pulumi-vault 6.6.0a1741836364__py3-none-any.whl → 6.7.0__py3-none-any.whl

pulumi_vault/kubernetes/get_auth_backend_config.py

@@ -2,6 +2,7 @@
 # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
+import builtins
 import copy
 import warnings
 import sys
@@ -60,12 +61,12 @@ class GetAuthBackendConfigResult:
 
     @property
     @pulumi.getter
-    def backend(self) -> Optional[str]:
+    def backend(self) -> Optional[builtins.str]:
         return pulumi.get(self, "backend")
 
     @property
     @pulumi.getter(name="disableIssValidation")
-    def disable_iss_validation(self) -> bool:
+    def disable_iss_validation(self) -> builtins.bool:
         """
         (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
         """
@@ -73,7 +74,7 @@ class GetAuthBackendConfigResult:
 
     @property
     @pulumi.getter(name="disableLocalCaJwt")
-    def disable_local_ca_jwt(self) -> bool:
+    def disable_local_ca_jwt(self) -> builtins.bool:
         """
         (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
         """
@@ -81,7 +82,7 @@ class GetAuthBackendConfigResult:
 
     @property
     @pulumi.getter
-    def id(self) -> str:
+    def id(self) -> builtins.str:
         """
         The provider-assigned unique ID for this managed resource.
         """
@@ -89,7 +90,7 @@ class GetAuthBackendConfigResult:
 
     @property
     @pulumi.getter
-    def issuer(self) -> str:
+    def issuer(self) -> builtins.str:
         """
         Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
         """
@@ -97,7 +98,7 @@ class GetAuthBackendConfigResult:
 
     @property
     @pulumi.getter(name="kubernetesCaCert")
-    def kubernetes_ca_cert(self) -> str:
+    def kubernetes_ca_cert(self) -> builtins.str:
         """
         PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
         """
@@ -105,7 +106,7 @@ class GetAuthBackendConfigResult:
 
     @property
     @pulumi.getter(name="kubernetesHost")
-    def kubernetes_host(self) -> str:
+    def kubernetes_host(self) -> builtins.str:
         """
         Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
         """
@@ -113,12 +114,12 @@ class GetAuthBackendConfigResult:
 
     @property
     @pulumi.getter
-    def namespace(self) -> Optional[str]:
+    def namespace(self) -> Optional[builtins.str]:
         return pulumi.get(self, "namespace")
 
     @property
     @pulumi.getter(name="pemKeys")
-    def pem_keys(self) -> Sequence[str]:
+    def pem_keys(self) -> Sequence[builtins.str]:
         """
         Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
         """
@@ -126,7 +127,7 @@ class GetAuthBackendConfigResult:
 
     @property
     @pulumi.getter(name="useAnnotationsAsAliasMetadata")
-    def use_annotations_as_alias_metadata(self) -> bool:
+    def use_annotations_as_alias_metadata(self) -> builtins.bool:
         """
         (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
         """
@@ -151,15 +152,15 @@ class AwaitableGetAuthBackendConfigResult(GetAuthBackendConfigResult):
             use_annotations_as_alias_metadata=self.use_annotations_as_alias_metadata)
 
 
-def get_auth_backend_config(backend: Optional[str] = None,
-                            disable_iss_validation: Optional[bool] = None,
-                            disable_local_ca_jwt: Optional[bool] = None,
-                            issuer: Optional[str] = None,
-                            kubernetes_ca_cert: Optional[str] = None,
-                            kubernetes_host: Optional[str] = None,
-                            namespace: Optional[str] = None,
-                            pem_keys: Optional[Sequence[str]] = None,
-                            use_annotations_as_alias_metadata: Optional[bool] = None,
+def get_auth_backend_config(backend: Optional[builtins.str] = None,
+                            disable_iss_validation: Optional[builtins.bool] = None,
+                            disable_local_ca_jwt: Optional[builtins.bool] = None,
+                            issuer: Optional[builtins.str] = None,
+                            kubernetes_ca_cert: Optional[builtins.str] = None,
+                            kubernetes_host: Optional[builtins.str] = None,
+                            namespace: Optional[builtins.str] = None,
+                            pem_keys: Optional[Sequence[builtins.str]] = None,
+                            use_annotations_as_alias_metadata: Optional[builtins.bool] = None,
                             opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetAuthBackendConfigResult:
     """
     Reads the Role of an Kubernetes from a Vault server. See the [Vault
@@ -167,19 +168,19 @@ def get_auth_backend_config(backend: Optional[str] = None,
     information.
 
