pulumi-vault 6.6.0a1741836364__py3-none-any.whl → 6.7.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (264) hide show
  1. pulumi_vault/__init__.py +1 -0
  2. pulumi_vault/_inputs.py +583 -562
  3. pulumi_vault/ad/__init__.py +1 -0
  4. pulumi_vault/ad/get_access_credentials.py +20 -19
  5. pulumi_vault/ad/secret_backend.py +477 -476
  6. pulumi_vault/ad/secret_library.py +99 -98
  7. pulumi_vault/ad/secret_role.py +85 -84
  8. pulumi_vault/alicloud/__init__.py +1 -0
  9. pulumi_vault/alicloud/auth_backend_role.py +183 -182
  10. pulumi_vault/approle/__init__.py +1 -0
  11. pulumi_vault/approle/auth_backend_login.py +106 -105
  12. pulumi_vault/approle/auth_backend_role.py +239 -238
  13. pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
  14. pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
  15. pulumi_vault/audit.py +85 -84
  16. pulumi_vault/audit_request_header.py +43 -42
  17. pulumi_vault/auth_backend.py +106 -105
  18. pulumi_vault/aws/__init__.py +1 -0
  19. pulumi_vault/aws/auth_backend_cert.py +71 -70
  20. pulumi_vault/aws/auth_backend_client.py +253 -252
  21. pulumi_vault/aws/auth_backend_config_identity.py +85 -84
  22. pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
  23. pulumi_vault/aws/auth_backend_login.py +209 -208
  24. pulumi_vault/aws/auth_backend_role.py +400 -399
  25. pulumi_vault/aws/auth_backend_role_tag.py +127 -126
  26. pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
  27. pulumi_vault/aws/auth_backend_sts_role.py +71 -70
  28. pulumi_vault/aws/get_access_credentials.py +44 -43
  29. pulumi_vault/aws/get_static_access_credentials.py +13 -12
  30. pulumi_vault/aws/secret_backend.py +337 -336
  31. pulumi_vault/aws/secret_backend_role.py +211 -210
  32. pulumi_vault/aws/secret_backend_static_role.py +113 -112
  33. pulumi_vault/azure/__init__.py +1 -0
  34. pulumi_vault/azure/_inputs.py +21 -20
  35. pulumi_vault/azure/auth_backend_config.py +183 -182
  36. pulumi_vault/azure/auth_backend_role.py +253 -252
  37. pulumi_vault/azure/backend.py +239 -238
  38. pulumi_vault/azure/backend_role.py +188 -140
  39. pulumi_vault/azure/get_access_credentials.py +58 -57
  40. pulumi_vault/azure/outputs.py +11 -10
  41. pulumi_vault/cert_auth_backend_role.py +365 -364
  42. pulumi_vault/config/__init__.py +1 -0
  43. pulumi_vault/config/__init__.pyi +1 -0
  44. pulumi_vault/config/_inputs.py +11 -10
  45. pulumi_vault/config/outputs.py +287 -286
  46. pulumi_vault/config/ui_custom_message.py +113 -112
  47. pulumi_vault/config/vars.py +1 -0
  48. pulumi_vault/consul/__init__.py +1 -0
  49. pulumi_vault/consul/secret_backend.py +197 -196
  50. pulumi_vault/consul/secret_backend_role.py +183 -182
  51. pulumi_vault/database/__init__.py +1 -0
  52. pulumi_vault/database/_inputs.py +2525 -2524
  53. pulumi_vault/database/outputs.py +1529 -1528
  54. pulumi_vault/database/secret_backend_connection.py +169 -168
  55. pulumi_vault/database/secret_backend_role.py +169 -168
  56. pulumi_vault/database/secret_backend_static_role.py +179 -178
  57. pulumi_vault/database/secrets_mount.py +267 -266
  58. pulumi_vault/egp_policy.py +71 -70
  59. pulumi_vault/gcp/__init__.py +1 -0
  60. pulumi_vault/gcp/_inputs.py +82 -81
  61. pulumi_vault/gcp/auth_backend.py +260 -259
  62. pulumi_vault/gcp/auth_backend_role.py +281 -280
  63. pulumi_vault/gcp/get_auth_backend_role.py +70 -69
  64. pulumi_vault/gcp/outputs.py +50 -49
  65. pulumi_vault/gcp/secret_backend.py +232 -231
  66. pulumi_vault/gcp/secret_impersonated_account.py +92 -91
  67. pulumi_vault/gcp/secret_roleset.py +92 -91
  68. pulumi_vault/gcp/secret_static_account.py +92 -91
  69. pulumi_vault/generic/__init__.py +1 -0
  70. pulumi_vault/generic/endpoint.py +113 -112
  71. pulumi_vault/generic/get_secret.py +28 -27
  72. pulumi_vault/generic/secret.py +78 -77
  73. pulumi_vault/get_auth_backend.py +19 -18
  74. pulumi_vault/get_auth_backends.py +14 -13
  75. pulumi_vault/get_namespace.py +15 -14
  76. pulumi_vault/get_namespaces.py +68 -18
  77. pulumi_vault/get_nomad_access_token.py +19 -18
  78. pulumi_vault/get_policy_document.py +6 -5
  79. pulumi_vault/get_raft_autopilot_state.py +18 -17
  80. pulumi_vault/github/__init__.py +1 -0
  81. pulumi_vault/github/_inputs.py +42 -41
  82. pulumi_vault/github/auth_backend.py +232 -231
  83. pulumi_vault/github/outputs.py +26 -25
  84. pulumi_vault/github/team.py +57 -56
  85. pulumi_vault/github/user.py +57 -56
  86. pulumi_vault/identity/__init__.py +1 -0
  87. pulumi_vault/identity/entity.py +85 -84
  88. pulumi_vault/identity/entity_alias.py +71 -70
  89. pulumi_vault/identity/entity_policies.py +64 -63
  90. pulumi_vault/identity/get_entity.py +43 -42
  91. pulumi_vault/identity/get_group.py +50 -49
  92. pulumi_vault/identity/get_oidc_client_creds.py +14 -13
  93. pulumi_vault/identity/get_oidc_openid_config.py +24 -23
  94. pulumi_vault/identity/get_oidc_public_keys.py +13 -12
  95. pulumi_vault/identity/group.py +141 -140
  96. pulumi_vault/identity/group_alias.py +57 -56
  97. pulumi_vault/identity/group_member_entity_ids.py +57 -56
  98. pulumi_vault/identity/group_member_group_ids.py +57 -56
  99. pulumi_vault/identity/group_policies.py +64 -63
  100. pulumi_vault/identity/mfa_duo.py +148 -147
  101. pulumi_vault/identity/mfa_login_enforcement.py +120 -119
  102. pulumi_vault/identity/mfa_okta.py +134 -133
  103. pulumi_vault/identity/mfa_pingid.py +127 -126
  104. pulumi_vault/identity/mfa_totp.py +176 -175
  105. pulumi_vault/identity/oidc.py +29 -28
  106. pulumi_vault/identity/oidc_assignment.py +57 -56
  107. pulumi_vault/identity/oidc_client.py +127 -126
  108. pulumi_vault/identity/oidc_key.py +85 -84
  109. pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
  110. pulumi_vault/identity/oidc_provider.py +92 -91
  111. pulumi_vault/identity/oidc_role.py +85 -84
  112. pulumi_vault/identity/oidc_scope.py +57 -56
  113. pulumi_vault/identity/outputs.py +32 -31
  114. pulumi_vault/jwt/__init__.py +1 -0
  115. pulumi_vault/jwt/_inputs.py +42 -41
  116. pulumi_vault/jwt/auth_backend.py +288 -287
  117. pulumi_vault/jwt/auth_backend_role.py +407 -406
  118. pulumi_vault/jwt/outputs.py +26 -25
  119. pulumi_vault/kmip/__init__.py +1 -0
  120. pulumi_vault/kmip/secret_backend.py +183 -182
  121. pulumi_vault/kmip/secret_role.py +295 -294
  122. pulumi_vault/kmip/secret_scope.py +57 -56
  123. pulumi_vault/kubernetes/__init__.py +1 -0
  124. pulumi_vault/kubernetes/auth_backend_config.py +141 -140
  125. pulumi_vault/kubernetes/auth_backend_role.py +225 -224
  126. pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
  127. pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
  128. pulumi_vault/kubernetes/get_service_account_token.py +38 -37
  129. pulumi_vault/kubernetes/secret_backend.py +316 -315
  130. pulumi_vault/kubernetes/secret_backend_role.py +197 -196
  131. pulumi_vault/kv/__init__.py +1 -0
  132. pulumi_vault/kv/_inputs.py +21 -20
  133. pulumi_vault/kv/get_secret.py +17 -16
  134. pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
  135. pulumi_vault/kv/get_secret_v2.py +29 -28
  136. pulumi_vault/kv/get_secrets_list.py +13 -12
  137. pulumi_vault/kv/get_secrets_list_v2.py +19 -18
  138. pulumi_vault/kv/outputs.py +13 -12
  139. pulumi_vault/kv/secret.py +50 -49
  140. pulumi_vault/kv/secret_backend_v2.py +71 -70
  141. pulumi_vault/kv/secret_v2.py +134 -133
  142. pulumi_vault/ldap/__init__.py +1 -0
  143. pulumi_vault/ldap/auth_backend.py +588 -587
  144. pulumi_vault/ldap/auth_backend_group.py +57 -56
  145. pulumi_vault/ldap/auth_backend_user.py +71 -70
  146. pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
  147. pulumi_vault/ldap/get_static_credentials.py +18 -17
  148. pulumi_vault/ldap/secret_backend.py +554 -553
  149. pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
  150. pulumi_vault/ldap/secret_backend_library_set.py +99 -98
  151. pulumi_vault/ldap/secret_backend_static_role.py +99 -98
  152. pulumi_vault/managed/__init__.py +1 -0
  153. pulumi_vault/managed/_inputs.py +229 -228
  154. pulumi_vault/managed/keys.py +15 -14
  155. pulumi_vault/managed/outputs.py +139 -138
  156. pulumi_vault/mfa_duo.py +113 -112
  157. pulumi_vault/mfa_okta.py +113 -112
  158. pulumi_vault/mfa_pingid.py +120 -119
  159. pulumi_vault/mfa_totp.py +127 -126
  160. pulumi_vault/mongodbatlas/__init__.py +1 -0
  161. pulumi_vault/mongodbatlas/secret_backend.py +64 -63
  162. pulumi_vault/mongodbatlas/secret_role.py +155 -154
  163. pulumi_vault/mount.py +274 -273
  164. pulumi_vault/namespace.py +64 -63
  165. pulumi_vault/nomad_secret_backend.py +211 -210
  166. pulumi_vault/nomad_secret_role.py +85 -84
  167. pulumi_vault/okta/__init__.py +1 -0
  168. pulumi_vault/okta/_inputs.py +26 -25
  169. pulumi_vault/okta/auth_backend.py +274 -273
  170. pulumi_vault/okta/auth_backend_group.py +57 -56
  171. pulumi_vault/okta/auth_backend_user.py +71 -70
  172. pulumi_vault/okta/outputs.py +16 -15
  173. pulumi_vault/outputs.py +73 -60
  174. pulumi_vault/password_policy.py +43 -42
  175. pulumi_vault/pkisecret/__init__.py +1 -0
  176. pulumi_vault/pkisecret/_inputs.py +31 -30
  177. pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
  178. pulumi_vault/pkisecret/backend_config_acme.py +141 -140
  179. pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
  180. pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
  181. pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
  182. pulumi_vault/pkisecret/backend_config_est.py +120 -119
  183. pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
  184. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
  185. pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
  186. pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
  187. pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
  188. pulumi_vault/pkisecret/get_backend_key.py +20 -19
  189. pulumi_vault/pkisecret/get_backend_keys.py +15 -14
  190. pulumi_vault/pkisecret/outputs.py +28 -27
  191. pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
  192. pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
  193. pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
  194. pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
  195. pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
  196. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
  197. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
  198. pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
  199. pulumi_vault/pkisecret/secret_backend_key.py +120 -119
  200. pulumi_vault/pkisecret/secret_backend_role.py +715 -714
  201. pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
  202. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
  203. pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
  204. pulumi_vault/plugin.py +127 -126
  205. pulumi_vault/plugin_pinned_version.py +43 -42
  206. pulumi_vault/policy.py +43 -42
  207. pulumi_vault/provider.py +120 -119
  208. pulumi_vault/pulumi-plugin.json +1 -1
  209. pulumi_vault/quota_lease_count.py +85 -84
  210. pulumi_vault/quota_rate_limit.py +113 -112
  211. pulumi_vault/rabbitmq/__init__.py +1 -0
  212. pulumi_vault/rabbitmq/_inputs.py +41 -40
  213. pulumi_vault/rabbitmq/outputs.py +25 -24
  214. pulumi_vault/rabbitmq/secret_backend.py +169 -168
  215. pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
  216. pulumi_vault/raft_autopilot.py +113 -112
  217. pulumi_vault/raft_snapshot_agent_config.py +393 -392
  218. pulumi_vault/rgp_policy.py +57 -56
  219. pulumi_vault/saml/__init__.py +1 -0
  220. pulumi_vault/saml/auth_backend.py +155 -154
  221. pulumi_vault/saml/auth_backend_role.py +239 -238
  222. pulumi_vault/secrets/__init__.py +1 -0
  223. pulumi_vault/secrets/_inputs.py +16 -15
  224. pulumi_vault/secrets/outputs.py +10 -9
  225. pulumi_vault/secrets/sync_association.py +71 -70
  226. pulumi_vault/secrets/sync_aws_destination.py +148 -147
  227. pulumi_vault/secrets/sync_azure_destination.py +148 -147
  228. pulumi_vault/secrets/sync_config.py +43 -42
  229. pulumi_vault/secrets/sync_gcp_destination.py +106 -105
  230. pulumi_vault/secrets/sync_gh_destination.py +134 -133
  231. pulumi_vault/secrets/sync_github_apps.py +64 -63
  232. pulumi_vault/secrets/sync_vercel_destination.py +120 -119
  233. pulumi_vault/ssh/__init__.py +1 -0
  234. pulumi_vault/ssh/_inputs.py +11 -10
  235. pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
  236. pulumi_vault/ssh/outputs.py +7 -6
  237. pulumi_vault/ssh/secret_backend_ca.py +99 -98
  238. pulumi_vault/ssh/secret_backend_role.py +365 -364
  239. pulumi_vault/terraformcloud/__init__.py +1 -0
  240. pulumi_vault/terraformcloud/secret_backend.py +111 -110
  241. pulumi_vault/terraformcloud/secret_creds.py +74 -73
  242. pulumi_vault/terraformcloud/secret_role.py +93 -92
  243. pulumi_vault/token.py +246 -245
  244. pulumi_vault/tokenauth/__init__.py +1 -0
  245. pulumi_vault/tokenauth/auth_backend_role.py +267 -266
  246. pulumi_vault/transform/__init__.py +1 -0
  247. pulumi_vault/transform/alphabet.py +57 -56
  248. pulumi_vault/transform/get_decode.py +47 -46
  249. pulumi_vault/transform/get_encode.py +47 -46
  250. pulumi_vault/transform/role.py +57 -56
  251. pulumi_vault/transform/template.py +113 -112
  252. pulumi_vault/transform/transformation.py +141 -140
  253. pulumi_vault/transit/__init__.py +1 -0
  254. pulumi_vault/transit/get_decrypt.py +18 -17
  255. pulumi_vault/transit/get_encrypt.py +21 -20
  256. pulumi_vault/transit/get_sign.py +54 -53
  257. pulumi_vault/transit/get_verify.py +60 -59
  258. pulumi_vault/transit/secret_backend_key.py +274 -273
  259. pulumi_vault/transit/secret_cache_config.py +43 -42
  260. {pulumi_vault-6.6.0a1741836364.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
  261. pulumi_vault-6.7.0.dist-info/RECORD +265 -0
  262. {pulumi_vault-6.6.0a1741836364.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
  263. pulumi_vault-6.6.0a1741836364.dist-info/RECORD +0 -265
  264. {pulumi_vault-6.6.0a1741836364.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
2
2
  # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
3
  # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
4
 
