id.setter
+    def external_id(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "external_id", value)
+
     @property
     @pulumi.getter
-    def name(self) -> Optional[pulumi.Input[str]]:
+    def name(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The name to identify this role within the backend.
         Must be unique within the backend.
@@ -93,12 +154,12 @@ class SecretBackendStaticRoleArgs:
         return pulumi.get(self, "name")
 
     @name.setter
-    def name(self, value: Optional[pulumi.Input[str]]):
+    def name(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "name", value)
 
     @property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[str]]:
+    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -108,33 +169,51 @@ class SecretBackendStaticRoleArgs:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[str]]):
+    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "namespace", value)
 
 
 @pulumi.input_type
 class _SecretBackendStaticRoleState:
     def __init__(__self__, *,
-                 backend: Optional[pulumi.Input[str]] = None,
-                 name: Optional[pulumi.Input[str]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 rotation_period: Optional[pulumi.Input[int]] = None,
-                 username: Optional[pulumi.Input[str]] = None):
+                 assume_role_arn: Optional[pulumi.Input[builtins.str]] = None,
+                 assume_role_session_name: Optional[pulumi.Input[builtins.str]] = None,
+                 backend: Optional[pulumi.Input[builtins.str]] = None,
+                 external_id: Optional[pulumi.Input[builtins.str]] = None,
+                 name: Optional[pulumi.Input[builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_period: Optional[pulumi.Input[builtins.int]] = None,
+                 username: Optional[pulumi.Input[builtins.str]] = None):
         """
         Input properties used for looking up and filtering SecretBackendStaticRole resources.
-        :param pulumi.Input[str] backend: The unique path this backend should be mounted at. Must
+        :param pulumi.Input[builtins.str] assume_role_arn: Specifies the ARN of the role that Vault should assume.
+               When provided, Vault will use AWS STS to assume this role and generate temporary credentials.
+               If `assume_role_arn` is provided, `assume_role_session_name` must also be provided.
+               Requires Vault 1.19+. *Available only for Vault Enterprise*.
+        :param pulumi.Input[builtins.str] assume_role_session_name: Specifies the session name to use when assuming the role.
+               If `assume_role_session_name` is provided, `assume_role_arn` must also be provided.
+               Requires Vault 1.19+. *Available only for Vault Enterprise*.
+        :param pulumi.Input[builtins.str] backend: The unique path this backend should be mounted at. Must
                not begin or end with a `/`. Defaults to `aws`
-        :param pulumi.Input[str] name: The name to identify this role within the backend.
+        :param pulumi.Input[builtins.str] external_id: Specifies the external ID to use when assuming the role.
+               Requires Vault 1.19+. *Available only for Vault Enterprise*.
+        :param pulumi.Input[builtins.str] name: The name to identify this role within the backend.
                Must be unique within the backend.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[int] rotation_period: How often Vault should rotate the password of the user entry.
-        :param pulumi.Input[str] username: The username of the existing AWS IAM to manage password rotation for.
+        :param pulumi.Input[builtins.int] rotation_period: How often Vault should rotate the password of the user entry.
+        :param pulumi.Input[builtins.str] username: The username of the existing AWS IAM to manage password rotation for.
         """
+        if assume_role_arn is not None:
+            pulumi.set(__self__, "assume_role_arn", assume_role_arn)
+        if assume_role_session_name is not None:
+            pulumi.set(__self__, "assume_role_session_name", assume_role_session_name)
         if backend is not None:
             pulumi.set(__self__, "backend", backend)
+        if external_id is not None:
+            pulumi.set(__self__, "external_id", external_id)
         if name is not None:
             pulumi.set(__self__, "name", name)
         if namespace is not None:
@@ -144,9 +223,38 @@ class _SecretBackendStaticRoleState:
         if username is not None:
             pulumi.set(__self__, "username", username)
 
+    @property
+    @pulumi.getter(name="assumeRoleArn")
+    def assume_role_arn(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        Specifies the ARN of the role that Vault should assume.
+        When provided, Vault will use AWS STS to assume this role and generate temporary credentials.
+        If `assume_role_arn` is provided, `assume_role_session_name` must also be provided.
+        Requires Vault 1.19+. *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "assume_role_arn")
+
+    @assume_role_arn.setter
+    def assume_role_arn(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "assume_role_arn", value)
+
+    @property
+    @pulumi.getter(name="assumeRoleSessionName")
+    def assume_role_session_name(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        Specifies the session name to use when assuming the role.
+        If `assume_role_session_name` is provided, `assume_role_arn` must also be provided.
+        Requires Vault 1.19+. *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "assume_role_session_name")
+
+    @assume_role_session_name.setter
+    def assume_role_session_name(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "assume_role_session_name", value)
+
     @property
     @pulumi.getter
-    def backend(self) -> Optional[pulumi.Input[str]]:
+    def backend(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The unique path this backend should be mounted at. Must
         not begin or end with a `/`. Defaults to `aws`
@@ -154,12 +262,25 @@ class _SecretBackendStaticRoleState:
         return pulumi.get(self, "backend")
 