 
-    :param str backend: The unique name for the Kubernetes backend the config to
+    :param builtins.str backend: The unique name for the Kubernetes backend the config to
            retrieve Role attributes for resides in. Defaults to "kubernetes".
-    :param bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
-    :param bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
-    :param str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
-    :param str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
-    :param str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
-    :param str namespace: The namespace of the target resource.
+    :param builtins.bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
+    :param builtins.bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
+    :param builtins.str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
+    :param builtins.str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
+    :param builtins.str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
+    :param builtins.str namespace: The namespace of the target resource.
            The value should not contain leading or trailing forward slashes.
            The `namespace` is always relative to the provider's configured namespace.
            *Available only for Vault Enterprise*.
-    :param Sequence[str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
-    :param bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
+    :param Sequence[builtins.str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
+    :param builtins.bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
     """
     __args__ = dict()
     __args__['backend'] = backend
@@ -205,15 +206,15 @@ def get_auth_backend_config(backend: Optional[str] = None,
         namespace=pulumi.get(__ret__, 'namespace'),
         pem_keys=pulumi.get(__ret__, 'pem_keys'),
         use_annotations_as_alias_metadata=pulumi.get(__ret__, 'use_annotations_as_alias_metadata'))
-def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]] = None,
-                                   disable_iss_validation: Optional[pulumi.Input[Optional[bool]]] = None,
-                                   disable_local_ca_jwt: Optional[pulumi.Input[Optional[bool]]] = None,
-                                   issuer: Optional[pulumi.Input[Optional[str]]] = None,
-                                   kubernetes_ca_cert: Optional[pulumi.Input[Optional[str]]] = None,
-                                   kubernetes_host: Optional[pulumi.Input[Optional[str]]] = None,
-                                   namespace: Optional[pulumi.Input[Optional[str]]] = None,
-                                   pem_keys: Optional[pulumi.Input[Optional[Sequence[str]]]] = None,
-                                   use_annotations_as_alias_metadata: Optional[pulumi.Input[Optional[bool]]] = None,
+def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[builtins.str]]] = None,
+                                   disable_iss_validation: Optional[pulumi.Input[Optional[builtins.bool]]] = None,
+                                   disable_local_ca_jwt: Optional[pulumi.Input[Optional[builtins.bool]]] = None,
+                                   issuer: Optional[pulumi.Input[Optional[builtins.str]]] = None,
+                                   kubernetes_ca_cert: Optional[pulumi.Input[Optional[builtins.str]]] = None,
+                                   kubernetes_host: Optional[pulumi.Input[Optional[builtins.str]]] = None,
+                                   namespace: Optional[pulumi.Input[Optional[builtins.str]]] = None,
+                                   pem_keys: Optional[pulumi.Input[Optional[Sequence[builtins.str]]]] = None,
+                                   use_annotations_as_alias_metadata: Optional[pulumi.Input[Optional[builtins.bool]]] = None,
                                    opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAuthBackendConfigResult]:
     """
     Reads the Role of an Kubernetes from a Vault server. See the [Vault
@@ -221,19 +222,19 @@ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]
     information.
 
 
-    :param str backend: The unique name for the Kubernetes backend the config to
+    :param builtins.str backend: The unique name for the Kubernetes backend the config to
            retrieve Role attributes for resides in. Defaults to "kubernetes".
-    :param bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
-    :param bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
-    :param str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
-    :param str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
-    :param str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
-    :param str namespace: The namespace of the target resource.
+    :param builtins.bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
+    :param builtins.bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
+    :param builtins.str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
+    :param builtins.str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
+    :param builtins.str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
+    :param builtins.str namespace: The namespace of the target resource.
            The value should not contain leading or trailing forward slashes.
            The `namespace` is always relative to the provider's configured namespace.
            *Available only for Vault Enterprise*.
-    :param Sequence[str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
-    :param bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
+    :param Sequence[builtins.str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
+    :param builtins.bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
     """
     __args__ = dict()
     __args__['backend'] = backend

pulumi_vault/kubernetes/get_auth_backend_role.py

@@ -2,6 +2,7 @@
 # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
+import builtins
 import copy
 import warnings
 import sys
@@ -81,7 +82,7 @@ class GetAuthBackendRoleResult:
 
     @property
     @pulumi.getter(name="aliasNameSource")
-    def alias_name_source(self) -> str:
+    def alias_name_source(self) -> builtins.str:
         """
         Method used for generating identity aliases. (vault-1.9+)
         """
@@ -89,7 +90,7 @@ class GetAuthBackendRoleResult:
 
     @property
     @pulumi.getter
-    def audience(self) -> Optional[str]:
+    def audience(self) -> Optional[builtins.str]:
         """
         Audience claim to verify in the JWT.
         """
@@ -97,12 +98,12 @@ class GetAuthBackendRoleResult:
 
     @property
     @pulumi.getter
-    def backend(self) -> Optional[str]:
+    def backend(self) -> Optional[builtins.str]:
         return pulumi.get(self, "backend")
 
     @property
     @pulumi.getter(name="boundServiceAccountNames")
-    def bound_service_account_names(self) -> Sequence[str]:
+    def bound_service_account_names(self) -> Sequence[builtins.str]:
         """
         List of service account names able to access this role. If set to "*" all names are allowed, both this and bound_service_account_namespaces can not be "*".
         """
@@ -110,7 +111,7 @@ class GetAuthBackendRoleResult:
 
     @property
     @pulumi.getter(name="boundServiceAccountNamespaces")
-    def bound_service_account_namespaces(self) -> Sequence[str]:
+    def bound_service_account_namespaces(self) -> Sequence[builtins.str]:
         """
         List of namespaces allowed to access this role. If set to "*" all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
         """
@@ -118,7 +119,7 @@ class GetAuthBackendRoleResult:
 
     @property
     @pulumi.getter
-    def id(self) -> str:
+    def id(self) -> builtins.str:
         """
         The provider-assigned unique ID for this managed resource.
         """
@@ -126,17 +127,17 @@ class GetAuthBackendRoleResult:
 
     @property
     @pulumi.getter
-    def namespace(self) -> Optional[str]:
+    def namespace(self) -> Optional[builtins.str]:
         return pulumi.get(self, "namespace")
 
     @property
     @pulumi.getter(name="roleName")
-    def role_name(self) -> str:
+    def role_name(self) -> builtins.str:
         return pulumi.get(self, "role_name")
 
     @property
     @pulumi.getter(name="tokenBoundCidrs")
-    def token_bound_cidrs(self) -> Optional[Sequence[str]]:
+    def token_bound_cidrs(self) -> Optional[Sequence[builtins.str]]:
         """
         List of CIDR blocks; if set, specifies blocks of IP
         addresses which can authenticate successfully, and ties the resulting token to these blocks
@@ -146,7 +147,7 @@ class GetAuthBackendRoleResult:
 
     @property
     @pulumi.getter(name="tokenExplicitMaxTtl")
-    def token_explicit_max_ttl(self) -> Optional[int]:
+    def token_explicit_max_ttl(self) -> Optional[builtins.int]:
         """
         If set, will encode an
         [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
@@ -157,7 +158,7 @@ class GetAuthBackendRoleResult:
 
     @property
     @pulumi.getter(name="tokenMaxTtl")
-    def token_max_ttl(self) -> Optional[int]:
+    def token_max_ttl(self) -> Optional[builtins.int]:
         """
         The maximum lifetime for generated tokens in number of seconds.
         Its current value will be referenced at renewal time.
@@ -166,7 +167,7 @@ class GetAuthBackendRoleResult:
 