5
+ import builtins
5
6
  import copy
6
7
  import warnings
7
8
  import sys
@@ -19,94 +20,94 @@ __all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
19
20
  @pulumi.input_type
20
21
  class AuthBackendRoleArgs:
21
22
  def __init__(__self__, *,
22
- role_name: pulumi.Input[str],
23
- user_claim: pulumi.Input[str],
24
- allowed_redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
25
- backend: Optional[pulumi.Input[str]] = None,
26
- bound_audiences: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
27
- bound_claims: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
28
- bound_claims_type: Optional[pulumi.Input[str]] = None,
29
- bound_subject: Optional[pulumi.Input[str]] = None,
30
- claim_mappings: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
31
- clock_skew_leeway: Optional[pulumi.Input[int]] = None,
32
- disable_bound_claims_parsing: Optional[pulumi.Input[bool]] = None,
33
- expiration_leeway: Optional[pulumi.Input[int]] = None,
34
- groups_claim: Optional[pulumi.Input[str]] = None,
35
- max_age: Optional[pulumi.Input[int]] = None,
36
- namespace: Optional[pulumi.Input[str]] = None,
37
- not_before_leeway: Optional[pulumi.Input[int]] = None,
38
- oidc_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
39
- role_type: Optional[pulumi.Input[str]] = None,
40
- token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
41
- token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
42
- token_max_ttl: Optional[pulumi.Input[int]] = None,
43
- token_no_default_policy: Optional[pulumi.Input[bool]] = None,
44
- token_num_uses: Optional[pulumi.Input[int]] = None,
45
- token_period: Optional[pulumi.Input[int]] = None,
46
- token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
47
- token_ttl: Optional[pulumi.Input[int]] = None,
48
- token_type: Optional[pulumi.Input[str]] = None,
49
- user_claim_json_pointer: Optional[pulumi.Input[bool]] = None,
50
- verbose_oidc_logging: Optional[pulumi.Input[bool]] = None):
23
+ role_name: pulumi.Input[builtins.str],
24
+ user_claim: pulumi.Input[builtins.str],
25
+ allowed_redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
26
+ backend: Optional[pulumi.Input[builtins.str]] = None,
27
+ bound_audiences: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
28
+ bound_claims: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
29
+ bound_claims_type: Optional[pulumi.Input[builtins.str]] = None,
30
+ bound_subject: Optional[pulumi.Input[builtins.str]] = None,
31
+ claim_mappings: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
32
+ clock_skew_leeway: Optional[pulumi.Input[builtins.int]] = None,
33
+ disable_bound_claims_parsing: Optional[pulumi.Input[builtins.bool]] = None,
34
+ expiration_leeway: Optional[pulumi.Input[builtins.int]] = None,
35
+ groups_claim: Optional[pulumi.Input[builtins.str]] = None,
36
+ max_age: Optional[pulumi.Input[builtins.int]] = None,
37
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
38
+ not_before_leeway: Optional[pulumi.Input[builtins.int]] = None,
39
+ oidc_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
40
+ role_type: Optional[pulumi.Input[builtins.str]] = None,
41
+ token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
42
+ token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
43
+ token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
44
+ token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
45
+ token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
46
+ token_period: Optional[pulumi.Input[builtins.int]] = None,
47
+ token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
48
+ token_ttl: Optional[pulumi.Input[builtins.int]] = None,
49
+ token_type: Optional[pulumi.Input[builtins.str]] = None,
50
+ user_claim_json_pointer: Optional[pulumi.Input[builtins.bool]] = None,
51
+ verbose_oidc_logging: Optional[pulumi.Input[builtins.bool]] = None):
51
52
  """
52
53
  The set of arguments for constructing a AuthBackendRole resource.
53
- :param pulumi.Input[str] role_name: The name of the role.
54
- :param pulumi.Input[str] user_claim: The claim to use to uniquely identify
54
+ :param pulumi.Input[builtins.str] role_name: The name of the role.
55
+ :param pulumi.Input[builtins.str] user_claim: The claim to use to uniquely identify
55
56
  the user; this will be used as the name for the Identity entity alias created
56
57
  due to a successful login.
57
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_redirect_uris: The list of allowed values for redirect_uri during OIDC logins.
58
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_redirect_uris: The list of allowed values for redirect_uri during OIDC logins.
58
59
  Required for OIDC roles
59
- :param pulumi.Input[str] backend: The unique name of the auth backend to configure.
60
+ :param pulumi.Input[builtins.str] backend: The unique name of the auth backend to configure.
60
61
  Defaults to `jwt`.
61
- :param pulumi.Input[Sequence[pulumi.Input[str]]] bound_audiences: (Required for roles of type `jwt`, optional for roles of
62
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_audiences: (Required for roles of type `jwt`, optional for roles of
62
63
  type `oidc`) List of `aud` claims to match against. Any match is sufficient.
63
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_claims: If set, a map of claims to values to match against.
64
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] bound_claims: If set, a map of claims to values to match against.
64
65
  A claim's value must be a string, which may contain one value or multiple
65
66
  comma-separated values, e.g. `"red"` or `"red,green,blue"`.
66
- :param pulumi.Input[str] bound_claims_type: How to interpret values in the claims/values
67
+ :param pulumi.Input[builtins.str] bound_claims_type: How to interpret values in the claims/values
67
68
  map (`bound_claims`): can be either `string` (exact match) or `glob` (wildcard
68
69
  match). Requires Vault 1.4.0 or above.
69
- :param pulumi.Input[str] bound_subject: If set, requires that the `sub` claim matches
70
+ :param pulumi.Input[builtins.str] bound_subject: If set, requires that the `sub` claim matches
70
71
  this value.
71
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] claim_mappings: If set, a map of claims (keys) to be copied
72
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] claim_mappings: If set, a map of claims (keys) to be copied
72
73
  to specified metadata fields (values).
73
- :param pulumi.Input[int] clock_skew_leeway: The amount of leeway to add to all claims to account for clock skew, in
74
+ :param pulumi.Input[builtins.int] clock_skew_leeway: The amount of leeway to add to all claims to account for clock skew, in
74
75
  seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
75
76
  Only applicable with "jwt" roles.
76
- :param pulumi.Input[bool] disable_bound_claims_parsing: Disable bound claim value parsing. Useful when values contain commas.
77
- :param pulumi.Input[int] expiration_leeway: The amount of leeway to add to expiration (`exp`) claims to account for
77
+ :param pulumi.Input[builtins.bool] disable_bound_claims_parsing: Disable bound claim value parsing. Useful when values contain commas.
78
+ :param pulumi.Input[builtins.int] expiration_leeway: The amount of leeway to add to expiration (`exp`) claims to account for
78
79
  clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
79
80
  Only applicable with "jwt" roles.
80
- :param pulumi.Input[str] groups_claim: The claim to use to uniquely identify
81
+ :param pulumi.Input[builtins.str] groups_claim: The claim to use to uniquely identify
81
82
  the set of groups to which the user belongs; this will be used as the names
82
83
  for the Identity group aliases created due to a successful login. The claim
83
84
  value must be a list of strings.
84
- :param pulumi.Input[int] max_age: Specifies the allowable elapsed time in seconds since the last time
85
+ :param pulumi.Input[builtins.int] max_age: Specifies the allowable elapsed time in seconds since the last time
85
86
  the user was actively authenticated with the OIDC provider.
86
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
87
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
87
88
  The value should not contain leading or trailing forward slashes.
88
89
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
89
90
  *Available only for Vault Enterprise*.
90
- :param pulumi.Input[int] not_before_leeway: The amount of leeway to add to not before (`nbf`) claims to account for
91
+ :param pulumi.Input[builtins.int] not_before_leeway: The amount of leeway to add to not before (`nbf`) claims to account for
91
92
  clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
92
93
  Only applicable with "jwt" roles.
93
- :param pulumi.Input[Sequence[pulumi.Input[str]]] oidc_scopes: If set, a list of OIDC scopes to be used with an OIDC role.
94
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] oidc_scopes: If set, a list of OIDC scopes to be used with an OIDC role.
94
95
  The standard scope "openid" is automatically included and need not be specified.
95
- :param pulumi.Input[str] role_type: Type of role, either "oidc" (default) or "jwt".
96
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
97
- :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
98
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
99
- :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
100
- :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
101
- :param pulumi.Input[int] token_period: Generated Token's Period
102
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
103
- :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
104
- :param pulumi.Input[str] token_type: The type of token to generate, service or batch
105
- :param pulumi.Input[bool] user_claim_json_pointer: Specifies if the `user_claim` value uses
96
+ :param pulumi.Input[builtins.str] role_type: Type of role, either "oidc" (default) or "jwt".
97
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
98
+ :param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
99
+ :param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
100
+ :param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
101
+ :param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
102
+ :param pulumi.Input[builtins.int] token_period: Generated Token's Period
103
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
104
+ :param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
105
+ :param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
106
+ :param pulumi.Input[builtins.bool] user_claim_json_pointer: Specifies if the `user_claim` value uses
106
107
  [JSON pointer](https://www.vaultproject.io/docs/auth/jwt#claim-specifications-and-json-pointer)
107
108
  syntax for referencing claims. By default, the `user_claim` value will not use JSON pointer.
108
109
  Requires Vault 1.11+.
109
- :param pulumi.Input[bool] verbose_oidc_logging: Log received OIDC tokens and claims when debug-level
110
+ :param pulumi.Input[builtins.bool] verbose_oidc_logging: Log received OIDC tokens and claims when debug-level
110
111
  logging is active. Not recommended in production since sensitive information may be present
111
112
  in OIDC responses.
112
113
  """
@@ -169,19 +170,19 @@ class AuthBackendRoleArgs:
169
170
 
170
171
  @property
171
172
  @pulumi.getter(name="roleName")
172
- def role_name(self) -> pulumi.Input[str]:
173
+ def role_name(self) -> pulumi.Input[builtins.str]:
173
174
  """
174
175
  The name of the role.
175
176
  """
176
177
  return pulumi.get(self, "role_name")
177
178
 
178
179
  @role_name.setter
179
- def role_name(self, value: pulumi.Input[str]):
180
+ def role_name(self, value: pulumi.Input[builtins.str]):
180
181
  pulumi.set(self, "role_name", value)
181
182
 
182
183
  @property
183
184
  @pulumi.getter(name="userClaim")
184
- def user_claim(self) -> pulumi.Input[str]:
185
+ def user_claim(self) -> pulumi.Input[builtins.str]:
185
186
  """
186
187
  The claim to use to uniquely identify
187
188
  the user; this will be used as the name for the Identity entity alias created
@@ -190,12 +191,12 @@ class AuthBackendRoleArgs:
190
191
  return pulumi.get(self, "user_claim")
191
192
 
192
193
  @user_claim.setter
193
- def user_claim(self, value: pulumi.Input[str]):
194
+ def user_claim(self, value: pulumi.Input[builtins.str]):
194
195
  pulumi.set(self, "user_claim", value)
195
196
 
196
197
  @property
197
198
  @pulumi.getter(name="allowedRedirectUris")
198
- def allowed_redirect_uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
199
+ def allowed_redirect_uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
199
200
  """
200
201
  The list of allowed values for redirect_uri during OIDC logins.
201
202
  Required for OIDC roles
@@ -203,12 +204,12 @@ class AuthBackendRoleArgs:
203
204
  return pulumi.get(self, "allowed_redirect_uris")
204
205
 
205
206
  @allowed_redirect_uris.setter
206
- def allowed_redirect_uris(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
207
+ def allowed_redirect_uris(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
207
208
  pulumi.set(self, "allowed_redirect_uris", value)
208
209
 
209
210
  @property
210
211
  @pulumi.getter
211
- def backend(self) -> Optional[pulumi.Input[str]]:
212
+ def backend(self) -> Optional[pulumi.Input[builtins.str]]:
212
213
  """
213
214
  The unique name of the auth backend to configure.
214
215
  Defaults to `jwt`.
@@ -216,12 +217,12 @@ class AuthBackendRoleArgs:
216
217
  return pulumi.get(self, "backend")
217
218
 
218
219
  @backend.setter
219
- def backend(self, value: Optional[pulumi.Input[str]]):
220
+ def backend(self, value: Optional[pulumi.Input[builtins.str]]):
220
221
  pulumi.set(self, "backend", value)
221
222
 
222
223
  @property
223
224
  @pulumi.getter(name="boundAudiences")
224
- def bound_audiences(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
225
+ def bound_audiences(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
225
226
  """
226
227
  (Required for roles of type `jwt`, optional for roles of
227
228
  type `oidc`) List of `aud` claims to match against. Any match is sufficient.
@@ -229,12 +230,12 @@ class AuthBackendRoleArgs:
229
230
  return pulumi.get(self, "bound_audiences")
230
231
 
231
232
  @bound_audiences.setter
232
- def bound_audiences(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
233
+ def bound_audiences(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
233
234
  pulumi.set(self, "bound_audiences", value)
234
235
 
235
236
  @property
236
237
  @pulumi.getter(name="boundClaims")
237
- def bound_claims(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
238
+ def bound_claims(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
238
239
  """
239
240
  If set, a map of claims to values to match against.
240
241
  A claim's value must be a string, which may contain one value or multiple
@@ -243,12 +244,12 @@ class AuthBackendRoleArgs:
243
244
  return pulumi.get(self, "bound_claims")
244
245
 
245
246
  @bound_claims.setter
246
- def bound_claims(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
247
+ def bound_claims(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
247
248
  pulumi.set(self, "bound_claims", value)
248
249
 
249
250
  @property
250
251
  @pulumi.getter(name="boundClaimsType")
251
- def bound_claims_type(self) -> Optional[pulumi.Input[str]]:
252
+ def bound_claims_type(self) -> Optional[pulumi.Input[builtins.str]]:
252
253
  """
253
254
  How to interpret values in the claims/values
254
255
  map (`bound_claims`): can be either `string` (exact match) or `glob` (wildcard
@@ -257,12 +258,12 @@ class AuthBackendRoleArgs:
257
258
  return pulumi.get(self, "bound_claims_type")
258
259
 
259
260
  @bound_claims_type.setter
260
- def bound_claims_type(self, value: Optional[pulumi.Input[str]]):
261
+ def bound_claims_type(self, value: Optional[pulumi.Input[builtins.str]]):
261
262
  pulumi.set(self, "bound_claims_type", value)
262
263
 
263
264
  @property
264
265
  @pulumi.getter(name="boundSubject")
265
- def bound_subject(self) -> Optional[pulumi.Input[str]]:
266
+ def bound_subject(self) -> Optional[pulumi.Input[builtins.str]]:
266
267
  """
267
268
  If set, requires that the `sub` claim matches
268
269
  this value.
@@ -270,12 +271,12 @@ class AuthBackendRoleArgs:
270
271
  return pulumi.get(self, "bound_subject")
271
272
 
272
273
  @bound_subject.setter
273
- def bound_subject(self, value: Optional[pulumi.Input[str]]):
274
+ def bound_subject(self, value: Optional[pulumi.Input[builtins.str]]):
274
275
  pulumi.set(self, "bound_subject", value)
275
276
 
276
277
  @property
277
278
  @pulumi.getter(name="claimMappings")
278
- def claim_mappings(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
279
+ def claim_mappings(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
279
280
  """
280
281
  If set, a map of claims (keys) to be copied
281
282
  to specified metadata fields (values).
@@ -283,12 +284,12 @@ class AuthBackendRoleArgs:
283
284
  return pulumi.get(self, "claim_mappings")
284
285
 
285
286
  @claim_mappings.setter
286
- def claim_mappings(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
287
+ def claim_mappings(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
287
288
  pulumi.set(self, "claim_mappings", value)
288
289
 
289
290
  @property
290
291
  @pulumi.getter(name="clockSkewLeeway")
291
- def clock_skew_leeway(self) -> Optional[pulumi.Input[int]]:
292
+ def clock_skew_leeway(self) -> Optional[pulumi.Input[builtins.int]]:
292
293
  """
293
294
  The amount of leeway to add to all claims to account for clock skew, in
294
295
  seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
@@ -297,24 +298,24 @@ class AuthBackendRoleArgs:
297
298
  return pulumi.get(self, "clock_skew_leeway")
298
299
 
299
300
  @clock_skew_leeway.setter
300
- def clock_skew_leeway(self, value: Optional[pulumi.Input[int]]):
301
+ def clock_skew_leeway(self, value: Optional[pulumi.Input[builtins.int]]):
301
302
  pulumi.set(self, "clock_skew_leeway", value)
302
303
 
303
304
  @property
304
305
  @pulumi.getter(name="disableBoundClaimsParsing")
305
- def disable_bound_claims_parsing(self) -> Optional[pulumi.Input[bool]]:
306
+ def disable_bound_claims_parsing(self) -> Optional[pulumi.Input[builtins.bool]]:
306
307
  """
307
308
  Disable bound claim value parsing. Useful when values contain commas.
308
309
  """
309
310
  return pulumi.get(self, "disable_bound_claims_parsing")
310
311
 
311
312
  @disable_bound_claims_parsing.setter
312
- def disable_bound_claims_parsing(self, value: Optional[pulumi.Input[bool]]):
313
+ def disable_bound_claims_parsing(self, value: Optional[pulumi.Input[builtins.bool]]):
313
314
  pulumi.set(self, "disable_bound_claims_parsing", value)
314
315
 
315
316
  @property
316
317
  @pulumi.getter(name="expirationLeeway")
317
- def expiration_leeway(self) -> Optional[pulumi.Input[int]]:
318
+ def expiration_leeway(self) -> Optional[pulumi.Input[builtins.int]]:
318
319
  """
319
320
  The amount of leeway to add to expiration (`exp`) claims to account for
320
321
  clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
@@ -323,12 +324,12 @@ class AuthBackendRoleArgs:
323
324
  return pulumi.get(self, "expiration_leeway")
324
325
 
325
326
  @expiration_leeway.setter
326
- def expiration_leeway(self, value: Optional[pulumi.Input[int]]):
327
+ def expiration_leeway(self, value: Optional[pulumi.Input[builtins.int]]):
327
328
  pulumi.set(self, "expiration_leeway", value)
328
329
 
329
330
  @property
330
331
  @pulumi.getter(name="groupsClaim")
331
- def groups_claim(self) -> Optional[pulumi.Input[str]]:
332
+ def groups_claim(self) -> Optional[pulumi.Input[builtins.str]]:
332
333
  """
333
334
  The claim to use to uniquely identify
334
335
  the set of groups to which the user belongs; this will be used as the names
@@ -338,12 +339,12 @@ class AuthBackendRoleArgs:
338
339
  return pulumi.get(self, "groups_claim")
339
340
 
340
341
  @groups_claim.setter
341
- def groups_claim(self, value: Optional[pulumi.Input[str]]):
342
+ def groups_claim(self, value: Optional[pulumi.Input[builtins.str]]):
342
343
  pulumi.set(self, "groups_claim", value)
343
344
 
344
345
  @property
345
346
  @pulumi.getter(name="maxAge")
346
- def max_age(self) -> Optional[pulumi.Input[int]]:
347
+ def max_age(self) -> Optional[pulumi.Input[builtins.int]]:
347
348
  """
348
349
  Specifies the allowable elapsed time in seconds since the last time
349
350
  the user was actively authenticated with the OIDC provider.
@@ -351,12 +352,12 @@ class AuthBackendRoleArgs:
351
352
  return pulumi.get(self, "max_age")
352
353
 
353
354
  @max_age.setter
354
- def max_age(self, value: Optional[pulumi.Input[int]]):
355
+ def max_age(self, value: Optional[pulumi.Input[builtins.int]]):
355
356
  pulumi.set(self, "max_age", value)
356
357
 
357
358
  @property
358
359
  @pulumi.getter
359
- def namespace(self) -> Optional[pulumi.Input[str]]:
360
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
360
361
  """
361
362
  The namespace to provision the resource in.
362
363
  The value should not contain leading or trailing forward slashes.
@@ -366,12 +367,12 @@ class AuthBackendRoleArgs:
366
367
  return pulumi.get(self, "namespace")
367
368
 
368
369
  @namespace.setter
369
- def namespace(self, value: Optional[pulumi.Input[str]]):
370
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
370
371
  pulumi.set(self, "namespace", value)
371
372
 
372
373
  @property
373
374
  @pulumi.getter(name="notBeforeLeeway")
374
- def not_before_leeway(self) -> Optional[pulumi.Input[int]]:
375
+ def not_before_leeway(self) -> Optional[pulumi.Input[builtins.int]]:
375
376
  """
376
377
  The amount of leeway to add to not before (`nbf`) claims to account for
377
378
  clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
@@ -380,12 +381,12 @@ class AuthBackendRoleArgs:
380
381
  return pulumi.get(self, "not_before_leeway")
381
382
 
382
383
  @not_before_leeway.setter
383
- def not_before_leeway(self, value: Optional[pulumi.Input[int]]):
384
+ def not_before_leeway(self, value: Optional[pulumi.Input[builtins.int]]):
384
385
  pulumi.set(self, "not_before_leeway", value)
385
386
 
386
387
  @property
387
388
  @pulumi.getter(name="oidcScopes")
388
- def oidc_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
389
+ def oidc_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
389
390
  """
390
391
  If set, a list of OIDC scopes to be used with an OIDC role.
391
392
  The standard scope "openid" is automatically included and need not be specified.
@@ -393,132 +394,132 @@ class AuthBackendRoleArgs:
393
394
  return pulumi.get(self, "oidc_scopes")
394
395
 
395
396
  @oidc_scopes.setter
396
- def oidc_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
397
+ def oidc_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
397
398
  pulumi.set(self, "oidc_scopes", value)
398
399
 
399
400
  @property
400
401
  @pulumi.getter(name="roleType")
401
- def role_type(self) -> Optional[pulumi.Input[str]]:
402
+ def role_type(self) -> Optional[pulumi.Input[builtins.str]]:
402
403
  """
403
404
  Type of role, either "oidc" (default) or "jwt".
404
405
  """
405
406
  return pulumi.get(self, "role_type")
406
407
 
407
408
  @role_type.setter
408
- def role_type(self, value: Optional[pulumi.Input[str]]):
409
+ def role_type(self, value: Optional[pulumi.Input[builtins.str]]):
409
410
  pulumi.set(self, "role_type", value)
410
411
 
411
412
  @property
412
413
  @pulumi.getter(name="tokenBoundCidrs")
413
- def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
414
+ def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
414
415
  """
415
416
  Specifies the blocks of IP addresses which are allowed to use the generated token
416
417
  """
417
418
  return pulumi.get(self, "token_bound_cidrs")
418
419
 
419
420
  @token_bound_cidrs.setter
420
- def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
421
+ def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
421
422
  pulumi.set(self, "token_bound_cidrs", value)
422
423
 
423
424
  @property
424
425
  @pulumi.getter(name="tokenExplicitMaxTtl")
425
- def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
426
+ def token_explicit_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
426
427
  """
427
428
  Generated Token's Explicit Maximum TTL in seconds
428
429
  """
429
430
  return pulumi.get(self, "token_explicit_max_ttl")
430
431
 
431
432
  @token_explicit_max_ttl.setter
432
- def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
433
+ def token_explicit_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
433
434
  pulumi.set(self, "token_explicit_max_ttl", value)
434
435
 
435
436
  @property
436
437
  @pulumi.getter(name="tokenMaxTtl")
437
- def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
438
+ def token_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
438
439
  """
439
440
  The maximum lifetime of the generated token
440
441
  """
441
442
  return pulumi.get(self, "token_max_ttl")
442
443
 
443
444
  @token_max_ttl.setter
444
- def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
445
+ def token_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
445
446
  pulumi.set(self, "token_max_ttl", value)
446
447
 
447
448
  @property
448
449
  @pulumi.getter(name="tokenNoDefaultPolicy")
449
- def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
450
+ def token_no_default_policy(self) -> Optional[pulumi.Input[builtins.bool]]:
450
451
  """
451
452
  If true, the 'default' policy will not automatically be added to generated tokens
452
453
  """
453
454
  return pulumi.get(self, "token_no_default_policy")
454
455
 
455
456
  @token_no_default_policy.setter
456
- def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
457
+ def token_no_default_policy(self, value: Optional[pulumi.Input[builtins.bool]]):
457
458
  pulumi.set(self, "token_no_default_policy", value)
458
459
 
459
460
  @property
460
461
  @pulumi.getter(name="tokenNumUses")
461
- def token_num_uses(self) -> Optional[pulumi.Input[int]]:
462
+ def token_num_uses(self) -> Optional[pulumi.Input[builtins.int]]:
462
463
  """
463
464
  The maximum number of times a token may be used, a value of zero means unlimited
464
465
  """
465
466
  return pulumi.get(self, "token_num_uses")
466
467
 
467
468
  @token_num_uses.setter
468
- def token_num_uses(self, value: Optional[pulumi.Input[int]]):
469
+ def token_num_uses(self, value: Optional[pulumi.Input[builtins.int]]):
469
470
  pulumi.set(self, "token_num_uses", value)
470
471
 
471
472
  @property
472
473
  @pulumi.getter(name="tokenPeriod")
473
- def token_period(self) -> Optional[pulumi.Input[int]]:
474
+ def token_period(self) -> Optional[pulumi.Input[builtins.int]]:
474
475
  """
475
476
  Generated Token's Period
476
477
  """
477
478
  return pulumi.get(self, "token_period")
478
479
 
479
480
  @token_period.setter
480
- def token_period(self, value: Optional[pulumi.Input[int]]):
481
+ def token_period(self, value: Optional[pulumi.Input[builtins.int]]):
481
482
  pulumi.set(self, "token_period", value)
482
483
 
483
484
  @property
484
485
  @pulumi.getter(name="tokenPolicies")
485
- def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
486
+ def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
486
487
  """
487
488
  Generated Token's Policies
488
489
  """
489
490
  return pulumi.get(self, "token_policies")
490
491
 
491
492
  @token_policies.setter
492
- def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
493
+ def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
493
494
  pulumi.set(self, "token_policies", value)
494
495
 
495
496
  @property
496
497
  @pulumi.getter(name="tokenTtl")
497
- def token_ttl(self) -> Optional[pulumi.Input[int]]:
498
+ def token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
498
499
  """
499
500
  The initial ttl of the token to generate in seconds
500
501
  """
501
502
  return pulumi.get(self, "token_ttl")
502
503
 
503
504
  @token_ttl.setter
504
- def token_ttl(self, value: Optional[pulumi.Input[int]]):
505
+ def token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
505
506
  pulumi.set(self, "token_ttl", value)
506
507
 
507
508
  @property
508
509
  @pulumi.getter(name="tokenType")
509
- def token_type(self) -> Optional[pulumi.Input[str]]:
510
+ def token_type(self) -> Optional[pulumi.Input[builtins.str]]:
510
511
  """
511
512
  The type of token to generate, service or batch
512
513
  """
513
514
  return pulumi.get(self, "token_type")
514
515
 
515
516
  @token_type.setter
516
- def token_type(self, value: Optional[pulumi.Input[str]]):
517
+ def token_type(self, value: Optional[pulumi.Input[builtins.str]]):
517
518
  pulumi.set(self, "token_type", value)
518
519
 
519
520
  @property
520
521
  @pulumi.getter(name="userClaimJsonPointer")
521
- def user_claim_json_pointer(self) -> Optional[pulumi.Input[bool]]:
522
+ def user_claim_json_pointer(self) -> Optional[pulumi.Input[builtins.bool]]:
522
523
  """
523
524
  Specifies if the `user_claim` value uses
524
525
  [JSON pointer](https://www.vaultproject.io/docs/auth/jwt#claim-specifications-and-json-pointer)
@@ -528,12 +529,12 @@ class AuthBackendRoleArgs:
528
529
  return pulumi.get(self, "user_claim_json_pointer")
529
530
 
530
531
  @user_claim_json_pointer.setter
531
- def user_claim_json_pointer(self, value: Optional[pulumi.Input[bool]]):
532
+ def user_claim_json_pointer(self, value: Optional[pulumi.Input[builtins.bool]]):
532
533
  pulumi.set(self, "user_claim_json_pointer", value)
533
534
 
534
535
  @property
535
536
  @pulumi.getter(name="verboseOidcLogging")
536
- def verbose_oidc_logging(self) -> Optional[pulumi.Input[bool]]:
537
+ def verbose_oidc_logging(self) -> Optional[pulumi.Input[builtins.bool]]:
537
538
  """
538
539
  Log received OIDC tokens and claims when debug-level
539
540
  logging is active. Not recommended in production since sensitive information may be present
@@ -542,101 +543,101 @@ class AuthBackendRoleArgs:
542
543
  return pulumi.get(self, "verbose_oidc_logging")
543
544
 
544
545
  @verbose_oidc_logging.setter
545
- def verbose_oidc_logging(self, value: Optional[pulumi.Input[bool]]):
546
+ def verbose_oidc_logging(self, value: Optional[pulumi.Input[builtins.bool]]):
546
547
  pulumi.set(self, "verbose_oidc_logging", value)
547
548
 
548
549
 
549
550
  @pulumi.input_type
550
551
  class _AuthBackendRoleState:
551
552
  def __init__(__self__, *,
552
- allowed_redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
553
- backend: Optional[pulumi.Input[str]] = None,
554
- bound_audiences: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
555
- bound_claims: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
556
- bound_claims_type: Optional[pulumi.Input[str]] = None,
557
- bound_subject: Optional[pulumi.Input[str]] = None,
558
- claim_mappings: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
559
- clock_skew_leeway: Optional[pulumi.Input[int]] = None,
560
- disable_bound_claims_parsing: Optional[pulumi.Input[bool]] = None,
561
- expiration_leeway: Optional[pulumi.Input[int]] = None,
562
- groups_claim: Optional[pulumi.Input[str]] = None,
563
- max_age: Optional[pulumi.Input[int]] = None,
564
- namespace: Optional[pulumi.Input[str]] = None,
565
- not_before_leeway: Optional[pulumi.Input[int]] = None,
566
- oidc_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
567
- role_name: Optional[pulumi.Input[str]] = None,
568
- role_type: Optional[pulumi.Input[str]] = None,
569
- token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
570
- token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
571
- token_max_ttl: Optional[pulumi.Input[int]] = None,
572
- token_no_default_policy: Optional[pulumi.Input[bool]] = None,
573
- token_num_uses: Optional[pulumi.Input[int]] = None,
574
- token_period: Optional[pulumi.Input[int]] = None,
575
- token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
576
- token_ttl: Optional[pulumi.Input[int]] = None,
577
- token_type: Optional[pulumi.Input[str]] = None,
578
- user_claim: Optional[pulumi.Input[str]] = None,
579
- user_claim_json_pointer: Optional[pulumi.Input[bool]] = None,
580
- verbose_oidc_logging: Optional[pulumi.Input[bool]] = None):
553
+ allowed_redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
554
+ backend: Optional[pulumi.Input[builtins.str]] = None,
555
+ bound_audiences: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
556
+ bound_claims: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
557
+ bound_claims_type: Optional[pulumi.Input[builtins.str]] = None,
558
+ bound_subject: Optional[pulumi.Input[builtins.str]] = None,
559
+ claim_mappings: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
560
+ clock_skew_leeway: Optional[pulumi.Input[builtins.int]] = None,
561
+ disable_bound_claims_parsing: Optional[pulumi.Input[builtins.bool]] = None,
562
+ expiration_leeway: Optional[pulumi.Input[builtins.int]] = None,
563
+ groups_claim: Optional[pulumi.Input[builtins.str]] = None,
564
+ max_age: Optional[pulumi.Input[builtins.int]] = None,
565
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
566
+ not_before_leeway: Optional[pulumi.Input[builtins.int]] = None,
567
+ oidc_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
568
+ role_name: Optional[pulumi.Input[builtins.str]] = None,
569
+ role_type: Optional[pulumi.Input[builtins.str]] = None,
570
+ token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
571
+ token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
572
+ token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
573
+ token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
574
+ token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
575
+ token_period: Optional[pulumi.Input[builtins.int]] = None,
576
+ token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
577
+ token_ttl: Optional[pulumi.Input[builtins.int]] = None,
578
+ token_type: Optional[pulumi.Input[builtins.str]] = None,
579
+ user_claim: Optional[pulumi.Input[builtins.str]] = None,
580
+ user_claim_json_pointer: Optional[pulumi.Input[builtins.bool]] = None,
581
+ verbose_oidc_logging: Optional[pulumi.Input[builtins.bool]] = None):
581
582
  """
582
583
  Input properties used for looking up and filtering AuthBackendRole resources.
583
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_redirect_uris: The list of allowed values for redirect_uri during OIDC logins.
584
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_redirect_uris: The list of allowed values for redirect_uri during OIDC logins.
584
585
  Required for OIDC roles
585
- :param pulumi.Input[str] backend: The unique name of the auth backend to configure.
586
+ :param pulumi.Input[builtins.str] backend: The unique name of the auth backend to configure.
586
587
  Defaults to `jwt`.
587
- :param pulumi.Input[Sequence[pulumi.Input[str]]] bound_audiences: (Required for roles of type `jwt`, optional for roles of
588
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_audiences: (Required for roles of type `jwt`, optional for roles of
588
589
  type `oidc`) List of `aud` claims to match against. Any match is sufficient.
589
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_claims: If set, a map of claims to values to match against.
590
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] bound_claims: If set, a map of claims to values to match against.
590
591
  A claim's value must be a string, which may contain one value or multiple
591
592
  comma-separated values, e.g. `"red"` or `"red,green,blue"`.
592
- :param pulumi.Input[str] bound_claims_type: How to interpret values in the claims/values
593
+ :param pulumi.Input[builtins.str] bound_claims_type: How to interpret values in the claims/values
593
594
  map (`bound_claims`): can be either `string` (exact match) or `glob` (wildcard
594
595
  match). Requires Vault 1.4.0 or above.
595
- :param pulumi.Input[str] bound_subject: If set, requires that the `sub` claim matches
596
+ :param pulumi.Input[builtins.str] bound_subject: If set, requires that the `sub` claim matches
596
597
  this value.
597
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] claim_mappings: If set, a map of claims (keys) to be copied
598
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] claim_mappings: If set, a map of claims (keys) to be copied
598
599
  to specified metadata fields (values).
599
- :param pulumi.Input[int] clock_skew_leeway: The amount of leeway to add to all claims to account for clock skew, in
600
+ :param pulumi.Input[builtins.int] clock_skew_leeway: The amount of leeway to add to all claims to account for clock skew, in
600
601
  seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
601
602
  Only applicable with "jwt" roles.
602
- :param pulumi.Input[bool] disable_bound_claims_parsing: Disable bound claim value parsing. Useful when values contain commas.
603
- :param pulumi.Input[int] expiration_leeway: The amount of leeway to add to expiration (`exp`) claims to account for
603
+ :param pulumi.Input[builtins.bool] disable_bound_claims_parsing: Disable bound claim value parsing. Useful when values contain commas.
604
+ :param pulumi.Input[builtins.int] expiration_leeway: The amount of leeway to add to expiration (`exp`) claims to account for
604
605
  clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
605
606
  Only applicable with "jwt" roles.
606
- :param pulumi.Input[str] groups_claim: The claim to use to uniquely identify
607
+ :param pulumi.Input[builtins.str] groups_claim: The claim to use to uniquely identify
607
608
  the set of groups to which the user belongs; this will be used as the names
608
609
  for the Identity group aliases created due to a successful login. The claim
609
610
  value must be a list of strings.
610
- :param pulumi.Input[int] max_age: Specifies the allowable elapsed time in seconds since the last time
611
+ :param pulumi.Input[builtins.int] max_age: Specifies the allowable elapsed time in seconds since the last time
611
612
  the user was actively authenticated with the OIDC provider.
612
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
613
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
613
614
  The value should not contain leading or trailing forward slashes.
614
615
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
615
616
  *Available only for Vault Enterprise*.
616
- :param pulumi.Input[int] not_before_leeway: The amount of leeway to add to not before (`nbf`) claims to account for
617
+ :param pulumi.Input[builtins.int] not_before_leeway: The amount of leeway to add to not before (`nbf`) claims to account for
617
618
  clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
618
619
  Only applicable with "jwt" roles.
619
- :param pulumi.Input[Sequence[pulumi.Input[str]]] oidc_scopes: If set, a list of OIDC scopes to be used with an OIDC role.
620
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] oidc_scopes: If set, a list of OIDC scopes to be used with an OIDC role.
620
621
  The standard scope "openid" is automatically included and need not be specified.
621
- :param pulumi.Input[str] role_name: The name of the role.
622
- :param pulumi.Input[str] role_type: Type of role, either "oidc" (default) or "jwt".
623
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
624
- :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
625
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
626
- :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
627
- :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
628
- :param pulumi.Input[int] token_period: Generated Token's Period
629
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
630
- :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
631
- :param pulumi.Input[str] token_type: The type of token to generate, service or batch
632
- :param pulumi.Input[str] user_claim: The claim to use to uniquely identify
622
+ :param pulumi.Input[builtins.str] role_name: The name of the role.
623
+ :param pulumi.Input[builtins.str] role_type: Type of role, either "oidc" (default) or "jwt".
624
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
625
+ :param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
626
+ :param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
627
+ :param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
628
+ :param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
629
+ :param pulumi.Input[builtins.int] token_period: Generated Token's Period
630
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
631
+ :param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
632
+ :param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
633
+ :param pulumi.Input[builtins.str] user_claim: The claim to use to uniquely identify
633
634
  the user; this will be used as the name for the Identity entity alias created
634
635
  due to a successful login.
635
- :param pulumi.Input[bool] user_claim_json_pointer: Specifies if the `user_claim` value uses
636
+ :param pulumi.Input[builtins.bool] user_claim_json_pointer: Specifies if the `user_claim` value uses
636
637
  [JSON pointer](https://www.vaultproject.io/docs/auth/jwt#claim-specifications-and-json-pointer)
637
638
  syntax for referencing claims. By default, the `user_claim` value will not use JSON pointer.
638
639
  Requires Vault 1.11+.
639
- :param pulumi.Input[bool] verbose_oidc_logging: Log received OIDC tokens and claims when debug-level
640
+ :param pulumi.Input[builtins.bool] verbose_oidc_logging: Log received OIDC tokens and claims when debug-level
640
641
  logging is active. Not recommended in production since sensitive information may be present
641
642
  in OIDC responses.
642
643
  """
@@ -701,7 +702,7 @@ class _AuthBackendRoleState:
701
702
 
702
703
  @property
703
704
  @pulumi.getter(name="allowedRedirectUris")
704
- def allowed_redirect_uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
705
+ def allowed_redirect_uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
705
706
  """
706
707
  The list of allowed values for redirect_uri during OIDC logins.
707
708
  Required for OIDC roles
@@ -709,12 +710,12 @@ class _AuthBackendRoleState:
709
710
  return pulumi.get(self, "allowed_redirect_uris")
710
711
 
711
712
  @allowed_redirect_uris.setter
712
- def allowed_redirect_uris(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
713
+ def allowed_redirect_uris(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
713
714
  pulumi.set(self, "allowed_redirect_uris", value)
714
715
 
715
716
  @property
716
717
  @pulumi.getter
717
- def backend(self) -> Optional[pulumi.Input[str]]:
718
+ def backend(self) -> Optional[pulumi.Input[builtins.str]]:
718
719
  """
719
720
  The unique name of the auth backend to configure.
720
721
  Defaults to `jwt`.
@@ -722,12 +723,12 @@ class _AuthBackendRoleState:
722
723
  return pulumi.get(self, "backend")
723
724
 
724
725
  @backend.setter
725
- def backend(self, value: Optional[pulumi.Input[str]]):
726
+ def backend(self, value: Optional[pulumi.Input[builtins.str]]):
726
727
  pulumi.set(self, "backend", value)
727
728
 
728
729
  @property
729
730
  @pulumi.getter(name="boundAudiences")
730
- def bound_audiences(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
731
+ def bound_audiences(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
731
732
  """
732
733
  (Required for roles of type `jwt`, optional for roles of
733
734
  type `oidc`) List of `aud` claims to match against. Any match is sufficient.
@@ -735,12 +736,12 @@ class _AuthBackendRoleState:
735
736
  return pulumi.get(self, "bound_audiences")
736
737
 