     @backend.setter
-    def backend(self, value: Optional[pulumi.Input[str]]):
+    def backend(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "backend", value)
 
+    @property
+    @pulumi.getter(name="externalId")
+    def external_id(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        Specifies the external ID to use when assuming the role.
+        Requires Vault 1.19+. *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "external_id")
+
+    @external_id.setter
+    def external_id(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "external_id", value)
+
     @property
     @pulumi.getter
-    def name(self) -> Optional[pulumi.Input[str]]:
+    def name(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The name to identify this role within the backend.
         Must be unique within the backend.
@@ -167,12 +288,12 @@ class _SecretBackendStaticRoleState:
         return pulumi.get(self, "name")
 
     @name.setter
-    def name(self, value: Optional[pulumi.Input[str]]):
+    def name(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "name", value)
 
     @property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[str]]:
+    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -182,31 +303,31 @@ class _SecretBackendStaticRoleState:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[str]]):
+    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "namespace", value)
 
     @property
     @pulumi.getter(name="rotationPeriod")
-    def rotation_period(self) -> Optional[pulumi.Input[int]]:
+    def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         How often Vault should rotate the password of the user entry.
         """
         return pulumi.get(self, "rotation_period")
 
     @rotation_period.setter
-    def rotation_period(self, value: Optional[pulumi.Input[int]]):
+    def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "rotation_period", value)
 
     @property
     @pulumi.getter
-    def username(self) -> Optional[pulumi.Input[str]]:
+    def username(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The username of the existing AWS IAM to manage password rotation for.
         """
         return pulumi.get(self, "username")
 
     @username.setter
-    def username(self, value: Optional[pulumi.Input[str]]):
+    def username(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "username", value)
 
 
@@ -215,11 +336,14 @@ class SecretBackendStaticRole(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 backend: Optional[pulumi.Input[str]] = None,
-                 name: Optional[pulumi.Input[str]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 rotation_period: Optional[pulumi.Input[int]] = None,
-                 username: Optional[pulumi.Input[str]] = None,
+                 assume_role_arn: Optional[pulumi.Input[builtins.str]] = None,
+                 assume_role_session_name: Optional[pulumi.Input[builtins.str]] = None,
+                 backend: Optional[pulumi.Input[builtins.str]] = None,
+                 external_id: Optional[pulumi.Input[builtins.str]] = None,
+                 name: Optional[pulumi.Input[builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_period: Optional[pulumi.Input[builtins.int]] = None,
+                 username: Optional[pulumi.Input[builtins.str]] = None,
                  __props__=None):
         """
         ## Example Usage
@@ -238,6 +362,23 @@ class SecretBackendStaticRole(pulumi.CustomResource):
             rotation_period=3600)
         ```
 
+        ```python
+        import pulumi
+        import pulumi_vault as vault
+
+        aws = vault.aws.SecretBackend("aws",
+            path="my-aws",
+            description="Obtain AWS credentials.")
+        assume_role = vault.aws.SecretBackendStaticRole("assume-role",
+            backend=aws.path,
+            name="assume-role-test",
+            username="my-assume-role-user",
+            assume_role_arn="arn:aws:iam::123456789012:role/assume-role",
+            assume_role_session_name="assume-role-session",
+            external_id="test-id",
+            rotation_period=3600)
+        ```
+
         ## Import
 