     @property
     @pulumi.getter(name="tokenNoDefaultPolicy")
-    def token_no_default_policy(self) -> Optional[bool]:
+    def token_no_default_policy(self) -> Optional[builtins.bool]:
         """
         If set, the default policy will not be set on
         generated tokens; otherwise it will be added to the policies set in token_policies.
@@ -175,7 +176,7 @@ class GetAuthBackendRoleResult:
 
     @property
     @pulumi.getter(name="tokenNumUses")
-    def token_num_uses(self) -> Optional[int]:
+    def token_num_uses(self) -> Optional[builtins.int]:
         """
         The
         [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
@@ -185,7 +186,7 @@ class GetAuthBackendRoleResult:
 
     @property
     @pulumi.getter(name="tokenPeriod")
-    def token_period(self) -> Optional[int]:
+    def token_period(self) -> Optional[builtins.int]:
         """
         (Optional) If set, indicates that the
         token generated using this role should never expire. The token should be renewed within the
@@ -196,7 +197,7 @@ class GetAuthBackendRoleResult:
 
     @property
     @pulumi.getter(name="tokenPolicies")
-    def token_policies(self) -> Optional[Sequence[str]]:
+    def token_policies(self) -> Optional[Sequence[builtins.str]]:
         """
         List of policies to encode onto generated tokens. Depending
         on the auth method, this list may be supplemented by user/group/other values.
@@ -205,7 +206,7 @@ class GetAuthBackendRoleResult:
 
     @property
     @pulumi.getter(name="tokenTtl")
-    def token_ttl(self) -> Optional[int]:
+    def token_ttl(self) -> Optional[builtins.int]:
         """
         The incremental lifetime for generated tokens in number of seconds.
         Its current value will be referenced at renewal time.
@@ -214,7 +215,7 @@ class GetAuthBackendRoleResult:
 
     @property
     @pulumi.getter(name="tokenType")
-    def token_type(self) -> Optional[str]:
+    def token_type(self) -> Optional[builtins.str]:
         """
         The type of token that should be generated. Can be `service`,
         `batch`, or `default` to use the mount's tuned default (which unless changed will be
@@ -250,19 +251,19 @@ class AwaitableGetAuthBackendRoleResult(GetAuthBackendRoleResult):
             token_type=self.token_type)
 
 
-def get_auth_backend_role(audience: Optional[str] = None,
-                          backend: Optional[str] = None,
-                          namespace: Optional[str] = None,
-                          role_name: Optional[str] = None,
-                          token_bound_cidrs: Optional[Sequence[str]] = None,
-                          token_explicit_max_ttl: Optional[int] = None,
-                          token_max_ttl: Optional[int] = None,
-                          token_no_default_policy: Optional[bool] = None,
-                          token_num_uses: Optional[int] = None,
-                          token_period: Optional[int] = None,
-                          token_policies: Optional[Sequence[str]] = None,
-                          token_ttl: Optional[int] = None,
-                          token_type: Optional[str] = None,
+def get_auth_backend_role(audience: Optional[builtins.str] = None,
+                          backend: Optional[builtins.str] = None,
+                          namespace: Optional[builtins.str] = None,
+                          role_name: Optional[builtins.str] = None,
+                          token_bound_cidrs: Optional[Sequence[builtins.str]] = None,
+                          token_explicit_max_ttl: Optional[builtins.int] = None,
+                          token_max_ttl: Optional[builtins.int] = None,
+                          token_no_default_policy: Optional[builtins.bool] = None,
+                          token_num_uses: Optional[builtins.int] = None,
+                          token_period: Optional[builtins.int] = None,
+                          token_policies: Optional[Sequence[builtins.str]] = None,
+                          token_ttl: Optional[builtins.int] = None,
+                          token_type: Optional[builtins.str] = None,
                           opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetAuthBackendRoleResult:
     """
     Reads the Role of an Kubernetes from a Vault server. See the [Vault
@@ -270,37 +271,37 @@ def get_auth_backend_role(audience: Optional[str] = None,
     information.
 
 
-    :param str audience: Audience claim to verify in the JWT.
-    :param str backend: The unique name for the Kubernetes backend the role to
+    :param builtins.str audience: Audience claim to verify in the JWT.
+    :param builtins.str backend: The unique name for the Kubernetes backend the role to
            retrieve Role attributes for resides in. Defaults to "kubernetes".
-    :param str namespace: The namespace of the target resource.
+    :param builtins.str namespace: The namespace of the target resource.
            The value should not contain leading or trailing forward slashes.
            The `namespace` is always relative to the provider's configured namespace.
            *Available only for Vault Enterprise*.
-    :param str role_name: The name of the role to retrieve the Role attributes for.
-    :param Sequence[str] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
+    :param builtins.str role_name: The name of the role to retrieve the Role attributes for.
+    :param Sequence[builtins.str] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
            addresses which can authenticate successfully, and ties the resulting token to these blocks
            as well.
-    :param int token_explicit_max_ttl: If set, will encode an
+    :param builtins.int token_explicit_max_ttl: If set, will encode an
            [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
            onto the token in number of seconds. This is a hard cap even if `token_ttl` and
            `token_max_ttl` would otherwise allow a renewal.
-    :param int token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
+    :param builtins.int token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
            Its current value will be referenced at renewal time.
-    :param bool token_no_default_policy: If set, the default policy will not be set on
+    :param builtins.bool token_no_default_policy: If set, the default policy will not be set on
            generated tokens; otherwise it will be added to the policies set in token_policies.
-    :param int token_num_uses: The
+    :param builtins.int token_num_uses: The
            [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
            if any, in number of seconds to set on the token.
-    :param int token_period: (Optional) If set, indicates that the
+    :param builtins.int token_period: (Optional) If set, indicates that the
            token generated using this role should never expire. The token should be renewed within the
            duration specified by this value. At each renewal, the token's TTL will be set to the
            value of this field. Specified in seconds.
-    :param Sequence[str] token_policies: List of policies to encode onto generated tokens. Depending
+    :param Sequence[builtins.str] token_policies: List of policies to encode onto generated tokens. Depending
            on the auth method, this list may be supplemented by user/group/other values.
-    :param int token_ttl: The incremental lifetime for generated tokens in number of seconds.
+    :param builtins.int token_ttl: The incremental lifetime for generated tokens in number of seconds.
            Its current value will be referenced at renewal time.
-    :param str token_type: The type of token that should be generated. Can be `service`,
+    :param builtins.str token_type: The type of token that should be generated. Can be `service`,
            `batch`, or `default` to use the mount's tuned default (which unless changed will be
            `service` tokens). For token store roles, there are two additional possibilities:
            `default-service` and `default-batch` which specify the type to return unless the client
@@ -341,19 +342,19 @@ def get_auth_backend_role(audience: Optional[str] = None,
         token_policies=pulumi.get(__ret__, 'token_policies'),
         token_ttl=pulumi.get(__ret__, 'token_ttl'),
         token_type=pulumi.get(__ret__, 'token_type'))
-def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[str]]] = None,
-                                 backend: Optional[pulumi.Input[Optional[str]]] = None,
-                                 namespace: Optional[pulumi.Input[Optional[str]]] = None,
-                                 role_name: Optional[pulumi.Input[str]] = None,
-                                 token_bound_cidrs: Optional[pulumi.Input[Optional[Sequence[str]]]] = None,
-                                 token_explicit_max_ttl: Optional[pulumi.Input[Optional[int]]] = None,
-                                 token_max_ttl: Optional[pulumi.Input[Optional[int]]] = None,
-                                 token_no_default_policy: Optional[pulumi.Input[Optional[bool]]] = None,
-                                 token_num_uses: Optional[pulumi.Input[Optional[int]]] = None,
-                                 token_period: Optional[pulumi.Input[Optional[int]]] = None,
-                                 token_policies: Optional[pulumi.Input[Optional[Sequence[str]]]] = None,
-                                 token_ttl: Optional[pulumi.Input[Optional[int]]] = None,
-                                 token_type: Optional[pulumi.Input[Optional[str]]] = None,
+def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[builtins.str]]] = None,
+                                 backend: Optional[pulumi.Input[Optional[builtins.str]]] = None,
+                                 namespace: Optional[pulumi.Input[Optional[builtins.str]]] = None,
+                                 role_name: Optional[pulumi.Input[builtins.str]] = None,
+                                 token_bound_cidrs: Optional[pulumi.Input[Optional[Sequence[builtins.str]]]] = None,
+                                 token_explicit_max_ttl: Optional[pulumi.Input[Optional[builtins.int]]] = None,
+                                 token_max_ttl: Optional[pulumi.Input[Optional[builtins.int]]] = None,
+                                 token_no_default_policy: Optional[pulumi.Input[Optional[builtins.bool]]] = None,
+                                 token_num_uses: Optional[pulumi.Input[Optional[builtins.int]]] = None,
+                                 token_period: Optional[pulumi.Input[Optional[builtins.int]]] = None,
+                                 token_policies: Optional[pulumi.Input[Optional[Sequence[builtins.str]]]] = None,
+                                 token_ttl: Optional[pulumi.Input[Optional[builtins.int]]] = None,
+                                 token_type: Optional[pulumi.Input[Optional[builtins.str]]] = None,
                                  opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAuthBackendRoleResult]:
     """
     Reads the Role of an Kubernetes from a Vault server. See the [Vault
@@ -361,37 +362,37 @@ def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[str]]]
     information.
 
