pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (264) hide show
  1. pulumi_vault/__init__.py +9 -0
  2. pulumi_vault/_inputs.py +583 -562
  3. pulumi_vault/ad/__init__.py +1 -0
  4. pulumi_vault/ad/get_access_credentials.py +20 -19
  5. pulumi_vault/ad/secret_backend.py +477 -476
  6. pulumi_vault/ad/secret_library.py +99 -98
  7. pulumi_vault/ad/secret_role.py +85 -84
  8. pulumi_vault/alicloud/__init__.py +1 -0
  9. pulumi_vault/alicloud/auth_backend_role.py +183 -182
  10. pulumi_vault/approle/__init__.py +1 -0
  11. pulumi_vault/approle/auth_backend_login.py +106 -105
  12. pulumi_vault/approle/auth_backend_role.py +239 -238
  13. pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
  14. pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
  15. pulumi_vault/audit.py +85 -84
  16. pulumi_vault/audit_request_header.py +43 -42
  17. pulumi_vault/auth_backend.py +106 -105
  18. pulumi_vault/aws/__init__.py +1 -0
  19. pulumi_vault/aws/auth_backend_cert.py +71 -70
  20. pulumi_vault/aws/auth_backend_client.py +425 -200
  21. pulumi_vault/aws/auth_backend_config_identity.py +85 -84
  22. pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
  23. pulumi_vault/aws/auth_backend_login.py +209 -208
  24. pulumi_vault/aws/auth_backend_role.py +400 -399
  25. pulumi_vault/aws/auth_backend_role_tag.py +127 -126
  26. pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
  27. pulumi_vault/aws/auth_backend_sts_role.py +71 -70
  28. pulumi_vault/aws/get_access_credentials.py +44 -43
  29. pulumi_vault/aws/get_static_access_credentials.py +13 -12
  30. pulumi_vault/aws/secret_backend.py +523 -306
  31. pulumi_vault/aws/secret_backend_role.py +211 -210
  32. pulumi_vault/aws/secret_backend_static_role.py +288 -70
  33. pulumi_vault/azure/__init__.py +1 -0
  34. pulumi_vault/azure/_inputs.py +21 -20
  35. pulumi_vault/azure/auth_backend_config.py +383 -130
  36. pulumi_vault/azure/auth_backend_role.py +253 -252
  37. pulumi_vault/azure/backend.py +432 -186
  38. pulumi_vault/azure/backend_role.py +188 -140
  39. pulumi_vault/azure/get_access_credentials.py +58 -57
  40. pulumi_vault/azure/outputs.py +11 -10
  41. pulumi_vault/cert_auth_backend_role.py +365 -364
  42. pulumi_vault/config/__init__.py +1 -0
  43. pulumi_vault/config/__init__.pyi +1 -0
  44. pulumi_vault/config/_inputs.py +11 -10
  45. pulumi_vault/config/outputs.py +287 -286
  46. pulumi_vault/config/ui_custom_message.py +113 -112
  47. pulumi_vault/config/vars.py +1 -0
  48. pulumi_vault/consul/__init__.py +1 -0
  49. pulumi_vault/consul/secret_backend.py +197 -196
  50. pulumi_vault/consul/secret_backend_role.py +183 -182
  51. pulumi_vault/database/__init__.py +1 -0
  52. pulumi_vault/database/_inputs.py +3857 -2200
  53. pulumi_vault/database/outputs.py +2483 -1330
  54. pulumi_vault/database/secret_backend_connection.py +333 -112
  55. pulumi_vault/database/secret_backend_role.py +169 -168
  56. pulumi_vault/database/secret_backend_static_role.py +283 -140
  57. pulumi_vault/database/secrets_mount.py +275 -266
  58. pulumi_vault/egp_policy.py +71 -70
  59. pulumi_vault/gcp/__init__.py +1 -0
  60. pulumi_vault/gcp/_inputs.py +82 -81
  61. pulumi_vault/gcp/auth_backend.py +426 -205
  62. pulumi_vault/gcp/auth_backend_role.py +281 -280
  63. pulumi_vault/gcp/get_auth_backend_role.py +70 -69
  64. pulumi_vault/gcp/outputs.py +50 -49
  65. pulumi_vault/gcp/secret_backend.py +420 -179
  66. pulumi_vault/gcp/secret_impersonated_account.py +92 -91
  67. pulumi_vault/gcp/secret_roleset.py +92 -91
  68. pulumi_vault/gcp/secret_static_account.py +92 -91
  69. pulumi_vault/generic/__init__.py +1 -0
  70. pulumi_vault/generic/endpoint.py +113 -112
  71. pulumi_vault/generic/get_secret.py +28 -27
  72. pulumi_vault/generic/secret.py +78 -77
  73. pulumi_vault/get_auth_backend.py +19 -18
  74. pulumi_vault/get_auth_backends.py +14 -13
  75. pulumi_vault/get_namespace.py +15 -14
  76. pulumi_vault/get_namespaces.py +68 -18
  77. pulumi_vault/get_nomad_access_token.py +19 -18
  78. pulumi_vault/get_policy_document.py +6 -5
  79. pulumi_vault/get_raft_autopilot_state.py +18 -17
  80. pulumi_vault/github/__init__.py +1 -0
  81. pulumi_vault/github/_inputs.py +42 -41
  82. pulumi_vault/github/auth_backend.py +232 -231
  83. pulumi_vault/github/outputs.py +26 -25
  84. pulumi_vault/github/team.py +57 -56
  85. pulumi_vault/github/user.py +57 -56
  86. pulumi_vault/identity/__init__.py +1 -0
  87. pulumi_vault/identity/entity.py +85 -84
  88. pulumi_vault/identity/entity_alias.py +71 -70
  89. pulumi_vault/identity/entity_policies.py +64 -63
  90. pulumi_vault/identity/get_entity.py +43 -42
  91. pulumi_vault/identity/get_group.py +50 -49
  92. pulumi_vault/identity/get_oidc_client_creds.py +14 -13
  93. pulumi_vault/identity/get_oidc_openid_config.py +24 -23
  94. pulumi_vault/identity/get_oidc_public_keys.py +13 -12
  95. pulumi_vault/identity/group.py +141 -140
  96. pulumi_vault/identity/group_alias.py +57 -56
  97. pulumi_vault/identity/group_member_entity_ids.py +57 -56
  98. pulumi_vault/identity/group_member_group_ids.py +57 -56
  99. pulumi_vault/identity/group_policies.py +64 -63
  100. pulumi_vault/identity/mfa_duo.py +148 -147
  101. pulumi_vault/identity/mfa_login_enforcement.py +120 -119
  102. pulumi_vault/identity/mfa_okta.py +134 -133
  103. pulumi_vault/identity/mfa_pingid.py +127 -126
  104. pulumi_vault/identity/mfa_totp.py +176 -175
  105. pulumi_vault/identity/oidc.py +29 -28
  106. pulumi_vault/identity/oidc_assignment.py +57 -56
  107. pulumi_vault/identity/oidc_client.py +127 -126
  108. pulumi_vault/identity/oidc_key.py +85 -84
  109. pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
  110. pulumi_vault/identity/oidc_provider.py +92 -91
  111. pulumi_vault/identity/oidc_role.py +85 -84
  112. pulumi_vault/identity/oidc_scope.py +57 -56
  113. pulumi_vault/identity/outputs.py +32 -31
  114. pulumi_vault/jwt/__init__.py +1 -0
  115. pulumi_vault/jwt/_inputs.py +42 -41
  116. pulumi_vault/jwt/auth_backend.py +288 -287
  117. pulumi_vault/jwt/auth_backend_role.py +407 -406
  118. pulumi_vault/jwt/outputs.py +26 -25
  119. pulumi_vault/kmip/__init__.py +1 -0
  120. pulumi_vault/kmip/secret_backend.py +183 -182
  121. pulumi_vault/kmip/secret_role.py +295 -294
  122. pulumi_vault/kmip/secret_scope.py +57 -56
  123. pulumi_vault/kubernetes/__init__.py +1 -0
  124. pulumi_vault/kubernetes/auth_backend_config.py +141 -140
  125. pulumi_vault/kubernetes/auth_backend_role.py +225 -224
  126. pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
  127. pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
  128. pulumi_vault/kubernetes/get_service_account_token.py +38 -37
  129. pulumi_vault/kubernetes/secret_backend.py +316 -315
  130. pulumi_vault/kubernetes/secret_backend_role.py +197 -196
  131. pulumi_vault/kv/__init__.py +1 -0
  132. pulumi_vault/kv/_inputs.py +21 -20
  133. pulumi_vault/kv/get_secret.py +17 -16
  134. pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
  135. pulumi_vault/kv/get_secret_v2.py +29 -28
  136. pulumi_vault/kv/get_secrets_list.py +13 -12
  137. pulumi_vault/kv/get_secrets_list_v2.py +19 -18
  138. pulumi_vault/kv/outputs.py +13 -12
  139. pulumi_vault/kv/secret.py +50 -49
  140. pulumi_vault/kv/secret_backend_v2.py +71 -70
  141. pulumi_vault/kv/secret_v2.py +134 -133
  142. pulumi_vault/ldap/__init__.py +1 -0
  143. pulumi_vault/ldap/auth_backend.py +754 -533
  144. pulumi_vault/ldap/auth_backend_group.py +57 -56
  145. pulumi_vault/ldap/auth_backend_user.py +71 -70
  146. pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
  147. pulumi_vault/ldap/get_static_credentials.py +18 -17
  148. pulumi_vault/ldap/secret_backend.py +720 -499
  149. pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
  150. pulumi_vault/ldap/secret_backend_library_set.py +99 -98
  151. pulumi_vault/ldap/secret_backend_static_role.py +99 -98
  152. pulumi_vault/managed/__init__.py +1 -0
  153. pulumi_vault/managed/_inputs.py +229 -228
  154. pulumi_vault/managed/keys.py +15 -14
  155. pulumi_vault/managed/outputs.py +139 -138
  156. pulumi_vault/mfa_duo.py +113 -112
  157. pulumi_vault/mfa_okta.py +113 -112
  158. pulumi_vault/mfa_pingid.py +120 -119
  159. pulumi_vault/mfa_totp.py +127 -126
  160. pulumi_vault/mongodbatlas/__init__.py +1 -0
  161. pulumi_vault/mongodbatlas/secret_backend.py +64 -63
  162. pulumi_vault/mongodbatlas/secret_role.py +155 -154
  163. pulumi_vault/mount.py +274 -273
  164. pulumi_vault/namespace.py +64 -63
  165. pulumi_vault/nomad_secret_backend.py +211 -210
  166. pulumi_vault/nomad_secret_role.py +85 -84
  167. pulumi_vault/okta/__init__.py +1 -0
  168. pulumi_vault/okta/_inputs.py +26 -25
  169. pulumi_vault/okta/auth_backend.py +274 -273
  170. pulumi_vault/okta/auth_backend_group.py +57 -56
  171. pulumi_vault/okta/auth_backend_user.py +71 -70
  172. pulumi_vault/okta/outputs.py +16 -15
  173. pulumi_vault/outputs.py +73 -60
  174. pulumi_vault/password_policy.py +43 -42
  175. pulumi_vault/pkisecret/__init__.py +3 -0
  176. pulumi_vault/pkisecret/_inputs.py +31 -36
  177. pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
  178. pulumi_vault/pkisecret/backend_config_acme.py +174 -126
  179. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
  180. pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
  181. pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
  182. pulumi_vault/pkisecret/backend_config_est.py +120 -119
  183. pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
  184. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
  185. pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
  186. pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
  187. pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
  188. pulumi_vault/pkisecret/get_backend_key.py +20 -19
  189. pulumi_vault/pkisecret/get_backend_keys.py +15 -14
  190. pulumi_vault/pkisecret/outputs.py +28 -31
  191. pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
  192. pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
  193. pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
  194. pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
  195. pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
  196. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
  197. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
  198. pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
  199. pulumi_vault/pkisecret/secret_backend_key.py +120 -119
  200. pulumi_vault/pkisecret/secret_backend_role.py +894 -644
  201. pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
  202. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
  203. pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
  204. pulumi_vault/plugin.py +127 -126
  205. pulumi_vault/plugin_pinned_version.py +43 -42
  206. pulumi_vault/policy.py +43 -42
  207. pulumi_vault/provider.py +120 -119
  208. pulumi_vault/pulumi-plugin.json +1 -1
  209. pulumi_vault/quota_lease_count.py +85 -84
  210. pulumi_vault/quota_rate_limit.py +113 -112
  211. pulumi_vault/rabbitmq/__init__.py +1 -0
  212. pulumi_vault/rabbitmq/_inputs.py +41 -40
  213. pulumi_vault/rabbitmq/outputs.py +25 -24
  214. pulumi_vault/rabbitmq/secret_backend.py +169 -168
  215. pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
  216. pulumi_vault/raft_autopilot.py +113 -112
  217. pulumi_vault/raft_snapshot_agent_config.py +393 -392
  218. pulumi_vault/rgp_policy.py +57 -56
  219. pulumi_vault/saml/__init__.py +1 -0
  220. pulumi_vault/saml/auth_backend.py +155 -154
  221. pulumi_vault/saml/auth_backend_role.py +239 -238
  222. pulumi_vault/secrets/__init__.py +1 -0
  223. pulumi_vault/secrets/_inputs.py +16 -15
  224. pulumi_vault/secrets/outputs.py +10 -9
  225. pulumi_vault/secrets/sync_association.py +71 -70
  226. pulumi_vault/secrets/sync_aws_destination.py +148 -147
  227. pulumi_vault/secrets/sync_azure_destination.py +148 -147
  228. pulumi_vault/secrets/sync_config.py +43 -42
  229. pulumi_vault/secrets/sync_gcp_destination.py +106 -105
  230. pulumi_vault/secrets/sync_gh_destination.py +134 -133
  231. pulumi_vault/secrets/sync_github_apps.py +64 -63
  232. pulumi_vault/secrets/sync_vercel_destination.py +120 -119
  233. pulumi_vault/ssh/__init__.py +2 -0
  234. pulumi_vault/ssh/_inputs.py +11 -10
  235. pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
  236. pulumi_vault/ssh/outputs.py +7 -6
  237. pulumi_vault/ssh/secret_backend_ca.py +99 -98
  238. pulumi_vault/ssh/secret_backend_role.py +365 -364
  239. pulumi_vault/terraformcloud/__init__.py +1 -0
  240. pulumi_vault/terraformcloud/secret_backend.py +111 -110
  241. pulumi_vault/terraformcloud/secret_creds.py +74 -73
  242. pulumi_vault/terraformcloud/secret_role.py +96 -95
  243. pulumi_vault/token.py +246 -245
  244. pulumi_vault/tokenauth/__init__.py +1 -0
  245. pulumi_vault/tokenauth/auth_backend_role.py +267 -266
  246. pulumi_vault/transform/__init__.py +1 -0
  247. pulumi_vault/transform/alphabet.py +57 -56
  248. pulumi_vault/transform/get_decode.py +47 -46
  249. pulumi_vault/transform/get_encode.py +47 -46
  250. pulumi_vault/transform/role.py +57 -56
  251. pulumi_vault/transform/template.py +113 -112
  252. pulumi_vault/transform/transformation.py +141 -140
  253. pulumi_vault/transit/__init__.py +3 -0
  254. pulumi_vault/transit/get_decrypt.py +18 -17
  255. pulumi_vault/transit/get_encrypt.py +21 -20
  256. pulumi_vault/transit/get_sign.py +325 -0
  257. pulumi_vault/transit/get_verify.py +355 -0
  258. pulumi_vault/transit/secret_backend_key.py +394 -231
  259. pulumi_vault/transit/secret_cache_config.py +43 -42
  260. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
  261. pulumi_vault-6.7.0.dist-info/RECORD +265 -0
  262. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
  263. pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
  264. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
2
2
  # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
3
  # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
4
 
5
+ import builtins
5
6
  import copy
6
7
  import warnings
7
8
  import sys
@@ -21,57 +22,57 @@ __all__ = ['AuthBackendArgs', 'AuthBackend']
21
22
  @pulumi.input_type
22
23
  class AuthBackendArgs:
23
24
  def __init__(__self__, *,
24
- bound_issuer: Optional[pulumi.Input[str]] = None,
25
- default_role: Optional[pulumi.Input[str]] = None,
26
- description: Optional[pulumi.Input[str]] = None,
27
- disable_remount: Optional[pulumi.Input[bool]] = None,
28
- jwks_ca_pem: Optional[pulumi.Input[str]] = None,
29
- jwks_url: Optional[pulumi.Input[str]] = None,
30
- jwt_supported_algs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
31
- jwt_validation_pubkeys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
32
- local: Optional[pulumi.Input[bool]] = None,
33
- namespace: Optional[pulumi.Input[str]] = None,
34
- namespace_in_state: Optional[pulumi.Input[bool]] = None,
35
- oidc_client_id: Optional[pulumi.Input[str]] = None,
36
- oidc_client_secret: Optional[pulumi.Input[str]] = None,
37
- oidc_discovery_ca_pem: Optional[pulumi.Input[str]] = None,
38
- oidc_discovery_url: Optional[pulumi.Input[str]] = None,
39
- oidc_response_mode: Optional[pulumi.Input[str]] = None,
40
- oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
41
- path: Optional[pulumi.Input[str]] = None,
42
- provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
25
+ bound_issuer: Optional[pulumi.Input[builtins.str]] = None,
26
+ default_role: Optional[pulumi.Input[builtins.str]] = None,
27
+ description: Optional[pulumi.Input[builtins.str]] = None,
28
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
29
+ jwks_ca_pem: Optional[pulumi.Input[builtins.str]] = None,
30
+ jwks_url: Optional[pulumi.Input[builtins.str]] = None,
31
+ jwt_supported_algs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
32
+ jwt_validation_pubkeys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
33
+ local: Optional[pulumi.Input[builtins.bool]] = None,
34
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
35
+ namespace_in_state: Optional[pulumi.Input[builtins.bool]] = None,
36
+ oidc_client_id: Optional[pulumi.Input[builtins.str]] = None,
37
+ oidc_client_secret: Optional[pulumi.Input[builtins.str]] = None,
38
+ oidc_discovery_ca_pem: Optional[pulumi.Input[builtins.str]] = None,
39
+ oidc_discovery_url: Optional[pulumi.Input[builtins.str]] = None,
40
+ oidc_response_mode: Optional[pulumi.Input[builtins.str]] = None,
41
+ oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
42
+ path: Optional[pulumi.Input[builtins.str]] = None,
43
+ provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
43
44
  tune: Optional[pulumi.Input['AuthBackendTuneArgs']] = None,
44
- type: Optional[pulumi.Input[str]] = None):
45
+ type: Optional[pulumi.Input[builtins.str]] = None):
45
46
  """
46
47
  The set of arguments for constructing a AuthBackend resource.
47
- :param pulumi.Input[str] bound_issuer: The value against which to match the iss claim in a JWT
48
- :param pulumi.Input[str] default_role: The default role to use if none is provided during login
49
- :param pulumi.Input[str] description: The description of the auth backend
50
- :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
48
+ :param pulumi.Input[builtins.str] bound_issuer: The value against which to match the iss claim in a JWT
49
+ :param pulumi.Input[builtins.str] default_role: The default role to use if none is provided during login
50
+ :param pulumi.Input[builtins.str] description: The description of the auth backend
51
+ :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
51
52
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
52
- :param pulumi.Input[str] jwks_ca_pem: The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
53
- :param pulumi.Input[str] jwks_url: JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys".
54
- :param pulumi.Input[Sequence[pulumi.Input[str]]] jwt_supported_algs: A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
55
- :param pulumi.Input[Sequence[pulumi.Input[str]]] jwt_validation_pubkeys: A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidc_discovery_url`
56
- :param pulumi.Input[bool] local: Specifies if the auth method is local only.
57
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
53
+ :param pulumi.Input[builtins.str] jwks_ca_pem: The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
54
+ :param pulumi.Input[builtins.str] jwks_url: JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys".
55
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] jwt_supported_algs: A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
56
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] jwt_validation_pubkeys: A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidc_discovery_url`
57
+ :param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
58
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
58
59
  The value should not contain leading or trailing forward slashes.
59
60
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
60
61
  *Available only for Vault Enterprise*.
61
- :param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
62
+ :param pulumi.Input[builtins.bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
62
63
 
63
64
  * tune - (Optional) Extra configuration block. Structure is documented below.
64
65
 
65
66
  The `tune` block is used to tune the auth backend:
66
- :param pulumi.Input[str] oidc_client_id: Client ID used for OIDC backends
67
- :param pulumi.Input[str] oidc_client_secret: Client Secret used for OIDC backends
68
- :param pulumi.Input[str] oidc_discovery_ca_pem: The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used
69
- :param pulumi.Input[str] oidc_discovery_url: The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with `jwt_validation_pubkeys`
70
- :param pulumi.Input[str] oidc_response_mode: The response mode to be used in the OAuth2 request. Allowed values are `query` and `form_post`. Defaults to `query`. If using Vault namespaces, and `oidc_response_mode` is `form_post`, then `namespace_in_state` should be set to `false`.
71
- :param pulumi.Input[Sequence[pulumi.Input[str]]] oidc_response_types: List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to `["code"]`. Note: `id_token` may only be used if `oidc_response_mode` is set to `form_post`.
72
- :param pulumi.Input[str] path: Path to mount the JWT/OIDC auth backend
73
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] provider_config: Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault.
74
- :param pulumi.Input[str] type: Type of auth backend. Should be one of `jwt` or `oidc`. Default - `jwt`
67
+ :param pulumi.Input[builtins.str] oidc_client_id: Client ID used for OIDC backends
68
+ :param pulumi.Input[builtins.str] oidc_client_secret: Client Secret used for OIDC backends
69
+ :param pulumi.Input[builtins.str] oidc_discovery_ca_pem: The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used
70
+ :param pulumi.Input[builtins.str] oidc_discovery_url: The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with `jwt_validation_pubkeys`
71
+ :param pulumi.Input[builtins.str] oidc_response_mode: The response mode to be used in the OAuth2 request. Allowed values are `query` and `form_post`. Defaults to `query`. If using Vault namespaces, and `oidc_response_mode` is `form_post`, then `namespace_in_state` should be set to `false`.
72
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] oidc_response_types: List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to `["code"]`. Note: `id_token` may only be used if `oidc_response_mode` is set to `form_post`.
73
+ :param pulumi.Input[builtins.str] path: Path to mount the JWT/OIDC auth backend
74
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] provider_config: Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault.
75
+ :param pulumi.Input[builtins.str] type: Type of auth backend. Should be one of `jwt` or `oidc`. Default - `jwt`
75
76
  """
76
77
  if bound_issuer is not None:
77
78
  pulumi.set(__self__, "bound_issuer", bound_issuer)
@@ -118,43 +119,43 @@ class AuthBackendArgs:
118
119
 
119
120
  @property
120
121
  @pulumi.getter(name="boundIssuer")
121
- def bound_issuer(self) -> Optional[pulumi.Input[str]]:
122
+ def bound_issuer(self) -> Optional[pulumi.Input[builtins.str]]:
122
123
  """
123
124
  The value against which to match the iss claim in a JWT
124
125
  """
125
126
  return pulumi.get(self, "bound_issuer")
126
127
 
127
128
  @bound_issuer.setter
128
- def bound_issuer(self, value: Optional[pulumi.Input[str]]):
129
+ def bound_issuer(self, value: Optional[pulumi.Input[builtins.str]]):
129
130
  pulumi.set(self, "bound_issuer", value)
130
131
 
131
132
  @property
132
133
  @pulumi.getter(name="defaultRole")
133
- def default_role(self) -> Optional[pulumi.Input[str]]:
134
+ def default_role(self) -> Optional[pulumi.Input[builtins.str]]:
134
135
  """
135
136
  The default role to use if none is provided during login
136
137
  """
137
138
  return pulumi.get(self, "default_role")
138
139
 
139
140
  @default_role.setter
140
- def default_role(self, value: Optional[pulumi.Input[str]]):
141
+ def default_role(self, value: Optional[pulumi.Input[builtins.str]]):
141
142
  pulumi.set(self, "default_role", value)
142
143
 
143
144
  @property
144
145
  @pulumi.getter
145
- def description(self) -> Optional[pulumi.Input[str]]:
146
+ def description(self) -> Optional[pulumi.Input[builtins.str]]:
146
147
  """
147
148
  The description of the auth backend
148
149
  """
149
150
  return pulumi.get(self, "description")
150
151
 
151
152
  @description.setter
152
- def description(self, value: Optional[pulumi.Input[str]]):
153
+ def description(self, value: Optional[pulumi.Input[builtins.str]]):
153
154
  pulumi.set(self, "description", value)
154
155
 
155
156
  @property
156
157
  @pulumi.getter(name="disableRemount")
157
- def disable_remount(self) -> Optional[pulumi.Input[bool]]:
158
+ def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
158
159
  """
159
160
  If set, opts out of mount migration on path updates.
160
161
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
@@ -162,72 +163,72 @@ class AuthBackendArgs:
162
163
  return pulumi.get(self, "disable_remount")
163
164
 
164
165
  @disable_remount.setter
165
- def disable_remount(self, value: Optional[pulumi.Input[bool]]):
166
+ def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
166
167
  pulumi.set(self, "disable_remount", value)
167
168
 
168
169
  @property
169
170
  @pulumi.getter(name="jwksCaPem")
170
- def jwks_ca_pem(self) -> Optional[pulumi.Input[str]]:
171
+ def jwks_ca_pem(self) -> Optional[pulumi.Input[builtins.str]]:
171
172
  """
172
173
  The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
173
174
  """
174
175
  return pulumi.get(self, "jwks_ca_pem")
175
176
 
176
177
  @jwks_ca_pem.setter
177
- def jwks_ca_pem(self, value: Optional[pulumi.Input[str]]):
178
+ def jwks_ca_pem(self, value: Optional[pulumi.Input[builtins.str]]):
178
179
  pulumi.set(self, "jwks_ca_pem", value)
179
180
 
180
181
  @property
181
182
  @pulumi.getter(name="jwksUrl")
182
- def jwks_url(self) -> Optional[pulumi.Input[str]]:
183
+ def jwks_url(self) -> Optional[pulumi.Input[builtins.str]]:
183
184
  """
184
185
  JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys".
185
186
  """
186
187
  return pulumi.get(self, "jwks_url")
187
188
 
188
189
  @jwks_url.setter
189
- def jwks_url(self, value: Optional[pulumi.Input[str]]):
190
+ def jwks_url(self, value: Optional[pulumi.Input[builtins.str]]):
190
191
  pulumi.set(self, "jwks_url", value)
191
192
 
192
193
  @property
193
194
  @pulumi.getter(name="jwtSupportedAlgs")
194
- def jwt_supported_algs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
195
+ def jwt_supported_algs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
195
196
  """
196
197
  A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
197
198
  """
198
199
  return pulumi.get(self, "jwt_supported_algs")
199
200
 
200
201
  @jwt_supported_algs.setter
201
- def jwt_supported_algs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
202
+ def jwt_supported_algs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
202
203
  pulumi.set(self, "jwt_supported_algs", value)
203
204
 
204
205
  @property
205
206
  @pulumi.getter(name="jwtValidationPubkeys")
206
- def jwt_validation_pubkeys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
207
+ def jwt_validation_pubkeys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
207
208
  """
208
209
  A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidc_discovery_url`
209
210
  """
210
211
  return pulumi.get(self, "jwt_validation_pubkeys")
211
212
 
212
213
  @jwt_validation_pubkeys.setter
213
- def jwt_validation_pubkeys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
214
+ def jwt_validation_pubkeys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
214
215
  pulumi.set(self, "jwt_validation_pubkeys", value)
215
216
 
216
217
  @property
217
218
  @pulumi.getter
218
- def local(self) -> Optional[pulumi.Input[bool]]:
219
+ def local(self) -> Optional[pulumi.Input[builtins.bool]]:
219
220
  """
220
221
  Specifies if the auth method is local only.
221
222
  """
222
223
  return pulumi.get(self, "local")
223
224
 
224
225
  @local.setter
225
- def local(self, value: Optional[pulumi.Input[bool]]):
226
+ def local(self, value: Optional[pulumi.Input[builtins.bool]]):
226
227
  pulumi.set(self, "local", value)
227
228
 
228
229
  @property
229
230
  @pulumi.getter
230
- def namespace(self) -> Optional[pulumi.Input[str]]:
231
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
231
232
  """
232
233
  The namespace to provision the resource in.
233
234
  The value should not contain leading or trailing forward slashes.
@@ -237,12 +238,12 @@ class AuthBackendArgs:
237
238
  return pulumi.get(self, "namespace")
238
239
 
239
240
  @namespace.setter
240
- def namespace(self, value: Optional[pulumi.Input[str]]):
241
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
241
242
  pulumi.set(self, "namespace", value)
242
243
 
243
244
  @property
244
245
  @pulumi.getter(name="namespaceInState")
245
- def namespace_in_state(self) -> Optional[pulumi.Input[bool]]:
246
+ def namespace_in_state(self) -> Optional[pulumi.Input[builtins.bool]]:
246
247
  """
247
248
  Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
248
249
 
@@ -253,103 +254,103 @@ class AuthBackendArgs:
253
254
  return pulumi.get(self, "namespace_in_state")
254
255
 
255
256
  @namespace_in_state.setter
256
- def namespace_in_state(self, value: Optional[pulumi.Input[bool]]):
257
+ def namespace_in_state(self, value: Optional[pulumi.Input[builtins.bool]]):
257
258
  pulumi.set(self, "namespace_in_state", value)
258
259
 
259
260
  @property
260
261
  @pulumi.getter(name="oidcClientId")
261
- def oidc_client_id(self) -> Optional[pulumi.Input[str]]:
262
+ def oidc_client_id(self) -> Optional[pulumi.Input[builtins.str]]:
262
263
  """
263
264
  Client ID used for OIDC backends
264
265
  """
265
266
  return pulumi.get(self, "oidc_client_id")
266
267
 
267
268
  @oidc_client_id.setter
268
- def oidc_client_id(self, value: Optional[pulumi.Input[str]]):
269
+ def oidc_client_id(self, value: Optional[pulumi.Input[builtins.str]]):
269
270
  pulumi.set(self, "oidc_client_id", value)
270
271
 
271
272
  @property
272
273
  @pulumi.getter(name="oidcClientSecret")
273
- def oidc_client_secret(self) -> Optional[pulumi.Input[str]]:
274
+ def oidc_client_secret(self) -> Optional[pulumi.Input[builtins.str]]:
274
275
  """
275
276
  Client Secret used for OIDC backends
276
277
  """
277
278
  return pulumi.get(self, "oidc_client_secret")
278
279
 
279
280
  @oidc_client_secret.setter
280
- def oidc_client_secret(self, value: Optional[pulumi.Input[str]]):
281
+ def oidc_client_secret(self, value: Optional[pulumi.Input[builtins.str]]):
281
282
  pulumi.set(self, "oidc_client_secret", value)
282
283
 
283
284
  @property
284
285
  @pulumi.getter(name="oidcDiscoveryCaPem")
285
- def oidc_discovery_ca_pem(self) -> Optional[pulumi.Input[str]]:
286
+ def oidc_discovery_ca_pem(self) -> Optional[pulumi.Input[builtins.str]]:
286
287
  """
287
288
  The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used
288
289
  """
289
290
  return pulumi.get(self, "oidc_discovery_ca_pem")
290
291
 
291
292
  @oidc_discovery_ca_pem.setter
292
- def oidc_discovery_ca_pem(self, value: Optional[pulumi.Input[str]]):
293
+ def oidc_discovery_ca_pem(self, value: Optional[pulumi.Input[builtins.str]]):
293
294
  pulumi.set(self, "oidc_discovery_ca_pem", value)
294
295
 
295
296
  @property
296
297
  @pulumi.getter(name="oidcDiscoveryUrl")
297
- def oidc_discovery_url(self) -> Optional[pulumi.Input[str]]:
298
+ def oidc_discovery_url(self) -> Optional[pulumi.Input[builtins.str]]:
298
299
  """
299
300
  The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with `jwt_validation_pubkeys`
300
301
  """
301
302
  return pulumi.get(self, "oidc_discovery_url")
302
303
 
303
304
  @oidc_discovery_url.setter
304
- def oidc_discovery_url(self, value: Optional[pulumi.Input[str]]):
305
+ def oidc_discovery_url(self, value: Optional[pulumi.Input[builtins.str]]):
305
306
  pulumi.set(self, "oidc_discovery_url", value)
306
307
 
307
308
  @property
308
309
  @pulumi.getter(name="oidcResponseMode")
309
- def oidc_response_mode(self) -> Optional[pulumi.Input[str]]:
310
+ def oidc_response_mode(self) -> Optional[pulumi.Input[builtins.str]]:
310
311
  """
311
312
  The response mode to be used in the OAuth2 request. Allowed values are `query` and `form_post`. Defaults to `query`. If using Vault namespaces, and `oidc_response_mode` is `form_post`, then `namespace_in_state` should be set to `false`.
312
313
  """
313
314
  return pulumi.get(self, "oidc_response_mode")
314
315
 
315
316
  @oidc_response_mode.setter
316
- def oidc_response_mode(self, value: Optional[pulumi.Input[str]]):
317
+ def oidc_response_mode(self, value: Optional[pulumi.Input[builtins.str]]):
317
318
  pulumi.set(self, "oidc_response_mode", value)
318
319
 
319
320
  @property
320
321
  @pulumi.getter(name="oidcResponseTypes")
321
- def oidc_response_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
322
+ def oidc_response_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
322
323
  """
323
324
  List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to `["code"]`. Note: `id_token` may only be used if `oidc_response_mode` is set to `form_post`.
324
325
  """
325
326
  return pulumi.get(self, "oidc_response_types")
326
327
 
327
328
  @oidc_response_types.setter
328
- def oidc_response_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
329
+ def oidc_response_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
329
330
  pulumi.set(self, "oidc_response_types", value)
330
331
 
331
332
  @property
332
333
  @pulumi.getter
333
- def path(self) -> Optional[pulumi.Input[str]]:
334
+ def path(self) -> Optional[pulumi.Input[builtins.str]]:
334
335
  """
335
336
  Path to mount the JWT/OIDC auth backend
336
337
  """
337
338
  return pulumi.get(self, "path")
338
339
 
339
340
  @path.setter
340
- def path(self, value: Optional[pulumi.Input[str]]):
341
+ def path(self, value: Optional[pulumi.Input[builtins.str]]):
341
342
  pulumi.set(self, "path", value)
342
343
 
343
344
  @property
344
345
  @pulumi.getter(name="providerConfig")
345
- def provider_config(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
346
+ def provider_config(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
346
347
  """
347
348
  Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault.
348
349
  """
349
350
  return pulumi.get(self, "provider_config")
350
351
 
351
352
  @provider_config.setter
352
- def provider_config(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
353
+ def provider_config(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
353
354
  pulumi.set(self, "provider_config", value)
354
355
 
355
356
  @property
@@ -363,73 +364,73 @@ class AuthBackendArgs:
363
364
 
364
365
  @property
365
366
  @pulumi.getter
366
- def type(self) -> Optional[pulumi.Input[str]]:
367
+ def type(self) -> Optional[pulumi.Input[builtins.str]]:
367
368
  """
368
369
  Type of auth backend. Should be one of `jwt` or `oidc`. Default - `jwt`
369
370
  """
370
371
  return pulumi.get(self, "type")
371
372
 
372
373
  @type.setter
373
- def type(self, value: Optional[pulumi.Input[str]]):
374
+ def type(self, value: Optional[pulumi.Input[builtins.str]]):
374
375
  pulumi.set(self, "type", value)
375
376
 
376
377
 
377
378
  @pulumi.input_type
378
379
  class _AuthBackendState:
379
380
  def __init__(__self__, *,
380
- accessor: Optional[pulumi.Input[str]] = None,
381
- bound_issuer: Optional[pulumi.Input[str]] = None,
382
- default_role: Optional[pulumi.Input[str]] = None,
383
- description: Optional[pulumi.Input[str]] = None,
384
- disable_remount: Optional[pulumi.Input[bool]] = None,
385
- jwks_ca_pem: Optional[pulumi.Input[str]] = None,
386
- jwks_url: Optional[pulumi.Input[str]] = None,
387
- jwt_supported_algs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
388
- jwt_validation_pubkeys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
389
- local: Optional[pulumi.Input[bool]] = None,
390
- namespace: Optional[pulumi.Input[str]] = None,
391
- namespace_in_state: Optional[pulumi.Input[bool]] = None,
392
- oidc_client_id: Optional[pulumi.Input[str]] = None,
393
- oidc_client_secret: Optional[pulumi.Input[str]] = None,
394
- oidc_discovery_ca_pem: Optional[pulumi.Input[str]] = None,
395
- oidc_discovery_url: Optional[pulumi.Input[str]] = None,
396
- oidc_response_mode: Optional[pulumi.Input[str]] = None,
397
- oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
398
- path: Optional[pulumi.Input[str]] = None,
399
- provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
381
+ accessor: Optional[pulumi.Input[builtins.str]] = None,
382
+ bound_issuer: Optional[pulumi.Input[builtins.str]] = None,
383
+ default_role: Optional[pulumi.Input[builtins.str]] = None,
384
+ description: Optional[pulumi.Input[builtins.str]] = None,
385
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
386
+ jwks_ca_pem: Optional[pulumi.Input[builtins.str]] = None,
387
+ jwks_url: Optional[pulumi.Input[builtins.str]] = None,
388
+ jwt_supported_algs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
389
+ jwt_validation_pubkeys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
390
+ local: Optional[pulumi.Input[builtins.bool]] = None,
391
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
392
+ namespace_in_state: Optional[pulumi.Input[builtins.bool]] = None,
393
+ oidc_client_id: Optional[pulumi.Input[builtins.str]] = None,
394
+ oidc_client_secret: Optional[pulumi.Input[builtins.str]] = None,
395
+ oidc_discovery_ca_pem: Optional[pulumi.Input[builtins.str]] = None,
396
+ oidc_discovery_url: Optional[pulumi.Input[builtins.str]] = None,
397
+ oidc_response_mode: Optional[pulumi.Input[builtins.str]] = None,
398
+ oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
399
+ path: Optional[pulumi.Input[builtins.str]] = None,
400
+ provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
400
401
  tune: Optional[pulumi.Input['AuthBackendTuneArgs']] = None,
401
- type: Optional[pulumi.Input[str]] = None):
402
+ type: Optional[pulumi.Input[builtins.str]] = None):
402
403
  """
403
404
  Input properties used for looking up and filtering AuthBackend resources.
404
- :param pulumi.Input[str] accessor: The accessor for this auth method
405
- :param pulumi.Input[str] bound_issuer: The value against which to match the iss claim in a JWT
406
- :param pulumi.Input[str] default_role: The default role to use if none is provided during login
407
- :param pulumi.Input[str] description: The description of the auth backend
408
- :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
405
+ :param pulumi.Input[builtins.str] accessor: The accessor for this auth method
406
+ :param pulumi.Input[builtins.str] bound_issuer: The value against which to match the iss claim in a JWT
407
+ :param pulumi.Input[builtins.str] default_role: The default role to use if none is provided during login
408
+ :param pulumi.Input[builtins.str] description: The description of the auth backend
409
+ :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
409
410
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
410
- :param pulumi.Input[str] jwks_ca_pem: The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
411
- :param pulumi.Input[str] jwks_url: JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys".
412
- :param pulumi.Input[Sequence[pulumi.Input[str]]] jwt_supported_algs: A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
413
- :param pulumi.Input[Sequence[pulumi.Input[str]]] jwt_validation_pubkeys: A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidc_discovery_url`
414
- :param pulumi.Input[bool] local: Specifies if the auth method is local only.
415
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
411
+ :param pulumi.Input[builtins.str] jwks_ca_pem: The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
412
+ :param pulumi.Input[builtins.str] jwks_url: JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys".
413
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] jwt_supported_algs: A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
414
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] jwt_validation_pubkeys: A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidc_discovery_url`
415
+ :param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
416
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
416
417
  The value should not contain leading or trailing forward slashes.
417
418
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
418
419
  *Available only for Vault Enterprise*.
419
- :param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
420
+ :param pulumi.Input[builtins.bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
420
421
 
421
422
  * tune - (Optional) Extra configuration block. Structure is documented below.
422
423
 
423
424
  The `tune` block is used to tune the auth backend:
424
- :param pulumi.Input[str] oidc_client_id: Client ID used for OIDC backends
425
- :param pulumi.Input[str] oidc_client_secret: Client Secret used for OIDC backends
426
- :param pulumi.Input[str] oidc_discovery_ca_pem: The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used
427
- :param pulumi.Input[str] oidc_discovery_url: The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with `jwt_validation_pubkeys`
428
- :param pulumi.Input[str] oidc_response_mode: The response mode to be used in the OAuth2 request. Allowed values are `query` and `form_post`. Defaults to `query`. If using Vault namespaces, and `oidc_response_mode` is `form_post`, then `namespace_in_state` should be set to `false`.
429
- :param pulumi.Input[Sequence[pulumi.Input[str]]] oidc_response_types: List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to `["code"]`. Note: `id_token` may only be used if `oidc_response_mode` is set to `form_post`.
430
- :param pulumi.Input[str] path: Path to mount the JWT/OIDC auth backend
431
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] provider_config: Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault.
432
- :param pulumi.Input[str] type: Type of auth backend. Should be one of `jwt` or `oidc`. Default - `jwt`
425
+ :param pulumi.Input[builtins.str] oidc_client_id: Client ID used for OIDC backends
426
+ :param pulumi.Input[builtins.str] oidc_client_secret: Client Secret used for OIDC backends
427
+ :param pulumi.Input[builtins.str] oidc_discovery_ca_pem: The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used
428
+ :param pulumi.Input[builtins.str] oidc_discovery_url: The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with `jwt_validation_pubkeys`
429
+ :param pulumi.Input[builtins.str] oidc_response_mode: The response mode to be used in the OAuth2 request. Allowed values are `query` and `form_post`. Defaults to `query`. If using Vault namespaces, and `oidc_response_mode` is `form_post`, then `namespace_in_state` should be set to `false`.
430
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] oidc_response_types: List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to `["code"]`. Note: `id_token` may only be used if `oidc_response_mode` is set to `form_post`.
431
+ :param pulumi.Input[builtins.str] path: Path to mount the JWT/OIDC auth backend
432
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] provider_config: Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault.
433
+ :param pulumi.Input[builtins.str] type: Type of auth backend. Should be one of `jwt` or `oidc`. Default - `jwt`
433
434
  """
434
435
  if accessor is not None:
435
436
  pulumi.set(__self__, "accessor", accessor)
@@ -478,55 +479,55 @@ class _AuthBackendState:
478
479
 
479
480
  @property
480
481
  @pulumi.getter
481
- def accessor(self) -> Optional[pulumi.Input[str]]:
482
+ def accessor(self) -> Optional[pulumi.Input[builtins.str]]:
482
483
  """
483
484
  The accessor for this auth method
484
485
  """
485
486
  return pulumi.get(self, "accessor")
486
487
 
487
488
  @accessor.setter
488
- def accessor(self, value: Optional[pulumi.Input[str]]):
489
+ def accessor(self, value: Optional[pulumi.Input[builtins.str]]):
489
490
  pulumi.set(self, "accessor", value)
490
491
 
491
492
  @property
492
493
  @pulumi.getter(name="boundIssuer")
493
- def bound_issuer(self) -> Optional[pulumi.Input[str]]:
494
+ def bound_issuer(self) -> Optional[pulumi.Input[builtins.str]]:
494
495
  """
495
496
  The value against which to match the iss claim in a JWT
496
497
  """
497
498
  return pulumi.get(self, "bound_issuer")
498
499
 
499
500
  @bound_issuer.setter
500
- def bound_issuer(self, value: Optional[pulumi.Input[str]]):
501
+ def bound_issuer(self, value: Optional[pulumi.Input[builtins.str]]):
501
502
  pulumi.set(self, "bound_issuer", value)
502
503
 
503
504
  @property
504
505
  @pulumi.getter(name="defaultRole")
505
- def default_role(self) -> Optional[pulumi.Input[str]]:
506
+ def default_role(self) -> Optional[pulumi.Input[builtins.str]]:
506
507
  """
507
508
  The default role to use if none is provided during login
508
509
  """
509
510
  return pulumi.get(self, "default_role")
510
511
 
511
512
  @default_role.setter
512
- def default_role(self, value: Optional[pulumi.Input[str]]):
513
+ def default_role(self, value: Optional[pulumi.Input[builtins.str]]):
513
514
  pulumi.set(self, "default_role", value)
514
515
 
515
516
  @property
516
517
  @pulumi.getter
517
- def description(self) -> Optional[pulumi.Input[str]]:
518
+ def description(self) -> Optional[pulumi.Input[builtins.str]]:
518
519
  """
519
520
  The description of the auth backend
520
521
  """
521
522
  return pulumi.get(self, "description")
522
523
 
523
524
  @description.setter
524
- def description(self, value: Optional[pulumi.Input[str]]):
525
+ def description(self, value: Optional[pulumi.Input[builtins.str]]):
525
526
  pulumi.set(self, "description", value)
526
527
 
527
528
  @property
528
529
  @pulumi.getter(name="disableRemount")
529
- def disable_remount(self) -> Optional[pulumi.Input[bool]]:
530
+ def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
530
531
  """
531
532
  If set, opts out of mount migration on path updates.
532
533
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
@@ -534,72 +535,72 @@ class _AuthBackendState:
534
535
  return pulumi.get(self, "disable_remount")
535
536
 
536
537
  @disable_remount.setter
537
- def disable_remount(self, value: Optional[pulumi.Input[bool]]):
538
+ def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
538
539
  pulumi.set(self, "disable_remount", value)
539
540
 
540
541
  @property
541
542
  @pulumi.getter(name="jwksCaPem")
542
- def jwks_ca_pem(self) -> Optional[pulumi.Input[str]]:
543
+ def jwks_ca_pem(self) -> Optional[pulumi.Input[builtins.str]]:
543
544
  """
544
545
  The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
545
546
  """
546
547
  return pulumi.get(self, "jwks_ca_pem")
547
548
 
548
549
  @jwks_ca_pem.setter
549
- def jwks_ca_pem(self, value: Optional[pulumi.Input[str]]):
550
+ def jwks_ca_pem(self, value: Optional[pulumi.Input[builtins.str]]):
550
551
  pulumi.set(self, "jwks_ca_pem", value)
551
552
 
552
553
  @property
553
554
  @pulumi.getter(name="jwksUrl")
554
- def jwks_url(self) -> Optional[pulumi.Input[str]]:
555
+ def jwks_url(self) -> Optional[pulumi.Input[builtins.str]]:
555
556
  """
556
557
  JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys".
557
558
  """
558
559
  return pulumi.get(self, "jwks_url")
559
560
 
560
561
  @jwks_url.setter
561
- def jwks_url(self, value: Optional[pulumi.Input[str]]):
562
+ def jwks_url(self, value: Optional[pulumi.Input[builtins.str]]):
562
563
  pulumi.set(self, "jwks_url", value)
563
564
 
564
565
  @property
565
566
  @pulumi.getter(name="jwtSupportedAlgs")
566
- def jwt_supported_algs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
567
+ def jwt_supported_algs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
567
568
  """
568
569
  A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
569
570
  """
570
571
  return pulumi.get(self, "jwt_supported_algs")
571
572
 
572
573
  @jwt_supported_algs.setter
573
- def jwt_supported_algs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
574
+ def jwt_supported_algs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
574
575
  pulumi.set(self, "jwt_supported_algs", value)
575
576
 
576
577
  @property
577
578
  @pulumi.getter(name="jwtValidationPubkeys")
578
- def jwt_validation_pubkeys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
579
+ def jwt_validation_pubkeys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
579
580
  """
580
581
  A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidc_discovery_url`
581
582
  """
582
583
  return pulumi.get(self, "jwt_validation_pubkeys")
583
584
 
584
585
  @jwt_validation_pubkeys.setter
585
- def jwt_validation_pubkeys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
586
+ def jwt_validation_pubkeys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
586
587
  pulumi.set(self, "jwt_validation_pubkeys", value)
587
588
 
588
589
  @property
589
590
  @pulumi.getter
590
- def local(self) -> Optional[pulumi.Input[bool]]:
591
+ def local(self) -> Optional[pulumi.Input[builtins.bool]]:
591
592
  """
592
593
  Specifies if the auth method is local only.
593
594
  """
594
595
  return pulumi.get(self, "local")
595
596
 
596
597
  @local.setter
597
- def local(self, value: Optional[pulumi.Input[bool]]):
598
+ def local(self, value: Optional[pulumi.Input[builtins.bool]]):
598
599
  pulumi.set(self, "local", value)
599
600
 
600
601
  @property
601
602
  @pulumi.getter
602
- def namespace(self) -> Optional[pulumi.Input[str]]:
603
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
603
604
  """
604
605
  The namespace to provision the resource in.
605
606
  The value should not contain leading or trailing forward slashes.
@@ -609,12 +610,12 @@ class _AuthBackendState:
609
610
  return pulumi.get(self, "namespace")
610
611
 
611
612
  @namespace.setter
612
- def namespace(self, value: Optional[pulumi.Input[str]]):
613
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
613
614
  pulumi.set(self, "namespace", value)
614
615
 
615
616
  @property
616
617
  @pulumi.getter(name="namespaceInState")
617
- def namespace_in_state(self) -> Optional[pulumi.Input[bool]]:
618
+ def namespace_in_state(self) -> Optional[pulumi.Input[builtins.bool]]:
618
619
  """
619
620
  Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
620
621
 
@@ -625,103 +626,103 @@ class _AuthBackendState:
625
626
  return pulumi.get(self, "namespace_in_state")
626
627
 
627
628
  @namespace_in_state.setter
628
- def namespace_in_state(self, value: Optional[pulumi.Input[bool]]):
629
+ def namespace_in_state(self, value: Optional[pulumi.Input[builtins.bool]]):
629
630
  pulumi.set(self, "namespace_in_state", value)
630
631
 
631
632
  @property
632
633
  @pulumi.getter(name="oidcClientId")
633
- def oidc_client_id(self) -> Optional[pulumi.Input[str]]:
634
+ def oidc_client_id(self) -> Optional[pulumi.Input[builtins.str]]:
634
635
  """
635
636
  Client ID used for OIDC backends
636
637
  """
637
638
  return pulumi.get(self, "oidc_client_id")
638
639
 
639
640
  @oidc_client_id.setter
640
- def oidc_client_id(self, value: Optional[pulumi.Input[str]]):
641
+ def oidc_client_id(self, value: Optional[pulumi.Input[builtins.str]]):
641
642
  pulumi.set(self, "oidc_client_id", value)
642
643
 
643
644
  @property
644
645
  @pulumi.getter(name="oidcClientSecret")
645
- def oidc_client_secret(self) -> Optional[pulumi.Input[str]]:
646
+ def oidc_client_secret(self) -> Optional[pulumi.Input[builtins.str]]:
646
647
  """
647
648
  Client Secret used for OIDC backends
648
649
  """
649
650
  return pulumi.get(self, "oidc_client_secret")
650
651
 
651
652
  @oidc_client_secret.setter
652
- def oidc_client_secret(self, value: Optional[pulumi.Input[str]]):
653
+ def oidc_client_secret(self, value: Optional[pulumi.Input[builtins.str]]):
653
654
  pulumi.set(self, "oidc_client_secret", value)
654
655
 
655
656
  @property
656
657
  @pulumi.getter(name="oidcDiscoveryCaPem")
657
- def oidc_discovery_ca_pem(self) -> Optional[pulumi.Input[str]]:
658
+ def oidc_discovery_ca_pem(self) -> Optional[pulumi.Input[builtins.str]]:
658
659
  """
659
660
  The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used
660
661
  """
661
662
  return pulumi.get(self, "oidc_discovery_ca_pem")
662
663
 
663
664
  @oidc_discovery_ca_pem.setter
664
- def oidc_discovery_ca_pem(self, value: Optional[pulumi.Input[str]]):
665
+ def oidc_discovery_ca_pem(self, value: Optional[pulumi.Input[builtins.str]]):
665
666
  pulumi.set(self, "oidc_discovery_ca_pem", value)
666
667
 
667
668
  @property
668
669
  @pulumi.getter(name="oidcDiscoveryUrl")
669
- def oidc_discovery_url(self) -> Optional[pulumi.Input[str]]:
670
+ def oidc_discovery_url(self) -> Optional[pulumi.Input[builtins.str]]:
670
671
  """
671
672
  The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with `jwt_validation_pubkeys`
672
673
  """
673
674
  return pulumi.get(self, "oidc_discovery_url")
674
675
 
675
676
  @oidc_discovery_url.setter
676
- def oidc_discovery_url(self, value: Optional[pulumi.Input[str]]):
677
+ def oidc_discovery_url(self, value: Optional[pulumi.Input[builtins.str]]):
677
678
  pulumi.set(self, "oidc_discovery_url", value)
678
679
 
679
680
  @property
680
681
  @pulumi.getter(name="oidcResponseMode")
681
- def oidc_response_mode(self) -> Optional[pulumi.Input[str]]:
682
+ def oidc_response_mode(self) -> Optional[pulumi.Input[builtins.str]]:
682
683
  """
683
684
  The response mode to be used in the OAuth2 request. Allowed values are `query` and `form_post`. Defaults to `query`. If using Vault namespaces, and `oidc_response_mode` is `form_post`, then `namespace_in_state` should be set to `false`.
684
685
  """
685
686
  return pulumi.get(self, "oidc_response_mode")
686
687
 
687
688
  @oidc_response_mode.setter
688
- def oidc_response_mode(self, value: Optional[pulumi.Input[str]]):
689
+ def oidc_response_mode(self, value: Optional[pulumi.Input[builtins.str]]):
689
690
  pulumi.set(self, "oidc_response_mode", value)
690
691
 
691
692
  @property
692
693
  @pulumi.getter(name="oidcResponseTypes")
693
- def oidc_response_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
694
+ def oidc_response_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
694
695
  """
695
696
  List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to `["code"]`. Note: `id_token` may only be used if `oidc_response_mode` is set to `form_post`.
696
697
  """
697
698
  return pulumi.get(self, "oidc_response_types")
698
699
 
699
700
  @oidc_response_types.setter
700
- def oidc_response_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
701
+ def oidc_response_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
701
702
  pulumi.set(self, "oidc_response_types", value)
702
703
 
703
704
  @property
704
705
  @pulumi.getter
705
- def path(self) -> Optional[pulumi.Input[str]]:
706
+ def path(self) -> Optional[pulumi.Input[builtins.str]]:
706
707
  """
707
708
  Path to mount the JWT/OIDC auth backend
708
709
  """
709
710
  return pulumi.get(self, "path")
710
711
 
711
712
  @path.setter
712
- def path(self, value: Optional[pulumi.Input[str]]):
713
+ def path(self, value: Optional[pulumi.Input[builtins.str]]):
713
714
  pulumi.set(self, "path", value)
714
715
 
715
716
  @property
716
717
  @pulumi.getter(name="providerConfig")
717
- def provider_config(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
718
+ def provider_config(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
718
719
  """
719
720
  Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault.
720
721
  """
721
722
  return pulumi.get(self, "provider_config")
722
723
 
723
724
  @provider_config.setter
724
- def provider_config(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
725
+ def provider_config(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
725
726
  pulumi.set(self, "provider_config", value)
726
727
 
727
728
  @property
@@ -735,14 +736,14 @@ class _AuthBackendState:
735
736
 
736
737
  @property
737
738
  @pulumi.getter
738
- def type(self) -> Optional[pulumi.Input[str]]:
739
+ def type(self) -> Optional[pulumi.Input[builtins.str]]:
739
740
  """
740
741
  Type of auth backend. Should be one of `jwt` or `oidc`. Default - `jwt`
741
742
  """
742
743
  return pulumi.get(self, "type")
743
744
 
744
745
  @type.setter
745
- def type(self, value: Optional[pulumi.Input[str]]):
746
+ def type(self, value: Optional[pulumi.Input[builtins.str]]):
746
747
  pulumi.set(self, "type", value)
747
748
 
748
749
 
@@ -751,27 +752,27 @@ class AuthBackend(pulumi.CustomResource):
751
752
  def __init__(__self__,
752
753
  resource_name: str,
753
754
  opts: Optional[pulumi.ResourceOptions] = None,
754
- bound_issuer: Optional[pulumi.Input[str]] = None,
755
- default_role: Optional[pulumi.Input[str]] = None,
756
- description: Optional[pulumi.Input[str]] = None,
757
- disable_remount: Optional[pulumi.Input[bool]] = None,
758
- jwks_ca_pem: Optional[pulumi.Input[str]] = None,
759
- jwks_url: Optional[pulumi.Input[str]] = None,
760
- jwt_supported_algs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
761
- jwt_validation_pubkeys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
762
- local: Optional[pulumi.Input[bool]] = None,
763
- namespace: Optional[pulumi.Input[str]] = None,
764
- namespace_in_state: Optional[pulumi.Input[bool]] = None,
765
- oidc_client_id: Optional[pulumi.Input[str]] = None,
766
- oidc_client_secret: Optional[pulumi.Input[str]] = None,
767
- oidc_discovery_ca_pem: Optional[pulumi.Input[str]] = None,
768
- oidc_discovery_url: Optional[pulumi.Input[str]] = None,
769
- oidc_response_mode: Optional[pulumi.Input[str]] = None,
770
- oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
771
- path: Optional[pulumi.Input[str]] = None,
772
- provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
755
+ bound_issuer: Optional[pulumi.Input[builtins.str]] = None,
756
+ default_role: Optional[pulumi.Input[builtins.str]] = None,
757
+ description: Optional[pulumi.Input[builtins.str]] = None,
758
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
759
+ jwks_ca_pem: Optional[pulumi.Input[builtins.str]] = None,
760
+ jwks_url: Optional[pulumi.Input[builtins.str]] = None,
761
+ jwt_supported_algs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
762
+ jwt_validation_pubkeys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
763
+ local: Optional[pulumi.Input[builtins.bool]] = None,
764
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
765
+ namespace_in_state: Optional[pulumi.Input[builtins.bool]] = None,
766
+ oidc_client_id: Optional[pulumi.Input[builtins.str]] = None,
767
+ oidc_client_secret: Optional[pulumi.Input[builtins.str]] = None,
768
+ oidc_discovery_ca_pem: Optional[pulumi.Input[builtins.str]] = None,
769
+ oidc_discovery_url: Optional[pulumi.Input[builtins.str]] = None,
770
+ oidc_response_mode: Optional[pulumi.Input[builtins.str]] = None,
771
+ oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
772
+ path: Optional[pulumi.Input[builtins.str]] = None,
773
+ provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
773
774
  tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
774
- type: Optional[pulumi.Input[str]] = None,
775
+ type: Optional[pulumi.Input[builtins.str]] = None,
775
776
  __props__=None):
776
777
  """
777
778
  Provides a resource for managing an
@@ -845,34 +846,34 @@ class AuthBackend(pulumi.CustomResource):
845
846
 
846
847
  :param str resource_name: The name of the resource.
847
848
  :param pulumi.ResourceOptions opts: Options for the resource.
848
- :param pulumi.Input[str] bound_issuer: The value against which to match the iss claim in a JWT
849
- :param pulumi.Input[str] default_role: The default role to use if none is provided during login
850
- :param pulumi.Input[str] description: The description of the auth backend
851
- :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
849
+ :param pulumi.Input[builtins.str] bound_issuer: The value against which to match the iss claim in a JWT
850
+ :param pulumi.Input[builtins.str] default_role: The default role to use if none is provided during login
851
+ :param pulumi.Input[builtins.str] description: The description of the auth backend
852
+ :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
852
853
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
853
- :param pulumi.Input[str] jwks_ca_pem: The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
854
- :param pulumi.Input[str] jwks_url: JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys".
855
- :param pulumi.Input[Sequence[pulumi.Input[str]]] jwt_supported_algs: A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
856
- :param pulumi.Input[Sequence[pulumi.Input[str]]] jwt_validation_pubkeys: A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidc_discovery_url`
857
- :param pulumi.Input[bool] local: Specifies if the auth method is local only.
858
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
854
+ :param pulumi.Input[builtins.str] jwks_ca_pem: The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
855
+ :param pulumi.Input[builtins.str] jwks_url: JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys".
856
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] jwt_supported_algs: A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
857
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] jwt_validation_pubkeys: A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidc_discovery_url`
858
+ :param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
859
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
859
860
  The value should not contain leading or trailing forward slashes.
860
861
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
861
862
  *Available only for Vault Enterprise*.
862
- :param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
863
+ :param pulumi.Input[builtins.bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
863
864
 
864
865
  * tune - (Optional) Extra configuration block. Structure is documented below.
865
866
 
866
867
  The `tune` block is used to tune the auth backend:
867
- :param pulumi.Input[str] oidc_client_id: Client ID used for OIDC backends
868
- :param pulumi.Input[str] oidc_client_secret: Client Secret used for OIDC backends
869
- :param pulumi.Input[str] oidc_discovery_ca_pem: The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used
870
- :param pulumi.Input[str] oidc_discovery_url: The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with `jwt_validation_pubkeys`
871
- :param pulumi.Input[str] oidc_response_mode: The response mode to be used in the OAuth2 request. Allowed values are `query` and `form_post`. Defaults to `query`. If using Vault namespaces, and `oidc_response_mode` is `form_post`, then `namespace_in_state` should be set to `false`.
872
- :param pulumi.Input[Sequence[pulumi.Input[str]]] oidc_response_types: List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to `["code"]`. Note: `id_token` may only be used if `oidc_response_mode` is set to `form_post`.
873
- :param pulumi.Input[str] path: Path to mount the JWT/OIDC auth backend
874
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] provider_config: Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault.
875
- :param pulumi.Input[str] type: Type of auth backend. Should be one of `jwt` or `oidc`. Default - `jwt`
868
+ :param pulumi.Input[builtins.str] oidc_client_id: Client ID used for OIDC backends
869
+ :param pulumi.Input[builtins.str] oidc_client_secret: Client Secret used for OIDC backends
870
+ :param pulumi.Input[builtins.str] oidc_discovery_ca_pem: The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used
871
+ :param pulumi.Input[builtins.str] oidc_discovery_url: The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with `jwt_validation_pubkeys`
872
+ :param pulumi.Input[builtins.str] oidc_response_mode: The response mode to be used in the OAuth2 request. Allowed values are `query` and `form_post`. Defaults to `query`. If using Vault namespaces, and `oidc_response_mode` is `form_post`, then `namespace_in_state` should be set to `false`.
873
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] oidc_response_types: List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to `["code"]`. Note: `id_token` may only be used if `oidc_response_mode` is set to `form_post`.
874
+ :param pulumi.Input[builtins.str] path: Path to mount the JWT/OIDC auth backend
875
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] provider_config: Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault.
876
+ :param pulumi.Input[builtins.str] type: Type of auth backend. Should be one of `jwt` or `oidc`. Default - `jwt`
876
877
  """
877
878
  ...
878
879
  @overload
@@ -965,27 +966,27 @@ class AuthBackend(pulumi.CustomResource):
965
966
  def _internal_init(__self__,
966
967
  resource_name: str,
967
968
  opts: Optional[pulumi.ResourceOptions] = None,
968
- bound_issuer: Optional[pulumi.Input[str]] = None,
969
- default_role: Optional[pulumi.Input[str]] = None,
970
- description: Optional[pulumi.Input[str]] = None,
971
- disable_remount: Optional[pulumi.Input[bool]] = None,
972
- jwks_ca_pem: Optional[pulumi.Input[str]] = None,
973
- jwks_url: Optional[pulumi.Input[str]] = None,
974
- jwt_supported_algs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
975
- jwt_validation_pubkeys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
976
- local: Optional[pulumi.Input[bool]] = None,
977
- namespace: Optional[pulumi.Input[str]] = None,
978
- namespace_in_state: Optional[pulumi.Input[bool]] = None,
979
- oidc_client_id: Optional[pulumi.Input[str]] = None,
980
- oidc_client_secret: Optional[pulumi.Input[str]] = None,
981
- oidc_discovery_ca_pem: Optional[pulumi.Input[str]] = None,
982
- oidc_discovery_url: Optional[pulumi.Input[str]] = None,
983
- oidc_response_mode: Optional[pulumi.Input[str]] = None,
984
- oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
985
- path: Optional[pulumi.Input[str]] = None,
986
- provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
969
+ bound_issuer: Optional[pulumi.Input[builtins.str]] = None,
970
+ default_role: Optional[pulumi.Input[builtins.str]] = None,
971
+ description: Optional[pulumi.Input[builtins.str]] = None,
972
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
973
+ jwks_ca_pem: Optional[pulumi.Input[builtins.str]] = None,
974
+ jwks_url: Optional[pulumi.Input[builtins.str]] = None,
975
+ jwt_supported_algs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
976
+ jwt_validation_pubkeys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
977
+ local: Optional[pulumi.Input[builtins.bool]] = None,
978
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
979
+ namespace_in_state: Optional[pulumi.Input[builtins.bool]] = None,
980
+ oidc_client_id: Optional[pulumi.Input[builtins.str]] = None,
981
+ oidc_client_secret: Optional[pulumi.Input[builtins.str]] = None,
982
+ oidc_discovery_ca_pem: Optional[pulumi.Input[builtins.str]] = None,
983
+ oidc_discovery_url: Optional[pulumi.Input[builtins.str]] = None,
984
+ oidc_response_mode: Optional[pulumi.Input[builtins.str]] = None,
985
+ oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
986
+ path: Optional[pulumi.Input[builtins.str]] = None,
987
+ provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
987
988
  tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
988
- type: Optional[pulumi.Input[str]] = None,
989
+ type: Optional[pulumi.Input[builtins.str]] = None,
989
990
  __props__=None):
990
991
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
991
992
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -1029,28 +1030,28 @@ class AuthBackend(pulumi.CustomResource):
1029
1030
  def get(resource_name: str,
1030
1031
  id: pulumi.Input[str],
1031
1032
  opts: Optional[pulumi.ResourceOptions] = None,
1032
- accessor: Optional[pulumi.Input[str]] = None,
1033
- bound_issuer: Optional[pulumi.Input[str]] = None,
1034
- default_role: Optional[pulumi.Input[str]] = None,
1035
- description: Optional[pulumi.Input[str]] = None,
1036
- disable_remount: Optional[pulumi.Input[bool]] = None,
1037
- jwks_ca_pem: Optional[pulumi.Input[str]] = None,
1038
- jwks_url: Optional[pulumi.Input[str]] = None,
1039
- jwt_supported_algs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1040
- jwt_validation_pubkeys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1041
- local: Optional[pulumi.Input[bool]] = None,
1042
- namespace: Optional[pulumi.Input[str]] = None,
1043
- namespace_in_state: Optional[pulumi.Input[bool]] = None,
1044
- oidc_client_id: Optional[pulumi.Input[str]] = None,
1045
- oidc_client_secret: Optional[pulumi.Input[str]] = None,
1046
- oidc_discovery_ca_pem: Optional[pulumi.Input[str]] = None,
1047
- oidc_discovery_url: Optional[pulumi.Input[str]] = None,
1048
- oidc_response_mode: Optional[pulumi.Input[str]] = None,
1049
- oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1050
- path: Optional[pulumi.Input[str]] = None,
1051
- provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1033
+ accessor: Optional[pulumi.Input[builtins.str]] = None,
1034
+ bound_issuer: Optional[pulumi.Input[builtins.str]] = None,
1035
+ default_role: Optional[pulumi.Input[builtins.str]] = None,
1036
+ description: Optional[pulumi.Input[builtins.str]] = None,
1037
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
1038
+ jwks_ca_pem: Optional[pulumi.Input[builtins.str]] = None,
1039
+ jwks_url: Optional[pulumi.Input[builtins.str]] = None,
1040
+ jwt_supported_algs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1041
+ jwt_validation_pubkeys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1042
+ local: Optional[pulumi.Input[builtins.bool]] = None,
1043
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
1044
+ namespace_in_state: Optional[pulumi.Input[builtins.bool]] = None,
1045
+ oidc_client_id: Optional[pulumi.Input[builtins.str]] = None,
1046
+ oidc_client_secret: Optional[pulumi.Input[builtins.str]] = None,
1047
+ oidc_discovery_ca_pem: Optional[pulumi.Input[builtins.str]] = None,
1048
+ oidc_discovery_url: Optional[pulumi.Input[builtins.str]] = None,
1049
+ oidc_response_mode: Optional[pulumi.Input[builtins.str]] = None,
1050
+ oidc_response_types: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1051
+ path: Optional[pulumi.Input[builtins.str]] = None,
1052
+ provider_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
1052
1053
  tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
1053
- type: Optional[pulumi.Input[str]] = None) -> 'AuthBackend':
1054
+ type: Optional[pulumi.Input[builtins.str]] = None) -> 'AuthBackend':
1054
1055
  """
1055
1056
  Get an existing AuthBackend resource's state with the given name, id, and optional extra
1056
1057
  properties used to qualify the lookup.
@@ -1058,35 +1059,35 @@ class AuthBackend(pulumi.CustomResource):
1058
1059
  :param str resource_name: The unique name of the resulting resource.
1059
1060
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
1060
1061
  :param pulumi.ResourceOptions opts: Options for the resource.
1061
- :param pulumi.Input[str] accessor: The accessor for this auth method
1062
- :param pulumi.Input[str] bound_issuer: The value against which to match the iss claim in a JWT
1063
- :param pulumi.Input[str] default_role: The default role to use if none is provided during login
1064
- :param pulumi.Input[str] description: The description of the auth backend
1065
- :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
1062
+ :param pulumi.Input[builtins.str] accessor: The accessor for this auth method
1063
+ :param pulumi.Input[builtins.str] bound_issuer: The value against which to match the iss claim in a JWT
1064
+ :param pulumi.Input[builtins.str] default_role: The default role to use if none is provided during login
1065
+ :param pulumi.Input[builtins.str] description: The description of the auth backend
1066
+ :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
1066
1067
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
1067
- :param pulumi.Input[str] jwks_ca_pem: The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
1068
- :param pulumi.Input[str] jwks_url: JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys".
1069
- :param pulumi.Input[Sequence[pulumi.Input[str]]] jwt_supported_algs: A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
1070
- :param pulumi.Input[Sequence[pulumi.Input[str]]] jwt_validation_pubkeys: A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidc_discovery_url`
1071
- :param pulumi.Input[bool] local: Specifies if the auth method is local only.
1072
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1068
+ :param pulumi.Input[builtins.str] jwks_ca_pem: The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
1069
+ :param pulumi.Input[builtins.str] jwks_url: JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys".
1070
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] jwt_supported_algs: A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
1071
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] jwt_validation_pubkeys: A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidc_discovery_url`
1072
+ :param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
1073
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
1073
1074
  The value should not contain leading or trailing forward slashes.
1074
1075
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1075
1076
  *Available only for Vault Enterprise*.
1076
- :param pulumi.Input[bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
1077
+ :param pulumi.Input[builtins.bool] namespace_in_state: Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
1077
1078
 
1078
1079
  * tune - (Optional) Extra configuration block. Structure is documented below.
1079
1080
 
1080
1081
  The `tune` block is used to tune the auth backend:
1081
- :param pulumi.Input[str] oidc_client_id: Client ID used for OIDC backends
1082
- :param pulumi.Input[str] oidc_client_secret: Client Secret used for OIDC backends
1083
- :param pulumi.Input[str] oidc_discovery_ca_pem: The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used
1084
- :param pulumi.Input[str] oidc_discovery_url: The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with `jwt_validation_pubkeys`
1085
- :param pulumi.Input[str] oidc_response_mode: The response mode to be used in the OAuth2 request. Allowed values are `query` and `form_post`. Defaults to `query`. If using Vault namespaces, and `oidc_response_mode` is `form_post`, then `namespace_in_state` should be set to `false`.
1086
- :param pulumi.Input[Sequence[pulumi.Input[str]]] oidc_response_types: List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to `["code"]`. Note: `id_token` may only be used if `oidc_response_mode` is set to `form_post`.
1087
- :param pulumi.Input[str] path: Path to mount the JWT/OIDC auth backend
1088
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] provider_config: Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault.
1089
- :param pulumi.Input[str] type: Type of auth backend. Should be one of `jwt` or `oidc`. Default - `jwt`
1082
+ :param pulumi.Input[builtins.str] oidc_client_id: Client ID used for OIDC backends
1083
+ :param pulumi.Input[builtins.str] oidc_client_secret: Client Secret used for OIDC backends
1084
+ :param pulumi.Input[builtins.str] oidc_discovery_ca_pem: The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used
1085
+ :param pulumi.Input[builtins.str] oidc_discovery_url: The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with `jwt_validation_pubkeys`
1086
+ :param pulumi.Input[builtins.str] oidc_response_mode: The response mode to be used in the OAuth2 request. Allowed values are `query` and `form_post`. Defaults to `query`. If using Vault namespaces, and `oidc_response_mode` is `form_post`, then `namespace_in_state` should be set to `false`.
1087
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] oidc_response_types: List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to `["code"]`. Note: `id_token` may only be used if `oidc_response_mode` is set to `form_post`.
1088
+ :param pulumi.Input[builtins.str] path: Path to mount the JWT/OIDC auth backend
1089
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] provider_config: Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault.
1090
+ :param pulumi.Input[builtins.str] type: Type of auth backend. Should be one of `jwt` or `oidc`. Default - `jwt`
1090
1091
  """
1091
1092
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
1092
1093
 
@@ -1118,7 +1119,7 @@ class AuthBackend(pulumi.CustomResource):
1118
1119
 
1119
1120
  @property
1120
1121
  @pulumi.getter
1121
- def accessor(self) -> pulumi.Output[str]:
1122
+ def accessor(self) -> pulumi.Output[builtins.str]:
1122
1123
  """
1123
1124
  The accessor for this auth method
1124
1125
  """
@@ -1126,7 +1127,7 @@ class AuthBackend(pulumi.CustomResource):
1126
1127
 
1127
1128
  @property
1128
1129
  @pulumi.getter(name="boundIssuer")
1129
- def bound_issuer(self) -> pulumi.Output[Optional[str]]:
1130
+ def bound_issuer(self) -> pulumi.Output[Optional[builtins.str]]:
1130
1131
  """
1131
1132
  The value against which to match the iss claim in a JWT
1132
1133
  """
@@ -1134,7 +1135,7 @@ class AuthBackend(pulumi.CustomResource):
1134
1135
 
1135
1136
  @property
1136
1137
  @pulumi.getter(name="defaultRole")
1137
- def default_role(self) -> pulumi.Output[Optional[str]]:
1138
+ def default_role(self) -> pulumi.Output[Optional[builtins.str]]:
1138
1139
  """
1139
1140
  The default role to use if none is provided during login
1140
1141
  """
@@ -1142,7 +1143,7 @@ class AuthBackend(pulumi.CustomResource):
1142
1143
 
1143
1144
  @property
1144
1145
  @pulumi.getter
1145
- def description(self) -> pulumi.Output[Optional[str]]:
1146
+ def description(self) -> pulumi.Output[Optional[builtins.str]]:
1146
1147
  """
1147
1148
  The description of the auth backend
1148
1149
  """
@@ -1150,7 +1151,7 @@ class AuthBackend(pulumi.CustomResource):
1150
1151
 
1151
1152
  @property
1152
1153
  @pulumi.getter(name="disableRemount")
1153
- def disable_remount(self) -> pulumi.Output[Optional[bool]]:
1154
+ def disable_remount(self) -> pulumi.Output[Optional[builtins.bool]]:
1154
1155
  """
1155
1156
  If set, opts out of mount migration on path updates.
1156
1157
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
@@ -1159,7 +1160,7 @@ class AuthBackend(pulumi.CustomResource):
1159
1160
 
1160
1161
  @property
1161
1162
  @pulumi.getter(name="jwksCaPem")
1162
- def jwks_ca_pem(self) -> pulumi.Output[Optional[str]]:
1163
+ def jwks_ca_pem(self) -> pulumi.Output[Optional[builtins.str]]:
1163
1164
  """
1164
1165
  The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
1165
1166
  """
@@ -1167,7 +1168,7 @@ class AuthBackend(pulumi.CustomResource):
1167
1168
 
1168
1169
  @property
1169
1170
  @pulumi.getter(name="jwksUrl")
1170
- def jwks_url(self) -> pulumi.Output[Optional[str]]:
1171
+ def jwks_url(self) -> pulumi.Output[Optional[builtins.str]]:
1171
1172
  """
1172
1173
  JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys".
1173
1174
  """
@@ -1175,7 +1176,7 @@ class AuthBackend(pulumi.CustomResource):
1175
1176
 
1176
1177
  @property
1177
1178
  @pulumi.getter(name="jwtSupportedAlgs")
1178
- def jwt_supported_algs(self) -> pulumi.Output[Optional[Sequence[str]]]:
1179
+ def jwt_supported_algs(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1179
1180
  """
1180
1181
  A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ
1181
1182
  """
@@ -1183,7 +1184,7 @@ class AuthBackend(pulumi.CustomResource):
1183
1184
 
1184
1185
  @property
1185
1186
  @pulumi.getter(name="jwtValidationPubkeys")
1186
- def jwt_validation_pubkeys(self) -> pulumi.Output[Optional[Sequence[str]]]:
1187
+ def jwt_validation_pubkeys(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1187
1188
  """
1188
1189
  A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with `oidc_discovery_url`
1189
1190
  """
@@ -1191,7 +1192,7 @@ class AuthBackend(pulumi.CustomResource):
1191
1192
 
1192
1193
  @property
1193
1194
  @pulumi.getter
1194
- def local(self) -> pulumi.Output[Optional[bool]]:
1195
+ def local(self) -> pulumi.Output[Optional[builtins.bool]]:
1195
1196
  """
1196
1197
  Specifies if the auth method is local only.
1197
1198
  """
@@ -1199,7 +1200,7 @@ class AuthBackend(pulumi.CustomResource):
1199
1200
 
1200
1201
  @property
1201
1202
  @pulumi.getter
1202
- def namespace(self) -> pulumi.Output[Optional[str]]:
1203
+ def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
1203
1204
  """
1204
1205
  The namespace to provision the resource in.
1205
1206
  The value should not contain leading or trailing forward slashes.
@@ -1210,7 +1211,7 @@ class AuthBackend(pulumi.CustomResource):
1210
1211
 
1211
1212
  @property
1212
1213
  @pulumi.getter(name="namespaceInState")
1213
- def namespace_in_state(self) -> pulumi.Output[Optional[bool]]:
1214
+ def namespace_in_state(self) -> pulumi.Output[Optional[builtins.bool]]:
1214
1215
  """
1215
1216
  Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs
1216
1217
 
@@ -1222,7 +1223,7 @@ class AuthBackend(pulumi.CustomResource):
1222
1223
 
1223
1224
  @property
1224
1225
  @pulumi.getter(name="oidcClientId")
1225
- def oidc_client_id(self) -> pulumi.Output[Optional[str]]:
1226
+ def oidc_client_id(self) -> pulumi.Output[Optional[builtins.str]]:
1226
1227
  """
1227
1228
  Client ID used for OIDC backends
1228
1229
  """
@@ -1230,7 +1231,7 @@ class AuthBackend(pulumi.CustomResource):
1230
1231
 
1231
1232
  @property
1232
1233
  @pulumi.getter(name="oidcClientSecret")
1233
- def oidc_client_secret(self) -> pulumi.Output[Optional[str]]:
1234
+ def oidc_client_secret(self) -> pulumi.Output[Optional[builtins.str]]:
1234
1235
  """
1235
1236
  Client Secret used for OIDC backends
1236
1237
  """
@@ -1238,7 +1239,7 @@ class AuthBackend(pulumi.CustomResource):
1238
1239
 
1239
1240
  @property
1240
1241
  @pulumi.getter(name="oidcDiscoveryCaPem")
1241
- def oidc_discovery_ca_pem(self) -> pulumi.Output[Optional[str]]:
1242
+ def oidc_discovery_ca_pem(self) -> pulumi.Output[Optional[builtins.str]]:
1242
1243
  """
1243
1244
  The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used
1244
1245
  """
@@ -1246,7 +1247,7 @@ class AuthBackend(pulumi.CustomResource):
1246
1247
 
1247
1248
  @property
1248
1249
  @pulumi.getter(name="oidcDiscoveryUrl")
1249
- def oidc_discovery_url(self) -> pulumi.Output[Optional[str]]:
1250
+ def oidc_discovery_url(self) -> pulumi.Output[Optional[builtins.str]]:
1250
1251
  """
1251
1252
  The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with `jwt_validation_pubkeys`
1252
1253
  """
@@ -1254,7 +1255,7 @@ class AuthBackend(pulumi.CustomResource):
1254
1255
 
1255
1256
  @property
1256
1257
  @pulumi.getter(name="oidcResponseMode")
1257
- def oidc_response_mode(self) -> pulumi.Output[Optional[str]]:
1258
+ def oidc_response_mode(self) -> pulumi.Output[Optional[builtins.str]]:
1258
1259
  """
1259
1260
  The response mode to be used in the OAuth2 request. Allowed values are `query` and `form_post`. Defaults to `query`. If using Vault namespaces, and `oidc_response_mode` is `form_post`, then `namespace_in_state` should be set to `false`.
1260
1261
  """
@@ -1262,7 +1263,7 @@ class AuthBackend(pulumi.CustomResource):
1262
1263
 
1263
1264
  @property
1264
1265
  @pulumi.getter(name="oidcResponseTypes")
1265
- def oidc_response_types(self) -> pulumi.Output[Optional[Sequence[str]]]:
1266
+ def oidc_response_types(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1266
1267
  """
1267
1268
  List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to `["code"]`. Note: `id_token` may only be used if `oidc_response_mode` is set to `form_post`.
1268
1269
  """
@@ -1270,7 +1271,7 @@ class AuthBackend(pulumi.CustomResource):
1270
1271
 
1271
1272
  @property
1272
1273
  @pulumi.getter
1273
- def path(self) -> pulumi.Output[Optional[str]]:
1274
+ def path(self) -> pulumi.Output[Optional[builtins.str]]:
1274
1275
  """
1275
1276
  Path to mount the JWT/OIDC auth backend
1276
1277
  """
@@ -1278,7 +1279,7 @@ class AuthBackend(pulumi.CustomResource):
1278
1279
 
1279
1280
  @property
1280
1281
  @pulumi.getter(name="providerConfig")
1281
- def provider_config(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
1282
+ def provider_config(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
1282
1283
  """
1283
1284
  Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault.
1284
1285
  """
@@ -1291,7 +1292,7 @@ class AuthBackend(pulumi.CustomResource):
1291
1292
 
1292
1293
  @property
1293
1294
  @pulumi.getter
1294
- def type(self) -> pulumi.Output[Optional[str]]:
1295
+ def type(self) -> pulumi.Output[Optional[builtins.str]]:
1295
1296
  """
1296
1297
  Type of auth backend. Should be one of `jwt` or `oidc`. Default - `jwt`
1297
1298
  """