         AWS secret backend static role can be imported using the full path to the role
@@ -249,16 +390,25 @@ class SecretBackendStaticRole(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] backend: The unique path this backend should be mounted at. Must
+        :param pulumi.Input[builtins.str] assume_role_arn: Specifies the ARN of the role that Vault should assume.
+               When provided, Vault will use AWS STS to assume this role and generate temporary credentials.
+               If `assume_role_arn` is provided, `assume_role_session_name` must also be provided.
+               Requires Vault 1.19+. *Available only for Vault Enterprise*.
+        :param pulumi.Input[builtins.str] assume_role_session_name: Specifies the session name to use when assuming the role.
+               If `assume_role_session_name` is provided, `assume_role_arn` must also be provided.
+               Requires Vault 1.19+. *Available only for Vault Enterprise*.
+        :param pulumi.Input[builtins.str] backend: The unique path this backend should be mounted at. Must
                not begin or end with a `/`. Defaults to `aws`
-        :param pulumi.Input[str] name: The name to identify this role within the backend.
+        :param pulumi.Input[builtins.str] external_id: Specifies the external ID to use when assuming the role.
+               Requires Vault 1.19+. *Available only for Vault Enterprise*.
+        :param pulumi.Input[builtins.str] name: The name to identify this role within the backend.
                Must be unique within the backend.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[int] rotation_period: How often Vault should rotate the password of the user entry.
-        :param pulumi.Input[str] username: The username of the existing AWS IAM to manage password rotation for.
+        :param pulumi.Input[builtins.int] rotation_period: How often Vault should rotate the password of the user entry.
+        :param pulumi.Input[builtins.str] username: The username of the existing AWS IAM to manage password rotation for.
         """
         ...
     @overload
@@ -283,6 +433,23 @@ class SecretBackendStaticRole(pulumi.CustomResource):
             rotation_period=3600)
         ```
 
+        ```python
+        import pulumi
+        import pulumi_vault as vault
+
+        aws = vault.aws.SecretBackend("aws",
+            path="my-aws",
+            description="Obtain AWS credentials.")
+        assume_role = vault.aws.SecretBackendStaticRole("assume-role",
+            backend=aws.path,
+            name="assume-role-test",
+            username="my-assume-role-user",
+            assume_role_arn="arn:aws:iam::123456789012:role/assume-role",
+            assume_role_session_name="assume-role-session",
+            external_id="test-id",
+            rotation_period=3600)
+        ```
+
         ## Import
 
         AWS secret backend static role can be imported using the full path to the role
@@ -307,11 +474,14 @@ class SecretBackendStaticRole(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 backend: Optional[pulumi.Input[str]] = None,
-                 name: Optional[pulumi.Input[str]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 rotation_period: Optional[pulumi.Input[int]] = None,
-                 username: Optional[pulumi.Input[str]] = None,
+                 assume_role_arn: Optional[pulumi.Input[builtins.str]] = None,
+                 assume_role_session_name: Optional[pulumi.Input[builtins.str]] = None,
+                 backend: Optional[pulumi.Input[builtins.str]] = None,
+                 external_id: Optional[pulumi.Input[builtins.str]] = None,
+                 name: Optional[pulumi.Input[builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_period: Optional[pulumi.Input[builtins.int]] = None,
+                 username: Optional[pulumi.Input[builtins.str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -321,7 +491,10 @@ class SecretBackendStaticRole(pulumi.CustomResource):
                 raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
             __props__ = SecretBackendStaticRoleArgs.__new__(SecretBackendStaticRoleArgs)
 