737
738
  @bound_audiences.setter
738
- def bound_audiences(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
739
+ def bound_audiences(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
739
740
  pulumi.set(self, "bound_audiences", value)
740
741
 
741
742
  @property
742
743
  @pulumi.getter(name="boundClaims")
743
- def bound_claims(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
744
+ def bound_claims(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
744
745
  """
745
746
  If set, a map of claims to values to match against.
746
747
  A claim's value must be a string, which may contain one value or multiple
@@ -749,12 +750,12 @@ class _AuthBackendRoleState:
749
750
  return pulumi.get(self, "bound_claims")
750
751
 
751
752
  @bound_claims.setter
752
- def bound_claims(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
753
+ def bound_claims(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
753
754
  pulumi.set(self, "bound_claims", value)
754
755
 
755
756
  @property
756
757
  @pulumi.getter(name="boundClaimsType")
757
- def bound_claims_type(self) -> Optional[pulumi.Input[str]]:
758
+ def bound_claims_type(self) -> Optional[pulumi.Input[builtins.str]]:
758
759
  """
759
760
  How to interpret values in the claims/values
760
761
  map (`bound_claims`): can be either `string` (exact match) or `glob` (wildcard
@@ -763,12 +764,12 @@ class _AuthBackendRoleState:
763
764
  return pulumi.get(self, "bound_claims_type")
764
765
 
765
766
  @bound_claims_type.setter
766
- def bound_claims_type(self, value: Optional[pulumi.Input[str]]):
767
+ def bound_claims_type(self, value: Optional[pulumi.Input[builtins.str]]):
767
768
  pulumi.set(self, "bound_claims_type", value)
768
769
 
769
770
  @property
770
771
  @pulumi.getter(name="boundSubject")
771
- def bound_subject(self) -> Optional[pulumi.Input[str]]:
772
+ def bound_subject(self) -> Optional[pulumi.Input[builtins.str]]:
772
773
  """
773
774
  If set, requires that the `sub` claim matches
774
775
  this value.
@@ -776,12 +777,12 @@ class _AuthBackendRoleState:
776
777
  return pulumi.get(self, "bound_subject")
777
778
 
778
779
  @bound_subject.setter
779
- def bound_subject(self, value: Optional[pulumi.Input[str]]):
780
+ def bound_subject(self, value: Optional[pulumi.Input[builtins.str]]):
780
781
  pulumi.set(self, "bound_subject", value)
781
782
 
782
783
  @property
783
784
  @pulumi.getter(name="claimMappings")
784
- def claim_mappings(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
785
+ def claim_mappings(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
785
786
  """
786
787
  If set, a map of claims (keys) to be copied
787
788
  to specified metadata fields (values).
@@ -789,12 +790,12 @@ class _AuthBackendRoleState:
789
790
  return pulumi.get(self, "claim_mappings")
790
791
 
791
792
  @claim_mappings.setter
792
- def claim_mappings(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
793
+ def claim_mappings(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
793
794
  pulumi.set(self, "claim_mappings", value)
794
795
 
795
796
  @property
796
797
  @pulumi.getter(name="clockSkewLeeway")
797
- def clock_skew_leeway(self) -> Optional[pulumi.Input[int]]:
798
+ def clock_skew_leeway(self) -> Optional[pulumi.Input[builtins.int]]:
798
799
  """
799
800
  The amount of leeway to add to all claims to account for clock skew, in
800
801
  seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
@@ -803,24 +804,24 @@ class _AuthBackendRoleState:
803
804
  return pulumi.get(self, "clock_skew_leeway")
804
805
 
805
806
  @clock_skew_leeway.setter
806
- def clock_skew_leeway(self, value: Optional[pulumi.Input[int]]):
807
+ def clock_skew_leeway(self, value: Optional[pulumi.Input[builtins.int]]):
807
808
  pulumi.set(self, "clock_skew_leeway", value)
808
809
 
809
810
  @property
810
811
  @pulumi.getter(name="disableBoundClaimsParsing")
811
- def disable_bound_claims_parsing(self) -> Optional[pulumi.Input[bool]]:
812
+ def disable_bound_claims_parsing(self) -> Optional[pulumi.Input[builtins.bool]]:
812
813
  """
813
814
  Disable bound claim value parsing. Useful when values contain commas.
814
815
  """
815
816
  return pulumi.get(self, "disable_bound_claims_parsing")
816
817
 
817
818
  @disable_bound_claims_parsing.setter
818
- def disable_bound_claims_parsing(self, value: Optional[pulumi.Input[bool]]):
819
+ def disable_bound_claims_parsing(self, value: Optional[pulumi.Input[builtins.bool]]):
819
820
  pulumi.set(self, "disable_bound_claims_parsing", value)
820
821
 
821
822
  @property
822
823
  @pulumi.getter(name="expirationLeeway")
823
- def expiration_leeway(self) -> Optional[pulumi.Input[int]]:
824
+ def expiration_leeway(self) -> Optional[pulumi.Input[builtins.int]]:
824
825
  """
825
826
  The amount of leeway to add to expiration (`exp`) claims to account for
826
827
  clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
@@ -829,12 +830,12 @@ class _AuthBackendRoleState:
829
830
  return pulumi.get(self, "expiration_leeway")
830
831
 
831
832
  @expiration_leeway.setter
832
- def expiration_leeway(self, value: Optional[pulumi.Input[int]]):
833
+ def expiration_leeway(self, value: Optional[pulumi.Input[builtins.int]]):
833
834
  pulumi.set(self, "expiration_leeway", value)
834
835
 
835
836
  @property
836
837
  @pulumi.getter(name="groupsClaim")
837
- def groups_claim(self) -> Optional[pulumi.Input[str]]:
838
+ def groups_claim(self) -> Optional[pulumi.Input[builtins.str]]:
838
839
  """
839
840
  The claim to use to uniquely identify
840
841
  the set of groups to which the user belongs; this will be used as the names
@@ -844,12 +845,12 @@ class _AuthBackendRoleState:
844
845
  return pulumi.get(self, "groups_claim")
845
846
 
846
847
  @groups_claim.setter
847
- def groups_claim(self, value: Optional[pulumi.Input[str]]):
848
+ def groups_claim(self, value: Optional[pulumi.Input[builtins.str]]):
848
849
  pulumi.set(self, "groups_claim", value)
849
850
 
850
851
  @property
851
852
  @pulumi.getter(name="maxAge")
852
- def max_age(self) -> Optional[pulumi.Input[int]]:
853
+ def max_age(self) -> Optional[pulumi.Input[builtins.int]]:
853
854
  """
854
855
  Specifies the allowable elapsed time in seconds since the last time
855
856
  the user was actively authenticated with the OIDC provider.
@@ -857,12 +858,12 @@ class _AuthBackendRoleState:
857
858
  return pulumi.get(self, "max_age")
858
859
 
859
860
  @max_age.setter
860
- def max_age(self, value: Optional[pulumi.Input[int]]):
861
+ def max_age(self, value: Optional[pulumi.Input[builtins.int]]):
861
862
  pulumi.set(self, "max_age", value)
862
863
 
863
864
  @property
864
865
  @pulumi.getter
865
- def namespace(self) -> Optional[pulumi.Input[str]]:
866
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
866
867
  """
867
868
  The namespace to provision the resource in.
868
869
  The value should not contain leading or trailing forward slashes.
@@ -872,12 +873,12 @@ class _AuthBackendRoleState:
872
873
  return pulumi.get(self, "namespace")
873
874
 
874
875
  @namespace.setter
875
- def namespace(self, value: Optional[pulumi.Input[str]]):
876
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
876
877
  pulumi.set(self, "namespace", value)
877
878
 
878
879
  @property
879
880
  @pulumi.getter(name="notBeforeLeeway")
880
- def not_before_leeway(self) -> Optional[pulumi.Input[int]]:
881
+ def not_before_leeway(self) -> Optional[pulumi.Input[builtins.int]]:
881
882
  """
882
883
  The amount of leeway to add to not before (`nbf`) claims to account for
883
884
  clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
@@ -886,12 +887,12 @@ class _AuthBackendRoleState:
886
887
  return pulumi.get(self, "not_before_leeway")
887
888
 
888
889
  @not_before_leeway.setter
889
- def not_before_leeway(self, value: Optional[pulumi.Input[int]]):
890
+ def not_before_leeway(self, value: Optional[pulumi.Input[builtins.int]]):
890
891
  pulumi.set(self, "not_before_leeway", value)
891
892
 
892
893
  @property
893
894
  @pulumi.getter(name="oidcScopes")
894
- def oidc_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
895
+ def oidc_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
895
896
  """
896
897
  If set, a list of OIDC scopes to be used with an OIDC role.
897
898
  The standard scope "openid" is automatically included and need not be specified.
@@ -899,144 +900,144 @@ class _AuthBackendRoleState:
899
900
  return pulumi.get(self, "oidc_scopes")
900
901
 
901
902
  @oidc_scopes.setter
902
- def oidc_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
903
+ def oidc_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
903
904
  pulumi.set(self, "oidc_scopes", value)
904
905
 
905
906
  @property
906
907
  @pulumi.getter(name="roleName")
907
- def role_name(self) -> Optional[pulumi.Input[str]]:
908
+ def role_name(self) -> Optional[pulumi.Input[builtins.str]]:
908
909
  """
909
910
  The name of the role.
910
911
  """
911
912
  return pulumi.get(self, "role_name")
912
913
 
913
914
  @role_name.setter
914
- def role_name(self, value: Optional[pulumi.Input[str]]):
915
+ def role_name(self, value: Optional[pulumi.Input[builtins.str]]):
915
916
  pulumi.set(self, "role_name", value)
916
917
 
917
918
  @property
918
919
  @pulumi.getter(name="roleType")
919
- def role_type(self) -> Optional[pulumi.Input[str]]:
920
+ def role_type(self) -> Optional[pulumi.Input[builtins.str]]:
920
921
  """
921
922
  Type of role, either "oidc" (default) or "jwt".
922
923
  """
923
924
  return pulumi.get(self, "role_type")
924
925
 
925
926
  @role_type.setter
926
- def role_type(self, value: Optional[pulumi.Input[str]]):
927
+ def role_type(self, value: Optional[pulumi.Input[builtins.str]]):
927
928
  pulumi.set(self, "role_type", value)
928
929
 
929
930
  @property
930
931
  @pulumi.getter(name="tokenBoundCidrs")
931
- def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
932
+ def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
932
933
  """
933
934
  Specifies the blocks of IP addresses which are allowed to use the generated token
934
935
  """
935
936
  return pulumi.get(self, "token_bound_cidrs")
936
937
 
937
938
  @token_bound_cidrs.setter
938
- def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
939
+ def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
939
940
  pulumi.set(self, "token_bound_cidrs", value)
940
941
 
941
942
  @property
942
943
  @pulumi.getter(name="tokenExplicitMaxTtl")
943
- def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
944
+ def token_explicit_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
944
945
  """
945
946
  Generated Token's Explicit Maximum TTL in seconds
946
947
  """
947
948
  return pulumi.get(self, "token_explicit_max_ttl")
948
949
 
949
950
  @token_explicit_max_ttl.setter
950
- def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
951
+ def token_explicit_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
951
952
  pulumi.set(self, "token_explicit_max_ttl", value)
952
953
 
953
954
  @property
954
955
  @pulumi.getter(name="tokenMaxTtl")
955
- def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
956
+ def token_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
956
957
  """
957
958
  The maximum lifetime of the generated token
958
959
  """
959
960
  return pulumi.get(self, "token_max_ttl")
960
961
 
961
962
  @token_max_ttl.setter
962
- def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
963
+ def token_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
963
964
  pulumi.set(self, "token_max_ttl", value)
964
965
 
965
966
  @property
966
967
  @pulumi.getter(name="tokenNoDefaultPolicy")
967
- def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
968
+ def token_no_default_policy(self) -> Optional[pulumi.Input[builtins.bool]]:
968
969
  """
969
970
  If true, the 'default' policy will not automatically be added to generated tokens
970
971
  """
971
972
  return pulumi.get(self, "token_no_default_policy")
972
973
 
973
974
  @token_no_default_policy.setter
974
- def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
975
+ def token_no_default_policy(self, value: Optional[pulumi.Input[builtins.bool]]):
975
976
  pulumi.set(self, "token_no_default_policy", value)
976
977
 
977
978
  @property
978
979
  @pulumi.getter(name="tokenNumUses")
979
- def token_num_uses(self) -> Optional[pulumi.Input[int]]:
980
+ def token_num_uses(self) -> Optional[pulumi.Input[builtins.int]]:
980
981
  """
981
982
  The maximum number of times a token may be used, a value of zero means unlimited
982
983
  """
983
984
  return pulumi.get(self, "token_num_uses")
984
985
 
985
986
  @token_num_uses.setter
986
- def token_num_uses(self, value: Optional[pulumi.Input[int]]):
987
+ def token_num_uses(self, value: Optional[pulumi.Input[builtins.int]]):
987
988
  pulumi.set(self, "token_num_uses", value)
988
989
 
989
990
  @property
990
991
  @pulumi.getter(name="tokenPeriod")
991
- def token_period(self) -> Optional[pulumi.Input[int]]:
992
+ def token_period(self) -> Optional[pulumi.Input[builtins.int]]:
992
993
  """
993
994
  Generated Token's Period
994
995
  """
995
996
  return pulumi.get(self, "token_period")
996
997
 
997
998
  @token_period.setter
998
- def token_period(self, value: Optional[pulumi.Input[int]]):
999
+ def token_period(self, value: Optional[pulumi.Input[builtins.int]]):
999
1000
  pulumi.set(self, "token_period", value)
1000
1001
 
1001
1002
  @property
1002
1003
  @pulumi.getter(name="tokenPolicies")
1003
- def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1004
+ def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1004
1005
  """
1005
1006
  Generated Token's Policies
1006
1007
  """
1007
1008
  return pulumi.get(self, "token_policies")
1008
1009
 
1009
1010
  @token_policies.setter
1010
- def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1011
+ def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1011
1012
  pulumi.set(self, "token_policies", value)
1012
1013
 
1013
1014
  @property
1014
1015
  @pulumi.getter(name="tokenTtl")
1015
- def token_ttl(self) -> Optional[pulumi.Input[int]]:
1016
+ def token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
1016
1017
  """
1017
1018
  The initial ttl of the token to generate in seconds
1018
1019
  """
1019
1020
  return pulumi.get(self, "token_ttl")
1020
1021
 
1021
1022
  @token_ttl.setter
1022
- def token_ttl(self, value: Optional[pulumi.Input[int]]):
1023
+ def token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
1023
1024
  pulumi.set(self, "token_ttl", value)
1024
1025
 
1025
1026
  @property
1026
1027
  @pulumi.getter(name="tokenType")
1027
- def token_type(self) -> Optional[pulumi.Input[str]]:
1028
+ def token_type(self) -> Optional[pulumi.Input[builtins.str]]:
1028
1029
  """
1029
1030
  The type of token to generate, service or batch
1030
1031
  """
1031
1032
  return pulumi.get(self, "token_type")
1032
1033
 
1033
1034
  @token_type.setter
1034
- def token_type(self, value: Optional[pulumi.Input[str]]):
1035
+ def token_type(self, value: Optional[pulumi.Input[builtins.str]]):
1035
1036
  pulumi.set(self, "token_type", value)
1036
1037
 
1037
1038
  @property
1038
1039
  @pulumi.getter(name="userClaim")
1039
- def user_claim(self) -> Optional[pulumi.Input[str]]:
1040
+ def user_claim(self) -> Optional[pulumi.Input[builtins.str]]:
1040
1041
  """
1041
1042
  The claim to use to uniquely identify
1042
1043
  the user; this will be used as the name for the Identity entity alias created
@@ -1045,12 +1046,12 @@ class _AuthBackendRoleState:
1045
1046
  return pulumi.get(self, "user_claim")
1046
1047
 
1047
1048
  @user_claim.setter
1048
- def user_claim(self, value: Optional[pulumi.Input[str]]):
1049
+ def user_claim(self, value: Optional[pulumi.Input[builtins.str]]):
1049
1050
  pulumi.set(self, "user_claim", value)
1050
1051
 
1051
1052
  @property
1052
1053
  @pulumi.getter(name="userClaimJsonPointer")
1053
- def user_claim_json_pointer(self) -> Optional[pulumi.Input[bool]]:
1054
+ def user_claim_json_pointer(self) -> Optional[pulumi.Input[builtins.bool]]:
1054
1055
  """
1055
1056
  Specifies if the `user_claim` value uses
1056
1057
  [JSON pointer](https://www.vaultproject.io/docs/auth/jwt#claim-specifications-and-json-pointer)
@@ -1060,12 +1061,12 @@ class _AuthBackendRoleState:
1060
1061
  return pulumi.get(self, "user_claim_json_pointer")
1061
1062
 
1062
1063
  @user_claim_json_pointer.setter
1063
- def user_claim_json_pointer(self, value: Optional[pulumi.Input[bool]]):
1064
+ def user_claim_json_pointer(self, value: Optional[pulumi.Input[builtins.bool]]):
1064
1065
  pulumi.set(self, "user_claim_json_pointer", value)
1065
1066
 
1066
1067
  @property
1067
1068
  @pulumi.getter(name="verboseOidcLogging")
1068
- def verbose_oidc_logging(self) -> Optional[pulumi.Input[bool]]:
1069
+ def verbose_oidc_logging(self) -> Optional[pulumi.Input[builtins.bool]]:
1069
1070
  """
1070
1071
  Log received OIDC tokens and claims when debug-level
1071
1072
  logging is active. Not recommended in production since sensitive information may be present
@@ -1074,7 +1075,7 @@ class _AuthBackendRoleState:
1074
1075
  return pulumi.get(self, "verbose_oidc_logging")
1075
1076
 
1076
1077
  @verbose_oidc_logging.setter
1077
- def verbose_oidc_logging(self, value: Optional[pulumi.Input[bool]]):
1078
+ def verbose_oidc_logging(self, value: Optional[pulumi.Input[builtins.bool]]):
1078
1079
  pulumi.set(self, "verbose_oidc_logging", value)
1079
1080
 
1080
1081
 
@@ -1083,35 +1084,35 @@ class AuthBackendRole(pulumi.CustomResource):
1083
1084
  def __init__(__self__,
1084
1085
  resource_name: str,
1085
1086
  opts: Optional[pulumi.ResourceOptions] = None,
1086
- allowed_redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1087
- backend: Optional[pulumi.Input[str]] = None,
1088
- bound_audiences: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1089
- bound_claims: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1090
- bound_claims_type: Optional[pulumi.Input[str]] = None,
1091
- bound_subject: Optional[pulumi.Input[str]] = None,
1092
- claim_mappings: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1093
- clock_skew_leeway: Optional[pulumi.Input[int]] = None,
1094
- disable_bound_claims_parsing: Optional[pulumi.Input[bool]] = None,
1095
- expiration_leeway: Optional[pulumi.Input[int]] = None,
1096
- groups_claim: Optional[pulumi.Input[str]] = None,
1097
- max_age: Optional[pulumi.Input[int]] = None,
1098
- namespace: Optional[pulumi.Input[str]] = None,
1099
- not_before_leeway: Optional[pulumi.Input[int]] = None,
1100
- oidc_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1101
- role_name: Optional[pulumi.Input[str]] = None,
1102
- role_type: Optional[pulumi.Input[str]] = None,
1103
- token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1104
- token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
1105
- token_max_ttl: Optional[pulumi.Input[int]] = None,
1106
- token_no_default_policy: Optional[pulumi.Input[bool]] = None,
1107
- token_num_uses: Optional[pulumi.Input[int]] = None,
1108
- token_period: Optional[pulumi.Input[int]] = None,
1109
- token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1110
- token_ttl: Optional[pulumi.Input[int]] = None,
1111
- token_type: Optional[pulumi.Input[str]] = None,
1112
- user_claim: Optional[pulumi.Input[str]] = None,
1113
- user_claim_json_pointer: Optional[pulumi.Input[bool]] = None,
1114
- verbose_oidc_logging: Optional[pulumi.Input[bool]] = None,
1087
+ allowed_redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1088
+ backend: Optional[pulumi.Input[builtins.str]] = None,
1089
+ bound_audiences: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1090
+ bound_claims: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
1091
+ bound_claims_type: Optional[pulumi.Input[builtins.str]] = None,
1092
+ bound_subject: Optional[pulumi.Input[builtins.str]] = None,
1093
+ claim_mappings: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
1094
+ clock_skew_leeway: Optional[pulumi.Input[builtins.int]] = None,
1095
+ disable_bound_claims_parsing: Optional[pulumi.Input[builtins.bool]] = None,
1096
+ expiration_leeway: Optional[pulumi.Input[builtins.int]] = None,
1097
+ groups_claim: Optional[pulumi.Input[builtins.str]] = None,
1098
+ max_age: Optional[pulumi.Input[builtins.int]] = None,
1099
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
1100
+ not_before_leeway: Optional[pulumi.Input[builtins.int]] = None,
1101
+ oidc_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1102
+ role_name: Optional[pulumi.Input[builtins.str]] = None,
1103
+ role_type: Optional[pulumi.Input[builtins.str]] = None,
1104
+ token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1105
+ token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
1106
+ token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
1107
+ token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
1108
+ token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
1109
+ token_period: Optional[pulumi.Input[builtins.int]] = None,
1110
+ token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1111
+ token_ttl: Optional[pulumi.Input[builtins.int]] = None,
1112
+ token_type: Optional[pulumi.Input[builtins.str]] = None,
1113
+ user_claim: Optional[pulumi.Input[builtins.str]] = None,
1114
+ user_claim_json_pointer: Optional[pulumi.Input[builtins.bool]] = None,
1115
+ verbose_oidc_logging: Optional[pulumi.Input[builtins.bool]] = None,
1115
1116
  __props__=None):
1116
1117
  """
1117
1118
  Manages an JWT/OIDC auth backend role in a Vault server. See the [Vault
@@ -1175,63 +1176,63 @@ class AuthBackendRole(pulumi.CustomResource):
1175
1176
 
1176
1177
  :param str resource_name: The name of the resource.
1177
1178
  :param pulumi.ResourceOptions opts: Options for the resource.
1178
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_redirect_uris: The list of allowed values for redirect_uri during OIDC logins.
1179
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_redirect_uris: The list of allowed values for redirect_uri during OIDC logins.
1179
1180
  Required for OIDC roles
1180
- :param pulumi.Input[str] backend: The unique name of the auth backend to configure.
1181
+ :param pulumi.Input[builtins.str] backend: The unique name of the auth backend to configure.
1181
1182
  Defaults to `jwt`.
1182
- :param pulumi.Input[Sequence[pulumi.Input[str]]] bound_audiences: (Required for roles of type `jwt`, optional for roles of
1183
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_audiences: (Required for roles of type `jwt`, optional for roles of
1183
1184
  type `oidc`) List of `aud` claims to match against. Any match is sufficient.
1184
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_claims: If set, a map of claims to values to match against.
1185
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] bound_claims: If set, a map of claims to values to match against.
1185
1186
  A claim's value must be a string, which may contain one value or multiple
1186
1187
  comma-separated values, e.g. `"red"` or `"red,green,blue"`.
1187
- :param pulumi.Input[str] bound_claims_type: How to interpret values in the claims/values
1188
+ :param pulumi.Input[builtins.str] bound_claims_type: How to interpret values in the claims/values
1188
1189
  map (`bound_claims`): can be either `string` (exact match) or `glob` (wildcard
1189
1190
  match). Requires Vault 1.4.0 or above.
1190
- :param pulumi.Input[str] bound_subject: If set, requires that the `sub` claim matches
1191
+ :param pulumi.Input[builtins.str] bound_subject: If set, requires that the `sub` claim matches
1191
1192
  this value.
1192
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] claim_mappings: If set, a map of claims (keys) to be copied
1193
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] claim_mappings: If set, a map of claims (keys) to be copied
1193
1194
  to specified metadata fields (values).
1194
- :param pulumi.Input[int] clock_skew_leeway: The amount of leeway to add to all claims to account for clock skew, in
1195
+ :param pulumi.Input[builtins.int] clock_skew_leeway: The amount of leeway to add to all claims to account for clock skew, in
1195
1196
  seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
1196
1197
  Only applicable with "jwt" roles.
1197
- :param pulumi.Input[bool] disable_bound_claims_parsing: Disable bound claim value parsing. Useful when values contain commas.
1198
- :param pulumi.Input[int] expiration_leeway: The amount of leeway to add to expiration (`exp`) claims to account for
1198
+ :param pulumi.Input[builtins.bool] disable_bound_claims_parsing: Disable bound claim value parsing. Useful when values contain commas.
1199
+ :param pulumi.Input[builtins.int] expiration_leeway: The amount of leeway to add to expiration (`exp`) claims to account for
1199
1200
  clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
1200
1201
  Only applicable with "jwt" roles.
1201
- :param pulumi.Input[str] groups_claim: The claim to use to uniquely identify
1202
+ :param pulumi.Input[builtins.str] groups_claim: The claim to use to uniquely identify
1202
1203
  the set of groups to which the user belongs; this will be used as the names
1203
1204
  for the Identity group aliases created due to a successful login. The claim
1204
1205
  value must be a list of strings.
1205
- :param pulumi.Input[int] max_age: Specifies the allowable elapsed time in seconds since the last time
1206
+ :param pulumi.Input[builtins.int] max_age: Specifies the allowable elapsed time in seconds since the last time
1206
1207
  the user was actively authenticated with the OIDC provider.
1207
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1208
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
1208
1209
  The value should not contain leading or trailing forward slashes.
1209
1210
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1210
1211
  *Available only for Vault Enterprise*.
1211
- :param pulumi.Input[int] not_before_leeway: The amount of leeway to add to not before (`nbf`) claims to account for
1212
+ :param pulumi.Input[builtins.int] not_before_leeway: The amount of leeway to add to not before (`nbf`) claims to account for
1212
1213
  clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
1213
1214
  Only applicable with "jwt" roles.
1214
- :param pulumi.Input[Sequence[pulumi.Input[str]]] oidc_scopes: If set, a list of OIDC scopes to be used with an OIDC role.
1215
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] oidc_scopes: If set, a list of OIDC scopes to be used with an OIDC role.
1215
1216
  The standard scope "openid" is automatically included and need not be specified.
1216
- :param pulumi.Input[str] role_name: The name of the role.
1217
- :param pulumi.Input[str] role_type: Type of role, either "oidc" (default) or "jwt".
1218
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
1219
- :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
1220
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
1221
- :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
1222
- :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
1223
- :param pulumi.Input[int] token_period: Generated Token's Period
1224
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
1225
- :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
1226
- :param pulumi.Input[str] token_type: The type of token to generate, service or batch
1227
- :param pulumi.Input[str] user_claim: The claim to use to uniquely identify
1217
+ :param pulumi.Input[builtins.str] role_name: The name of the role.
1218
+ :param pulumi.Input[builtins.str] role_type: Type of role, either "oidc" (default) or "jwt".
1219
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
1220
+ :param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
1221
+ :param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
1222
+ :param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
1223
+ :param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
1224
+ :param pulumi.Input[builtins.int] token_period: Generated Token's Period
1225
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
1226
+ :param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
1227
+ :param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
1228
+ :param pulumi.Input[builtins.str] user_claim: The claim to use to uniquely identify
1228
1229
  the user; this will be used as the name for the Identity entity alias created
1229
1230
  due to a successful login.
1230
- :param pulumi.Input[bool] user_claim_json_pointer: Specifies if the `user_claim` value uses
1231
+ :param pulumi.Input[builtins.bool] user_claim_json_pointer: Specifies if the `user_claim` value uses
1231
1232
  [JSON pointer](https://www.vaultproject.io/docs/auth/jwt#claim-specifications-and-json-pointer)
1232
1233
  syntax for referencing claims. By default, the `user_claim` value will not use JSON pointer.
1233
1234
  Requires Vault 1.11+.
1234
- :param pulumi.Input[bool] verbose_oidc_logging: Log received OIDC tokens and claims when debug-level
1235
+ :param pulumi.Input[builtins.bool] verbose_oidc_logging: Log received OIDC tokens and claims when debug-level
1235
1236
  logging is active. Not recommended in production since sensitive information may be present
1236
1237
  in OIDC responses.
1237
1238
  """
@@ -1316,35 +1317,35 @@ class AuthBackendRole(pulumi.CustomResource):
1316
1317
  def _internal_init(__self__,
1317
1318
  resource_name: str,
1318
1319
  opts: Optional[pulumi.ResourceOptions] = None,
1319
- allowed_redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1320
- backend: Optional[pulumi.Input[str]] = None,
1321
- bound_audiences: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1322
- bound_claims: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1323
- bound_claims_type: Optional[pulumi.Input[str]] = None,
1324
- bound_subject: Optional[pulumi.Input[str]] = None,
1325
- claim_mappings: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1326
- clock_skew_leeway: Optional[pulumi.Input[int]] = None,
1327
- disable_bound_claims_parsing: Optional[pulumi.Input[bool]] = None,
1328
- expiration_leeway: Optional[pulumi.Input[int]] = None,
1329
- groups_claim: Optional[pulumi.Input[str]] = None,
1330
- max_age: Optional[pulumi.Input[int]] = None,
1331
- namespace: Optional[pulumi.Input[str]] = None,
1332
- not_before_leeway: Optional[pulumi.Input[int]] = None,
1333
- oidc_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1334
- role_name: Optional[pulumi.Input[str]] = None,
1335
- role_type: Optional[pulumi.Input[str]] = None,
1336
- token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1337
- token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
1338
- token_max_ttl: Optional[pulumi.Input[int]] = None,
1339
- token_no_default_policy: Optional[pulumi.Input[bool]] = None,
1340
- token_num_uses: Optional[pulumi.Input[int]] = None,
1341
- token_period: Optional[pulumi.Input[int]] = None,
1342
- token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1343
- token_ttl: Optional[pulumi.Input[int]] = None,
1344
- token_type: Optional[pulumi.Input[str]] = None,
1345
- user_claim: Optional[pulumi.Input[str]] = None,
1346
- user_claim_json_pointer: Optional[pulumi.Input[bool]] = None,
1347
- verbose_oidc_logging: Optional[pulumi.Input[bool]] = None,
1320
+ allowed_redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1321
+ backend: Optional[pulumi.Input[builtins.str]] = None,
1322
+ bound_audiences: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1323
+ bound_claims: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
1324
+ bound_claims_type: Optional[pulumi.Input[builtins.str]] = None,
1325
+ bound_subject: Optional[pulumi.Input[builtins.str]] = None,
1326
+ claim_mappings: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
1327
+ clock_skew_leeway: Optional[pulumi.Input[builtins.int]] = None,
1328
+ disable_bound_claims_parsing: Optional[pulumi.Input[builtins.bool]] = None,
1329
+ expiration_leeway: Optional[pulumi.Input[builtins.int]] = None,
1330
+ groups_claim: Optional[pulumi.Input[builtins.str]] = None,
1331
+ max_age: Optional[pulumi.Input[builtins.int]] = None,
1332
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
1333
+ not_before_leeway: Optional[pulumi.Input[builtins.int]] = None,
1334
+ oidc_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1335
+ role_name: Optional[pulumi.Input[builtins.str]] = None,
1336
+ role_type: Optional[pulumi.Input[builtins.str]] = None,
1337
+ token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1338
+ token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
1339
+ token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
1340
+ token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
1341
+ token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
1342
+ token_period: Optional[pulumi.Input[builtins.int]] = None,
1343
+ token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1344
+ token_ttl: Optional[pulumi.Input[builtins.int]] = None,
1345
+ token_type: Optional[pulumi.Input[builtins.str]] = None,
1346
+ user_claim: Optional[pulumi.Input[builtins.str]] = None,
1347
+ user_claim_json_pointer: Optional[pulumi.Input[builtins.bool]] = None,
1348
+ verbose_oidc_logging: Optional[pulumi.Input[builtins.bool]] = None,
1348
1349
  __props__=None):
1349
1350
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
1350
1351
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -1397,35 +1398,35 @@ class AuthBackendRole(pulumi.CustomResource):
1397
1398
  def get(resource_name: str,
1398
1399
  id: pulumi.Input[str],
1399
1400
  opts: Optional[pulumi.ResourceOptions] = None,
1400
- allowed_redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1401
- backend: Optional[pulumi.Input[str]] = None,
1402
- bound_audiences: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1403
- bound_claims: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1404
- bound_claims_type: Optional[pulumi.Input[str]] = None,
1405
- bound_subject: Optional[pulumi.Input[str]] = None,
1406
- claim_mappings: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1407
- clock_skew_leeway: Optional[pulumi.Input[int]] = None,
1408
- disable_bound_claims_parsing: Optional[pulumi.Input[bool]] = None,
1409
- expiration_leeway: Optional[pulumi.Input[int]] = None,
1410
- groups_claim: Optional[pulumi.Input[str]] = None,
1411
- max_age: Optional[pulumi.Input[int]] = None,
1412
- namespace: Optional[pulumi.Input[str]] = None,
1413
- not_before_leeway: Optional[pulumi.Input[int]] = None,
1414
- oidc_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1415
- role_name: Optional[pulumi.Input[str]] = None,
1416
- role_type: Optional[pulumi.Input[str]] = None,
1417
- token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1418
- token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
1419
- token_max_ttl: Optional[pulumi.Input[int]] = None,
1420
- token_no_default_policy: Optional[pulumi.Input[bool]] = None,
1421
- token_num_uses: Optional[pulumi.Input[int]] = None,
1422
- token_period: Optional[pulumi.Input[int]] = None,
1423
- token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1424
- token_ttl: Optional[pulumi.Input[int]] = None,
1425
- token_type: Optional[pulumi.Input[str]] = None,
1426
- user_claim: Optional[pulumi.Input[str]] = None,
1427
- user_claim_json_pointer: Optional[pulumi.Input[bool]] = None,
1428
- verbose_oidc_logging: Optional[pulumi.Input[bool]] = None) -> 'AuthBackendRole':
1401
+ allowed_redirect_uris: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1402
+ backend: Optional[pulumi.Input[builtins.str]] = None,
1403
+ bound_audiences: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1404
+ bound_claims: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
1405
+ bound_claims_type: Optional[pulumi.Input[builtins.str]] = None,
1406
+ bound_subject: Optional[pulumi.Input[builtins.str]] = None,
1407
+ claim_mappings: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
1408
+ clock_skew_leeway: Optional[pulumi.Input[builtins.int]] = None,
1409
+ disable_bound_claims_parsing: Optional[pulumi.Input[builtins.bool]] = None,
1410
+ expiration_leeway: Optional[pulumi.Input[builtins.int]] = None,
1411
+ groups_claim: Optional[pulumi.Input[builtins.str]] = None,
1412
+ max_age: Optional[pulumi.Input[builtins.int]] = None,
1413
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
1414
+ not_before_leeway: Optional[pulumi.Input[builtins.int]] = None,
1415
+ oidc_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1416
+ role_name: Optional[pulumi.Input[builtins.str]] = None,
1417
+ role_type: Optional[pulumi.Input[builtins.str]] = None,
1418
+ token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1419
+ token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
1420
+ token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
1421
+ token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
1422
+ token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
1423
+ token_period: Optional[pulumi.Input[builtins.int]] = None,
1424
+ token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1425
+ token_ttl: Optional[pulumi.Input[builtins.int]] = None,
1426
+ token_type: Optional[pulumi.Input[builtins.str]] = None,
1427
+ user_claim: Optional[pulumi.Input[builtins.str]] = None,
1428
+ user_claim_json_pointer: Optional[pulumi.Input[builtins.bool]] = None,
1429
+ verbose_oidc_logging: Optional[pulumi.Input[builtins.bool]] = None) -> 'AuthBackendRole':
1429
1430
  """
1430
1431
  Get an existing AuthBackendRole resource's state with the given name, id, and optional extra
1431
1432
  properties used to qualify the lookup.
@@ -1433,63 +1434,63 @@ class AuthBackendRole(pulumi.CustomResource):
1433
1434
  :param str resource_name: The unique name of the resulting resource.
1434
1435
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
1435
1436
  :param pulumi.ResourceOptions opts: Options for the resource.
1436
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_redirect_uris: The list of allowed values for redirect_uri during OIDC logins.
1437
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_redirect_uris: The list of allowed values for redirect_uri during OIDC logins.
1437
1438
  Required for OIDC roles
1438
- :param pulumi.Input[str] backend: The unique name of the auth backend to configure.
1439
+ :param pulumi.Input[builtins.str] backend: The unique name of the auth backend to configure.
1439
1440
  Defaults to `jwt`.
1440
- :param pulumi.Input[Sequence[pulumi.Input[str]]] bound_audiences: (Required for roles of type `jwt`, optional for roles of
1441
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] bound_audiences: (Required for roles of type `jwt`, optional for roles of
1441
1442
  type `oidc`) List of `aud` claims to match against. Any match is sufficient.
1442
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] bound_claims: If set, a map of claims to values to match against.
1443
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] bound_claims: If set, a map of claims to values to match against.
1443
1444
  A claim's value must be a string, which may contain one value or multiple
1444
1445
  comma-separated values, e.g. `"red"` or `"red,green,blue"`.
1445
- :param pulumi.Input[str] bound_claims_type: How to interpret values in the claims/values
1446
+ :param pulumi.Input[builtins.str] bound_claims_type: How to interpret values in the claims/values
1446
1447
  map (`bound_claims`): can be either `string` (exact match) or `glob` (wildcard
1447
1448
  match). Requires Vault 1.4.0 or above.
1448
- :param pulumi.Input[str] bound_subject: If set, requires that the `sub` claim matches
1449
+ :param pulumi.Input[builtins.str] bound_subject: If set, requires that the `sub` claim matches
1449
1450
  this value.
1450
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] claim_mappings: If set, a map of claims (keys) to be copied
1451
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] claim_mappings: If set, a map of claims (keys) to be copied
1451
1452
  to specified metadata fields (values).
1452
- :param pulumi.Input[int] clock_skew_leeway: The amount of leeway to add to all claims to account for clock skew, in
1453
+ :param pulumi.Input[builtins.int] clock_skew_leeway: The amount of leeway to add to all claims to account for clock skew, in
1453
1454
  seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
1454
1455
  Only applicable with "jwt" roles.
1455
- :param pulumi.Input[bool] disable_bound_claims_parsing: Disable bound claim value parsing. Useful when values contain commas.
1456
- :param pulumi.Input[int] expiration_leeway: The amount of leeway to add to expiration (`exp`) claims to account for
1456
+ :param pulumi.Input[builtins.bool] disable_bound_claims_parsing: Disable bound claim value parsing. Useful when values contain commas.
1457
+ :param pulumi.Input[builtins.int] expiration_leeway: The amount of leeway to add to expiration (`exp`) claims to account for
1457
1458
  clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
1458
1459
  Only applicable with "jwt" roles.
1459
- :param pulumi.Input[str] groups_claim: The claim to use to uniquely identify
1460
+ :param pulumi.Input[builtins.str] groups_claim: The claim to use to uniquely identify
1460
1461
  the set of groups to which the user belongs; this will be used as the names
1461
1462
  for the Identity group aliases created due to a successful login. The claim
1462
1463
  value must be a list of strings.
1463
- :param pulumi.Input[int] max_age: Specifies the allowable elapsed time in seconds since the last time
1464
+ :param pulumi.Input[builtins.int] max_age: Specifies the allowable elapsed time in seconds since the last time
1464
1465
  the user was actively authenticated with the OIDC provider.
1465
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1466
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
1466
1467
  The value should not contain leading or trailing forward slashes.
1467
1468
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1468
1469
  *Available only for Vault Enterprise*.
1469
- :param pulumi.Input[int] not_before_leeway: The amount of leeway to add to not before (`nbf`) claims to account for
1470
+ :param pulumi.Input[builtins.int] not_before_leeway: The amount of leeway to add to not before (`nbf`) claims to account for
1470
1471
  clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
1471
1472
  Only applicable with "jwt" roles.
1472
- :param pulumi.Input[Sequence[pulumi.Input[str]]] oidc_scopes: If set, a list of OIDC scopes to be used with an OIDC role.
1473
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] oidc_scopes: If set, a list of OIDC scopes to be used with an OIDC role.
1473
1474
  The standard scope "openid" is automatically included and need not be specified.
1474
- :param pulumi.Input[str] role_name: The name of the role.
1475
- :param pulumi.Input[str] role_type: Type of role, either "oidc" (default) or "jwt".
1476
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
1477
- :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
1478
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
1479
- :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
1480
- :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
1481
- :param pulumi.Input[int] token_period: Generated Token's Period
1482
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
1483
- :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
1484
- :param pulumi.Input[str] token_type: The type of token to generate, service or batch
1485
- :param pulumi.Input[str] user_claim: The claim to use to uniquely identify
1475
+ :param pulumi.Input[builtins.str] role_name: The name of the role.
1476
+ :param pulumi.Input[builtins.str] role_type: Type of role, either "oidc" (default) or "jwt".
1477
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
1478
+ :param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
1479
+ :param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
1480
+ :param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
1481
+ :param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
1482
+ :param pulumi.Input[builtins.int] token_period: Generated Token's Period
1483
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
1484
+ :param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
1485
+ :param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
1486
+ :param pulumi.Input[builtins.str] user_claim: The claim to use to uniquely identify
1486
1487
  the user; this will be used as the name for the Identity entity alias created
1487
1488
  due to a successful login.
1488
- :param pulumi.Input[bool] user_claim_json_pointer: Specifies if the `user_claim` value uses
1489
+ :param pulumi.Input[builtins.bool] user_claim_json_pointer: Specifies if the `user_claim` value uses
1489
1490
  [JSON pointer](https://www.vaultproject.io/docs/auth/jwt#claim-specifications-and-json-pointer)
1490
1491
  syntax for referencing claims. By default, the `user_claim` value will not use JSON pointer.
1491
1492
  Requires Vault 1.11+.
1492
- :param pulumi.Input[bool] verbose_oidc_logging: Log received OIDC tokens and claims when debug-level
1493
+ :param pulumi.Input[builtins.bool] verbose_oidc_logging: Log received OIDC tokens and claims when debug-level
1493
1494
  logging is active. Not recommended in production since sensitive information may be present
1494
1495
  in OIDC responses.
1495
1496
  """
@@ -1530,7 +1531,7 @@ class AuthBackendRole(pulumi.CustomResource):
1530
1531
 
1531
1532
  @property
1532
1533
  @pulumi.getter(name="allowedRedirectUris")
1533
- def allowed_redirect_uris(self) -> pulumi.Output[Optional[Sequence[str]]]:
1534
+ def allowed_redirect_uris(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1534
1535
  """
1535
1536
  The list of allowed values for redirect_uri during OIDC logins.
1536
1537
  Required for OIDC roles
@@ -1539,7 +1540,7 @@ class AuthBackendRole(pulumi.CustomResource):
1539
1540
 
1540
1541
  @property
1541
1542
  @pulumi.getter
1542
- def backend(self) -> pulumi.Output[Optional[str]]:
1543
+ def backend(self) -> pulumi.Output[Optional[builtins.str]]:
1543
1544
  """
1544
1545
  The unique name of the auth backend to configure.
1545
1546
  Defaults to `jwt`.
@@ -1548,7 +1549,7 @@ class AuthBackendRole(pulumi.CustomResource):
1548
1549
 
1549
1550
  @property
1550
1551
  @pulumi.getter(name="boundAudiences")
1551
- def bound_audiences(self) -> pulumi.Output[Optional[Sequence[str]]]:
1552
+ def bound_audiences(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1552
1553
  """
1553
1554
  (Required for roles of type `jwt`, optional for roles of
1554
1555
  type `oidc`) List of `aud` claims to match against. Any match is sufficient.
@@ -1557,7 +1558,7 @@ class AuthBackendRole(pulumi.CustomResource):
1557
1558
 
1558
1559
  @property
1559
1560
  @pulumi.getter(name="boundClaims")
1560
- def bound_claims(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
1561
+ def bound_claims(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
1561
1562
  """
1562
1563
  If set, a map of claims to values to match against.
1563
1564
  A claim's value must be a string, which may contain one value or multiple
@@ -1567,7 +1568,7 @@ class AuthBackendRole(pulumi.CustomResource):
1567
1568
 
1568
1569
  @property
1569
1570
  @pulumi.getter(name="boundClaimsType")
1570
- def bound_claims_type(self) -> pulumi.Output[str]:
1571
+ def bound_claims_type(self) -> pulumi.Output[builtins.str]:
1571
1572
  """
1572
1573
  How to interpret values in the claims/values
1573
1574
  map (`bound_claims`): can be either `string` (exact match) or `glob` (wildcard
@@ -1577,7 +1578,7 @@ class AuthBackendRole(pulumi.CustomResource):
1577
1578
 
1578
1579
  @property
1579
1580
  @pulumi.getter(name="boundSubject")
1580
- def bound_subject(self) -> pulumi.Output[Optional[str]]:
1581
+ def bound_subject(self) -> pulumi.Output[Optional[builtins.str]]:
1581
1582
  """
1582
1583
  If set, requires that the `sub` claim matches
1583
1584
  this value.
@@ -1586,7 +1587,7 @@ class AuthBackendRole(pulumi.CustomResource):
1586
1587
 
1587
1588
  @property
1588
1589
  @pulumi.getter(name="claimMappings")
1589
- def claim_mappings(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
1590
+ def claim_mappings(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
1590
1591
  """
1591
1592
  If set, a map of claims (keys) to be copied
1592
1593
  to specified metadata fields (values).
@@ -1595,7 +1596,7 @@ class AuthBackendRole(pulumi.CustomResource):
1595
1596
 
1596
1597
  @property
1597
1598
  @pulumi.getter(name="clockSkewLeeway")
1598
- def clock_skew_leeway(self) -> pulumi.Output[Optional[int]]:
1599
+ def clock_skew_leeway(self) -> pulumi.Output[Optional[builtins.int]]:
1599
1600
  """
1600
1601
  The amount of leeway to add to all claims to account for clock skew, in
1601
1602
  seconds. Defaults to `60` seconds if set to `0` and can be disabled if set to `-1`.
@@ -1605,7 +1606,7 @@ class AuthBackendRole(pulumi.CustomResource):
1605
1606
 
1606
1607
  @property
1607
1608
  @pulumi.getter(name="disableBoundClaimsParsing")
1608
- def disable_bound_claims_parsing(self) -> pulumi.Output[Optional[bool]]:
1609
+ def disable_bound_claims_parsing(self) -> pulumi.Output[Optional[builtins.bool]]:
1609
1610
  """
1610
1611
  Disable bound claim value parsing. Useful when values contain commas.
1611
1612
  """
@@ -1613,7 +1614,7 @@ class AuthBackendRole(pulumi.CustomResource):
1613
1614
 
1614
1615
  @property
1615
1616
  @pulumi.getter(name="expirationLeeway")
1616
- def expiration_leeway(self) -> pulumi.Output[Optional[int]]:
1617
+ def expiration_leeway(self) -> pulumi.Output[Optional[builtins.int]]:
1617
1618
  """
1618
1619
  The amount of leeway to add to expiration (`exp`) claims to account for
1619
1620
  clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
@@ -1623,7 +1624,7 @@ class AuthBackendRole(pulumi.CustomResource):
1623
1624
 
1624
1625
  @property
1625
1626
  @pulumi.getter(name="groupsClaim")
1626
- def groups_claim(self) -> pulumi.Output[Optional[str]]:
1627
+ def groups_claim(self) -> pulumi.Output[Optional[builtins.str]]:
1627
1628
  """
1628
1629
  The claim to use to uniquely identify
1629
1630
  the set of groups to which the user belongs; this will be used as the names
@@ -1634,7 +1635,7 @@ class AuthBackendRole(pulumi.CustomResource):
1634
1635
 
1635
1636
  @property
1636
1637
  @pulumi.getter(name="maxAge")
1637
- def max_age(self) -> pulumi.Output[Optional[int]]:
1638
+ def max_age(self) -> pulumi.Output[Optional[builtins.int]]:
1638
1639
  """
1639
1640
  Specifies the allowable elapsed time in seconds since the last time
1640
1641
  the user was actively authenticated with the OIDC provider.
@@ -1643,7 +1644,7 @@ class AuthBackendRole(pulumi.CustomResource):
1643
1644
 
1644
1645
  @property
1645
1646
  @pulumi.getter
1646
- def namespace(self) -> pulumi.Output[Optional[str]]:
1647
+ def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
1647
1648
  """
1648
1649
  The namespace to provision the resource in.
1649
1650
  The value should not contain leading or trailing forward slashes.
@@ -1654,7 +1655,7 @@ class AuthBackendRole(pulumi.CustomResource):
1654
1655
 
1655
1656
  @property
1656
1657
  @pulumi.getter(name="notBeforeLeeway")
1657
- def not_before_leeway(self) -> pulumi.Output[Optional[int]]:
1658
+ def not_before_leeway(self) -> pulumi.Output[Optional[builtins.int]]:
1658
1659
  """
1659
1660
  The amount of leeway to add to not before (`nbf`) claims to account for
1660
1661
  clock skew, in seconds. Defaults to `150` seconds if set to `0` and can be disabled if set to `-1`.
@@ -1664,7 +1665,7 @@ class AuthBackendRole(pulumi.CustomResource):
1664
1665
 
1665
1666
  @property
1666
1667
  @pulumi.getter(name="oidcScopes")
1667
- def oidc_scopes(self) -> pulumi.Output[Optional[Sequence[str]]]:
1668
+ def oidc_scopes(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1668
1669
  """
1669
1670
  If set, a list of OIDC scopes to be used with an OIDC role.
1670
1671
  The standard scope "openid" is automatically included and need not be specified.
@@ -1673,7 +1674,7 @@ class AuthBackendRole(pulumi.CustomResource):
1673
1674
 
1674
1675
  @property
1675
1676
  @pulumi.getter(name="roleName")
1676
- def role_name(self) -> pulumi.Output[str]:
1677
+ def role_name(self) -> pulumi.Output[builtins.str]:
1677
1678
  """
1678
1679
  The name of the role.
1679
1680
  """
@@ -1681,7 +1682,7 @@ class AuthBackendRole(pulumi.CustomResource):
1681
1682
 
1682
1683
  @property
1683
1684
  @pulumi.getter(name="roleType")
1684
- def role_type(self) -> pulumi.Output[str]:
1685
+ def role_type(self) -> pulumi.Output[builtins.str]:
1685
1686
  """
1686
1687
  Type of role, either "oidc" (default) or "jwt".
1687
1688
  """
@@ -1689,7 +1690,7 @@ class AuthBackendRole(pulumi.CustomResource):
1689
1690
 
1690
1691
  @property
1691
1692
  @pulumi.getter(name="tokenBoundCidrs")
1692
- def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
1693
+ def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1693
1694
  """
1694
1695
  Specifies the blocks of IP addresses which are allowed to use the generated token
1695
1696
  """
@@ -1697,7 +1698,7 @@ class AuthBackendRole(pulumi.CustomResource):
1697
1698
 
1698
1699
  @property
1699
1700
  @pulumi.getter(name="tokenExplicitMaxTtl")
1700
- def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
1701
+ def token_explicit_max_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
1701
1702
  """
1702
1703
  Generated Token's Explicit Maximum TTL in seconds
1703
1704
  """
@@ -1705,7 +1706,7 @@ class AuthBackendRole(pulumi.CustomResource):
1705
1706
 
1706
1707
  @property
1707
1708
  @pulumi.getter(name="tokenMaxTtl")
1708
- def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
1709
+ def token_max_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
1709
1710
  """
1710
1711
  The maximum lifetime of the generated token
1711
1712
  """
@@ -1713,7 +1714,7 @@ class AuthBackendRole(pulumi.CustomResource):
1713
1714
 
1714
1715
  @property
1715
1716
  @pulumi.getter(name="tokenNoDefaultPolicy")
1716
- def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
1717
+ def token_no_default_policy(self) -> pulumi.Output[Optional[builtins.bool]]:
1717
1718
  """
1718
1719
  If true, the 'default' policy will not automatically be added to generated tokens
1719
1720
  """
@@ -1721,7 +1722,7 @@ class AuthBackendRole(pulumi.CustomResource):
1721
1722
 
1722
1723
  @property
1723
1724
  @pulumi.getter(name="tokenNumUses")
1724
- def token_num_uses(self) -> pulumi.Output[Optional[int]]:
1725
+ def token_num_uses(self) -> pulumi.Output[Optional[builtins.int]]:
1725
1726
  """
1726
1727
  The maximum number of times a token may be used, a value of zero means unlimited
1727
1728
  """
@@ -1729,7 +1730,7 @@ class AuthBackendRole(pulumi.CustomResource):
1729
1730
 
1730
1731
  @property
1731
1732
  @pulumi.getter(name="tokenPeriod")
1732
- def token_period(self) -> pulumi.Output[Optional[int]]:
1733
+ def token_period(self) -> pulumi.Output[Optional[builtins.int]]:
1733
1734
  """
1734
1735
  Generated Token's Period
1735
1736
  """
@@ -1737,7 +1738,7 @@ class AuthBackendRole(pulumi.CustomResource):
1737
1738
 
1738
1739
  @property
1739
1740
  @pulumi.getter(name="tokenPolicies")
1740
- def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
1741
+ def token_policies(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1741
1742
  """
1742
1743
  Generated Token's Policies
1743
1744
  """
@@ -1745,7 +1746,7 @@ class AuthBackendRole(pulumi.CustomResource):
1745
1746
 
1746
1747
  @property
1747
1748
  @pulumi.getter(name="tokenTtl")
1748
- def token_ttl(self) -> pulumi.Output[Optional[int]]:
1749
+ def token_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
1749
1750
  """
1750
1751
  The initial ttl of the token to generate in seconds
1751
1752
  """
@@ -1753,7 +1754,7 @@ class AuthBackendRole(pulumi.CustomResource):
1753
1754
 
1754
1755
  @property
1755
1756
  @pulumi.getter(name="tokenType")
1756
- def token_type(self) -> pulumi.Output[Optional[str]]:
1757
+ def token_type(self) -> pulumi.Output[Optional[builtins.str]]:
1757
1758
  """
1758
1759
  The type of token to generate, service or batch
1759
1760
  """
@@ -1761,7 +1762,7 @@ class AuthBackendRole(pulumi.CustomResource):
1761
1762
 
1762
1763
  @property
1763
1764
  @pulumi.getter(name="userClaim")
1764
- def user_claim(self) -> pulumi.Output[str]:
1765
+ def user_claim(self) -> pulumi.Output[builtins.str]:
1765
1766
  """
1766
1767
  The claim to use to uniquely identify
1767
1768
  the user; this will be used as the name for the Identity entity alias created
@@ -1771,7 +1772,7 @@ class AuthBackendRole(pulumi.CustomResource):
1771
1772
 
1772
1773
  @property
1773
1774
  @pulumi.getter(name="userClaimJsonPointer")
1774
- def user_claim_json_pointer(self) -> pulumi.Output[Optional[bool]]:
1775
+ def user_claim_json_pointer(self) -> pulumi.Output[Optional[builtins.bool]]:
1775
1776
  """
1776
1777
  Specifies if the `user_claim` value uses
1777
1778
  [JSON pointer](https://www.vaultproject.io/docs/auth/jwt#claim-specifications-and-json-pointer)
@@ -1782,7 +1783,7 @@ class AuthBackendRole(pulumi.CustomResource):
1782
1783
 
1783
1784
  @property
1784
1785
  @pulumi.getter(name="verboseOidcLogging")
1785
- def verbose_oidc_logging(self) -> pulumi.Output[Optional[bool]]:
1786
+ def verbose_oidc_logging(self) -> pulumi.Output[Optional[builtins.bool]]:
1786
1787
  """
1787
1788
  Log received OIDC tokens and claims when debug-level
1788
1789
  logging is active. Not recommended in production since sensitive information may be present