 
-    :param str audience: Audience claim to verify in the JWT.
-    :param str backend: The unique name for the Kubernetes backend the role to
+    :param builtins.str audience: Audience claim to verify in the JWT.
+    :param builtins.str backend: The unique name for the Kubernetes backend the role to
            retrieve Role attributes for resides in. Defaults to "kubernetes".
-    :param str namespace: The namespace of the target resource.
+    :param builtins.str namespace: The namespace of the target resource.
            The value should not contain leading or trailing forward slashes.
            The `namespace` is always relative to the provider's configured namespace.
            *Available only for Vault Enterprise*.
-    :param str role_name: The name of the role to retrieve the Role attributes for.
-    :param Sequence[str] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
+    :param builtins.str role_name: The name of the role to retrieve the Role attributes for.
+    :param Sequence[builtins.str] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
            addresses which can authenticate successfully, and ties the resulting token to these blocks
            as well.
-    :param int token_explicit_max_ttl: If set, will encode an
+    :param builtins.int token_explicit_max_ttl: If set, will encode an
            [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
            onto the token in number of seconds. This is a hard cap even if `token_ttl` and
            `token_max_ttl` would otherwise allow a renewal.
-    :param int token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
+    :param builtins.int token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
            Its current value will be referenced at renewal time.
-    :param bool token_no_default_policy: If set, the default policy will not be set on
+    :param builtins.bool token_no_default_policy: If set, the default policy will not be set on
            generated tokens; otherwise it will be added to the policies set in token_policies.
-    :param int token_num_uses: The
+    :param builtins.int token_num_uses: The
            [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
            if any, in number of seconds to set on the token.
-    :param int token_period: (Optional) If set, indicates that the
+    :param builtins.int token_period: (Optional) If set, indicates that the
            token generated using this role should never expire. The token should be renewed within the
            duration specified by this value. At each renewal, the token's TTL will be set to the
            value of this field. Specified in seconds.
-    :param Sequence[str] token_policies: List of policies to encode onto generated tokens. Depending
+    :param Sequence[builtins.str] token_policies: List of policies to encode onto generated tokens. Depending
            on the auth method, this list may be supplemented by user/group/other values.
-    :param int token_ttl: The incremental lifetime for generated tokens in number of seconds.
+    :param builtins.int token_ttl: The incremental lifetime for generated tokens in number of seconds.
            Its current value will be referenced at renewal time.
-    :param str token_type: The type of token that should be generated. Can be `service`,
+    :param builtins.str token_type: The type of token that should be generated. Can be `service`,
            `batch`, or `default` to use the mount's tuned default (which unless changed will be
            `service` tokens). For token store roles, there are two additional possibilities:
            `default-service` and `default-batch` which specify the type to return unless the client