+            __props__.__dict__["assume_role_arn"] = assume_role_arn
+            __props__.__dict__["assume_role_session_name"] = assume_role_session_name
             __props__.__dict__["backend"] = backend
+            __props__.__dict__["external_id"] = external_id
             __props__.__dict__["name"] = name
             __props__.__dict__["namespace"] = namespace
             if rotation_period is None and not opts.urn:
@@ -340,11 +513,14 @@ class SecretBackendStaticRole(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            backend: Optional[pulumi.Input[str]] = None,
-            name: Optional[pulumi.Input[str]] = None,
-            namespace: Optional[pulumi.Input[str]] = None,
-            rotation_period: Optional[pulumi.Input[int]] = None,
-            username: Optional[pulumi.Input[str]] = None) -> 'SecretBackendStaticRole':
+            assume_role_arn: Optional[pulumi.Input[builtins.str]] = None,
+            assume_role_session_name: Optional[pulumi.Input[builtins.str]] = None,
+            backend: Optional[pulumi.Input[builtins.str]] = None,
+            external_id: Optional[pulumi.Input[builtins.str]] = None,
+            name: Optional[pulumi.Input[builtins.str]] = None,
+            namespace: Optional[pulumi.Input[builtins.str]] = None,
+            rotation_period: Optional[pulumi.Input[builtins.int]] = None,
+            username: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackendStaticRole':
         """
         Get an existing SecretBackendStaticRole resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -352,40 +528,82 @@ class SecretBackendStaticRole(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] backend: The unique path this backend should be mounted at. Must
+        :param pulumi.Input[builtins.str] assume_role_arn: Specifies the ARN of the role that Vault should assume.
+               When provided, Vault will use AWS STS to assume this role and generate temporary credentials.
+               If `assume_role_arn` is provided, `assume_role_session_name` must also be provided.
+               Requires Vault 1.19+. *Available only for Vault Enterprise*.
+        :param pulumi.Input[builtins.str] assume_role_session_name: Specifies the session name to use when assuming the role.
+               If `assume_role_session_name` is provided, `assume_role_arn` must also be provided.
+               Requires Vault 1.19+. *Available only for Vault Enterprise*.
+        :param pulumi.Input[builtins.str] backend: The unique path this backend should be mounted at. Must
                not begin or end with a `/`. Defaults to `aws`
-        :param pulumi.Input[str] name: The name to identify this role within the backend.
+        :param pulumi.Input[builtins.str] external_id: Specifies the external ID to use when assuming the role.
+               Requires Vault 1.19+. *Available only for Vault Enterprise*.
+        :param pulumi.Input[builtins.str] name: The name to identify this role within the backend.
                Must be unique within the backend.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[int] rotation_period: How often Vault should rotate the password of the user entry.
-        :param pulumi.Input[str] username: The username of the existing AWS IAM to manage password rotation for.
+        :param pulumi.Input[builtins.int] rotation_period: How often Vault should rotate the password of the user entry.
+        :param pulumi.Input[builtins.str] username: The username of the existing AWS IAM to manage password rotation for.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
         __props__ = _SecretBackendStaticRoleState.__new__(_SecretBackendStaticRoleState)
 
+        __props__.__dict__["assume_role_arn"] = assume_role_arn
+        __props__.__dict__["assume_role_session_name"] = assume_role_session_name
         __props__.__dict__["backend"] = backend
+        __props__.__dict__["external_id"] = external_id
         __props__.__dict__["name"] = name
         __props__.__dict__["namespace"] = namespace
         __props__.__dict__["rotation_period"] = rotation_period
         __props__.__dict__["username"] = username
         return SecretBackendStaticRole(resource_name, opts=opts, __props__=__props__)
 
+    @property
+    @pulumi.getter(name="assumeRoleArn")
+    def assume_role_arn(self) -> pulumi.Output[Optional[builtins.str]]:
+        """
+        Specifies the ARN of the role that Vault should assume.
+        When provided, Vault will use AWS STS to assume this role and generate temporary credentials.
+        If `assume_role_arn` is provided, `assume_role_session_name` must also be provided.
+        Requires Vault 1.19+. *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "assume_role_arn")
+
+    @property
+    @pulumi.getter(name="assumeRoleSessionName")
+    def assume_role_session_name(self) -> pulumi.Output[Optional[builtins.str]]:
+        """
+        Specifies the session name to use when assuming the role.
+        If `assume_role_session_name` is provided, `assume_role_arn` must also be provided.
+        Requires Vault 1.19+. *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "assume_role_session_name")
+
     @property
     @pulumi.getter
-    def backend(self) -> pulumi.Output[Optional[str]]:
+    def backend(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         The unique path this backend should be mounted at. Must
         not begin or end with a `/`. Defaults to `aws`
         """
         return pulumi.get(self, "backend")
 
+    @property
+    @pulumi.getter(name="externalId")
+    def external_id(self) -> pulumi.Output[Optional[builtins.str]]:
+        """
+        Specifies the external ID to use when assuming the role.
+        Requires Vault 1.19+. *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "external_id")
+
     @property
     @pulumi.getter
-    def name(self) -> pulumi.Output[str]:
+    def name(self) -> pulumi.Output[builtins.str]:
         """
         The name to identify this role within the backend.
         Must be unique within the backend.
@@ -394,7 +612,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def namespace(self) -> pulumi.Output[Optional[str]]:
+    def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -405,7 +623,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="rotationPeriod")
-    def rotation_period(self) -> pulumi.Output[int]:
+    def rotation_period(self) -> pulumi.Output[builtins.int]:
         """
         How often Vault should rotate the password of the user entry.
         """
@@ -413,7 +631,7 @@ class SecretBackendStaticRole(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def username(self) -> pulumi.Output[str]:
+    def username(self) -> pulumi.Output[builtins.str]:
         """
         The username of the existing AWS IAM to manage password rotation for.
         """

pulumi_vault/azure/__init__.py

@@ -2,6 +2,7 @@
 # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
+import builtins
 from .. import _utilities
 import typing
 # Export this package's modules as members: